Digital communication witness a noticeable and continuous development in many applications in the Internet. Hence, a secure communication sessions must be provided. The security of data trans- mitted across a global network has turned into a key factor on the network performance measures.So, the condentiality and the integrity of data are needed to prevent eavesdroppers from accessing and using transmitted data. Cryptography and steganography are two important techniques that are used to provide network security. In this paper, we conduct a comparative study of steganography and cryptography. We survey a number of methods combining cryptography and steganography techniques in one system. Moreover, we present a classication of these methods, and compare them in terms of the algorithm used for encryption, the steganography technique and the le type used for covering the information.
The National Institute of Standards and Technology (NIST) has issued a framework to provide guidance for organizations within critical infrastructure sectors to reduce the risk associated with cyber security. The framework is called NIST Cyber Security Framework for CriticalInfrastructure (CSF). Many organizations are currently implementing or aligned to dierent information security frameworks. The implementation of NIST CSF needs to be aligned with and complement the existing frameworks. NIST states that the NIST CSF is not a maturity framework. Therefore, there is a need to adopt an existing maturity model or create one to have a common way to measure the CSF implementation progress. This paper explores the applicability of number of maturity models to be used as a measure to the security poster of organizations implementing the NIST CSF. This paper reviews the NIST CSF and compares it to other information security related frameworks such as COBIT, ISO/IEC 27001 and the ISF Standard of Good Practice (SoGP) for Information Security. We propose a new information security maturity model (ISMM) that lls the gap in the NIST CSF.
Cryptography plays a major role in information security. However, cryptographic algorithms con-sume considerable amount of resources, like memory, CPU time, encryption and decryption time. In this paper, we compare the most common block cipher modes of operation based on the recom- mendation of the National Institute of Standards and Technology (NIST) in terms of encryption time, decryption time, and throughput with variable data packet sizes. The results of these com- parisons are summarized and our observations are highlighted to help making informative decision when choosing the mode of operations for dierent applications with symmetric-key ciphers.
File carving is a very important eld in digital forensics. A sub-eld of this eld is JPEG image carving. In this paper, we review existing JPEG carvers and brie y describe some of their features. An in-depth study of the most recent carvers has also been carried out and an overview of their implementation is provided. A comparison between the recovery performance of various carvers is presented and comparisons are made. Lastly, the carvers are also summarized according to their features and relevant recommendations are given for dierent JPEG carving scenarios.
In this paper, we propose a forgery/falsification detection technique of an web site using hyperlink information in the web site. The system crawls all hyperlink information of the web site when a user accesses to the suspicious web site that has the financial information stealing purpose. The captured multiple hyperlink information is compared with those of normal web site hyperlinks information to detect forgery/falsification. The proposed system calculates distance of the normal site hyperlink strings with captured one using Levenshtein distance algorithm to detect whether the site is normal or not. If it is determined as normal, analysis procedure is finished. But if it is determined as abnormal, a warning message is sent to the user to prevent additional financial information spill and further accidents from the forgery/falsified web site.