Distributed Cloud Forensic System with Decentralization and Multi-participation

A considerable number of cloud forensic systems and tools have been proposed in recent years. Trust issue of digital evidence, a significant security topic, is indispensable for cloud forensics systems. In this paper, we propose a different cloud forensic system—Distributed Cloud Forensic System with Decentralization and Multi-participation (DCFS). The DCFS is set in an untrusted and multi-tenancy cloud environment, and it is assumed that cloud users, cloud employees, or forensic investigators can be dishonest. The DCFS, which is different from existing centralized cloud forensic systems, is a distributed and decentralized system that does not rely on any single node or any third party to obtain credible evidence from the cloud. Trust is divided into all participants in the DCFS, and these participants supervise each other. A distributed public ledger is maintained in the DCFS, and this ledger records all the proofs of forensic evidence along with other useful information. This ledger can enhance the credibility and integrity of forensic evidence to some degree and complete the chain of custody in forensic investigation. The forensic evidence, which are provided by the cloud employees, presented to the court of law using the DCFS will be more trustful.

[1]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[2]  Mohsen Guizani,et al.  A lightweight live memory forensic approach based on hardware virtualization , 2017, Information Sciences.

[3]  Mohsen Guizani,et al.  Transactions papers a routing-driven Elliptic Curve Cryptography based key management scheme for Heterogeneous Sensor Networks , 2009, IEEE Transactions on Wireless Communications.

[4]  Xiaohui Liang,et al.  Secure provenance: the essential of bread and butter of data forensics in cloud computing , 2010, ASIACCS '10.

[5]  Andy Hopper,et al.  HadoopProv: Towards Provenance as a First Class Citizen in MapReduce , 2013, TaPP.

[6]  Yogesh L. Simmhan,et al.  The Open Provenance Model core specification (v1.1) , 2011, Future Gener. Comput. Syst..

[7]  Xiaojiang Du,et al.  Security threats to mobile multimedia applications: Camera-based attacks on mobile phones , 2014, IEEE Communications Magazine.

[8]  Xiangyu Zhang,et al.  High Accuracy Attack Provenance via Binary-based Execution Partition , 2013, NDSS.

[9]  Margo I. Seltzer,et al.  Layering in Provenance Systems , 2009, USENIX Annual Technical Conference.

[10]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[11]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[12]  Dirk Merkel,et al.  Docker: lightweight Linux containers for consistent development and deployment , 2014 .

[13]  Ashish Gehani,et al.  SPADE: Support for Provenance Auditing in Distributed Environments , 2012, Middleware.

[14]  Sven Bugiel,et al.  Scippa: system-centric IPC provenance on Android , 2014, ACSAC.

[15]  Shashi Shekhar,et al.  QUIRE: Lightweight Provenance for Smart Phone Operating Systems , 2011, USENIX Security Symposium.

[16]  Alan T. Sherman,et al.  Design and Implementation of FROST - Digital Forensic Tools for the OpenStack Cloud Computing Platform , 2016 .

[17]  Andreas Haeberlen,et al.  Secure network provenance , 2011, SOSP.

[18]  X. Du,et al.  Data correlation-based analysis methods for automatic memory forensic , 2015, Secur. Commun. Networks.

[19]  Thomas Moyer,et al.  Trustworthy Whole-System Provenance for the Linux Kernel , 2015, USENIX Security Symposium.

[20]  Mohsen Guizani,et al.  An effective key management scheme for heterogeneous sensor networks , 2007, Ad Hoc Networks.

[21]  Ragib Hasan,et al.  SecLaaS: secure logging-as-a-service for cloud forensics , 2013, ASIA CCS '13.

[22]  Marc Chiarini,et al.  Collecting Provenance via the Xen Hypervisor , 2011, TaPP.

[23]  Xiangyu Zhang,et al.  LogGC: garbage collecting audit log , 2013, CCS.

[24]  Margo I. Seltzer,et al.  Provenance-Aware Storage Systems , 2006, USENIX ATC, General Track.

[25]  Marc Pilkington,et al.  Blockchain Technology: Principles and Applications , 2015 .

[26]  Jin Li,et al.  Digital provenance: Enabling secure data forensics in cloud computing , 2014, Future Gener. Comput. Syst..

[27]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[28]  Longfei Wu,et al.  MobiFish: A lightweight anti-phishing scheme for mobile phones , 2014, 2014 23rd International Conference on Computer Communication and Networks (ICCCN).

[29]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[30]  Patrick D. McDaniel,et al.  Hi-Fi: collecting high-fidelity whole-system provenance , 2012, ACSAC '12.

[31]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.