8/16/2019 CPN Presentation New
1/56
Information SecurityManagement and Forensic
Computing By
Dr. A. S. Sodiya, MCPN, FNCSDr. A. S. Sodiya, MCPN, FNCS
Senior Lecturer / Information Security Consultant
Department of Computer Science
Federal University of Agriculture
Abeokuta, gun State, !igeria.
Chairman - Publication, Standards, Research and Development,igeria Computer Society
!ditor-in-Chief, "ournal of Computer Science and Its #pplications
+2348034551851, [email protected]
8/16/2019 CPN Presentation New
2/56
Content♦ !n"rodu#"ion "o !n$or%a"ion Se#uri"y
♦ &e'ie( o$ So%e Curren" Se#uri"y Me#)anis%s – Au")en"i#a"ion
– Au")orisa"ion * A#ess Con"ro Sys"e%s
– Fire(as – !n"rusion De"e#"ion Sys"e% !DS-
– n#ry/"ion
♦ Cyberse#uri"y
♦ S"e/s in !n$or%a"ion Se#uri"y Manae%en"
♦ Forensi# Co%/u"in
♦ Con#usion2
8/16/2019 CPN Presentation New
3/56
Introduction to Information security
!n$or%a"ion se#uri"y♦Simply means protecting information
systems from unauthorised access.
♦ It means protecting information andinformation systems from unauthorized
access, use, disclosure, disruption,
modification, perusal, inspection, recordingor destruction.
3
8/16/2019 CPN Presentation New
4/56
Introduction to Information securitycontd...
Other related terms :♦ Co%/u"er sys"e% se#uri"y means the collective
processes and mechanisms y !hich sensitive and
valuale information and services are protected from
pulication, tampering or collapse y unauthorizedactivities or untrust!orthy individuals and unplanned
events respectively
♦ Da"a Se#uri"y means protecting a dataase from
destructive forces and the un!anted actions ofunauthorised users
♦ Ne"(or se#uri"y protecting net!or" resources from
unauthorised access
#
8/16/2019 CPN Presentation New
5/56
Introduction to Information securitycontd...
$ccording to Sodiya and Onashoga %2&'&(, the valueof computer and net!or" resources can e
compromised in three !ays commonly
referred to as the CI$s of computer security: – Confidentiality: prevention of unauthorizeddisclosure of information)
– Integrity: prevention of unauthorized
modification of information) and
– Availability: prevention of unauthorized
!ithholding of information
*
8/16/2019 CPN Presentation New
6/56
Introduction to Information securitycontd...
")ers in#ude♦ Au")en"i#i"y it is necessary to ensure that the data,
transactions, communications or documents %electronic
or physical( are genuine. It is also important for
authenticity to validate that oth parties involved are!ho they claim they are.
♦ Non*re/udia"ion In la!, it implies one+s intention to
fulfill their oligations to a contract. It also implies that
one party of a transaction cannot deny having receiveda transaction nor can the other party deny having sent a
transaction.
8/16/2019 CPN Presentation New
7/56
$uthentication Authentication is the process of verifying the
identity of a user, process, or device, often as a prere-uisite to allo!ing access to resources in a
system /IS0, 2&''1.
0he identity of a certain user or process is
challenged y the system and proper steps must
e ta"en to prove the claimed identity.
$uthentication involves t!o stages:
a. Identification, !here the user supply valididentities
b. Verification, !here the supply identity is
confirmed
8/16/2019 CPN Presentation New
8/56
$uthentication contd....Can e done in three !ays:
♦Something you "no! %the pass!ord(♦ Something you have %card, seal(
♦ Something you are %iometric such as
your face, your voice, your fingerprints, or
your 4/$(
5
8/16/2019 CPN Presentation New
9/56
$uthentication contd....6ass!ord7ased authentication is usually
done in t!o !ays:7a. 0e8t7ased pass!ord: $ pass!ord is a secret that
consist of symols or characters %usually
memorised y users( used for authentication. Itusually consist of alphaets, numers and some
allo!ed special characters.
. 9raphical7ased pass!ord: sers enter the
pass!ord y clic"ing on a set of images,specific pi8els of an image, or y dra!ing a
pattern in a pre7defined and secret order.
;
8/16/2019 CPN Presentation New
10/56
$uthentication contd....
8/16/2019 CPN Presentation New
11/56
$uthentication contd....
''
4ra! a secret %4$S( 6ass 4oodle
Some e8amples of graphical7ased
authentication
8/16/2019 CPN Presentation New
12/56
$uthentication contd....
'2
6asspoints ac"ground 4$S
Other e8amples of graphical7ased
authentication
8/16/2019 CPN Presentation New
13/56
$uthentication contd....oens
♦Some authentication systems commonlyuse to"ens, !hich is any device or o>ect
that can authenticate
♦Common modern e8amples include physical "eys, 6I/ generating device,
pro8imity cards, credit cards, or $0?
cards.
'3
8/16/2019 CPN Presentation New
14/56
$uthentication contd....io%e"ri# au")en"i#a"ion
0his is the use of iological characteristics of users forauthentication.
Common iometric systems include the follo!ing:
♦ @acial recognitionA?easures distances et!een specific points on the face.
♦ @ingerprintsA?easures distances et!een specific points on a fingerprint.
♦ Band geometryA?easures the length of fingers and the length and !idth of the hand.
♦ eystro"e dynamicsA?easures specific "eystro"es in typing a predetermined phrase) this is
commonly used !ith e8isting pass!ord systems.
♦ Band veinA=eads the venal and arterial patterns !ithin a human hand.
♦ IrisA?easures the color and pattern of the iris in the eye.
♦ =etinaA=eads the venal and arterial pattern on the retina of the eye.
♦ SignatureA=ecognizes the signature as !ell as the speed and style of the actual performance of
♦ !riting the signature.
♦ DoiceA?easures and recognizes specific audio patterns in human speech for predetermined
♦ phrases.
♦ @acial thermogramA=ecognizes heat patterns in the face using a thermal camera.
♦ 4/$A?easures the specific patterns of genes in human 4/$.
'#
8/16/2019 CPN Presentation New
15/56
$uthentication contd....
'*
Common attac"s on authentication systemsa. 0he attac"s .
8/16/2019 CPN Presentation New
16/56
$uthentication contd....♦ Sniffing attacks %also "no!n as the man7in7the7
middle attac"s( capture information as it flo!s et!een a client and a server.
♦ ID spoofing attacks occur !hen a malicious user
or process claims to e a different user or
process. 0his attac"
allo!s an intruder on the Internet to effectively
impersonate a local system+s I6 address.
♦ A Brute-force attack is any form of attac"against a credential information file that
attempts to find a valid username and pass!ord
in succession.'
8/16/2019 CPN Presentation New
17/56
$uthentication contd....♦ $ dictionary attack is the EsmartF version of rute7force
attac"s and is also e8ecuted using automated attac"
tools to capture usersG crediential information.
♦ $ replay attack means that the malicious user
trapped the authentication se-uence that !as
transmitted y an authorized user through thenet!or", and then replayed the same se-uence to the
server to get himself authenticated.
♦ Credential decryption is a basic supplementary
attac" for sniffing attac"s, rute7force attac"s, and
dictionary attac"s. $ tool, !hose aim is to rea" the
encryption algorithm that !as used to encrypt
credential information, usually performs these attac"s.'
8/16/2019 CPN Presentation New
18/56
$uthentication contd....ther forms of attacks are
♦ eylogging attac", !here "eystro"es %ey se-uences(of users are captured y automated tools or devices
♦ Shoulder surffing is a security attac" !here the
attac"er uses oservation techni-ues, such as loo"ing
over someone+s shoulder, to get crediential information.
'5
8/16/2019 CPN Presentation New
19/56
$ccess Control
♦ $ccess control is concerned !ith determining theallo!ed activities of legitimate users
♦ Bongchao et al %2&'&( defined access control as a
security mechanism to protect certain resources or
services from illegal access,♦ It is the aility to permit or deny the use of a particular
resource y a particular entity.
';
$ C l S
8/16/2019 CPN Presentation New
20/56
$ccess Control Sytem contd....
♦ 0here are three asic components in an access controlsystem:
– the sube#"s: the entity that re-uests access to
a resource is called the sube#" of the access)
it is an active entity ecause it initiates theaccess re-uest
– the "are"s: the resource a su>ect attempts to
access is called the "are"6obe#" of theaccess and
– the rues !hich specify the !ays in !hich the
su>ects can access the targets.2&
$ C l S
8/16/2019 CPN Presentation New
21/56
$ccess Control Sytem contd....$ccess control systems are generally classified as
%Sodiya et al., 2&&;(:♦ Discretionary Access Control (DAC) : the
o>ect o!ner or anyone else !ho is authorized
to control the o>ectGs access specifies !ho have
access to the o>ect or specifies the policies
♦ Non-Discretionary Access Control (NDAC): It
commonly uses a su>ectGs role or a tas"
assigned to the su>ect to grant or deny o>ectaccess. It specifies that access control policy
decision are made y a central authority and not
y individual o!ner of the o>ect2'
$ C l S
8/16/2019 CPN Presentation New
22/56
$ccess Control Sytem contd....♦ Some e8amples of 4$C are:7
i. Lattice-based access control is a variation of the non7
discretionary access control design. Instead of associating accessrules !ith specific roles or tas"s, each relationship et!een a
su>ect and an o>ect has a set of access oundaries. 0hese access
oundaries define the rules and conditions that allo! o>ect
access
ii. Identity-based Access Control :7 0he techni-ue ma"es o>ect
access decision ased on a user I4 or a userGs group memership.
Hhen a su>ect re-uests access to the o>ect, the su>ectGs
credentials are presented and evaluated to deny or grant the
re-uest.
iii. Access Control Lists (ACLs), !hich is a techni-ue that allo!
groups of o>ects, or su>ects, to e controlled to ma"e
administration a little easier. It can grant a su>ect access to a
group of o>ects or grant a group of su>ects access to a specific
o>ect 22
$ C t l S t
8/16/2019 CPN Presentation New
23/56
$ccess Control Sytem contd....♦ Some e8amples of /4$C are:7i. Role-based Access Control (RBAC): 0his descries the
techni-ue in !hich categories and duties of users are considered
efore permissions are granted to invo"e an
ii. &ue*based A##ess Con"ro &uAC-* 0his descries the
techni-ue that allo!s su>ects or users to access o>ects ased on
pre7determined and configured rules.iii. !r"ose-based Access Control (BAC): 0his allo!s access to
e granted ased on the intentions of the su>ects.
iv. #istory-based Access Control (#BAC (:7 0his descries an
access control techni-ue in !hich access is granted ased on the
previous records.
v. $e%"oral Constraints Access Control ($CAC):7 0his involves
access control policies in time restrictions are attached resource
access. @or e8ample, some activities must e
performed !ithin a reasonale period 23
8/16/2019 CPN Presentation New
24/56
@i ll
8/16/2019 CPN Presentation New
25/56
@ire!all
♦ 7PS F!&A99
♦ ac&et filter : 6ac"et filtering inspects each pac"et passingthrough the net!or" and accepts or re>ects it ased on user7
defined rules
♦ Cir#ui"*e'e $ire(a: $pplies security mechanisms !hen a
0C6 or 46 connection is estalished. Once the connection
has een made, pac"ets can flo! et!een the hosts !ithout
further chec"ing
♦ A""lication gate'ay: $pplies security mechanisms to specific
applications, such as @06 and 0elnet servers
♦ roy server : Intercepts all messages entering and leaving thenet!or" acting as an intermediary et!een clients and
servers. 0he pro8y server hides the true net!or" addresses
@i ll
8/16/2019 CPN Presentation New
26/56
@ire!all
)a" #an a $ire(a do:
♦ It provides a single point of defense, allo!ing acontrolled and audited access to services provided
♦ It reinforces the o!n systemGs security
♦ It implements a security policy to access the secure
net!or"
♦ It can monitor incoming outcoming traffic
♦ It can limit the e8posure to an insecure net!or"
♦ It may ecome the point to ta"e security decisionssince all traffic goes across
I t i 4 t ti S t %I4S(
8/16/2019 CPN Presentation New
27/56
Intrusion 4etection System %I4S(
♦ $n intrusion is defined as any set of actions that
attempt to compromise the integrity,confidentiality or availaility of a resource.
♦ Intrusion detection is simply an act of detecting
intrusions.♦ Intrusion 4etection System %I4S( is an
authorized !ay of identifying illegitimate users,
attac"s and vulnerailities that could affect the
proper functioning of computer systems.
♦ I4S detects e8ternal and internal attac"s on
computer systems and net!or"s %Hang et al.
2&&;( 2
I t i 4 t ti S t %I4S(
8/16/2019 CPN Presentation New
28/56
Intrusion 4etection System %I4S(
♦ Classification and Structure of I4S
25
I t i 4 t ti S t %I4S(
8/16/2019 CPN Presentation New
29/56
Intrusion 4etection System %I4S(
♦ Some of the prolems !ith e8isting I4S are:
– @alse positive
– @alse negative
– Security of I4S
– Jo! detection efficiency especially for coordinatedand distriuted attac"s
2;
< ti
8/16/2019 CPN Presentation New
30/56
8/16/2019 CPN Presentation New
31/56
8/16/2019 CPN Presentation New
32/56
as)in 7 Some common hashing algorithms are
?essage 4igest * %?4*( and Secure Bashing
$lgorithm %SB$(
32
8/16/2019 CPN Presentation New
33/56
Cyersecurity
&*3''
Cyber s/a#e
0his is communication path!ay.
Cyerspace is a name for the environment that onlinecommunication ta"es place in. It is also "no!n as anelectronic medium for computer net!or"s. Cyerspacerefers to the !hole !orld of the Internet and is noto!ned y anyody
Fea"ures o$ Cybers/a#e
orderless$vailale gloally
Capacity and and!idth not -uantifiale
8/16/2019 CPN Presentation New
34/56
Cyersecurity %Contd...(
&*3''
Cyber Se#uri"y
Cyber se#uri"y is concerned !ith protectingresources of net!or"s connected to internetfrom malicious or unauthorised access.
International 0elecommunication nion %I0(defined Cyber se#uri"y as the collection ofapproaches, actions, training, est practices,
assurance and technologies that can e used to protect the cyer environment and organizationand userGs assets
8/16/2019 CPN Presentation New
35/56
C C it 0h t $ d
8/16/2019 CPN Presentation New
36/56
Common Cyersecurity 0hreats $nd
Contermeasures
&*3''
Insider threats
♦ $n insider attac" involves someone from the inside, such as a disgruntled employee, attac"ing the net!or"Insider attac"s can e malicious or no malicious. ?alicious insiders intentionally eavesdrop, steal, or damage
information) use information in a fraudulent manner) or deny access to other authorized users. 0his controlled
using efficient authentication and authorisation systems and I4S
?al!are
♦ ?al!are are malicious codes that can cause distortion on your ro!ser and eventually cripple your system. 0hey
can hi>ac" your ro!ser, redirect your search attempts, serve up nasty pop7up ads, trac" !hat !e sites you visit,
and prevent you from performing certain functions. an horse, spy!are, ad!are,
dialers, hi>ac"ers, etc. 0hey are controlled using fre-uently updated and highly rated antivirus, antispy!are, etc.
8/16/2019 CPN Presentation New
37/56
Cyberse#uri"y * )e Payers
&*3''
♦$ac%ers♦Security e&perts'researchers
♦(overnment, organisations,Individuals
M "i F C b A""
8/16/2019 CPN Presentation New
38/56
Mo"i'es For Cyber A""a#s
&*3''
♦ Some of the motives for cyer attac"s include:
– Dendetta=evenge
– Lo"e6ran"
– 0he Bac"er+s
8/16/2019 CPN Presentation New
39/56
&e#en" >is"ory $ Cyber A""a#s
&*3''
a. >ear"and Pay%en" Sys"e%s♦ Da"e ?arch 2&&5
♦ !%/a#" '3# million credit cards e8posed through SMJ
in>ection to install spy!are on Beartland+s data systems.
♦ $ federal grand >ury indicted $lert 9onzalez and t!ounnamed =ussian accomplices in 2&&;. 9onzalez, a
Cuan7$merican, !as alleged to have masterminded
the international operation that stole the credit and deit
cards. In ?arch 2&'& he !as sentenced to 2& years infederal prison
&e#en" >is"ory $ Cyber A""a#s
8/16/2019 CPN Presentation New
40/56
&e#en" >is"ory $ Cyber A""a#scontd...
&*3''
. Sony?s PayS"a"ion Ne"(or – Da"e $pril 2&, 2&''
– !%/a#" million 6layStation /et!or"
accounts hac"ed) Sony is said to have lost
millions !hile the site !as do!n for a month.
♦ 0his is vie!ed as the !orst gaming community data
reach of all7time. Of more than million
accounts affected, '2 million had unencryptedcredit card numers. $ccording to Sony it still has
not found the source of the hac"
&e#en" >is"ory $ Cyber A""a#s
8/16/2019 CPN Presentation New
41/56
&e#en" >is"ory $ Cyber A""a#scontd...
&*3''
♦ c. ooe6o")er Sii#on =aey #o%/anies – Da"e ?id72&&;
– !%/a#" Stolen intellectual property
♦
In an act of industrial espionage, the Chinesegovernment launched a massive and unprecedented
attac" on 9oogle, Nahoo, and dozens of other
Silicon Dalley companies. 0he Chinese hac"ers
e8ploited a !ea"ness in an old version of Internetis"ory $ Cyber A""a#s
8/16/2019 CPN Presentation New
42/56
&e#en" >is"ory $ Cyber A""a#scontd...
&*3''
♦
d. CardSys"e%s Sou"ions – Da"e Lune 2&&*
– !%/a#" #& million credit card accounts e8posed.
CSS, one of the top payment processors for Disa,
?asterCard, $merican an attac", !hich inserted code into the
dataase via the ro!ser page every four days, placingdata into a zip file and sending it ac" through an @06.
&e#en" >is"ory $ Cyber A""a#s
8/16/2019 CPN Presentation New
43/56
&e#en" >is"ory $ Cyber A""a#scontd...
&*3''
♦
e. &SA Se#uri"y – Da"e ?arch 2&''
– !%/a#" 6ossily #& million employee records
stolen.
♦ 0he impact of the cyer attac" that stole
information on the company+s SecurI4
authentication to"ens is still eing deated
&e#en" >is"ory $ Cyber A""a#s
8/16/2019 CPN Presentation New
44/56
&e#en" >is"ory $ Cyber A""a#scontd...
&*3''
♦
$ . Ci"yban in SA – Da"e 2&''
– !%/a#" 2'&,&&& customers affected. $out 2.
million stolen.
♦ 0he impact of the cyer attac" targeted the social
Security numers, irth dates, card e8piration
dates and card security code %CDD( !ere not
compromised.
&e#en" >is"ory $ Cyber A""a#s
8/16/2019 CPN Presentation New
45/56
&e#en" >is"ory $ Cyber A""a#scontd...
&*3''
")ers
♦ E@lameF the !ashington "ost reported in 2&'', even
though itGs li"ely that @lame %as !ell as Stu8net( is the
result of .S. and Israeli cyer!arfare cooperation.
♦ Israel admitted pulicly for the first time to engaging in
Ecyer activity consistently and relentlesslyF for the purposes of Kth!arting and disrupting enemy pro>ects,F
♦ .S. government long ago decided that launching cyer7
attac"s against countries it vie!s as a threat is a
legitimate foreign policy tool. .S. has against others,especially China, for conducting cyer operations against
.S. usinesses or government organizations.
&e#ord o$ /as" #yber a""a#s
8/16/2019 CPN Presentation New
46/56
&e#ord o$ /as" #yber a""a#s
&*3''
♦ 0he cyer !arfare continues !ith reno!ned Computer Security e8perts
fighting daily to cur the increasing numer of attac"s.
♦ $ccording to /IS0, 2&'2
P Fiure 1 &e#ords o$ /as" a""a#s
) ) i ") i :
8/16/2019 CPN Presentation New
47/56
)e (ar B )o is ")e (inner:
&*3''
♦ 0he attac"ers are clearly the !inners in the game at the present, and they lead
y a very !ide margin, and it is even more complicated ecause some of the
governments of countries fighting cyer threats are also attac"ers themselves
to other nation.
♦ 0his !as also the position of &SA Se#uri"y #)air%an $rthur Coviello, the
reno!ned system security company of the S$ !hose company is still
counting its loss from a recent attac".
Sra"eies $or !n$or%a"ion Se#uri"y
8/16/2019 CPN Presentation New
48/56
Manae%en"
&*3''
'& "ey strategies for information security management in organisations:7
♦
Create security training and a!areness programme !ithin the organization♦ Identify and document all resources on the net!or"
♦ $ll connections to the net!or" must e "no!n, documented and
monitored
♦ Bave an efficient access control system
♦ Implement trusted and efficient intrusion prevention and detectionsystems
♦ Bave an effective programme for ac"up and recovery, ris" analysis and
incident handling
♦ 6revent all un"no!n applications
♦ se security applications from reliale vendors
♦
8/16/2019 CPN Presentation New
49/56
8/16/2019 CPN Presentation New
50/56
8/16/2019 CPN Presentation New
51/56
Forensi# Co%/u"in
8/16/2019 CPN Presentation New
52/56
/
&*3''
$ digital forensic investigation commonly consists
of 3 stages: ac-uisition or imaging of e8hiits,
analysis, and reporting.♦ $c-uisition involves creating an e8act sector level duplicate %or
Kforensic duplicateK( of the media, often using a !rite loc"ing
device to prevent modification of the original.
♦ 4uring the analysis phase an investigator recovers evidence
material using a numer of different methodologies and tools. 0he
evidence recovered is analysed to reconstruct events or actions
and to reach conclusions, !or" that can often e performed y lessspecialised staff.
♦ Hhen an investigation is complete the data is presented, usually in
the form of a !ritten report.
Forensi# Co%/u"in
8/16/2019 CPN Presentation New
53/56
&*3''
Some tools used for digital forensic investigation
are:7
a. F< !%aer
b. De#;"
#. De#ode B Forensi# Da"e6i%e De#oder
d. Dii"a !%ae &e#o'ery
And %any %ore
Con#usion
8/16/2019 CPN Presentation New
54/56
Con#usion
&*3''
♦
$ ma>or concern is !hether the attac"ers !ill e!inners forever.
♦ Systems and /et!or" !ill continue to e penetrated
♦ Security e8perts and researchers are fighting hard. /e!
proactive and roust approaches need to e employed♦ Intelligence of the hac"ers must e anne8ed and utilised
y government
♦ Bo! prepared are !e as individuals, organisations and
governmentQ♦ usiness of everyody
&e$eren#es
8/16/2019 CPN Presentation New
55/56
&e$eren#es
&*3''
– 6eterson, 9ilert R Shenoi, Su>eet %2&&;(. K4igital @orensic =esearch: 0he 9ood, the
ad and the naddressedK. Advances in Digital $orensics V %Springer oston( 30:'–3. doi:'&.'&&;5737#27'**72.
♦ $li ?ohamed < %2&&5(. Study and 4evelop a /e! 9raphical 6ass!ord SystemF,
niversity 0echnology ?alaysia, ?aster 4issertation.
♦ $rash BJ, =osli S, Samaneh @, Omar T %2&&;(. $ !ide7range survey on =ecall7ased
9raphical ser $uthentications algorithms ased on ISO and $ttac" 6atterns, ILCSIS, : 3.
♦ $li ?ohamed < %2&&5(. Study and 4evelop a /e! 9raphical 6ass!ord SystemF,niversity 0echnology ?alaysia, ?aster 4issertation.
♦ $rash BJ, =osli S, Samaneh @, Omar T %2&&;(. $ !ide7range survey on =ecall7ased
9raphical ser $uthentications algorithms ased on ISO and $ttac" 6atterns, ILCSIS, : 3.
♦ Sodiya, A. S. and Onashoga, S. $. %2&&;(. EComponents7ased $ccess Control
$rchitectureF, o!rnal of Iss!es in Infor%ing *cience and Infor%ation
$ec+nology % S$, Dol. , 2&&; % pp *37', ISS/: '*#75#, pulished yInforming Science Institute. $vailale online at http:IIS0.
♦ '
&e$eren#es contd...
http://en.wikipedia.org/wiki/Digital_object_identifierhttp://dx.doi.org/10.1007%2F978-3-642-04155-6_2http://dx.doi.org/10.1007%2F978-3-642-04155-6_2http://en.wikipedia.org/wiki/Digital_object_identifier
8/16/2019 CPN Presentation New
56/56
&*3''
♦ Onashoga, S. $., Sodiya, A. S., $nd Omotoso, . 9. %2&&;(. E$ 0au Search $lgorithm
for Consumer @inancial Optimization SystemF, o!rnal of Co%"!ter *cience and Its
A""lication % Vol. &'% (o. &% Lune, 2&&;, ISS/: 2&&7**23, pulished y /igeria Computer
Society.♦ Sodiya, A. S., Onashoga, S. $. $nd $depo>u, . 0. %2&&;(. E