Validating digital forensic evidence

Shanmugam, Karthikeyan

January 2011

This dissertation focuses on the forensic validation of computer evidence. It is a burgeoning field, by necessity, and there have been significant advances in the detection and gathering of evidence related to electronic crimes. What makes the computer forensics field similar to other forensic fields is that considerable emphasis is placed on the validity of the digital evidence. It is not just the methods used to collect the evidence that is a concern. What is also a problem is that perpetrators of digital crimes may be engaged in what is called anti-forensics. Digital forensic evidence techniques are deliberately thwarted and corrupted by those under investigation. In traditional forensics the link between evidence and perpetrator's actions is often straightforward: a fingerprint on an object indicates that someone has touched the object. Anti-forensic activity would be the equivalent of having the ability to change the nature of the fingerprint before, or during the investigation, thus making the forensic evidence collected invalid or less reliable. This thesis reviews the existing security models and digital forensics, paying particular attention to anti-forensic activity that affects the validity of data collected in the form of digital evidence. This thesis will build on the current models in this field and suggest a tentative first step model to manage and detect possibility of anti-forensic activity. The model is concerned with stopping anti-forensic activity, and thus is not a forensic model in the normal sense, it is what will be called a “meta-forensic” model. A meta-forensic approach is an approach intended to stop attempts to invalidate digital forensic evidence. This thesis proposes a formal procedure and guides forensic examiners to look at evidence in a meta-forensic way.

363.25

Quantum cryptography and quantum cryptanalysis

Makarov, Vadim

January 2007

<p>This doctoral thesis summarizes research in quantum cryptography done at the Department of Electronics and Telecommunications at the Norwegian University of Science and Technology (NTNU) from 1998 through 2007.</p><p>The opening parts contain a brief introduction into quantum cryptography as well as an overview of all existing single photon detection techniques for visible and near infrared light. Then, our implementation of a fiber optic quantum key distribution (QKD) system is described. We employ a one-way phase coding scheme with a 1310 nm attenuated laser source and a polarization-maintaining Mach-Zehnder interferometer. A feature of our scheme is that it tracks phase drift in the interferometer at the single photon level instead of employing hardware phase control measures. An optimal phase tracking algorithm has been developed, implemented and tested. Phase tracking accuracy of +-10 degrees is achieved when approximately 200 photon counts are collected in each cycle of adjustment. Another feature of our QKD system is that it uses a single photon detector based on a germanium avalanche photodiode gated at 20 MHz. To make possible this relatively high gating rate, we have developed, implemented and tested an afterpulse blocking technique, when a number of gating pulses is blocked after each registered avalanche. This technique allows to increase the key generation rate nearly proportionally to the increase of the gating rate. QKD has been demonstrated in the laboratory setting with only a very limited success: by the time of the thesis completion we had malfunctioning components in the setup, and the quantum bit error rate remained unstable with its lowest registered value of about 4%.</p><p>More than half of the thesis is devoted to various security aspects of QKD. We have studied several attacks that exploit component imperfections and loopholes in optical schemes. In a large pulse attack, settings of modulators inside Alice's and Bob's setups are read out by external interrogating light pulses, without interacting with quantum states and without raising security alarms. An external measurement of phase shift at Alice's phase modulator in our setup has been demonstrated experimentally. In a faked states attack, Eve intercepts Alice's qubits and then utilizes various optical imperfections in Bob's scheme to construct and resend light pulses in such a way that Bob does not distinguish his detection results from normal, whereas they give Bob the basis and bit value chosen at Eve's discretion. Construction of such faked states using several different imperfections is discussed. Also, we sketch a practical workflow of breaking into a running quantum cryptolink for the two abovementioned classes of attacks. A special attention is paid to a common imperfection when sensitivity of Bob's two detectors relative to one another can be controlled by Eve via an external parameter, for example via the timing of the incoming pulse. This imperfection is illustrated by measurements on two different single photon detectors. Quantitative results for a faked states attack on the Bennett-Brassard 1984 (BB84) and the Scarani-Acin-Ribordy-Gisin 2004 (SARG04) protocols using this imperfection are obtained. It is shown how faked states can in principle be constructed for quantum cryptosystems that use a phase-time encoding, the differential phase shift keying (DPSK) and the Ekert protocols. Furthermore we have attempted to integrate this imperfection of detectors into the general security proof for the BB84 protocol. For all attacks, their applicability to and implications for various known QKD schemes are considered, and countermeasures against the attacks are proposed.</p><p>The thesis incorporates published papers [J. Mod. Opt. 48, 2023 (2001)], [Appl. Opt. 43, 4385 (2004)], [J. Mod. Opt. 52, 691 (2005)], [Phys. Rev. A 74, 022313 (2006)], and [quant-ph/0702262].</p>

quantum cryptography

quantum cryptanalysis

quantum communications

single photon detection

single photon counting

fiber optic interferometry

eavesdropping

Trojan horse attack

faked states attack

Quantum cryptography and quantum cryptanalysis

Makarov, Vadim

January 2007

This doctoral thesis summarizes research in quantum cryptography done at the Department of Electronics and Telecommunications at the Norwegian University of Science and Technology (NTNU) from 1998 through 2007. The opening parts contain a brief introduction into quantum cryptography as well as an overview of all existing single photon detection techniques for visible and near infrared light. Then, our implementation of a fiber optic quantum key distribution (QKD) system is described. We employ a one-way phase coding scheme with a 1310 nm attenuated laser source and a polarization-maintaining Mach-Zehnder interferometer. A feature of our scheme is that it tracks phase drift in the interferometer at the single photon level instead of employing hardware phase control measures. An optimal phase tracking algorithm has been developed, implemented and tested. Phase tracking accuracy of +-10 degrees is achieved when approximately 200 photon counts are collected in each cycle of adjustment. Another feature of our QKD system is that it uses a single photon detector based on a germanium avalanche photodiode gated at 20 MHz. To make possible this relatively high gating rate, we have developed, implemented and tested an afterpulse blocking technique, when a number of gating pulses is blocked after each registered avalanche. This technique allows to increase the key generation rate nearly proportionally to the increase of the gating rate. QKD has been demonstrated in the laboratory setting with only a very limited success: by the time of the thesis completion we had malfunctioning components in the setup, and the quantum bit error rate remained unstable with its lowest registered value of about 4%. More than half of the thesis is devoted to various security aspects of QKD. We have studied several attacks that exploit component imperfections and loopholes in optical schemes. In a large pulse attack, settings of modulators inside Alice's and Bob's setups are read out by external interrogating light pulses, without interacting with quantum states and without raising security alarms. An external measurement of phase shift at Alice's phase modulator in our setup has been demonstrated experimentally. In a faked states attack, Eve intercepts Alice's qubits and then utilizes various optical imperfections in Bob's scheme to construct and resend light pulses in such a way that Bob does not distinguish his detection results from normal, whereas they give Bob the basis and bit value chosen at Eve's discretion. Construction of such faked states using several different imperfections is discussed. Also, we sketch a practical workflow of breaking into a running quantum cryptolink for the two abovementioned classes of attacks. A special attention is paid to a common imperfection when sensitivity of Bob's two detectors relative to one another can be controlled by Eve via an external parameter, for example via the timing of the incoming pulse. This imperfection is illustrated by measurements on two different single photon detectors. Quantitative results for a faked states attack on the Bennett-Brassard 1984 (BB84) and the Scarani-Acin-Ribordy-Gisin 2004 (SARG04) protocols using this imperfection are obtained. It is shown how faked states can in principle be constructed for quantum cryptosystems that use a phase-time encoding, the differential phase shift keying (DPSK) and the Ekert protocols. Furthermore we have attempted to integrate this imperfection of detectors into the general security proof for the BB84 protocol. For all attacks, their applicability to and implications for various known QKD schemes are considered, and countermeasures against the attacks are proposed. The thesis incorporates published papers [J. Mod. Opt. 48, 2023 (2001)], [Appl. Opt. 43, 4385 (2004)], [J. Mod. Opt. 52, 691 (2005)], [Phys. Rev. A 74, 022313 (2006)], and [quant-ph/0702262].

quantum cryptography

quantum cryptanalysis

quantum communications

single photon detection

single photon counting

fiber optic interferometry

eavesdropping

Trojan horse attack

faked states attack