Circumventing iOS security mechanisms for APT forensic investigations: A security taxonomy for cloud apps

Future Generation Computer Systems

Volumn 79, Issue , 2018, Pages 247-261

  D'Orazio, Christian J ^a   Choo, Kim Kwang Raymond ^a,b  

^a UNIVERSITY OF SOUTH AUSTRALIA   (Australia)

^b UNIVERSITY OF TEXAS AT SAN ANTONIO   (United States)

Author keywords

Advanced persistent threat investigations; iOS cloud apps; iOS cloud forensics; iOS security taxonomy

Indexed keywords

DIGITAL DEVICES; IOS (OPERATING SYSTEM); TAXONOMIES;

ADVANCED PERSISTENT THREAT INVESTIGATIONS; CLOUD FORENSICS; DIGITAL EVIDENCE; DIGITAL REPOSITORY; FORENSIC ACQUISITION; FORENSIC INVESTIGATION; POTENTIAL ATTACK; SECURITY MECHANISM;

MOBILE SECURITY;

EID: 85006994029     PISSN: 0167739X     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.future.2016.11.010     Document Type: Article

References (42)

1. Apple, iOS Security, 2015, viewed 28 June 2016. https://www.apple.com/business/docs/iOS_Security_Guide.pdf.
2. M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, V. Shmatikov, The most dangerous code in the world: validating SSL certificates in non-browser software, in: Proceedings of the ACM Conference on Computer and Communications Security, 2012, pp. 38–49.
3. J. Byrnes, The San Bernardino iPhone case is over; the war has just begun, 29 March, AppAdvice, 2016, viewed 28 June 2016. http://appadvice.com/post/the-san-bernardino-iphone-case-is-over-the-war-has-just-begun/709112.
4. W. Clark, Uber's App is Anything but Malware, 10 December, BETTER, 2014, viewed 28 June 2016. http://better.mobi/2014/12/10/ubers-app-is-anything-but-malware/.
5. Martini, B., Choo, K.-K.R., An integrated conceptual digital forensic framework for cloud computing. Digit. Investig. 9:2 (2012), 71–80.
6. Quick, D., Choo, K.-K.R., Google drive: Forensic analysis of data remnants. J. Netw. Comput. Appl. 40 (2014), 179–193.
7. Quick, D., Choo, K.-K.R., Dropbox analysis: Data remnants on user machines. Digit. Investig. 10:1 (2013), 3–18.
8. Quick, D., Choo, K.-K.R., Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata?. Digit. Investig. 10:3 (2013), 266–277.
9. Quick, D., Choo, K.-K.R., Digital droplets: Microsoft SkyDrive forensic data remnants. Future Gener. Comput. Syst. 29:6 (2013), 1378–1394.
10. Quick, D., Martini, B., Choo, K.-K.R., Cloud Storage Forensics. 2013, Syngress/ Elsevier.
11. Martini, B., Choo, K.-K.R., Distributed filesystem forensics: XtreemFS as a case study. Digit. Investig. 11:4 (2014), 295–313.
12. Daryabar, F., Dehghantanha, A., Eterovic-Soric, B., Choo, K.-K.R., Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices. Aust. J. Forensic Sci. (AJFS), 2016, 10.1080/00450618.2015.1110620.
13. Daryabar, F., Dehghantanha, A., Choo, K.-K.R., Cloud storage forensics: MEGA as a case study. Aust. J. Forensic Sci. (AJFS), 2016, 10.1080/00450618.2016.1153714.
14. Shariati, M., Dehghantanha, A., Choo, K.-K.R., SugarSync forensic analysis. Aust. J. Forensic Sci. (AJFS) 48:1 (2016), 95–117, 10.1080/00450618.2015.1021379.
15. Rahman, N.H.A., Cahyani, N.D.W., Choo, K.-K.R., Cloud incident handling and forensic-by-design: cloud storage as a case study. Concurr. Comput.: Pract. Exper., 2016, 10.1002/cpe.3868.
16. A. Azfar, K.-K.R. Choo, L. Liu, Forensic taxonomy of popular android nhealth apps, in: Proceedings of the Americas Conference on Information Systems, AMCIS, Puerto Rico, USA, 2015.
17. Azfar, A., Choo, K.-K.R., Liu, L., An android communication app forensic taxonomy. J. Forensic Sci. 61:5 (2016), 1337–1350.
18. Azfar, A., Choo, K.-K.R., Liu, L., Forensic taxonomy of android social apps. J. Forensic Sci., 2017 in press.
19. Azfar, A., Choo, K.-K.R., Liu, L., Forensic taxonomy of android productivity apps. Multimedia Tools Appl., 2016 in press. http://dx.doi.org/10.1007/s11042-016-3718-2.
20. M. Plachkinova, S. Andrés, S. Chatterjee, A taxonomy of mhealth apps–security and privacy concerns, in: Proceedings of the Hawaii International Conference on System Sciences, HICSS, Kauai, HI, 2015, pp. 3187–3196.
21. F. Immanuel, B. Martini, K.-K.R. Choo, Android cache taxonomy and forensic process, in: IEEE Trustcom/BigDataSE/ISPA, Vol. 1, Helsinki, Finland, 2015, pp. 1094–1101.
22. Heartfield, R., Loukas, G., A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Comput. Surv. (CSUR), 48(3), 2016, 10.1145/2835375 New York, NY, USA.
23. Barmpatsalou, K., Damopoulos, D., Kambourakis, G., Katos, V., A critical review of 7 years of mobile device forensics. Digit. Investig. 10:4 (2013), 323–349.
24. Martini, B., Choo, K.-K.R., Cloud forensic technical challenges and solutions: A snapshot. IEEE Cloud Comput. 1:4 (2014), 20–25.
25. Azfar, A., Choo, K.-K.R., Liu, L., Android mobile VoIP apps: a survey and examination of their security and privacy. Electron. Commer. Res. 16:1 (2016), 73–111.
26. Sufatrio, Darell, J.J.T., Tong-Wei, C., Vrizlynn, L.L.T., Securing android: A survey, taxonomy, and challenges. ACM Comput. Surv. 47:4 (2015), 1–45.
27. La Polla, M., Martinelli, F., Sgandurra, D., A survey on security for mobile devices. IEEE Commun. Surv. Tutor. 15:1 (2013), 446–471.
28. Dolev, D., Yao, A.C., On the security of public key protocols. IEEE Trans. Inf. Technol. 29:2 (1983), 198–208.
29. K.-K.R. Choo, Refuting security proofs for tripartite key exchange with model checker in planning problem setting, in: Proceedings of the IEEE Computer Security Foundations Workshop, CSFW, 2006, pp. 297–308.
30. Bellare, M., Pointcheval, D., Rogaway, P., Authenticated key exchange secure against dictionary attacks. Proceedings of EUROCRYPT LNCS, vol. 1807/2000, 2000, Springer-Verlag, 139–155.
31. Bellare, M., Rogaway, P., Entity authentication and key distribution. Proceedings of the Advances in Cryptology, Vol. 773, 1993, Springer-Verlag, 232–249.
32. D'Orazio, C., Choo, K.-K.R., An adversary model to evaluate DRM protection of video contents on OS devices. Comput. Secur. 56C (2016), 94–110.
33. Apple, How to delete an app that has a configuration profile on your iPhone, iPad, or iPod touch, 2015, viewed 14 June 2016. https://support.apple.com/en-au/HT205347.
34. Damodaran, A., Di Tropia, F., Visaggio, C.A., Austin, T.H., Stamp, M., A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hacking Tech., 2015, 1–12.
35. Naval, S., Laxmi, V., Rajarajan, M., Gaur, M.S., Conti, M., Employing program semantics for malware detection. IEEE Trans. Inf. Forensics Secur., 10(12), 2015.
36. D'Orazio, C.J., Choo, K.-K.R., A technique to circumvent SSL/TLS validations on iOS devices. Future Gener. Comput. Syst., 2016 in press. http://dx.doi.org/10.1016/j.future.2016.08.019.
37. Fan, Y., Ye, Y., Chen, L., Malicious sequential pattern mining for automatic malware detection. Expert Syst. Appl. 52 (2016), 16–25, 10.1016/j.eswa.2016.01.002.
38. Cen, L., Gates, C.S., Si, L., Li, N., A probabilistic discriminative model for android malware detection with decompiled source code. IEEE Trans. Dependable Secure Comput. 12:4 (2015), 400–412.
39. O. Cornea, J. Haddix, IOS Application Security Testing Cheat Sheet, 11 January, OWASP, 2016, viewed 10 June 2016. https://www.owasp.org/index.php/IOS_Application_Security_Testing_Cheat_Sheet.
40. Arxan, Arxan's Code Obfuscation, 2016, viewed 20 June, 2016. https://www.arxan.com/products/obfuscation.
41. Imgraben, J., Engelbrecht, A., Choo, K.-K.R., Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users. Behav. Inf. Technol. 33:12 (2014), 1347–1360.
42. ZDnet, Apple iPhone, iPad iOS 9 security flaw lets malicious apps sneak onto enterprise devices, 2016, viewed 14 June 2016. http://www.zdnet.com/article/apple-iphone-ipad-ios-9-security-flaw-lets-malicious-apps-sneak-onto-enterprise-devices/.