Digital Forensics Evidence Acquisition and Chain of Custody in Cloud Computing

The new cloud computing concept delivers an adaptable service to many users. This is due to the fact that cloud computing offers an economic solution based on pay-per use idea. At the same time, digital forensics is a relatively new discipline born out due to the growing use of computing and digital solution. Digital forensics in cloud computing brings new technical and legal challenges (e.g. the remote nature of the evidence, trust required in the integrity and authenticity, and lack of physical access.) Digital forensics difficulties in cloud computing comprise acquisition of remote data, chain of custody, distributed and elastic data, big data volumes, and ownership. In the literature, there are many schemes that deal with these issues. In 2013, Hou et al. proposed a scheme to verify data authenticity and integrity in server-aided confidential forensic investigation. The authenticity and integrity are two essential requirements for the evidence admitted in court. The aim of this paper is twofold. First, to introduce a new concept for digital artifacts acquisition in cloud computing as a consolidation between digital forensic and cloud computing. This concept guarantees safe investigation to trusted digital evidence. Secondly, to analyze Hou et al.’s scheme with respect to its claimed integrity and authenticity properties. Our analysis shows that Hou et al.’s scheme does not satisfy the claimed integrity and authenticity in server-aided confidential forensics investigation. To achieve the authenticity, confidentiality and integrity of evidence in cloud, we illustrate how encryption and digital signature algorithms could be used within different designs to ensure confidentiality and chain of custody for the digital forensics process in the cloud.

[1]  M. Sudha Enhanced Security Framework to Ensure Data Security in Cloud Computing Using Cryptography , 2012, CSA 2012.

[2]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[3]  Keyun Ruan,et al.  Cybercrime and Cloud Forensics: Applications for Investigation Processes , 2012 .

[4]  G. Karagiannis,et al.  Taxonomy of cloud computing services , 2010, 2010 IEEE Globecom Workshops.

[5]  Hideki Imai,et al.  How to Construct Efficient Signcryption Schemes on Elliptic Curves , 1998, Inf. Process. Lett..

[6]  Daniel R. L. Brown Deniable Authentication with RSA and Multicasting , 2005, IACR Cryptol. ePrint Arch..

[7]  John R. Vacca,et al.  Computer Forensics: Computer Crime Scene Investigation (Networking Series) (Networking Series) , 2005 .

[8]  Christoph Wegener,et al.  Technical Issues of Forensic Investigations in Cloud Computing Environments , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[9]  Eoghan Casey,et al.  Handbook of Digital Forensics and Investigation , 2009 .

[10]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[11]  Raouf Boutaba,et al.  Cloud computing: state-of-the-art and research challenges , 2010, Journal of Internet Services and Applications.

[12]  M. M. A. Hashem,et al.  A Newer User Authentication, File encryption and Distributed Server Based Cloud Computing Security Architecture , 2013, ArXiv.

[13]  Nasir D. Memon,et al.  Digital Forensics , 2009, IEEE Secur. Priv..

[14]  Valerie Hobbs,et al.  The Advanced Data Acquisition Model (ADAM): A Process Model for Digital Forensic Practice , 2013, J. Digit. Forensics Secur. Law.

[15]  Shalini Ramanathan,et al.  Linear Scheduling Strategy for Resource Allocation in Cloud Environment , 2012, CloudCom 2012.

[16]  Kim-Kwang Raymond Choo,et al.  Cloud storage forensics: ownCloud as a case study , 2013, Digit. Investig..

[17]  Tetsutaro Uehara,et al.  Privacy Preserving Multiple Keyword Search for Confidential Investigation of Remote Forensics , 2011, 2011 Third International Conference on Multimedia Information Networking and Security.

[18]  Rosli Salleh,et al.  A Survey on Cloud Computing Security , 2012, ArXiv.

[19]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[20]  Siu-Ming Yiu,et al.  Privacy Preserving Confidential Forensic Investigation for Shared or Remote Servers , 2011, 2011 Seventh International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[21]  John R. Vacca,et al.  Computer Forensics: Computer Crime Scene Investigation (Networking Series) (Networking Series) , 2005 .

[22]  Shilpashree Srinivasamurthy,et al.  Survey on Cloud Computing Security , 2010 .

[23]  Kavita Sharma,et al.  Forensic Investigation in Cloud Computing Environment , 2012 .

[24]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[25]  Ghada F. El Kabbany,et al.  An Efficient Pipelined Technique for Signcryption Algorithms , 2014 .

[26]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[27]  Nicole Beebe,et al.  Digital Forensic Research: The Good, the Bad and the Unaddressed , 2009, IFIP Int. Conf. Digital Forensics.

[28]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[29]  Heba Kamal Aslan,et al.  On the security of two improved authenticated encryption schemes , 2013, Int. J. Secur. Networks.

[30]  Ian Lumb,et al.  A Taxonomy and Survey of Cloud Computing Systems , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[31]  Siu-Ming Yiu,et al.  Verifying Data Authenticity and Integrity in Server-Aided Confidential Forensic Investigation , 2013, ICT-EurAsia.