Editorial

This final edition of JIW for 2008 covers vulnerability in IPSec tunnels, malware analysis, wireless deployment in the defence forces, and a discussion of the lessons that could be learnt from modern military conflict.
The first paper is an opinion piece by Jeffrey Jones and Phil Taylor who present an interesting viewpoint on the lessons that could be learnt from recent conflicts to improve strategic communication and the ‘war on terror’.  The second paper, by Eric Filiol, Frederic Jennequin and Guillaume Delaunay, covers information leakage due to vulnerabilities in IPSec tunnels using malware attacks. Following on with the malware theme, the subsequent paper by Fadi El-moussa and Andy Jones investigates static and dynamic malware analysis. The final paper in this issue discusses the possibilities for defence force deployment of wireless networks and is authored by Drew McEniery and Andrew Woodward.
This is the last issue in which I will be standing in as editor, as Bill Hutchison returns from leave in January. I have had an interesting year and learnt many lessons in editorship as a consequence. My thanks go to Bill for giving me the opportunity to undertake this task, which despite the occasional problems has been both informative and enjoyable. My thanks also goes to all the authors and reviewers (who take on the task voluntarily) who have responded to my many editorial requests. Your timely responses were highly appreciated.
Finally, the journal is always seeking quality papers for publication. Whilst, most papers are of an academic nature, we also welcome papers with opinions on relevant topics from knowledgeable persons. Such papers do not require such rigorous analysis by peers. All submissions can be emailed directly to Bill at w.hutchinson@ecu.edu.au.
Dr Trish Williams,
December, 2008

Table of Contents

Paper 1: Malware-based Information Leakage over IPSec Tunnels
E. F. Filiol , F. Jennequin, G. Delaunay

Paper 2: Malware Analysis Framework from Static to Dynamic Analysis
F. El-moussa and A. Jones

Paper 3: Australian Defence Force Policy and the use of WPA2 as a Security Option for Deployment of 802.11 Wireless etworks in the Field
D. McEniery and A. Woodward

About the Authors

Guillaume Delaunay is an undergraduate student in network security at the Dept. of Network and Communications of the University of Rennes.

Fadi El-moussa joined BT in 2005 as a Network Security Professional. Before joining BT, Fadi did his PhD at Salford University in Manchester in Data Telecommunications and Network. His PhD was in detecting and mitigating DDoS attack where his PhD was focus on tunnelling approach to detect and block the attack traffic using intelligent firewall and intrusion detection. Since he joined BT, he involved in a number of Security projects: Control Plane separation, MPLS attack mitigation, Denial of Service resistance architecture, Penetration testing and evaluating of different products for BT, Fuzzing, Honeypot and Malware Analysis. He is a Certified Ethical Hacking (CEH); and Penetration Testing and Network Vulnerability Assessments (PEST).
Eric Filiol is the head scientist officer of the Virology and Cryptology Lab at the Army Signals Academy in Rennes, France. He holds a PhD in applied mathematics applied to cryptology and a Habilitation thesis in applied mathematics applied to computer security.

Frédéric Jennequin is a researcher at the Virology and Cryptology Lab at the Army Signals Academy in Rennes, France. He holds an engineer diploma in computer security.

Andy Jones. During a full military career Andy directed both Intelligence and Security operations and briefed the results at the highest level, and was awarded the MBE for his service in Northern Ireland. After 25 years service with the British Army’s Intelligence Corps he became a business manager and a researcher and analyst in the area of Information Warfare and computer crime at a defence research establishment. In September 2002, on completion of a paper on a method for the metrication of the threats to information systems, he left the defence environment to take up a post as a principal lecturer at the University of Glamorgan in the subjects of Network Security and Computer Crime and as a researcher on the Threats to Information Systems and Computer Forensics. At the University he developed and managed a well equipped Computer Forensics Laboratory and took the lead on a large number of computer investigations and data recovery tasks. In January 2005, he joined the Security Research Centre at British Telecommunications where he is currently the head of information security research. He is the author of five books on the topics of Information warfare, information security and digital forensics, and holds a Ph.D. in the area of threats to information systems. Andy is Adjunct Professor in the School of Computer and Information Science at Edith Cowan University and part of the SECAU Security Research Centre. Jeff Jones is a former Senior Director for Strategic Communication and Information at the National Security Council of The White House in Washington, to which he was appointed after 9/11. During his 30-year military career, he served as United States Defense Representative, Defense and Army Attaché in Paris (1998-2001). He commanded the 4th Psychological Operations Group (Airborne), U.S. Army and U.S. Special Operations Commands headquartered at Ft Bragg, North Carolina, from 1993 until 1995. Prior to brigade-level command, he served on the National Security Council during the previous Bush Administration from 1991 until 1993 as Director for Defense Policy and Arms Control. During this period, he authored the 1993 National Security Strategy of the United States, helped craft President Bush’s nuclear arms control initiative, led White House support for the establishment of the George Marshall European Center for Security Studies, and developed peacekeeping initiatives for the United Nations, NATO, Somalia, Bosnia and Cambodia. During Operations DESERT SHIELD and DESERT STORM, Jones commanded the 8th Psychological Operations Task Force (Airborne).

Drew McEniery lives and works in Perth, Western Australia. He is currently working for the Australian Department of Defence in the Royal Australian Air Force as a Military Police law enforcement operative. Drew attained a Masters of Information Security and Intelligence in 2008.
Philip M. Taylor is Professor of International Communications at the University of Leeds, UK. He is the author of several well-known works on international propaganda, including Munitions of the Mind: a history of propaganda from the ancient world to the present day (Manchester University Press, 3rd edition, 2003). Phil’s latest books are ‘Shooting the Messenger; (with Paul Moorcraft, 2008) and the ‘Routledge Handbook of Public Diplomacy (co-edited with Nancy Snow 2008).

Andrew Woodward is currently an academic at Edith Cowan University and researcher in the SECAU Security Research Centre. He is actively researching and teaching in the areas of wireless network security, network security and digital forensics. Andrew has consulted to government departments, corporations and law enforcement agencies in the areas of wireless network vulnerability assessment, computer forensics, RFID security and network penetration testing.