Privacy-preserving email forensics

In many digital forensic investigations, email data needs to be analyzed. However, this poses a threat to the privacy of the individual whose emails are being examined and in particular becomes a problem if the investigation clashes with privacy laws. This is commonly addressed by allowing the investigator to run keyword searches and to reveal only those emails that contain at least some of the keywords. While this could be realized with standard cryptographic techniques, further requirements are present that call for novel solutions: (i) for investigation-tactical reasons the investigator should be able to keep the search terms secret and (ii) for efficiency reasons no regular interaction should be required between the investigator and the data owner. We close this gap by introducing a novel cryptographic scheme that allows to encrypt entire email boxes before handing them over for investigation. The key feature is that the investigator can non-interactively run keyword searches on the encrypted data and decrypt those emails (and only those) for which a configurable number of matches occurred. Our implementation as a plug-in for a standard forensic framework confirms the practical applicability of the approach.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Siu-Ming Yiu,et al.  Privacy Preserving Confidential Forensic Investigation for Shared or Remote Servers , 2011, 2011 Seventh International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[3]  Ali Dehghantanha,et al.  A SURVEY ON PRIVACY ISSUES IN DIGITAL FORENSICS , 2014 .

[4]  Anthony Skjellum,et al.  Mining spam email to identify common origins for forensic application , 2008, SAC '08.

[5]  Tetsutaro Uehara,et al.  Privacy Preserving Multiple Keyword Search for Confidential Investigation of Remote Forensics , 2011, 2011 Third International Conference on Multimedia Information Networking and Security.

[6]  Michael A Caloyannides,et al.  Privacy protection and computer forensics , 2004 .

[7]  Ritu Agarwal,et al.  Mine or ours: email privacy expectations, employee attitudes, and perceived work environment characteristics , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[8]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[9]  J. Morsink,et al.  The Universal Declaration of Human Rights: Origins, Drafting, and Intent , 1999 .

[10]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[11]  Lucas Ballard,et al.  Achieving Efficient Conjunctive Keyword Searches over Encrypted Data , 2005, ICICS.

[12]  Salvatore J. Stolfo,et al.  Email mining toolkit supporting law enforcement forensic analyses , 2005, DG.O.

[13]  ArmknechtFrederik,et al.  Privacy-preserving email forensics , 2015 .

[14]  Charles W. Adams Legal Issues Pertaining to the Development of Digital Forensic Tools , 2008, 2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering.

[15]  Salvatore J. Stolfo,et al.  A temporal based forensic analysis of electronic communication , 2006, DG.O.

[16]  Martin S. Olivier Forensics and Privacy-Enhancing Technologies , 2005 .

[17]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[18]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[19]  Eoghan Casey,et al.  Digital Evidence and Computer Crime - Forensic Science, Computers and the Internet, 3rd Edition , 2011 .

[20]  Ann Macintosh,et al.  Proceedings of the 2006 international conference on Digital government research , 2006 .

[21]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[22]  Brian D. Carrier,et al.  File System Forensic Analysis , 2005 .

[23]  Gerome Miklau,et al.  Threats to privacy in the forensic analysis of database systems , 2007, SIGMOD '07.

[24]  Michael A. Caloyannides,et al.  Privacy Protection and Computer Forensics, Second Edition , 2004 .

[25]  Brent Waters,et al.  Secure Conjunctive Keyword Search over Encrypted Data , 2004, ACNS.

[26]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.