Cryptopometry as a Methodology for Investigating Encrypted Material

Cryptopometry as a Methodology for Investigating Encrypted Material

Niall McGrath (University College Dublin, Ireland), Pavel Gladyshev (University College Dublin, Ireland) and Joe Carthy (University College Dublin, Ireland)
Copyright: © 2010 |Pages: 20
DOI: 10.4018/jdcf.2010010101
OnDemand PDF Download:
$37.50

Abstract

When encrypted material is discovered during a digital investigation and the investigator cannot decrypt the material then he or she is faced with the problem of how to determine the evidential value of the material. This research is proposing a methodology titled Cryptopometry. Cryptopometry extracts probative value from the encrypted file of a hybrid cryptosystem. Cryptopometry also incorporates a technique for locating the original plaintext file. Since child pornography (KP) images and terrorist related information (TI) are transmitted in encrypted formats, the digital investigator must ask the question Cui Bono?—who benefits or who is the recipient? By following Cryptopometry, the scope of the digital investigation can be extended to reveal the intended recipient. The derivation of the term Cryptopometry is also described and explained.
Article Preview

2 Problem Description

The investigation of subject A is initiated and a forensic image of the hard disk drive (HDD) is taken. Analysis is carried out and it is found that there is a significant amount of ciphertext files and plaintext files containing evidence. Subject A is a suspected distributor/seller of KP and subject B whose identity is unknown is the recipient of the encrypted material. The objective of this research is to establish an evidential link between the encrypter and the recipient of PGP encrypted material and subsequently identify the plaintext file that was encrypted. In this scenario subject A must have had subject B’s public key (PKB) and PGP encrypted the plaintext material (M) to form the ciphertext (CB). Subject B can decrypt the ciphertext when he receives it with his private key (PVKB), please see Figure 1 below. PGP is a hybrid cryptosystem where the ciphertext created by it follows the OpenPGP message format specified in Callas et al. (2007). A hybrid cryptosystem is a combination of symmetric and asymmetric encryption. A symmetric key is session generated and then this is used to encrypt data. The symmetric key is then encrypted using the recipient’s public key. The public key can be stored and distributed by a key server. The symmetrically encrypted data and the asymmetrically encrypted symmetric key are the major components of a PGP ciphertext data-packet. PGP also compresses data before encryption for added security because this helps remove redundancies and patterns that might facilitate cryptanalysis, compression is only applied to the symmetrically encrypted data-packet. PGP uses the Deflater (zip) algorithm for compression.

Figure 1.

Problem description

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing