Forensics enabled secure mobile computing system for enterprises

Abstract

The enterprises are facing constant security threats with the emergence of new mobile computing devices like smartphones, smartwatches, and wearables. The existing digital forensic enabled security solutions are not able to match the pace at which these technological advances are evolving. In case of a security incident, the enterprises fail to perform a subsequent digital forensic investigation since their security systems are not designed with required Digital Forensic Readiness capability. Currently, there are no well defined Digital Forensic Readiness frameworks for mobile computing devices. The are some existing frameworks that provide partial support. However, they do not have a provision to learn from the past security violation occurrences. There is a need for an automated forensically ready and secure solution, which could improve efficiency and productivity, while continuously learning and adapting to new and unforeseen challenges. The current thesis is devoted to the design of forensics enabled secure mobile computing systems for the enterprises. The author has focused on developing a ‘digital forensic readiness and secure’ system, which targets smartphones, smartwatches, and wearables operating in an enterprise environment; while incorporating machine learning capabilities to make it a learning system. The digital forensic readiness solutions include ‘Precognition’, which performs forensic analysis of suspected mobile applications. Precognition also uses machine learning techniques that utilize feature sets which are extracted from decompiled mobile applications, to identify potential security threats. The author has analyzed over 14151 mobile applications and classified vulnerabilities with an accuracy of 94.2%. The second solution, which concentrates on digital forensic readiness at the operating system level, securely preserves date and time stamps of targeted events running in smartphones, smartwatches, and wearables. These timestamps can be used to validate the digital evidence during a subsequent digital forensic investigation for any of the devices mentioned above. As a third contribution towards promoting digital forensic readiness in the mobile computing devices, the author has presented a novel form of forensic analysis technique, which analyzes over 5498 mobile ads to build the user profile which can be applied to identify the suspect who uses a particular device. The security contribution of the thesis includes an automated security analysis solution for identifying potential mobile security threats. Further, a solution ‘SecureRing’ has been proposed for securing the mobile applications to provide an additional layer of protection against attacks. The author has also designed ‘MobiSecureWrap’, which is an automated solution for wrapping mobile application binaries with additional security layer to protect them against potential threats. MobiSecureWrap recommends secure solutions based on detected security threats to protect the application binaries. The author evaluated over 5121 mobile applications to achieve a solution recommendation accuracy of 95.3%.