BCFL logging: An approach to acquire and preserve admissible digital forensics evidence in cloud ecosystem

Abstract Log files are the primary source of recording users, applications and protocols, activities in the cloud ecosystem. Cloud forensic investigators can use log evidence to ascertain when, why and how a cyber adversary or an insider compromised a system by establishing the crime scene and reconstructing how the incident occurred. However, digital evidence acquisition in a cloud ecosystem is complicated and proven difficult, even with modern forensic acquisition toolkit. The multi-tenancy, Geo-location and Service-Level Agreement have added another layer of complexity in acquiring digital log evidence from a cloud ecosystem. In order to mitigate these complexities of evidence acquisition in the cloud ecosystem, we need a framework that can forensically maintain the trustworthiness and integrity of log evidence. In this paper, we design and implement a Blockchain Cloud Forensic Logging (BCFL) framework, using a Design Science Research Methodological (DSRM) approach. BCFL operates primarily in four stages: (1) Process transaction logs using Blockchain distributed ledger technology (DLT). (2) Use a Blockchain smart contract to maintain the integrity of logs and establish a clear chain of custody. (3) Validate all transaction logs. (4) Maintain transaction log immutability. BCFL will also enhance and strengthen compliance with the European Union (EU) General Data Protection Regulation (GDPR). The results from our single case study will demonstrate that BCFL will mitigate the challenges and complexities faced by digital forensics investigators in acquiring admissible digital evidence from the cloud ecosystem. Furthermore, an instantaneous performance monitoring of the proposed Blockchain cloud forensic logging framework was evaluated. BCFL will ensure trustworthiness, integrity, authenticity and non-repudiation of the log evidence in the cloud.

[1]  Jordi Puiggali,et al.  Distributed Immutabilization of Secure Logs , 2016, STM.

[2]  Wattana Viriyasitavat,et al.  When blockchain meets Internet of Things: Characteristics, challenges, and business opportunities , 2019, J. Ind. Inf. Integr..

[3]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[4]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[5]  Manoj Singh Gaur,et al.  DDoS attacks in cloud computing: Issues, taxonomy, and future directions , 2017, Comput. Commun..

[6]  Anazida Zainal,et al.  CFaaS: bilaterally agreed evidence collection , 2017, Journal of Cloud Computing.

[7]  Athanasios V. Vasilakos,et al.  Security in cloud computing: Opportunities and challenges , 2015, Inf. Sci..

[8]  Terrence V. Lillard Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data , 2010 .

[9]  Kemal Akkaya,et al.  Block4Forensic: An Integrated Lightweight Blockchain Framework for Forensics Applications of Connected Vehicles , 2018, IEEE Communications Magazine.

[10]  Rima Kilany,et al.  The power of a blockchain-based supply chain , 2019, Comput. Ind. Eng..

[11]  Khaled Salah,et al.  Blockchain for AI: Review and Open Research Challenges , 2019, IEEE Access.

[12]  Venkatraman Ramakrishna,et al.  Hands-On Blockchain with Hyperledger: Building decentralized applications with Hyperledger Fabric and Composer , 2018 .

[13]  Joseph Sarkis,et al.  Blockchain technology and its relationships to sustainable supply chain management , 2018, Int. J. Prod. Res..

[14]  Kim-Kwang Raymond Choo,et al.  Big forensic data reduction: digital forensic images and electronic evidence , 2016, Cluster Computing.

[15]  Michael D. Hogan,et al.  NIST Cloud Computing Standards Roadmap , 2013 .

[16]  Flora Amato,et al.  A semantic-based methodology for digital forensics analysis , 2020, J. Parallel Distributed Comput..

[17]  Claus Pahl,et al.  Containerization and the PaaS Cloud , 2015, IEEE Cloud Computing.

[18]  K. Saravanan,et al.  An Exploratory Study of Cloud Service Level Agreements - State of the Art Review , 2015, KSII Trans. Internet Inf. Syst..

[19]  Kevin A Clauson,et al.  Geospatial blockchain: promises, challenges, and scenarios in health and healthcare , 2018, International Journal of Health Geographics.

[20]  Vassil Roussev,et al.  SCARF: A container-based approach to cloud-scale digital forensic processing , 2017, Digit. Investig..

[21]  Qi Xia,et al.  BBDS: Blockchain-Based Data Sharing for Electronic Medical Records in Cloud Environments , 2017, Inf..

[22]  Paul Veerkamp,et al.  Modeling Design Process , 1990, AI Mag..

[23]  Samir Chatterjee,et al.  A Design Science Research Methodology for Information Systems Research , 2008 .

[24]  M. Edington Alex,et al.  Forensics framework for cloud computing , 2017, Comput. Electr. Eng..

[25]  D. Manivannan,et al.  A Classification and Characterization of Security Threats in Cloud Computing , 2016, Int. J. Next Gener. Comput..

[26]  Long Chen,et al.  Block-secure: Blockchain based scheme for secure P2P cloud storage , 2018, Inf. Sci..

[27]  Craig D. Weissman,et al.  The design of the force.com multitenant internet application development platform , 2009, SIGMOD Conference.

[28]  Roel Wieringa,et al.  Design Science Methodology for Information Systems and Software Engineering , 2014, Springer Berlin Heidelberg.

[29]  P. Mell,et al.  SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[30]  Maria Fazio,et al.  An approach for the secure management of hybrid cloud-edge environments , 2019, Future Gener. Comput. Syst..

[31]  Xiao Han,et al.  The Role of Cloud Services in Malicious Software: Trends and Insights , 2015, DIMVA.

[32]  Youngmi Kwon,et al.  Performance of ELK stack and commercial system in security log analysis , 2017, 2017 IEEE 13th Malaysia International Conference on Communications (MICC).

[33]  Yogesh Kumar Dwivedi,et al.  Blockchain research, practice and policy: Applications, benefits, limitations, emerging research themes and research agenda , 2019, Int. J. Inf. Manag..

[34]  Jeannette Paschen,et al.  How blockchain technologies impact your business model , 2019, Business Horizons.

[35]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[36]  M. Tahar Kechadi,et al.  Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results , 2013, Digit. Investig..

[37]  Zibin Zheng,et al.  NutBaaS: A Blockchain-as-a-Service Platform , 2019, IEEE Access.

[38]  Shen Su,et al.  Block-DEF: A secure digital evidence framework using blockchain , 2019, Inf. Sci..

[39]  Sitalakshmi Venkatraman,et al.  Use of Data Visualisation for Zero-Day Malware Detection , 2018, Secur. Commun. Networks.

[40]  Mauro Conti,et al.  LEChain: A blockchain-based lawful evidence management scheme for digital forensics , 2021, Future Gener. Comput. Syst..

[41]  Kim-Kwang Raymond Choo,et al.  Forensic-by-Design Framework for Cyber-Physical Cloud Systems , 2016, IEEE Cloud Computing.

[42]  Ragib Hasan,et al.  Towards Building Forensics Enabled Cloud Through Secure Logging-as-a-Service , 2016, IEEE Transactions on Dependable and Secure Computing.

[43]  Matthias Berberich,et al.  Practitioner's Corner ∙ Blockchain Technology and the GDPR – How to Reconcile Privacy and Distributed Ledgers? , 2016 .

[44]  Jie Xu,et al.  Multi-tenancy in Cloud Computing , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[45]  Melania Borit,et al.  Applications, limitations, costs, and benefits related to the use of blockchain technology in the food industry , 2019 .

[46]  Kim-Kwang Raymond Choo,et al.  Cloud computing and its implications for cybercrime investigations in Australia , 2013, Comput. Law Secur. Rev..

[47]  Mouad Lemoudden,et al.  Managing cloud-generated logs using big data technologies , 2015, 2015 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[48]  Vishanth Weerakkody,et al.  A framework for analysing blockchain technology adoption: Integrating institutional, market and technical factors , 2020, Int. J. Inf. Manag..

[49]  Misha Kakkar,et al.  Geo-identification of web users through logs using ELK stack , 2016, 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence).

[50]  Christoph Wegener,et al.  Technical Issues of Forensic Investigations in Cloud Computing Environments , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[51]  Günther Pernul,et al.  A secure and auditable logging infrastructure based on a permissioned blockchain , 2019, Comput. Secur..

[52]  Jocelyn Krystlik With GDPR, preparation is everything , 2017 .

[53]  José Antônio Valle Antunes,et al.  Design Science Research , 2015 .

[54]  Raffael Marty,et al.  Cloud application logging for forensics , 2011, SAC.

[55]  MOHAMMAD JABED MORSHED CHOWDHURY,et al.  A Comparative Analysis of Distributed Ledger Technology Platforms , 2019, IEEE Access.

[56]  Sieteng Soh,et al.  Cloud forensics: Technical challenges, solutions and comparative analysis , 2015, Digit. Investig..

[57]  Sachin Shetty,et al.  ProvChain: A Blockchain-Based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability , 2017, 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID).

[58]  Manoj Singh Gaur,et al.  A Systematic Survey on Cloud Forensics Challenges, Solutions, and Future Directions , 2019, ACM Comput. Surv..

[59]  Roohie Naaz Mir,et al.  Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer , 2019, Digit. Investig..

[60]  Mamoun Alazab,et al.  Big Data for Cybersecurity: Vulnerability Disclosure Trends and Dependencies , 2019, IEEE Transactions on Big Data.

[61]  Haralambos Mouratidis,et al.  A survey on cloud forensics challenges and solutions , 2016, Secur. Commun. Networks.

[62]  Kim-Kwang Raymond Choo,et al.  BlockIPFS - Blockchain-Enabled Interplanetary File System for Forensic and Trusted Data Traceability , 2019, 2019 IEEE International Conference on Blockchain (Blockchain).

[63]  Raphaël Couturier,et al.  DistLog: A distributed logging scheme for IoT forensics , 2020, Ad Hoc Networks.

[64]  Denis Reilly,et al.  Cloud Computing: Pros and Cons for Computer Forensic Investigations , 2011 .

[65]  Arati Dixit,et al.  BlockSLaaS: Blockchain Assisted Secure Logging-as-a-Service for Cloud Forensics , 2019, ISEA-ISAP.