SlideShare una empresa de Scribd logo

Forensic challenges of Internet mobility protocols

Descargar como DOCX, PDF
Rod Dines
Rod Dines
1 de 14
ELECTRONIC ASSIGNMENT COVERSHEET Student Number 31510992 Surname Dines Given name Rodney Dines Email murdoch.edu.au@roddines.com Unit Code ICT349 Unit name Forensic Data Analysis Enrolment mode Internal Fulltime Date Monday 18 May 2015 (Due: 9 amMonday Week 12) Submitted Tuesday 30 June 2015 under arrangement. Assignment number 1 Assignment name Research Essay (2000 words) Tutor Danny Toohey Student’s Declaration:  Except where indicated, the work I am submitting in this assignment is my own work and has not been submitted for assessment in another unit.  This submission complies with Murdoch University's academic integrity commitments. I am aware that information about plagiarism and associated penalties can be found at http://www.murdoch.edu.au/teach/plagiarism/. If I have any doubts or queries about this, I am further aware that I can contact my Unit Coordinator prior to submitting the assignment.  I acknowledge that the assessor of this assignment may, for the purpose of assessing this assignment: o reproduce this assignment and provide a copy to another academic staff member; and/or o submit a copy of this assignment to a plagiarism-checking service. This web-based service may retain a copy of this work for the sole purpose of subsequent plagiarism checking, but has a legal agreement with the University that it will not share or reproduce it in any form.  I have retained a copy of this assignment.  I will retain a copy of the notification of receipt of this assignment. If you have not received a receipt within three days, please check with your Unit Coordinator. I am aware that I am making this declaration by submitting this document electronically and by using my Murdoch ID and password it is deemed equivalent to executing this declaration with my written signature. Optional Comments to Tutor: E.g. If this is a group assignment,listgroup members here
Forensic Data Analysis – Assign 1 – Research Essay Chosen Topic: The consequences of Internet mobility protocols on network forensics Contents Forensic Data Analysis – Assign 1 – Research Essay...................................................2 Overview of the consequences of Internet mobility protocols on network forensics ....3 Background ................................................................................................................3 Types of mobility protocols ...................................................................................4 Brief explanation of Mobility protocol components..............................................4 Consequences of the Internet mobility architecture type.......................................5 Consequences of the transparency of mobility ......................................................5 Consequences of the Internet mobility mechanism ...............................................6 Consequences of the speed of mobility .................................................................6 Consequences of the heterogeneity of wireless communications ..........................7 Identifying the use of Internet mobility .................................................................7 Conclusions............................................................................................................8 References..................................................................................................................9 Appendix – Assignment Information and Supporting Material Provided ...................11 ICT349 Forensic Data Analysis (s1, 2015) .........................................................11 Research Essay.......................................................................................................11 Grading criteria .................................................................................................13
Overview of the consequences of Internet mobility protocols on network forensics Background The Internet infrastructure we use today was originally designed in a very different context and era. The architecture of the predominant Internet Protocol (IP), IPv4 we use today was designed for static hosts on fixed networks without and initially without a Domain Naming System (DNS). Many features of the Internet have evolved over time to utilise the underlying concept of the Internet in new and interesting ways, such as the World Wide Web (WWW) and their web browsers. However todays’ ubiquitous computing world is increasingly being dominated by the use of smartphone and other mobile technologies and this has the implication that a number of changes to the technology we use for communicating are occurring. Cisco estimates mobile data traffic will increase more than sixfold in the next four years (Cisco, 2015). At the nexus of the increasingly ubiquitous mobility and more powerful hand held computing devices is a driving demand for the requirement to remain connected as we utilise a range of heterogeneous mobility enabling wireless communications. This is being met with an increasing number of Internet mobility protocols, which attempt to resolve the disparity between the static notion of the Internet of old and the mobility desired and increasingly required in today’s Internet (Hou, Liu, & Gong, 2010; Johnson et al., 2004; Oki, Rojas-Cessa, Tatipamula, & Vogt, 2012; Zhu, UCLA, Wakikawa, Toyota ITC, & Zhang, 2011). Many of the forensics tools, techniques and procedures utilised today to analyse Internet activities are bedded in the architecture of the Internet of old, and new challenges are being presented to investigators on how to forensically decipher user activity in the growing presence and use of these new mobility protocols. There are a number of different approaches to implementing Internet mobility; these differing approaches result in different impacts on network and cyber forensics. At the core of the issue is that Internet mobility must break the end to end transparency that has been a core design principle of the Internet of the past (Carpenter, 2000). We already experience this in some application layer communication infrastructures such as Skype and instant messaging; even email is a form of indirect communication that utilises the Internet. However these communication systems are now well understood and in most cases, they leave some recorded data or meta-data on both the end client and network-devices that can be used to glean or infer additional information about the communication that took place and the path it took; this information can often be corroborated through additional evidence from elsewhere, including network forensics. The nature of Internet mobility requires that it must in some way orchestrate a redirection of IP traffic destined for a specific IP identity address, which serves to identify the mobile device, to the actual IP address that locates where the device is currently attached to the Internet. This is a deception designed to facilitate the functionality of mobility but it also becomes an additional problem for the forensic analysis of Internet activities. This essay is not intended to exhaustively survey all the protocols available for deploying Internet mobility; instead it examines common
aspects of how these protocols work, and attempts to briefly explore the impact they have on cyber forensics techniques. Types of mobility protocols In the last fifteen years or so the development of Internet mobility protocols has progressed and today we have a few primary candidates that appear to be making in- roads into the world of use and acceptance. These protocols include: Mobile IP (MIP) (Johnson et al., 2004) and derivatives like Proxy MIP (PMIP) (Kong, Lee, Han, Shin, & You, 2008) and NEtwork MObility Basic Support (NEMO-BS) (Devarapalli et al., 2005); Locator/ID Splitting Protocol (LISP) (Farinacci, Cisco Systems, Fuller, Meyer, & Lewis, 2013) and its Mobile Node (MN) derivative LISP-MN (Rodríguez Natal et al., 2013) and Mobile Router (MR) derivative LISP-MN-NEMO (Yizhen, Ke, Kaiping, & Dan, 2014) ; and Host Identity Protocol (HIP) (Moskowitz et al., 2015; Moskowitz et al., 2008) and HIP-NEMO (Chen, Hu, Chai, & Dong, 2011). These all utilise differing methods of implementing Internet mobility with different cyber and network forensic consequences. Architecture Network Vs Client Based Mechanism Tunnelling Vs Map-Encap Speed of Mobility Heterogeneous Network Multihoming MIP Client + Net Tunnelling Medium No PMIP Network Tunnelling Med-Fast No NEMO-BS Network Tunnelling Medium No LISP Network Map-Encap Slow No LISP-MN Client + Net Map-Encap Med-Fast Yes LISP-MN-NEMO Network Map-Encap Med-Fast Yes HIP Client Map-Encap Med-Fast Yes HIP-NEMO Network Map-Encap Med-Fast Yes Table 1: Internet mobility protocol characterisitics The different types of Internet mobility have differing characteristics as per Table 1 above. The consequences of these different characteristics are discussed in the following sections. Brief explanation of Mobility protocol components Mobility protocols utilise indirection to distinguish between a host identity (identity) and its network location (locator) (Zhu et al., 2011). This implies that in order for network traffic to find an appropriate route requires that there is a mechanism to track and link changes between these two aspects. This “mapping” mechanism must resolve the correct network locator for which to route or forward the traffic for a specific host identity; and then route the traffic to it. In simple terms you can think of the metaphor of asking a telephone operator for a phone number (locator) based on the person’s name (identity), and having them connect you. It follows that all these Internet mobility protocols can be summarised into three essential components (Zhu et al., 2011): 1. A stable identifier for a Mobile Node (MN); 2. A current locator, which is usually an IP address representing the MN’s current Internet topographical location; and
3. A mechanism for mapping between the identifier and the locator, which is updated as the MN/MR1 moves between Layer-Three (L3) networks and detected as having done so. 4. The Correspondent Node (CN) with which IP communication is occurring; 5. The MAPing server (MAP) which is a server where the mapping information for the resolution between Identifiers and their Locators are kept. 6. An optional component is a Rendezvous Server (RVS): The network device that can provide the function of enabling a fixed point for the connecting of the MN/MR with the CN. This may be married to the MAP server function. These components are identified in a conceptual diagram shown in Figure 1 below of a generalised indirection based Internet mobility protocol. Figure 1: Conceptual components of a generalisedindirection basedInternet mobility protocol Consequences of the Internet mobility architecture type Internet mobility protocols can be delivered by utilising network devices within the network infrastructure or within the mobile device itself, or with a combination of both. When the mobility enabling aspect is embedded in the end device then it may leave clues as to what type of mobility architecture has been utilised and end-point or near end-point network traffic analysis is likely to yield clues as to what type and nature of Internet indirection has occurred. When the mobility is enabled only through the network infrastructure then the deception of the specific redirection may be completely lost to the forensic investigator; in this case the deception will likely remain undisclosed without specific access to mechanisms of auditing and accountability within the network based mobility enabling infrastructure. This is akin to similar problems that complicate network forensics in Peer-to-Peer (P2P) networked applications such as Bit Torrent file sharing (Taylor, Haggerty, Gresty, & Fergus, 2010). For some time now security researchers have proposed a series of Network Forensic Frameworks (NFFs) to provide the required assistance for such complex tasks but these all remain proposals only with no known formal acceptance and implementation by providers and their regulators (Khan et al., 2014). Consequences of the transparency of mobility In contrast to the desire for NFFs current forensic techniques typically rely on slow investigative activities in tracking down a correspondent’s IP address location. The IP address when correlated with time and date typically locates the place through ISP records where the traffic terminated. The meta-data in ISP records that link IP 1 A MR is like an MN when but is instead a mobile network in a NEtwork MObility (NEMO) scenario.
addresses to customers are often required by law to be archived for some specific period (Parliament of Australia, 2015). When indirection for mobility has occurred, the meta-data that would reveal this may not have ever been recorded. You can think of this as akin to the content and not just the meta-data of DNS lookups. It is likely there is no requirement to retain the content or result of the mobility mapping system’s lookups by law; this is likely due to a lack of technical understanding by law makers, and their advisors, they may also have not mandated and facilitated the required level of accountability that later allow for a redirected route to be traced and attributed to a client account. At the very least the indirection creates another level of confusion that potentially needs to be explained in a court to non-technical judges and jurors. Potentially not knowing where an end point is located at a particular time and date makes it far more difficult for investigators to determine and prove situational clarity and for prosecutors alike to present a strong argument for the case. The result could be likened to Internet users deliberately utilising route obfuscation techniques like The Onion Router (TOR) (Hansen, 2013). Consequences of the Internet mobility mechanism Independent of where the indirection required for mobility occurs, the indirection technique may also add an additional burden to forensic analysis. There are two primary types of indirection technique employed by Internet mobility protocols. These are known as tunnelling and map and encapsulate (or map and encap). Tunnelling mobility protocol architectures effectively maintain one fixed globally known IP address for the Mobile Node (MN) then tunnel traffic to and from the mobile device to the Correspondent Node (CN). One mobility protocol called Mobile IP (MIP) typically directs traffic through a tunnel between the MN and a Home Agent (HA) – which is like the RVS in Figure 1 above – before that network device redirects traffic to and from the CN. In either case network traffic that is captured through a local mobile operator may possibly be used to analyse the mobility traffic. Depending on the version of MIP there is an encryption key used for securing traffic between the FA/HA and this may possibly be decrypted using discoverable shared configuration information. HIP and LISP based protocols utilise a map and encapsulate approach. While LISP based mobility protocols often do not encrypt traffic it is however encapsulated in another header, depending on where it is forensically captured and what type of mobility protocol is in use. HIP based protocols always use an Internet Protocol Security (IPsec) mechanism to encrypt all traffic between HIP network nodes. They also use transient encryption keys based on a Public Key Infrastructure (PKI) and these are negotiated per session like in the case of Secure Sockets Layer (SSL)/Transport Layer Security (TLS) and are effectively not going to be recoverable at all. And unlike SSL/TLS which is invoked at an application level HIP will encrypt all network traffic between HIP nodes regardless of what application is in use. Since HIP can be configured as a pure client configuration it acts a lot like a Virtual Private Network (VPN). It is conceivable it could be explicitly being used for securing communications channel for the express purpose of avoiding scrutiny and also providing the benefits of mobility while adding obscurity. Consequences of the speed of mobility Mobility can cause another problem to arise through the lack of time accuracy of meta-data records. In the past even non-static DHCP assigned IP addresses of users
changed rarely and the consequences of small time differences in records could usually be disregarded or alleviated by surrounding data that could be correlated to determine recorded time differences. But when fast mobility is occurring between heterogeneous wireless network infrastructures time differences of minutes or even tens of seconds may make it very difficult to establish and prosecute a link between network records and actors. Consequences of the heterogeneity of wireless communications When MN/MRs and their underlying mobility protocols are deliberately utilising a heterogeneous or hybrid sets of wireless communications it may no longer be possible for investigators to require one provider to collate disparate sources of network meta- data together and provide a uniform data set for forensic analysis. Now the investigator may have to determine a series of many different sets of disparate network data, perhaps with significant time error offsets and somehow weave this back together in a coherent manner in order to derive the required data set for through analysis. You might think of this as a criminal using five different mobile phones with five different mobile service providers and then only saying every fifth word through any one device, and changing to the next for each following word. In this scenario examining one network’s data may reveal very little information on its own. Identifying the use of Internet mobility For a cyber-forensic investigator to successfully investigate mobile-device network forensics they will need to start to understand Internet mobility protocols. Self- education and training preparation can make the task a lot easier. Identifying the protocol in use will require an understanding of the key characteristics of client based mobility protocols in order to know what to look for to identify them. Just being aware they exist will greatly help to avoid some confusion when analysing network traffic that may be difficult to understand. Certainly the traffic may appear to be something like a VPN in many cases. In the case of HIP it is its own transport layer protocol, but it also utilises IPsec. Network Forensic Analysis (NFA) tools like Wireshark already have protocol knowledge of the primary protocols in use today. More information is listed in Table 2 below: Base Mobility Protocol Network layer & Assigned port numbers Further information MIP (IPv4) (Perkin & WiChorusInc, 2010) App layer protocol UDP:434 https://www.wireshark.org/docs/dfref/m/mip.html https://tools.ietf.org/html/rfc5944 http://www.iana.org/assignments/mobileip- numbers/mobileip-numbers.xhtml MIPv6 / NEMO (Johnson et al., 2004) App layer protocol UDP:434 https://www.wireshark.org/docs/dfref/m/mipv6.html https://tools.ietf.org/html/rfc6275 https://tools.ietf.org/html/rfc3963 LISP (Farinacci et al., 2013) App layer protocol UDP:4341 lisp-data UDP:4342 lisp-control https://www.wireshark.org/docs/dfref/l/lisp.html https://tools.ietf.org/html/rfc6830 HIP (Moskowitz et al., 2015; Moskowitz et al., 2008) Transport layer protocol IP:139 https://www.wireshark.org/docs/dfref/h/hip.html http://www.networksorcery.com/enp/protocol/hip.htm https://tools.ietf.org/html/rfc4423 Table 2: Base mobility protocol information
Conclusions Internet mobility protocols offer a new challenge to cyber forensic investigators. Awareness that these protocols exist and can be used for many different use cases can help make it easier to better understand what is occurring when they are encountered. Investigators should be very careful when attempting to capture network traffic and be careful to investigate if service providers are utilising network based mobility protocols that may inadvertently obfuscate network information if collected at a source not directly at the point the MN device connects to the network or on its MR. In mobile scenarios it will be important to establish this information before planning the best approach in attempting to capture a specific target’s network traffic.
References Carpenter, B. (2000). RFC2775: Internet Transparency. Network Working Group. doi: urn:ietf:rfc:2775 Chen, Q., Hu, H., Chai, R., & Dong, T. (2011, 17-19 Aug. 2011). Mobility management based on HIP-NEMO. Paper presented at the Communications and Networking in China (CHINACOM), 2011 6th International ICST Conference on. Cisco. (2015). Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2014–2019 (pp. 42). Retrieved from http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual- networking-index-vni/white_paper_c11-520862.html Devarapalli, V., Nokia, Wakikawa, R., Keio University, Petrescu, A., Motorola, . . . Systems, C. (2005). RFC3963: Network mobility (NEMO) - basic support protocol. Internet Engineering Task Force (IETF), January. Retrieved from https://tools.ietf.org/pdf/rfc3963.pdf Farinacci, D., Cisco Systems, Fuller, V., Meyer, D., & Lewis, D. (2013). RFC6830: The locator/ID separation protocol (LISP) [RFC]. IETF Network Working Group, January. Retrieved from https://tools.ietf.org/html/rfc6830 Hansen, R. (2013). FIRST GLANCE: AN INTRODUCTORY ANALYSIS OF NETWORK FORENSICS OF TOR. Proceedings of the Conference on Digital Forensics, Security and Law, 107-122. Hou, J., Liu, Y., & Gong, Z. (2010, 27-30 Sept. 2010). Support mobility for future Internet. Paper presented at the Telecommunications Network Strategy and Planning Symposium (NETWORKS), 2010 14th International. Johnson, D., Rice University, Perkins, C., Nokia Research Center, Arkko, J., & Ericsson. (2004). RFC3775: Mobility support in IPv6 [RFC]. IETF Network Working Group, June. Retrieved from https://tools.ietf.org/pdf/rfc3775.pdf Khan, S., Shiraz, M., Abdul Wahab, A. W., Gani, A., Han, Q., & Bin Abdul Rahman, Z. (2014). A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing. The Scientific World Journal, 2014, 27. doi: 10.1155/2014/547062 Kong, K.-S., Lee, W., Han, Y.-H., Shin, M.-K., & You, H. (2008). Mobility management for all-IP mobile networks: mobile IPv6 vs. proxy mobile IPv6. IEEE Wireless Communications, 14; 15(2), 36-45. doi: 10.1109/MWC.2008.4492976 Moskowitz, R., Consulting, H., Heer, T., Control, H. A. a., Jokela, P., NomadicLab, E. R., . . . Washington, U. o. (2015). RFC7401: Host identity protocol version 2 (HIPv2) [RFC]. IETF Network Working Group, April. Retrieved from https://tools.ietf.org/html/rfc7401
Moskowitz, R., ICSAlabs, Nikander, P., Jokela, P., NomadicLab, E. R., T, H., & Company, T. B. (2008). RFC5201: Host identity protocol (HIP) [RFC]. IETF Network Working Group, April. Retrieved from http://tools.ietf.org/html/rfc5201 Oki, E., Rojas-Cessa, R., Tatipamula, M., & Vogt, C. (2012). Chapter 14: Mobility support for IP Advanced Internet Protocols, Services, and Applications (pp. 197-233): John Wiley & Sons, Inc. Parliament of Australia. (2015). Telecommunications (interception and access) amendment (data retention) bill 2015 – Parliament of Australia. Retrieved 28 June, 2015, from http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Searc h_Results/Result?bId=r5375 Perkin, C., & WiChorusInc. (2010). RFC5944: IP mobility support for IPv4, revised [RFC]. IETF Network Working Group, November. Retrieved from http://tools.ietf.org/html/rfc5944 Rodríguez Natal, A., Jakab, L., Portolés, M., Ermagan, V., Natarajan, P., Maino, F., . . . Cabellos Aparicio, A. (2013). LISP-MN: Mobile Networking Through LISP. Wireless Personal Communications, 70(1), 253-266. doi: 10.1007/s11277- 012-0692-5 Taylor, M., Haggerty, J., Gresty, D., & Fergus, P. (2010). Forensic investigation of peer-to-peer networks. Network security, 2010(9), 12-15. doi: 10.1016/S1353- 4858(10)70115-X Yizhen, W., Ke, C., Kaiping, X., & Dan, N. (2014, 23-25 Oct. 2014). NEMO-based mobility management in LISP network. Paper presented at the Wireless Communications and Signal Processing (WCSP), 2014 Sixth International Conference on. Zhu, Z., UCLA, Wakikawa, R., Toyota ITC, & Zhang, L. (2011). RFC6301: A survey of mobility support in the Internet [RFC]. Internet Engineering Task Force (IETF), July. Retrieved from https://tools.ietf.org/pdf/rfc6301.pdf * * * * END OF ASSIGNMENT Note: The following appendix material is --- NOT ASSESSABLE --- which is included only for this document’s later contextual support
Appendix – Assignment Information and Supporting Material Provided ICT349 Forensic Data Analysis (s1, 2015) Research Essay Some important points worth noting:  The assignment is due at 1130pm on Monday 1st June (i.e., the last Monday of semester)  This assignment is worth 25% of your final mark for the unit.  This assignment consists of 100 marks. Marks are allocated as described in the assignment. Late submissions will be penalised at the rate of 5 marks per day late or part thereof. Assignments will not be accepted more than 14 days after the submission date as assignment return will have commenced.  The University treats plagiarism, collusion, theft of other students’ work and other forms of dishonesty in assessment seriously. Any instances of dishonesty in this assessment will be immediately forwarded for investigation.  There will be a turn-it-in link available for this assignment. Research Essay The purpose of this assignment is for you to research an issue/area related to the unit, in particular an area that we are not covering in much depth in the unit, and to report on your research. It is worth discussing your choice of topic with one of the teaching staff in the unit PRIOR to commencing so a judgement can be made as to whether or not this is a suitable topic. It is suggested that the first part of the report explain the topic; for example, if your chosen topic were “SQL Injection Attacks”, it would be expected that there would be some explanation as to what an SQL Injection Attack was. The second part of the report should include some explanation as to the “state of the art” in the chosen area. This may mean a review of some of the products in that space, or how organisations are dealing with the particular item. The teaching staff in the unit are more than happy to help you with how to best go about completing this assignment. ****PLEASE DO NOT WRITE AN ESSAYABOUT SQL INJECTION ATTACKS! The length of the assignment is ABOUT 2000 words (not counting references) +/- 10%. Please try to stay within this limit. Be selective in your choice of sources. Wikipedia (and other similar sites) are low value in that they are secondary references in that they simply report on other people’s research.
If you are going to use vendor web sites/white papers, read them critically (as you should read everything), and remember that they are there to make money, not necessarily present a balanced view of a topic Marking The essay will be marked as below:  Spelling & Grammar: 20%  Sources: 20%  Referencing: 10%  Introduction/Conclusion: 10%  Organisation of Report: 10%  Content/Information: 30% Spelling and Grammar: these are important aspects of any written presentation. You must proofread your report prior to submitting it. As can be seen, this aspect of the submission is worth 20 marks. There are some very helpful on-line resources to assist you with grammar. They can be found at http://our.murdoch.edu.au/Student- life/Study-successfully/Online-and-Print/Resources/ Sources: these are the writings by other people to which you will be referring in your report. For a definition of quality sources, see above. In this assignment, you would be expected to refer to at least 10 good quality sources. Referencing: the marks in this section are allocated to your use of in-text citations. For help with referencing, see http://library.murdoch.edu.au/Getting- help/Referencing/ It is preferred in this report that you use the Chicago style. It is important to note that poor referencing can lead to plagiarism. If you are concerned about plagiarism, please see http://our.murdoch.edu.au/Student-life/Study- successfully/Referencing-and-citing/How-to-avoid-plagiarism/ Introduction/Conclusion: the purpose of an introduction in a report such as this is to “set the scene” for the reader so they understand the context of the report. It is important to tell the reader what to expect from the report; what topic is being covered, and what aspects of that topic are the focus of the report. A conclusion will sum the report up for the reader. Organisation of Report: It is worthwhile planning the report BEFORE submitting it! Make sure that there is a logical flow from one section to the next. It is often difficult in a group assignment to have this flow. It may be worthwhile having one group member being responsible for “putting” the assignment together. Content/Information: this is where a judgement as to how well the topic is covered. If the coverage is not much more than the content of the textbook, or is only very superficial, then only a low mark will be awarded. In reports such as this, it is often better to focus on a very specific aspect of the topic and cover that quite deeply, rather than cover a very broad topic superficially.
Grading criteria Spelling and Grammar More than 5 spelling or grammatical errors 0points 4 spelling or grammatical errors 4points 3 spelling or grammatical errors 8points 2 spelling or grammatical errors 12points 1 spelling or grammatical errors 16points No spelling or grammatical errors 20points Research Sources No sources cited 0points Single source only 4points < 10 sources or => 10 sources but not of high quality or from a limited set of sources 8points >= 10 sources of good quality 12points many (>=10) sources of high quality demonstrating breadth and depth in research 16points Selection of sources is exceptional. 20points Referencing No referencing used. 0points Poor or incorrect use of referencing technique 2points Accurate use of referencing technique, but with several errors. 4points Accurate use of referencing technique, but with few errors. 6points Accurate use of referencing technique, but with very few errors. 8points Referencing cannot be faulted 10points Introduction No introduction 0points Introduction is present,but does not discuss the content of the report. 2points Introduction is present,but does not discuss the content of the report in any detail. 4points Introduction is present,and provides some background as to the content 6points Introduction provides good discussion as to the content of the report. 8points Introduction is of exceptional quality and cannot be faulted. 10points Organisation of report Report is not organised and makes little sense 0points Report has only the basic sections. 2points Report has sections,but they are not ordered in such a way as to develop the content of the report. 4points Sections are organised and flow well. 6points Organisation of the report is good and adds to the content and flow of the report. 8points Report is VERY well organised 10points Content - information Poor. The report does not address Very basic coverage of the Adequate coverage of the Good coverage of the topic, The report provides an in- The report is VERY good
the topic in any way at all. 0points topic only. 6points topic. 12points provides some interesting points. 18points depth coverage of the topic. 24points and of a publishable quality. 30points * * * * END OF DOCUMENT

Recomendados

Privacy and Personal Data Protection in Electronic Voting: Factors and Measures
Privacy and Personal Data Protection in Electronic Voting: Factors and MeasuresPrivacy and Personal Data Protection in Electronic Voting: Factors and Measures
Privacy and Personal Data Protection in Electronic Voting: Factors and MeasuresTELKOMNIKA JOURNAL
 
The data traffic and data warehouses store managing and controlling
The data traffic and data warehouses store managing and controllingThe data traffic and data warehouses store managing and controlling
The data traffic and data warehouses store managing and controllingAlexander Decker
 
ICPSR - Complex Systems Models in the Social Sciences - Lecture 4 - Professor...
ICPSR - Complex Systems Models in the Social Sciences - Lecture 4 - Professor...ICPSR - Complex Systems Models in the Social Sciences - Lecture 4 - Professor...
ICPSR - Complex Systems Models in the Social Sciences - Lecture 4 - Professor...Daniel Katz
 
The pure emic user interface design methodology for an online community polic...
The pure emic user interface design methodology for an online community polic...The pure emic user interface design methodology for an online community polic...
The pure emic user interface design methodology for an online community polic...Alexander Decker
 
A Survey Of Free-Ridingbehaviour In Peer-To-Peer Networks
A Survey Of Free-Ridingbehaviour In Peer-To-Peer NetworksA Survey Of Free-Ridingbehaviour In Peer-To-Peer Networks
A Survey Of Free-Ridingbehaviour In Peer-To-Peer Networksijiert bestjournal
 
Relation of Coffee Break and Productivity
Relation of Coffee Break and ProductivityRelation of Coffee Break and Productivity
Relation of Coffee Break and ProductivityJavaCoffeeIQ.com
 
Six Degrees of Separation to Improve Routing in Opportunistic Networks
Six Degrees of Separation to Improve Routing in Opportunistic NetworksSix Degrees of Separation to Improve Routing in Opportunistic Networks
Six Degrees of Separation to Improve Routing in Opportunistic Networksijujournal
 
1 s2.0-s1570870514001255-main
1 s2.0-s1570870514001255-main1 s2.0-s1570870514001255-main
1 s2.0-s1570870514001255-mainRizky Andawasatya
 

Recomendados

Privacy and Personal Data Protection in Electronic Voting: Factors and Measures
Privacy and Personal Data Protection in Electronic Voting: Factors and MeasuresPrivacy and Personal Data Protection in Electronic Voting: Factors and Measures
Privacy and Personal Data Protection in Electronic Voting: Factors and MeasuresTELKOMNIKA JOURNAL
 
The data traffic and data warehouses store managing and controlling
The data traffic and data warehouses store managing and controllingThe data traffic and data warehouses store managing and controlling
The data traffic and data warehouses store managing and controllingAlexander Decker
 
ICPSR - Complex Systems Models in the Social Sciences - Lecture 4 - Professor...
ICPSR - Complex Systems Models in the Social Sciences - Lecture 4 - Professor...ICPSR - Complex Systems Models in the Social Sciences - Lecture 4 - Professor...
ICPSR - Complex Systems Models in the Social Sciences - Lecture 4 - Professor...Daniel Katz
 
The pure emic user interface design methodology for an online community polic...
The pure emic user interface design methodology for an online community polic...The pure emic user interface design methodology for an online community polic...
The pure emic user interface design methodology for an online community polic...Alexander Decker
 
A Survey Of Free-Ridingbehaviour In Peer-To-Peer Networks
A Survey Of Free-Ridingbehaviour In Peer-To-Peer NetworksA Survey Of Free-Ridingbehaviour In Peer-To-Peer Networks
A Survey Of Free-Ridingbehaviour In Peer-To-Peer Networksijiert bestjournal
 
Relation of Coffee Break and Productivity
Relation of Coffee Break and ProductivityRelation of Coffee Break and Productivity
Relation of Coffee Break and ProductivityJavaCoffeeIQ.com
 
Six Degrees of Separation to Improve Routing in Opportunistic Networks
Six Degrees of Separation to Improve Routing in Opportunistic NetworksSix Degrees of Separation to Improve Routing in Opportunistic Networks
Six Degrees of Separation to Improve Routing in Opportunistic Networksijujournal
 
1 s2.0-s1570870514001255-main
1 s2.0-s1570870514001255-main1 s2.0-s1570870514001255-main
1 s2.0-s1570870514001255-mainRizky Andawasatya
 
Legal Analytics Course - Class 11 - Network Analysis and Law - Professors Dan...
Legal Analytics Course - Class 11 - Network Analysis and Law - Professors Dan...Legal Analytics Course - Class 11 - Network Analysis and Law - Professors Dan...
Legal Analytics Course - Class 11 - Network Analysis and Law - Professors Dan...Daniel Katz
 
Published Paper
Published PaperPublished Paper
Published PaperFaeza Noor
 
DOMINANT FEATURES IDENTIFICATION FOR COVERT NODES IN 9/11 ATTACK USING THEIR ...
DOMINANT FEATURES IDENTIFICATION FOR COVERT NODES IN 9/11 ATTACK USING THEIR ...DOMINANT FEATURES IDENTIFICATION FOR COVERT NODES IN 9/11 ATTACK USING THEIR ...
DOMINANT FEATURES IDENTIFICATION FOR COVERT NODES IN 9/11 ATTACK USING THEIR ...IJNSA Journal
 
Network Analysis and Law: Introductory Tutorial @ Jurix 2011 Meeting (Vienna)
Network Analysis and Law: Introductory Tutorial @ Jurix 2011 Meeting (Vienna)Network Analysis and Law: Introductory Tutorial @ Jurix 2011 Meeting (Vienna)
Network Analysis and Law: Introductory Tutorial @ Jurix 2011 Meeting (Vienna)Daniel Katz
 
Mathematics and Social Networks
Mathematics and Social NetworksMathematics and Social Networks
Mathematics and Social NetworksMason Porter
 
Multimode network based efficient and scalable learning of collective behavior
Multimode network based efficient and scalable learning of collective behaviorMultimode network based efficient and scalable learning of collective behavior
Multimode network based efficient and scalable learning of collective behaviorIAEME Publication
 
Networking Updated 4.12.10
Networking Updated 4.12.10Networking Updated 4.12.10
Networking Updated 4.12.10Leslie
 
Networking Theories Presentation
Networking Theories PresentationNetworking Theories Presentation
Networking Theories PresentationLeslie
 
AN ONTOLOGY FOR EXPLORING KNOWLEDGE IN COMPUTER NETWORKS
AN ONTOLOGY FOR EXPLORING KNOWLEDGE IN COMPUTER NETWORKSAN ONTOLOGY FOR EXPLORING KNOWLEDGE IN COMPUTER NETWORKS
AN ONTOLOGY FOR EXPLORING KNOWLEDGE IN COMPUTER NETWORKSijcsa
 
Centrality in Time- Dependent Networks
Centrality in Time- Dependent NetworksCentrality in Time- Dependent Networks
Centrality in Time- Dependent NetworksMason Porter
 
Networking Theories
Networking TheoriesNetworking Theories
Networking TheoriesLeslie
 
Networking Theories Presentation
Networking Theories PresentationNetworking Theories Presentation
Networking Theories PresentationLeslie
 
Semantic Massage Addressing based on Social Cloud Actor's Interests
Semantic Massage Addressing based on Social Cloud Actor's InterestsSemantic Massage Addressing based on Social Cloud Actor's Interests
Semantic Massage Addressing based on Social Cloud Actor's InterestsCSCJournals
 
TCI 2015 What Do Links Mean in Innovation Clusters? ‘Relational Dialectics’
TCI 2015 What Do Links Mean in Innovation Clusters? ‘Relational Dialectics’TCI 2015 What Do Links Mean in Innovation Clusters? ‘Relational Dialectics’
TCI 2015 What Do Links Mean in Innovation Clusters? ‘Relational Dialectics’TCI Network
 
Literature Review on Social Networking in Supply chain
Literature Review on Social Networking in Supply chainLiterature Review on Social Networking in Supply chain
Literature Review on Social Networking in Supply chainSujoy Bag
 
Reality Mining
Reality MiningReality Mining
Reality MiningCI&T
 
Dynamics of Semantic Networks of Independence Day Speeches
Dynamics of Semantic Networks of Independence Day SpeechesDynamics of Semantic Networks of Independence Day Speeches
Dynamics of Semantic Networks of Independence Day SpeechesPremsankar Chakkingal
 
Network Neutrality: Potential impact on free speech and the right to information
Network Neutrality: Potential impact on free speech and the right to informationNetwork Neutrality: Potential impact on free speech and the right to information
Network Neutrality: Potential impact on free speech and the right to informationŚrodkowoeuropejskie Studia Polityczne
 
ICPSR - Complex Systems Models in the Social Sciences - Lecture 6 - Professor...
ICPSR - Complex Systems Models in the Social Sciences - Lecture 6 - Professor...ICPSR - Complex Systems Models in the Social Sciences - Lecture 6 - Professor...
ICPSR - Complex Systems Models in the Social Sciences - Lecture 6 - Professor...Daniel Katz
 
Peer-to-Peer Architecture Case Study Gnutella NetworkMate.docx
Peer-to-Peer Architecture Case Study Gnutella NetworkMate.docxPeer-to-Peer Architecture Case Study Gnutella NetworkMate.docx
Peer-to-Peer Architecture Case Study Gnutella NetworkMate.docxherbertwilson5999
 
Study of computer network issues and
Study of computer network issues andStudy of computer network issues and
Study of computer network issues andijfcstjournal
 
Ije v4 i2International Journal of Engineering (IJE) Volume (3) Issue (4)
Ije v4 i2International Journal of Engineering (IJE) Volume (3) Issue (4)Ije v4 i2International Journal of Engineering (IJE) Volume (3) Issue (4)
Ije v4 i2International Journal of Engineering (IJE) Volume (3) Issue (4)CSCJournals
 

Más contenido relacionado

La actualidad más candente

Legal Analytics Course - Class 11 - Network Analysis and Law - Professors Dan...
Legal Analytics Course - Class 11 - Network Analysis and Law - Professors Dan...Legal Analytics Course - Class 11 - Network Analysis and Law - Professors Dan...
Legal Analytics Course - Class 11 - Network Analysis and Law - Professors Dan...Daniel Katz
 
Published Paper
Published PaperPublished Paper
Published PaperFaeza Noor
 
DOMINANT FEATURES IDENTIFICATION FOR COVERT NODES IN 9/11 ATTACK USING THEIR ...
DOMINANT FEATURES IDENTIFICATION FOR COVERT NODES IN 9/11 ATTACK USING THEIR ...DOMINANT FEATURES IDENTIFICATION FOR COVERT NODES IN 9/11 ATTACK USING THEIR ...
DOMINANT FEATURES IDENTIFICATION FOR COVERT NODES IN 9/11 ATTACK USING THEIR ...IJNSA Journal
 
Network Analysis and Law: Introductory Tutorial @ Jurix 2011 Meeting (Vienna)
Network Analysis and Law: Introductory Tutorial @ Jurix 2011 Meeting (Vienna)Network Analysis and Law: Introductory Tutorial @ Jurix 2011 Meeting (Vienna)
Network Analysis and Law: Introductory Tutorial @ Jurix 2011 Meeting (Vienna)Daniel Katz
 
Mathematics and Social Networks
Mathematics and Social NetworksMathematics and Social Networks
Mathematics and Social NetworksMason Porter
 
Multimode network based efficient and scalable learning of collective behavior
Multimode network based efficient and scalable learning of collective behaviorMultimode network based efficient and scalable learning of collective behavior
Multimode network based efficient and scalable learning of collective behaviorIAEME Publication
 
Networking Updated 4.12.10
Networking Updated 4.12.10Networking Updated 4.12.10
Networking Updated 4.12.10Leslie
 
Networking Theories Presentation
Networking Theories PresentationNetworking Theories Presentation
Networking Theories PresentationLeslie
 
AN ONTOLOGY FOR EXPLORING KNOWLEDGE IN COMPUTER NETWORKS
AN ONTOLOGY FOR EXPLORING KNOWLEDGE IN COMPUTER NETWORKSAN ONTOLOGY FOR EXPLORING KNOWLEDGE IN COMPUTER NETWORKS
AN ONTOLOGY FOR EXPLORING KNOWLEDGE IN COMPUTER NETWORKSijcsa
 
Centrality in Time- Dependent Networks
Centrality in Time- Dependent NetworksCentrality in Time- Dependent Networks
Centrality in Time- Dependent NetworksMason Porter
 
Networking Theories
Networking TheoriesNetworking Theories
Networking TheoriesLeslie
 
Networking Theories Presentation
Networking Theories PresentationNetworking Theories Presentation
Networking Theories PresentationLeslie
 
Semantic Massage Addressing based on Social Cloud Actor's Interests
Semantic Massage Addressing based on Social Cloud Actor's InterestsSemantic Massage Addressing based on Social Cloud Actor's Interests
Semantic Massage Addressing based on Social Cloud Actor's InterestsCSCJournals
 
TCI 2015 What Do Links Mean in Innovation Clusters? ‘Relational Dialectics’
TCI 2015 What Do Links Mean in Innovation Clusters? ‘Relational Dialectics’TCI 2015 What Do Links Mean in Innovation Clusters? ‘Relational Dialectics’
TCI 2015 What Do Links Mean in Innovation Clusters? ‘Relational Dialectics’TCI Network
 
Literature Review on Social Networking in Supply chain
Literature Review on Social Networking in Supply chainLiterature Review on Social Networking in Supply chain
Literature Review on Social Networking in Supply chainSujoy Bag
 
Reality Mining
Reality MiningReality Mining
Reality MiningCI&T
 
Dynamics of Semantic Networks of Independence Day Speeches
Dynamics of Semantic Networks of Independence Day SpeechesDynamics of Semantic Networks of Independence Day Speeches
Dynamics of Semantic Networks of Independence Day SpeechesPremsankar Chakkingal
 
Network Neutrality: Potential impact on free speech and the right to information
Network Neutrality: Potential impact on free speech and the right to informationNetwork Neutrality: Potential impact on free speech and the right to information
Network Neutrality: Potential impact on free speech and the right to informationŚrodkowoeuropejskie Studia Polityczne
 
ICPSR - Complex Systems Models in the Social Sciences - Lecture 6 - Professor...
ICPSR - Complex Systems Models in the Social Sciences - Lecture 6 - Professor...ICPSR - Complex Systems Models in the Social Sciences - Lecture 6 - Professor...
ICPSR - Complex Systems Models in the Social Sciences - Lecture 6 - Professor...Daniel Katz
 

La actualidad más candente (19)

Legal Analytics Course - Class 11 - Network Analysis and Law - Professors Dan...
Legal Analytics Course - Class 11 - Network Analysis and Law - Professors Dan...Legal Analytics Course - Class 11 - Network Analysis and Law - Professors Dan...
Legal Analytics Course - Class 11 - Network Analysis and Law - Professors Dan...
 
Published Paper
Published PaperPublished Paper
Published Paper
 
DOMINANT FEATURES IDENTIFICATION FOR COVERT NODES IN 9/11 ATTACK USING THEIR ...
DOMINANT FEATURES IDENTIFICATION FOR COVERT NODES IN 9/11 ATTACK USING THEIR ...DOMINANT FEATURES IDENTIFICATION FOR COVERT NODES IN 9/11 ATTACK USING THEIR ...
DOMINANT FEATURES IDENTIFICATION FOR COVERT NODES IN 9/11 ATTACK USING THEIR ...
 
Network Analysis and Law: Introductory Tutorial @ Jurix 2011 Meeting (Vienna)
Network Analysis and Law: Introductory Tutorial @ Jurix 2011 Meeting (Vienna)Network Analysis and Law: Introductory Tutorial @ Jurix 2011 Meeting (Vienna)
Network Analysis and Law: Introductory Tutorial @ Jurix 2011 Meeting (Vienna)
 
Mathematics and Social Networks
Mathematics and Social NetworksMathematics and Social Networks
Mathematics and Social Networks
 
Multimode network based efficient and scalable learning of collective behavior
Multimode network based efficient and scalable learning of collective behaviorMultimode network based efficient and scalable learning of collective behavior
Multimode network based efficient and scalable learning of collective behavior
 
Networking Updated 4.12.10
Networking Updated 4.12.10Networking Updated 4.12.10
Networking Updated 4.12.10
 
Networking Theories Presentation
Networking Theories PresentationNetworking Theories Presentation
Networking Theories Presentation
 
AN ONTOLOGY FOR EXPLORING KNOWLEDGE IN COMPUTER NETWORKS
AN ONTOLOGY FOR EXPLORING KNOWLEDGE IN COMPUTER NETWORKSAN ONTOLOGY FOR EXPLORING KNOWLEDGE IN COMPUTER NETWORKS
AN ONTOLOGY FOR EXPLORING KNOWLEDGE IN COMPUTER NETWORKS
 
Centrality in Time- Dependent Networks
Centrality in Time- Dependent NetworksCentrality in Time- Dependent Networks
Centrality in Time- Dependent Networks
 
Networking Theories
Networking TheoriesNetworking Theories
Networking Theories
 
Networking Theories Presentation
Networking Theories PresentationNetworking Theories Presentation
Networking Theories Presentation
 
Semantic Massage Addressing based on Social Cloud Actor's Interests
Semantic Massage Addressing based on Social Cloud Actor's InterestsSemantic Massage Addressing based on Social Cloud Actor's Interests
Semantic Massage Addressing based on Social Cloud Actor's Interests
 
TCI 2015 What Do Links Mean in Innovation Clusters? ‘Relational Dialectics’
TCI 2015 What Do Links Mean in Innovation Clusters? ‘Relational Dialectics’TCI 2015 What Do Links Mean in Innovation Clusters? ‘Relational Dialectics’
TCI 2015 What Do Links Mean in Innovation Clusters? ‘Relational Dialectics’
 
Literature Review on Social Networking in Supply chain
Literature Review on Social Networking in Supply chainLiterature Review on Social Networking in Supply chain
Literature Review on Social Networking in Supply chain
 
Reality Mining
Reality MiningReality Mining
Reality Mining
 
Dynamics of Semantic Networks of Independence Day Speeches
Dynamics of Semantic Networks of Independence Day SpeechesDynamics of Semantic Networks of Independence Day Speeches
Dynamics of Semantic Networks of Independence Day Speeches
 
Network Neutrality: Potential impact on free speech and the right to information
Network Neutrality: Potential impact on free speech and the right to informationNetwork Neutrality: Potential impact on free speech and the right to information
Network Neutrality: Potential impact on free speech and the right to information
 
ICPSR - Complex Systems Models in the Social Sciences - Lecture 6 - Professor...
ICPSR - Complex Systems Models in the Social Sciences - Lecture 6 - Professor...ICPSR - Complex Systems Models in the Social Sciences - Lecture 6 - Professor...
ICPSR - Complex Systems Models in the Social Sciences - Lecture 6 - Professor...
 

Similar a Forensic challenges of Internet mobility protocols

Peer-to-Peer Architecture Case Study Gnutella NetworkMate.docx
Peer-to-Peer Architecture Case Study Gnutella NetworkMate.docxPeer-to-Peer Architecture Case Study Gnutella NetworkMate.docx
Peer-to-Peer Architecture Case Study Gnutella NetworkMate.docxherbertwilson5999
 
Study of computer network issues and
Study of computer network issues andStudy of computer network issues and
Study of computer network issues andijfcstjournal
 
Ije v4 i2International Journal of Engineering (IJE) Volume (3) Issue (4)
Ije v4 i2International Journal of Engineering (IJE) Volume (3) Issue (4)Ije v4 i2International Journal of Engineering (IJE) Volume (3) Issue (4)
Ije v4 i2International Journal of Engineering (IJE) Volume (3) Issue (4)CSCJournals
 
Real-Time WebRTC based Mobile Surveillance System
Real-Time WebRTC based Mobile Surveillance SystemReal-Time WebRTC based Mobile Surveillance System
Real-Time WebRTC based Mobile Surveillance SystemDr. Amarjeet Singh
 
Real-Time WebRTC based Mobile Surveillance System
Real-Time WebRTC based Mobile Surveillance SystemReal-Time WebRTC based Mobile Surveillance System
Real-Time WebRTC based Mobile Surveillance SystemDr. Amarjeet Singh
 
Analysis of IT Monitoring Using Open Source Software Techniques: A Review
Analysis of IT Monitoring Using Open Source Software Techniques: A ReviewAnalysis of IT Monitoring Using Open Source Software Techniques: A Review
Analysis of IT Monitoring Using Open Source Software Techniques: A ReviewIJERD Editor
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Scienceinventy
 
Net Neutrality Capacity Building Seminar
Net Neutrality Capacity Building SeminarNet Neutrality Capacity Building Seminar
Net Neutrality Capacity Building SeminarExcel Asama
 
The Impact on Security due to the Vulnerabilities Existing in the network a S...
The Impact on Security due to the Vulnerabilities Existing in the network a S...The Impact on Security due to the Vulnerabilities Existing in the network a S...
The Impact on Security due to the Vulnerabilities Existing in the network a S...IJAEMSJORNAL
 
IJWMN -Malware Detection in IoT Systems using Machine Learning Techniques
IJWMN -Malware Detection in IoT Systems using Machine Learning TechniquesIJWMN -Malware Detection in IoT Systems using Machine Learning Techniques
IJWMN -Malware Detection in IoT Systems using Machine Learning Techniquesijwmn
 
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUES
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUESMALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUES
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUESijwmn
 
COMPUTER NETWORKS NOTES usefull for computer and elctronics students
COMPUTER NETWORKS NOTES usefull for computer and elctronics studentsCOMPUTER NETWORKS NOTES usefull for computer and elctronics students
COMPUTER NETWORKS NOTES usefull for computer and elctronics studentsGorra Narsimhulu
 
Machine learning for internet of things classification using network traffic ...
Machine learning for internet of things classification using network traffic ...Machine learning for internet of things classification using network traffic ...
Machine learning for internet of things classification using network traffic ...IJECEIAES
 
Assignment Of Sensing Tasks To IoT Devices Exploitation Of A Social Network ...
Assignment Of Sensing Tasks To IoT Devices Exploitation Of A Social Network ...Assignment Of Sensing Tasks To IoT Devices Exploitation Of A Social Network ...
Assignment Of Sensing Tasks To IoT Devices Exploitation Of A Social Network ...Dustin Pytko
 
Net Neutrality Capacity Building Seminar
Net Neutrality Capacity Building SeminarNet Neutrality Capacity Building Seminar
Net Neutrality Capacity Building SeminarExcel Asama
 
Accounting Value Effects for Responsible Networking
Accounting Value Effects for Responsible NetworkingAccounting Value Effects for Responsible Networking
Accounting Value Effects for Responsible NetworkingGiovanni Sileno
 
Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...
Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...
Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...AIRCC Publishing Corporation
 

Similar a Forensic challenges of Internet mobility protocols (20)

Peer-to-Peer Architecture Case Study Gnutella NetworkMate.docx
Peer-to-Peer Architecture Case Study Gnutella NetworkMate.docxPeer-to-Peer Architecture Case Study Gnutella NetworkMate.docx
Peer-to-Peer Architecture Case Study Gnutella NetworkMate.docx
 
Study of computer network issues and
Study of computer network issues andStudy of computer network issues and
Study of computer network issues and
 
Ije v4 i2International Journal of Engineering (IJE) Volume (3) Issue (4)
Ije v4 i2International Journal of Engineering (IJE) Volume (3) Issue (4)Ije v4 i2International Journal of Engineering (IJE) Volume (3) Issue (4)
Ije v4 i2International Journal of Engineering (IJE) Volume (3) Issue (4)
 
Real-Time WebRTC based Mobile Surveillance System
Real-Time WebRTC based Mobile Surveillance SystemReal-Time WebRTC based Mobile Surveillance System
Real-Time WebRTC based Mobile Surveillance System
 
Real-Time WebRTC based Mobile Surveillance System
Real-Time WebRTC based Mobile Surveillance SystemReal-Time WebRTC based Mobile Surveillance System
Real-Time WebRTC based Mobile Surveillance System
 
Analysis of IT Monitoring Using Open Source Software Techniques: A Review
Analysis of IT Monitoring Using Open Source Software Techniques: A ReviewAnalysis of IT Monitoring Using Open Source Software Techniques: A Review
Analysis of IT Monitoring Using Open Source Software Techniques: A Review
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
 
Net Neutrality Capacity Building Seminar
Net Neutrality Capacity Building SeminarNet Neutrality Capacity Building Seminar
Net Neutrality Capacity Building Seminar
 
Intelligent Agents in Telecommunications
Intelligent Agents in TelecommunicationsIntelligent Agents in Telecommunications
Intelligent Agents in Telecommunications
 
The Impact on Security due to the Vulnerabilities Existing in the network a S...
The Impact on Security due to the Vulnerabilities Existing in the network a S...The Impact on Security due to the Vulnerabilities Existing in the network a S...
The Impact on Security due to the Vulnerabilities Existing in the network a S...
 
IJWMN -Malware Detection in IoT Systems using Machine Learning Techniques
IJWMN -Malware Detection in IoT Systems using Machine Learning TechniquesIJWMN -Malware Detection in IoT Systems using Machine Learning Techniques
IJWMN -Malware Detection in IoT Systems using Machine Learning Techniques
 
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUES
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUESMALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUES
MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUES
 
COMPUTER NETWORKS NOTES.pdf
COMPUTER NETWORKS NOTES.pdfCOMPUTER NETWORKS NOTES.pdf
COMPUTER NETWORKS NOTES.pdf
 
COMPUTER NETWORKS NOTES usefull for computer and elctronics students
COMPUTER NETWORKS NOTES usefull for computer and elctronics studentsCOMPUTER NETWORKS NOTES usefull for computer and elctronics students
COMPUTER NETWORKS NOTES usefull for computer and elctronics students
 
Machine learning for internet of things classification using network traffic ...
Machine learning for internet of things classification using network traffic ...Machine learning for internet of things classification using network traffic ...
Machine learning for internet of things classification using network traffic ...
 
Assignment Of Sensing Tasks To IoT Devices Exploitation Of A Social Network ...
Assignment Of Sensing Tasks To IoT Devices Exploitation Of A Social Network ...Assignment Of Sensing Tasks To IoT Devices Exploitation Of A Social Network ...
Assignment Of Sensing Tasks To IoT Devices Exploitation Of A Social Network ...
 
Net Neutrality Capacity Building Seminar
Net Neutrality Capacity Building SeminarNet Neutrality Capacity Building Seminar
Net Neutrality Capacity Building Seminar
 
Accounting Value Effects for Responsible Networking
Accounting Value Effects for Responsible NetworkingAccounting Value Effects for Responsible Networking
Accounting Value Effects for Responsible Networking
 
Probabilistic Polling System Approach for IoT Secure Routing
Probabilistic Polling System Approach for IoT Secure RoutingProbabilistic Polling System Approach for IoT Secure Routing
Probabilistic Polling System Approach for IoT Secure Routing
 
Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...
Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...
Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...
 

Forensic challenges of Internet mobility protocols

  • 1. ELECTRONIC ASSIGNMENT COVERSHEET Student Number 31510992 Surname Dines Given name Rodney Dines Email murdoch.edu.au@roddines.com Unit Code ICT349 Unit name Forensic Data Analysis Enrolment mode Internal Fulltime Date Monday 18 May 2015 (Due: 9 amMonday Week 12) Submitted Tuesday 30 June 2015 under arrangement. Assignment number 1 Assignment name Research Essay (2000 words) Tutor Danny Toohey Student’s Declaration:  Except where indicated, the work I am submitting in this assignment is my own work and has not been submitted for assessment in another unit.  This submission complies with Murdoch University's academic integrity commitments. I am aware that information about plagiarism and associated penalties can be found at http://www.murdoch.edu.au/teach/plagiarism/. If I have any doubts or queries about this, I am further aware that I can contact my Unit Coordinator prior to submitting the assignment.  I acknowledge that the assessor of this assignment may, for the purpose of assessing this assignment: o reproduce this assignment and provide a copy to another academic staff member; and/or o submit a copy of this assignment to a plagiarism-checking service. This web-based service may retain a copy of this work for the sole purpose of subsequent plagiarism checking, but has a legal agreement with the University that it will not share or reproduce it in any form.  I have retained a copy of this assignment.  I will retain a copy of the notification of receipt of this assignment. If you have not received a receipt within three days, please check with your Unit Coordinator. I am aware that I am making this declaration by submitting this document electronically and by using my Murdoch ID and password it is deemed equivalent to executing this declaration with my written signature. Optional Comments to Tutor: E.g. If this is a group assignment,listgroup members here
  • 2. Forensic Data Analysis – Assign 1 – Research Essay Chosen Topic: The consequences of Internet mobility protocols on network forensics Contents Forensic Data Analysis – Assign 1 – Research Essay...................................................2 Overview of the consequences of Internet mobility protocols on network forensics ....3 Background ................................................................................................................3 Types of mobility protocols ...................................................................................4 Brief explanation of Mobility protocol components..............................................4 Consequences of the Internet mobility architecture type.......................................5 Consequences of the transparency of mobility ......................................................5 Consequences of the Internet mobility mechanism ...............................................6 Consequences of the speed of mobility .................................................................6 Consequences of the heterogeneity of wireless communications ..........................7 Identifying the use of Internet mobility .................................................................7 Conclusions............................................................................................................8 References..................................................................................................................9 Appendix – Assignment Information and Supporting Material Provided ...................11 ICT349 Forensic Data Analysis (s1, 2015) .........................................................11 Research Essay.......................................................................................................11 Grading criteria .................................................................................................13
  • 3. Overview of the consequences of Internet mobility protocols on network forensics Background The Internet infrastructure we use today was originally designed in a very different context and era. The architecture of the predominant Internet Protocol (IP), IPv4 we use today was designed for static hosts on fixed networks without and initially without a Domain Naming System (DNS). Many features of the Internet have evolved over time to utilise the underlying concept of the Internet in new and interesting ways, such as the World Wide Web (WWW) and their web browsers. However todays’ ubiquitous computing world is increasingly being dominated by the use of smartphone and other mobile technologies and this has the implication that a number of changes to the technology we use for communicating are occurring. Cisco estimates mobile data traffic will increase more than sixfold in the next four years (Cisco, 2015). At the nexus of the increasingly ubiquitous mobility and more powerful hand held computing devices is a driving demand for the requirement to remain connected as we utilise a range of heterogeneous mobility enabling wireless communications. This is being met with an increasing number of Internet mobility protocols, which attempt to resolve the disparity between the static notion of the Internet of old and the mobility desired and increasingly required in today’s Internet (Hou, Liu, & Gong, 2010; Johnson et al., 2004; Oki, Rojas-Cessa, Tatipamula, & Vogt, 2012; Zhu, UCLA, Wakikawa, Toyota ITC, & Zhang, 2011). Many of the forensics tools, techniques and procedures utilised today to analyse Internet activities are bedded in the architecture of the Internet of old, and new challenges are being presented to investigators on how to forensically decipher user activity in the growing presence and use of these new mobility protocols. There are a number of different approaches to implementing Internet mobility; these differing approaches result in different impacts on network and cyber forensics. At the core of the issue is that Internet mobility must break the end to end transparency that has been a core design principle of the Internet of the past (Carpenter, 2000). We already experience this in some application layer communication infrastructures such as Skype and instant messaging; even email is a form of indirect communication that utilises the Internet. However these communication systems are now well understood and in most cases, they leave some recorded data or meta-data on both the end client and network-devices that can be used to glean or infer additional information about the communication that took place and the path it took; this information can often be corroborated through additional evidence from elsewhere, including network forensics. The nature of Internet mobility requires that it must in some way orchestrate a redirection of IP traffic destined for a specific IP identity address, which serves to identify the mobile device, to the actual IP address that locates where the device is currently attached to the Internet. This is a deception designed to facilitate the functionality of mobility but it also becomes an additional problem for the forensic analysis of Internet activities. This essay is not intended to exhaustively survey all the protocols available for deploying Internet mobility; instead it examines common
  • 4. aspects of how these protocols work, and attempts to briefly explore the impact they have on cyber forensics techniques. Types of mobility protocols In the last fifteen years or so the development of Internet mobility protocols has progressed and today we have a few primary candidates that appear to be making in- roads into the world of use and acceptance. These protocols include: Mobile IP (MIP) (Johnson et al., 2004) and derivatives like Proxy MIP (PMIP) (Kong, Lee, Han, Shin, & You, 2008) and NEtwork MObility Basic Support (NEMO-BS) (Devarapalli et al., 2005); Locator/ID Splitting Protocol (LISP) (Farinacci, Cisco Systems, Fuller, Meyer, & Lewis, 2013) and its Mobile Node (MN) derivative LISP-MN (Rodríguez Natal et al., 2013) and Mobile Router (MR) derivative LISP-MN-NEMO (Yizhen, Ke, Kaiping, & Dan, 2014) ; and Host Identity Protocol (HIP) (Moskowitz et al., 2015; Moskowitz et al., 2008) and HIP-NEMO (Chen, Hu, Chai, & Dong, 2011). These all utilise differing methods of implementing Internet mobility with different cyber and network forensic consequences. Architecture Network Vs Client Based Mechanism Tunnelling Vs Map-Encap Speed of Mobility Heterogeneous Network Multihoming MIP Client + Net Tunnelling Medium No PMIP Network Tunnelling Med-Fast No NEMO-BS Network Tunnelling Medium No LISP Network Map-Encap Slow No LISP-MN Client + Net Map-Encap Med-Fast Yes LISP-MN-NEMO Network Map-Encap Med-Fast Yes HIP Client Map-Encap Med-Fast Yes HIP-NEMO Network Map-Encap Med-Fast Yes Table 1: Internet mobility protocol characterisitics The different types of Internet mobility have differing characteristics as per Table 1 above. The consequences of these different characteristics are discussed in the following sections. Brief explanation of Mobility protocol components Mobility protocols utilise indirection to distinguish between a host identity (identity) and its network location (locator) (Zhu et al., 2011). This implies that in order for network traffic to find an appropriate route requires that there is a mechanism to track and link changes between these two aspects. This “mapping” mechanism must resolve the correct network locator for which to route or forward the traffic for a specific host identity; and then route the traffic to it. In simple terms you can think of the metaphor of asking a telephone operator for a phone number (locator) based on the person’s name (identity), and having them connect you. It follows that all these Internet mobility protocols can be summarised into three essential components (Zhu et al., 2011): 1. A stable identifier for a Mobile Node (MN); 2. A current locator, which is usually an IP address representing the MN’s current Internet topographical location; and
  • 5. 3. A mechanism for mapping between the identifier and the locator, which is updated as the MN/MR1 moves between Layer-Three (L3) networks and detected as having done so. 4. The Correspondent Node (CN) with which IP communication is occurring; 5. The MAPing server (MAP) which is a server where the mapping information for the resolution between Identifiers and their Locators are kept. 6. An optional component is a Rendezvous Server (RVS): The network device that can provide the function of enabling a fixed point for the connecting of the MN/MR with the CN. This may be married to the MAP server function. These components are identified in a conceptual diagram shown in Figure 1 below of a generalised indirection based Internet mobility protocol. Figure 1: Conceptual components of a generalisedindirection basedInternet mobility protocol Consequences of the Internet mobility architecture type Internet mobility protocols can be delivered by utilising network devices within the network infrastructure or within the mobile device itself, or with a combination of both. When the mobility enabling aspect is embedded in the end device then it may leave clues as to what type of mobility architecture has been utilised and end-point or near end-point network traffic analysis is likely to yield clues as to what type and nature of Internet indirection has occurred. When the mobility is enabled only through the network infrastructure then the deception of the specific redirection may be completely lost to the forensic investigator; in this case the deception will likely remain undisclosed without specific access to mechanisms of auditing and accountability within the network based mobility enabling infrastructure. This is akin to similar problems that complicate network forensics in Peer-to-Peer (P2P) networked applications such as Bit Torrent file sharing (Taylor, Haggerty, Gresty, & Fergus, 2010). For some time now security researchers have proposed a series of Network Forensic Frameworks (NFFs) to provide the required assistance for such complex tasks but these all remain proposals only with no known formal acceptance and implementation by providers and their regulators (Khan et al., 2014). Consequences of the transparency of mobility In contrast to the desire for NFFs current forensic techniques typically rely on slow investigative activities in tracking down a correspondent’s IP address location. The IP address when correlated with time and date typically locates the place through ISP records where the traffic terminated. The meta-data in ISP records that link IP 1 A MR is like an MN when but is instead a mobile network in a NEtwork MObility (NEMO) scenario.
  • 6. addresses to customers are often required by law to be archived for some specific period (Parliament of Australia, 2015). When indirection for mobility has occurred, the meta-data that would reveal this may not have ever been recorded. You can think of this as akin to the content and not just the meta-data of DNS lookups. It is likely there is no requirement to retain the content or result of the mobility mapping system’s lookups by law; this is likely due to a lack of technical understanding by law makers, and their advisors, they may also have not mandated and facilitated the required level of accountability that later allow for a redirected route to be traced and attributed to a client account. At the very least the indirection creates another level of confusion that potentially needs to be explained in a court to non-technical judges and jurors. Potentially not knowing where an end point is located at a particular time and date makes it far more difficult for investigators to determine and prove situational clarity and for prosecutors alike to present a strong argument for the case. The result could be likened to Internet users deliberately utilising route obfuscation techniques like The Onion Router (TOR) (Hansen, 2013). Consequences of the Internet mobility mechanism Independent of where the indirection required for mobility occurs, the indirection technique may also add an additional burden to forensic analysis. There are two primary types of indirection technique employed by Internet mobility protocols. These are known as tunnelling and map and encapsulate (or map and encap). Tunnelling mobility protocol architectures effectively maintain one fixed globally known IP address for the Mobile Node (MN) then tunnel traffic to and from the mobile device to the Correspondent Node (CN). One mobility protocol called Mobile IP (MIP) typically directs traffic through a tunnel between the MN and a Home Agent (HA) – which is like the RVS in Figure 1 above – before that network device redirects traffic to and from the CN. In either case network traffic that is captured through a local mobile operator may possibly be used to analyse the mobility traffic. Depending on the version of MIP there is an encryption key used for securing traffic between the FA/HA and this may possibly be decrypted using discoverable shared configuration information. HIP and LISP based protocols utilise a map and encapsulate approach. While LISP based mobility protocols often do not encrypt traffic it is however encapsulated in another header, depending on where it is forensically captured and what type of mobility protocol is in use. HIP based protocols always use an Internet Protocol Security (IPsec) mechanism to encrypt all traffic between HIP network nodes. They also use transient encryption keys based on a Public Key Infrastructure (PKI) and these are negotiated per session like in the case of Secure Sockets Layer (SSL)/Transport Layer Security (TLS) and are effectively not going to be recoverable at all. And unlike SSL/TLS which is invoked at an application level HIP will encrypt all network traffic between HIP nodes regardless of what application is in use. Since HIP can be configured as a pure client configuration it acts a lot like a Virtual Private Network (VPN). It is conceivable it could be explicitly being used for securing communications channel for the express purpose of avoiding scrutiny and also providing the benefits of mobility while adding obscurity. Consequences of the speed of mobility Mobility can cause another problem to arise through the lack of time accuracy of meta-data records. In the past even non-static DHCP assigned IP addresses of users
  • 7. changed rarely and the consequences of small time differences in records could usually be disregarded or alleviated by surrounding data that could be correlated to determine recorded time differences. But when fast mobility is occurring between heterogeneous wireless network infrastructures time differences of minutes or even tens of seconds may make it very difficult to establish and prosecute a link between network records and actors. Consequences of the heterogeneity of wireless communications When MN/MRs and their underlying mobility protocols are deliberately utilising a heterogeneous or hybrid sets of wireless communications it may no longer be possible for investigators to require one provider to collate disparate sources of network meta- data together and provide a uniform data set for forensic analysis. Now the investigator may have to determine a series of many different sets of disparate network data, perhaps with significant time error offsets and somehow weave this back together in a coherent manner in order to derive the required data set for through analysis. You might think of this as a criminal using five different mobile phones with five different mobile service providers and then only saying every fifth word through any one device, and changing to the next for each following word. In this scenario examining one network’s data may reveal very little information on its own. Identifying the use of Internet mobility For a cyber-forensic investigator to successfully investigate mobile-device network forensics they will need to start to understand Internet mobility protocols. Self- education and training preparation can make the task a lot easier. Identifying the protocol in use will require an understanding of the key characteristics of client based mobility protocols in order to know what to look for to identify them. Just being aware they exist will greatly help to avoid some confusion when analysing network traffic that may be difficult to understand. Certainly the traffic may appear to be something like a VPN in many cases. In the case of HIP it is its own transport layer protocol, but it also utilises IPsec. Network Forensic Analysis (NFA) tools like Wireshark already have protocol knowledge of the primary protocols in use today. More information is listed in Table 2 below: Base Mobility Protocol Network layer & Assigned port numbers Further information MIP (IPv4) (Perkin & WiChorusInc, 2010) App layer protocol UDP:434 https://www.wireshark.org/docs/dfref/m/mip.html https://tools.ietf.org/html/rfc5944 http://www.iana.org/assignments/mobileip- numbers/mobileip-numbers.xhtml MIPv6 / NEMO (Johnson et al., 2004) App layer protocol UDP:434 https://www.wireshark.org/docs/dfref/m/mipv6.html https://tools.ietf.org/html/rfc6275 https://tools.ietf.org/html/rfc3963 LISP (Farinacci et al., 2013) App layer protocol UDP:4341 lisp-data UDP:4342 lisp-control https://www.wireshark.org/docs/dfref/l/lisp.html https://tools.ietf.org/html/rfc6830 HIP (Moskowitz et al., 2015; Moskowitz et al., 2008) Transport layer protocol IP:139 https://www.wireshark.org/docs/dfref/h/hip.html http://www.networksorcery.com/enp/protocol/hip.htm https://tools.ietf.org/html/rfc4423 Table 2: Base mobility protocol information
  • 8. Conclusions Internet mobility protocols offer a new challenge to cyber forensic investigators. Awareness that these protocols exist and can be used for many different use cases can help make it easier to better understand what is occurring when they are encountered. Investigators should be very careful when attempting to capture network traffic and be careful to investigate if service providers are utilising network based mobility protocols that may inadvertently obfuscate network information if collected at a source not directly at the point the MN device connects to the network or on its MR. In mobile scenarios it will be important to establish this information before planning the best approach in attempting to capture a specific target’s network traffic.
  • 9. References Carpenter, B. (2000). RFC2775: Internet Transparency. Network Working Group. doi: urn:ietf:rfc:2775 Chen, Q., Hu, H., Chai, R., & Dong, T. (2011, 17-19 Aug. 2011). Mobility management based on HIP-NEMO. Paper presented at the Communications and Networking in China (CHINACOM), 2011 6th International ICST Conference on. Cisco. (2015). Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2014–2019 (pp. 42). Retrieved from http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual- networking-index-vni/white_paper_c11-520862.html Devarapalli, V., Nokia, Wakikawa, R., Keio University, Petrescu, A., Motorola, . . . Systems, C. (2005). RFC3963: Network mobility (NEMO) - basic support protocol. Internet Engineering Task Force (IETF), January. Retrieved from https://tools.ietf.org/pdf/rfc3963.pdf Farinacci, D., Cisco Systems, Fuller, V., Meyer, D., & Lewis, D. (2013). RFC6830: The locator/ID separation protocol (LISP) [RFC]. IETF Network Working Group, January. Retrieved from https://tools.ietf.org/html/rfc6830 Hansen, R. (2013). FIRST GLANCE: AN INTRODUCTORY ANALYSIS OF NETWORK FORENSICS OF TOR. Proceedings of the Conference on Digital Forensics, Security and Law, 107-122. Hou, J., Liu, Y., & Gong, Z. (2010, 27-30 Sept. 2010). Support mobility for future Internet. Paper presented at the Telecommunications Network Strategy and Planning Symposium (NETWORKS), 2010 14th International. Johnson, D., Rice University, Perkins, C., Nokia Research Center, Arkko, J., & Ericsson. (2004). RFC3775: Mobility support in IPv6 [RFC]. IETF Network Working Group, June. Retrieved from https://tools.ietf.org/pdf/rfc3775.pdf Khan, S., Shiraz, M., Abdul Wahab, A. W., Gani, A., Han, Q., & Bin Abdul Rahman, Z. (2014). A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing. The Scientific World Journal, 2014, 27. doi: 10.1155/2014/547062 Kong, K.-S., Lee, W., Han, Y.-H., Shin, M.-K., & You, H. (2008). Mobility management for all-IP mobile networks: mobile IPv6 vs. proxy mobile IPv6. IEEE Wireless Communications, 14; 15(2), 36-45. doi: 10.1109/MWC.2008.4492976 Moskowitz, R., Consulting, H., Heer, T., Control, H. A. a., Jokela, P., NomadicLab, E. R., . . . Washington, U. o. (2015). RFC7401: Host identity protocol version 2 (HIPv2) [RFC]. IETF Network Working Group, April. Retrieved from https://tools.ietf.org/html/rfc7401
  • 10. Moskowitz, R., ICSAlabs, Nikander, P., Jokela, P., NomadicLab, E. R., T, H., & Company, T. B. (2008). RFC5201: Host identity protocol (HIP) [RFC]. IETF Network Working Group, April. Retrieved from http://tools.ietf.org/html/rfc5201 Oki, E., Rojas-Cessa, R., Tatipamula, M., & Vogt, C. (2012). Chapter 14: Mobility support for IP Advanced Internet Protocols, Services, and Applications (pp. 197-233): John Wiley & Sons, Inc. Parliament of Australia. (2015). Telecommunications (interception and access) amendment (data retention) bill 2015 – Parliament of Australia. Retrieved 28 June, 2015, from http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Searc h_Results/Result?bId=r5375 Perkin, C., & WiChorusInc. (2010). RFC5944: IP mobility support for IPv4, revised [RFC]. IETF Network Working Group, November. Retrieved from http://tools.ietf.org/html/rfc5944 Rodríguez Natal, A., Jakab, L., Portolés, M., Ermagan, V., Natarajan, P., Maino, F., . . . Cabellos Aparicio, A. (2013). LISP-MN: Mobile Networking Through LISP. Wireless Personal Communications, 70(1), 253-266. doi: 10.1007/s11277- 012-0692-5 Taylor, M., Haggerty, J., Gresty, D., & Fergus, P. (2010). Forensic investigation of peer-to-peer networks. Network security, 2010(9), 12-15. doi: 10.1016/S1353- 4858(10)70115-X Yizhen, W., Ke, C., Kaiping, X., & Dan, N. (2014, 23-25 Oct. 2014). NEMO-based mobility management in LISP network. Paper presented at the Wireless Communications and Signal Processing (WCSP), 2014 Sixth International Conference on. Zhu, Z., UCLA, Wakikawa, R., Toyota ITC, & Zhang, L. (2011). RFC6301: A survey of mobility support in the Internet [RFC]. Internet Engineering Task Force (IETF), July. Retrieved from https://tools.ietf.org/pdf/rfc6301.pdf * * * * END OF ASSIGNMENT Note: The following appendix material is --- NOT ASSESSABLE --- which is included only for this document’s later contextual support
  • 11. Appendix – Assignment Information and Supporting Material Provided ICT349 Forensic Data Analysis (s1, 2015) Research Essay Some important points worth noting:  The assignment is due at 1130pm on Monday 1st June (i.e., the last Monday of semester)  This assignment is worth 25% of your final mark for the unit.  This assignment consists of 100 marks. Marks are allocated as described in the assignment. Late submissions will be penalised at the rate of 5 marks per day late or part thereof. Assignments will not be accepted more than 14 days after the submission date as assignment return will have commenced.  The University treats plagiarism, collusion, theft of other students’ work and other forms of dishonesty in assessment seriously. Any instances of dishonesty in this assessment will be immediately forwarded for investigation.  There will be a turn-it-in link available for this assignment. Research Essay The purpose of this assignment is for you to research an issue/area related to the unit, in particular an area that we are not covering in much depth in the unit, and to report on your research. It is worth discussing your choice of topic with one of the teaching staff in the unit PRIOR to commencing so a judgement can be made as to whether or not this is a suitable topic. It is suggested that the first part of the report explain the topic; for example, if your chosen topic were “SQL Injection Attacks”, it would be expected that there would be some explanation as to what an SQL Injection Attack was. The second part of the report should include some explanation as to the “state of the art” in the chosen area. This may mean a review of some of the products in that space, or how organisations are dealing with the particular item. The teaching staff in the unit are more than happy to help you with how to best go about completing this assignment. ****PLEASE DO NOT WRITE AN ESSAYABOUT SQL INJECTION ATTACKS! The length of the assignment is ABOUT 2000 words (not counting references) +/- 10%. Please try to stay within this limit. Be selective in your choice of sources. Wikipedia (and other similar sites) are low value in that they are secondary references in that they simply report on other people’s research.
  • 12. If you are going to use vendor web sites/white papers, read them critically (as you should read everything), and remember that they are there to make money, not necessarily present a balanced view of a topic Marking The essay will be marked as below:  Spelling & Grammar: 20%  Sources: 20%  Referencing: 10%  Introduction/Conclusion: 10%  Organisation of Report: 10%  Content/Information: 30% Spelling and Grammar: these are important aspects of any written presentation. You must proofread your report prior to submitting it. As can be seen, this aspect of the submission is worth 20 marks. There are some very helpful on-line resources to assist you with grammar. They can be found at http://our.murdoch.edu.au/Student- life/Study-successfully/Online-and-Print/Resources/ Sources: these are the writings by other people to which you will be referring in your report. For a definition of quality sources, see above. In this assignment, you would be expected to refer to at least 10 good quality sources. Referencing: the marks in this section are allocated to your use of in-text citations. For help with referencing, see http://library.murdoch.edu.au/Getting- help/Referencing/ It is preferred in this report that you use the Chicago style. It is important to note that poor referencing can lead to plagiarism. If you are concerned about plagiarism, please see http://our.murdoch.edu.au/Student-life/Study- successfully/Referencing-and-citing/How-to-avoid-plagiarism/ Introduction/Conclusion: the purpose of an introduction in a report such as this is to “set the scene” for the reader so they understand the context of the report. It is important to tell the reader what to expect from the report; what topic is being covered, and what aspects of that topic are the focus of the report. A conclusion will sum the report up for the reader. Organisation of Report: It is worthwhile planning the report BEFORE submitting it! Make sure that there is a logical flow from one section to the next. It is often difficult in a group assignment to have this flow. It may be worthwhile having one group member being responsible for “putting” the assignment together. Content/Information: this is where a judgement as to how well the topic is covered. If the coverage is not much more than the content of the textbook, or is only very superficial, then only a low mark will be awarded. In reports such as this, it is often better to focus on a very specific aspect of the topic and cover that quite deeply, rather than cover a very broad topic superficially.
  • 13. Grading criteria Spelling and Grammar More than 5 spelling or grammatical errors 0points 4 spelling or grammatical errors 4points 3 spelling or grammatical errors 8points 2 spelling or grammatical errors 12points 1 spelling or grammatical errors 16points No spelling or grammatical errors 20points Research Sources No sources cited 0points Single source only 4points < 10 sources or => 10 sources but not of high quality or from a limited set of sources 8points >= 10 sources of good quality 12points many (>=10) sources of high quality demonstrating breadth and depth in research 16points Selection of sources is exceptional. 20points Referencing No referencing used. 0points Poor or incorrect use of referencing technique 2points Accurate use of referencing technique, but with several errors. 4points Accurate use of referencing technique, but with few errors. 6points Accurate use of referencing technique, but with very few errors. 8points Referencing cannot be faulted 10points Introduction No introduction 0points Introduction is present,but does not discuss the content of the report. 2points Introduction is present,but does not discuss the content of the report in any detail. 4points Introduction is present,and provides some background as to the content 6points Introduction provides good discussion as to the content of the report. 8points Introduction is of exceptional quality and cannot be faulted. 10points Organisation of report Report is not organised and makes little sense 0points Report has only the basic sections. 2points Report has sections,but they are not ordered in such a way as to develop the content of the report. 4points Sections are organised and flow well. 6points Organisation of the report is good and adds to the content and flow of the report. 8points Report is VERY well organised 10points Content - information Poor. The report does not address Very basic coverage of the Adequate coverage of the Good coverage of the topic, The report provides an in- The report is VERY good
  • 14. the topic in any way at all. 0points topic only. 6points topic. 12points provides some interesting points. 18points depth coverage of the topic. 24points and of a publishable quality. 30points * * * * END OF DOCUMENT