DistLog: A distributed logging scheme for IoT forensics

Abstract Digital forensics are vital in the Internet of Things (IoT) domain. This is due to the enormous growth of cyber attacks and their widespread use against IoT devices. While IoT forensics do not prevent IoT attacks, they help in reducing their occurrence by tracing their source, tracking their root causes and designing the corresponding countermeasures. However, modern IoT attacks use anti-forensics techniques to destroy or modify any important digital evidence including log files. Anti-forensics techniques complicate the task for forensic investigators in tracking the attack source. Thus, countermeasures are required to defend against anti-forensics techniques. In this paper, we aim at securing the IoT log files to prevent anti-forensics techniques that target the logs’ availability and integrity such as wiping and injecting attacks. In the proposed solution, and at regular intervals of time, the logs generated by IoT devices are aggregated, compressed and encrypted. Afterwards, the encrypted logs are fragmented, authenticated and distributed over n storage nodes, based on the proposed Modified Information Dispersal Algorithm (MIDA) that can ensure log files availability with a degree of ( n − t ). For data dispersal, two cases are considered: the case where the fog nodes are interconnected and the case where they are not. For the former case, the n obtained fragments are transmitted to n neighboring IoT devices (aggregation nodes). However, for the latter one, the output is transmitted to the corresponding fog and then, dispersed over the n neighboring fog nodes. A set of security and performance tests were performed showing the effectiveness and robustness of the proposed solution in thwarting well-known security attacks.

[1]  Latifur Khan,et al.  SGX-Log: Securing System Logs With SGX , 2017, AsiaCCS.

[2]  Ken Chiang,et al.  A Case Study of the Rustock Rootkit and Spam Bot , 2007, HotBots.

[3]  Ayman I. Kayssi,et al.  IoT survey: An SDN and fog computing perspective , 2018, Comput. Networks.

[4]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[5]  Andreas Haeberlen,et al.  Cloud-Based Secure Logger for Medical Devices , 2016, 2016 IEEE First International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE).

[6]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[7]  Hassan N. Noura,et al.  Lightweight, Dynamic, and Flexible Cipher Scheme for Wireless and Mobile Networks , 2015, ADHOCNETS.

[8]  I. Hussain,et al.  Comparison of data aggregation techniques in Internet of Things (IoT) , 2016, 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET).

[9]  Peng Ning,et al.  BAF and FI-BAF: Efficient and Publicly Verifiable Cryptographic Schemes for Secure Logging in Resource-Constrained Systems , 2012, TSEC.

[10]  Peng Ning,et al.  BAF: An Efficient Publicly Verifiable Secure Audit Logging Scheme for Distributed Systems , 2009, 2009 Annual Computer Security Applications Conference.

[11]  Gene Tsudik,et al.  A new approach to secure logging , 2008, TOS.

[12]  Víctor Juan Expósito Jiménez,et al.  An overview of wireless IoT protocol security in the smart home domain , 2017, 2017 Internet of Things Business Models, Users, and Networks.

[13]  William Stallings,et al.  NIST Block Cipher Modes of Operation for Authentication and Combined Confidentiality and Authentication , 2010, Cryptologia.

[14]  Xuemin Shen,et al.  P-Coding: Secure Network Coding against Eavesdropping Attacks , 2010, 2010 Proceedings IEEE INFOCOM.

[15]  Raphaël Couturier,et al.  An energy efficient IoT data compression approach for edge machine learning , 2019, Future Gener. Comput. Syst..

[16]  Ragib Hasan,et al.  SecLaaS: secure logging-as-a-service for cloud forensics , 2013, ASIA CCS '13.

[17]  Sherali Zeadally,et al.  Internet of Things Forensics: The Need, Process Models, and Open Issues , 2018, IT Professional.

[18]  Choong Seon Hong,et al.  Internet of things forensics: Recent advances, taxonomy, requirements, and open challenges , 2019, Future Gener. Comput. Syst..

[19]  Peng Ning,et al.  Efficient, Compromise Resilient and Append-Only Cryptographic Schemes for Secure Audit Logging , 2012, Financial Cryptography.

[20]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[21]  Hassan N. Noura,et al.  ERSS-RLNC: Efficient and robust secure scheme for random linear network coding , 2014, Comput. Networks.

[22]  Ali Chehab,et al.  One round cipher algorithm for multimedia IoT devices , 2018, Multimedia Tools and Applications.

[23]  Paul England,et al.  Continuous Tamper-Proof Logging Using TPM 2.0 , 2014, TRUST.

[24]  Insup Lee,et al.  LogSafe: Secure and Scalable Data Logger for IoT Devices , 2018, 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI).

[25]  Indrajit Ray,et al.  Secure Logging as a Service—Delegating Log Management to the Cloud , 2013, IEEE Systems Journal.

[26]  Franco Pirri,et al.  Enhancing IoT Data Dependability through a Blockchain Mirror Model , 2019, Future Internet.

[27]  Gunnar Hartung,et al.  Attacks on Secure Logging Schemes , 2017, Financial Cryptography.

[28]  Wei Xu,et al.  Advances and challenges in log analysis , 2011, Commun. ACM.

[29]  XiaoFeng Wang,et al.  Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating , 2014, 2014 IEEE Symposium on Security and Privacy.

[30]  P. Dhavachelvan,et al.  A survey on data compression techniques: From the perspective of data quality, coding schemes, data type and applications , 2021, J. King Saud Univ. Comput. Inf. Sci..

[31]  Elizabeth Chang,et al.  e-Forensics steganography system for secret information retrieval , 2005, Adv. Eng. Informatics.

[32]  Ayman I. Kayssi,et al.  Edge computing enabling the Internet of Things , 2015, 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT).

[33]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[34]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.

[35]  Golden G. Richard,et al.  Next-generation digital forensics , 2006, CACM.

[36]  Bernie Lantz,et al.  LOCKING DOWN LOG FILES: ENHANCING NETWORK SECURITY BY PROTECTING LOG FILES , 2006 .

[37]  Henning Stahlberg,et al.  MRCZ - A file format for cryo-TEM data with fast compression. , 2018, Journal of structural biology.

[38]  Ali Chehab,et al.  Lightweight, dynamic and efficient image encryption scheme , 2018, Multimedia Tools and Applications.

[39]  Konstantinos Markantonakis,et al.  EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs , 2017, WISTP.