- ItemMaintaining a bitcoin address repository through focused web crawling(Strathmore University, 2017) Macharia, Caroline WanjiraThere has been an increase in the use of cryptocurrencies such as Bitcoin (BTC). Bitcoin allow for cross-border payments, for large and small items at little or no transaction fee. It is a groundbreaking technology that is not restricted by the current Anti-Money Laundering (AML) and Countering Financing of Terrorism (CFT). The decentralised nature of Bitcoin provides for anonymity through possible use of multiple identities that are not linked to personally identifiable information. Bitcoin offers a convenient solution for criminals who are restricted by the conventional money transfer systems. Bitcoin has been linked to drug dealers, gold bugs, fraudsters, terrorists, whistleblowers, pornographers, Internet freedom activists and unregulated gaming enterprises (Simser, 2015). Other cybercrimes that are facilitated by Bitcoin include ransomware. This research identified a gap in acquiring digital evidence related to Bitcoin transactions. The data was obtained from case laws and secondary materials relating to Bitcoin forensics. We suggest a solution of maintaining a Bitcoin address repository through regular crawling of cryptocurrency sites. A web crawler that visits a list of user defined cryptocurrency sites was developed to solve the identified problem. The crawled sites include websites of interest to investigators. Results are stored in an XML file which can be exported to any database. The addresses and metadata collected from webpages can be used by investigators when building a case for Bitcoin related crimes. Transaction data about the collected addresses is available on the Bitcoin blockchain.
- ItemOpenSSL vulnerabilities in mobile banking applications(Strathmore University, 2017) Muriuki, Paul WilliamMobile banking has taken Kenya by storm. It is an easy and convenient banking channel in your hands. It is accessible from anywhere provided you have an internet connection or connectivity to your mobile network provider. Banks and other financial institutions have seen the numerous benefits of providing mobile banking services to their customers and each one is rushing to deploy their own mobile banking solution in an attempt to gain a competitive edge over their competitors. But as with new inventions, particularly those aimed at people’s finances, existing and potential clients of these institutions are worried as to how safe their transactions are. This is especially so since they are effected from remote locations and through their mobile devices. Questions are being asked concerning how secure mobile banking is and how safe personal information is while being transmitted from mobile devices to banks. This study seeks to understand the architecture of mobile banking solutions and identify potential areas of vulnerability in the systems deployed. It further seeks to look at how secure the deployed OpenSSL third party libraries are. Third party OpenSSL libraries are used extensively to secure data in transmission. The study, by leveraging the software development life cycle’s Agile development methodology, proposes to provide a tool that can be used by financial institutions to test banking applications developed for mobile devices before deploying them to the market. This will ensure that only secure systems are deployed. The results of this study will show the importance of proper testing before application deployment.
- ItemA Web based information security skills assessment prototype(Strathmore University, 2017) Nkonge, Regina KagwiriaCyber-attacks are continuously evolving to a great extent faster than cyber defences. The result is an ever-increasing frequency of attacks and the probability of success over time. To ensure employees are able to avoid or counter information security attacks directed at them and the organisation, it is necessary to carry out continuous security awareness and training, and, ensure this training is relevant to employees. Existing tools to assess information security skills among employees generally require the expertise of technical persons and are often not well tailored to an organisations’ specific needs. This study aims at developing a prototype which organisations can use to create information security skills assessments for their employees. Employees can then log in to the prototype at their convenient time and take the assessment. At the end of the assessment, each employee receives a percentage mark of their performance. Based on this percentage the employee is ranked as either beginner, intermediate or advanced and is also given a list of their weak areas based on questions they got wrong. The weak areas can be used to identify gaps and this information used to customise security awareness and training programs to meet employees’ needs. The research study adopted agile development methodology to design and develop a prototype to address identified gaps. The prototype was tested and validated to ensure it meets the intended goals and recorded impressive results.
- ItemA Client based email phishing detection algorithm: case of phishing attacks in the banking industry(Strathmore University, 2017) Oroko, Edwin OrinaToday, the banking sector has been a target for many phishing attackers. The use of email as an electronic means of communication during working hours and mostly for official purposes has made it a lucrative attack vector. With the rapid growth of technology, phishing techniques have advanced as seen in the millions of cash lost by banks through email phishing yearly. This continues to be the case despite investments in spam filtering tools, monitoring tools as well as creating user awareness, through training of banking staff on how they can easily identify a phishing email. To protect bank users and prevent the financial loses through phishing attacks, it important to understand how phishing works as well as the techniques used to achieve it. Moreover, there is a great need to implement an anti-phishing algorithm that collectively checks against phishing linguistic techniques, existence of malicious links and malicious attachments. This can lead to an increase in the performance and accuracy of the designed tool towards detecting and flagging phishing emails thus preventing them from being read by target. Evolutionary prototyping methodology was applied during this research. The advantages are in the fact that it enabled continuous analysis and supervised learning of the algorithm development until the desired outcome was achieved. This research aimed at understanding the characteristic of phishing emails, towards achieving defence in depth through creation of an algorithm for detecting and flagging phishing emails. In this research, we have implemented a client-based anti-phishing algorithm. The algorithm is able to analyse phishing links, identify malicious email attachments and perform text classification using a Naïve Bayes classifier to identify phishing terms in a new unread email. It then flags the email as malicious and sends it to the spam folder. Therefore the user only gets clean emails in the inbox folder.
- ItemA Platform for monitoring of security and audit events: a test case with windows systems(Strathmore University, 2017) Kimathi, Collins ChandiThe rise in cyber attacks against organisations and government agencies has created a need for improving security and monitoring of Information Technology assets. Analysis and monitoring of security events are one of the key areas when it comes to detecting and preventing security compromises in any organisation. While intrusion detection and prevention are often used to measure security management in an organisation, there are challenges of false positives, false negatives and information overload to the analysts tasked with monitoring. This work proposes to deliver an event collection and analysis system to monitor the security of Information Technology assets that have Windows Operating Systems, a centralised log management tool and dashboards to monitor analysed events in real-time for security alarms. The system will involve an agent to collect security and events from Windows Operating systems and send the events in a readable JSON format to the processing server for analysis and there after visualisation of various security events of interest. While security alarms such as bruteforce attacks can be identified and escalated to the security analysts. Testing was carried out by generating the desired security events from a Windows 10 virtual machine that were captured by the designed system.