Chronos: Towards Securing System Time in the Cloud for Reliable Forensics Investigation

In digital forensics investigations, the system time of computing resources can provide critical information to implicate or exonerate a suspect. In clouds, alteration of the system time of a virtual machine (VM) or a cloud host machine can provide unreliable time information, which in turn can mislead an investigation in the wrong direction. In this paper, we propose Chronos to secure the system time of cloud hosts and VMs in an untrusted cloud environment. Since it is not possible to prevent a malicious user or a dishonest insider of a cloud provider from altering the system time of a VM or a host machine, we propose a tamper-evident scheme to detect this malicious behavior at the time of investigation. We integrate Chronos with an open-source cloud platform - OpenStack and evaluate the feasibility of Chronos while running 20 VMs on a single host machine. Our test results suggest that Chronos can be easily deployed in the existing cloud with very low overheads, while achieving a high degree of trustworthiness of the system time of the cloud hosts and VMs.

[1]  Malcolm W. Stevens,et al.  Unification of relative time frames for digital forensics , 2004, Digit. Investig..

[2]  Stuart Haber,et al.  Improving the Efficiency and Reliability of Digital Time-Stamping , 1993 .

[3]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[4]  Eoghan Casey Error, Uncertainty and Loss in Digital Evidence , 2002, Int. J. Digit. EVid..

[5]  Mary Baker,et al.  Secure History Preservation Through Timeline Entanglement , 2002, USENIX Security Symposium.

[6]  Alexis Bonnecaze,et al.  Secure time-stamping schemes: a distributed point of view , 2006, Ann. des Télécommunications.

[7]  Ahmed Patel,et al.  Formalising Event Time Bounding in Digital Investigations , 2005, Int. J. Digit. EVid..

[8]  Azzedine Boukerche,et al.  Secure time synchronization protocols for wireless sensor networks , 2007, IEEE Wireless Communications.

[9]  Cong Wang,et al.  Proof-Carrying Cloud Computation: The Case of Convex Optimization , 2014 .

[10]  Tingwen Huang,et al.  Outsourcing Large Matrix Inversion Computation to A Public Cloud , 2013, IEEE Transactions on Cloud Computing.

[11]  Murat Kantarcioglu,et al.  Towards Data Confidentiality and a Vulnerability Analysis Framework for Cloud Computing , 2014, Secure Cloud Computing.

[12]  Jan Willemson,et al.  Time-Stamping with Binary Linking Schemes , 1998, CRYPTO.

[13]  Zhidong Shen,et al.  The security of cloud computing system enabled by trusted computing technology , 2010, 2010 2nd International Conference on Signal Processing Systems.

[14]  Sean Thorpe,et al.  A Formal Temporal Log Data Model for the Global Synchronized Virtual Machine Environment , 2011 .

[15]  Dhananjay S. Phatak,et al.  Introducing the Trusted Virtual Environment Module: A New Mechanism for Rooting Trust in Cloud Computing , 2010, TRUST.

[16]  Peng Ning,et al.  TinySeRSync: secure and resilient time synchronization in wireless sensor networks , 2006, CCS '06.

[17]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[18]  Ragib Hasan,et al.  SecLaaS: secure logging-as-a-service for cloud forensics , 2013, ASIA CCS '13.

[19]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[20]  Jianfeng Ma,et al.  New Algorithms for Secure Outsourcing of Modular Exponentiations , 2014, IEEE Trans. Parallel Distributed Syst..

[21]  Srdjan Capkun,et al.  Secure time synchronization service for sensor networks , 2005, WiSe '05.

[22]  George M. Mohay,et al.  A correlation method for establishing provenance of timestamps in digital evidence , 2006, Digit. Investig..