Shams Zawoad,Ragib Hasan

DOI: https://doi.org/10.48550/arXiv.1302.6312

2013-02-26

Abstract:In recent years, cloud computing has become popular as a cost-effective and efficient computing paradigm. Unfortunately, today's cloud computing architectures are not designed for security and forensics. To date, very little research has been done to develop the theory and practice of cloud forensics. Many factors complicate forensic investigations in a cloud environment. First, the storage system is no longer local. Therefore, even with a subpoena, law enforcement agents cannot confiscate the suspect's computer and get access to the suspect's files. Second, each cloud server contains files from many users. Hence, it is not feasible to seize servers from a data center without violating the privacy of many other users. Third, even if the data belonging to a particular suspect is identified, separating it from other users' data is difficult. Moreover, other than the cloud provider's word, there is usually no evidence that links a given data file to a particular suspect. For such challenges, clouds cannot be used to store healthcare, business, or national security related data, which require audit and regulatory compliance. In this paper, we systematically examine the cloud forensics problem and explore the challenges and issues in cloud forensics. We then discuss existing research projects and finally, we highlight the open problems and future directions in cloud forensics research area. We posit that our systematic approach towards understanding the nature and challenges of cloud forensics will allow us to examine possible secure solution approaches, leading to increased trust on and adoption of cloud computing, especially in business, healthcare, and national security. This in turn will lead to lower cost and long-term benefit to our society as a whole.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

SeyedHossein Mohtasebi,Ali Dehghantanha,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.48550/arXiv.1706.08042

2017-06-25

Abstract:STorage as a Service (STaaS) cloud platforms benefits such as getting access to data anywhere, anytime, on a wide range of devices made them very popular among businesses and individuals. As such forensics investigators are increasingly facing cases that involve investigation of STaaS platforms. Therefore, it is essential for cyber investigators to know how to collect, preserve, and analyse evidences of these platforms. In this paper, we describe investigation of three STaaS platforms namely SpiderOak, JustCloud, and pCloud on Windows 8.1 and iOS 8.1.1 devices. Moreover, possible changes on uploaded and downloaded files metadata on these platforms would be tracked and their forensics value would be investigated.

Cryptography and Security

Shams Zawoad,Ragib Hasan

DOI: https://doi.org/10.48550/arXiv.1211.4328

2012-11-19

Abstract:Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. A key task of digital forensics is to prove the presence of a particular file in a given storage system. Unfortunately, it is very hard to do so in a cloud given the black-box nature of clouds and the multi-tenant cloud models. In clouds, analyzing the data from a virtual machine instance or data stored in a cloud storage only allows us to investigate the current content of the cloud storage, but not the previous contents. In this paper, we introduce the idea of building proofs of past data possession in the context of a cloud storage service. We present a scheme for creating such proofs and evaluate its performance in a real cloud provider. We also discuss how this proof of past data possession can be used effectively in cloud forensics.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Jingwei Li,Anna Cinzia Squicciarini,Dan Lin,Shuang Liang,Chunfu Jia

DOI: https://doi.org/10.1145/2752952.2752965

2015-01-01

Abstract:ABSTRACTCloud computing offers a wide array of storage services. While enjoying the benefits of flexibility, scalability and reliability brought by the cloud storage, cloud users also face the risk of losing control of their own data, in partly because they do not know where their data is actually stored. This raises a number of security and privacy concerns regarding one's sensitive data such as health records. For example, according to Canadian laws, data related to personal identifiable information must be stored within Canada. Nevertheless, in contrast to the urgent demands, privacy requirements regarding to cloud storage locations have not been well investigated in the current cloud computing market, fostering security and privacy concerns among potential adopters. Aiming at addressing this emerging critical issue, we propose a novel secure location-sensitive storage framework, called SecLoc, which offers protection for cloud users' data following the storage location restrictions, with minimum management overhead to existing cloud storage services. We conduct security analysis, complexity analysis and experimental evaluation on the proposed SecLoc system. Our results demonstrate both effectiveness and efficiency of our mechanism.

Yun Gao,Xiao Fu,Bin Luo

DOI: https://doi.org/10.3969/j.issn.1001-3695.2016.01.001

2016-01-01

Abstract:Cloud users can get a lot of computer resources and storage space at low cost.However,the security risks,such as the spreading of illegal information,sensitive data leakage,data tampering,are still crucial problem in cloud computing envi-ronment.Hence,the forensics of cloud computing crime becomes particular important.Firstly,this paper introduced the con-cept of cloud forensics and listed the technical and legal challenges in could forensics.Then it introduced researches by now in cloud forensics and presented analysis summary on current researches.Finally,it put forward opportunities of cloud forensics.

Chunye ZHAO,Shanshan TU,Haoyu CHEN,Yongfeng HUANG

DOI: https://doi.org/10.16652/j.issn.1004-373x.2017.02.001

2017-01-01

Abstract:Cloud Storage provides data storage service for external by combing and coordinating different types of storage devices in the network,so that they can collectively work together. However it always exists a trust game relationship between users and service providers,therefore it is important to build a healthy,fair and secure cloud data service environment for the security auditing on the state of cloud data and operation processes. A cloud security?auditing scheme based on analysis of user behavior(UB)log data from cloud servers is proposed in this paper. The system log information analysis based on UB is realized functionally by description rules of UB. And the existing association rule mining algorithm is improved simultaneously,which is proposed for dealing with the Long Sequence Frequent Pattern(LSFP)to extract UB. The experiment result indicates that the so?lution can implement the tracking and evidence taking of data leakage efficiently for the cloud security auditing.

Xiong Li,Saru Kumari,Jian Shen,Fan Wu,Caisen Chen,SK Hafizul Islam

DOI: https://doi.org/10.1007/s11277-016-3742-6

IF: 2.017

2016-01-01

Wireless Personal Communications

Abstract:Cloud storage is a new storage mode emerged along with the development of cloud computing paradigm. By migrating the data to cloud storage, the consumers can be liberated from building and maintaining the private storage infrastructure, and they can enjoy the data storage service at anywhere and anytime with high reliability and a relatively low cost. However, the security and privacy risks, especially the confidentiality and integrity of data seem to be the biggest hurdle to the adoption of the cloud storage applications. In this paper, we consider the secure data access and sharing issues for cloud storage services. Based on the intractability of the discrete logarithm problem, we design a secure data access and data sharing scheme for cloud storage, where we utilize the user authentication scheme to deal with the data access problem. According to our analysis, through our scheme, only valid user with the correct password and biometric can access to the cloud storage provider. Besides, the authorized users can access the rightful resources and verify the validity of the shared data, but cannot transfer the permission to any other party. At the same time, the confidentiality and integrity of data can be guaranteed.

Lifei Wei,Haojin Zhu,Zhenfu Cao,Weiwei Jia,Athanasios V. Vasilakos

DOI: https://doi.org/10.1109/ICDCSW.2010.36

2010-01-01

Abstract:Cloud computing becomes a hot research topic in the recent years. In the cloud computing, software applications and databases are moved to the centralized large data centers, which is called cloud. In the cloud, due to lack of physical possession of the data and the machine, the data and computation may not be well managed and fully trusted by cloud users. Existing work on cloud security mainly focuses on cloud storage without taking computation security into consideration. In this paper, we propose SecCloud, a novel auditing scheme to secure cloud computing based on probabilistic sampling technique as well as designated verifier technique, which aims to consider secure data storage, computation and privacy preserving together. We also discuss how to optimize sampling size to minimize the auditing cost. Detailed analysis and simulations have demonstrated the effectiveness and efficiency of the proposed scheme.

Samuel Opuni Boateng,

DOI: https://doi.org/10.22624/aims/crp-bk3-p54

2022-07-26

Abstract:Cloud computing is a relatively new concept that offers the potential to deliver scalable elastic services to many. The notion of pay-per use is attractive and in the current global recession hit economy it offers an economic solution to an organizations' IT needs. Computer forensics is a relatively new discipline born out of the increasing use of computing and digital storage devices in criminal acts (both traditional and hi-tech). In the last decade computer forensics has developed in terms of procedures, practices and tool support to serve the law enforcement community. However, it now faces possibly its greatest challenges in dealing with cloud computing. Through this paper we explore these challenges and suggest some possible solutions. Keywords: Forensic, Cybercrime, law Enforcement, Digital Universe, Cyberspace, Security BOOK Chapter ǀ Research Nexus in IT, Law, Cyber Security & Forensics. Open Access. Distributed Free Citation: Samuel Opuni Boateng (2022): Cloud Computing Forensic Challenges for Law Enforcement Book Chapter Series on Research Nexus in IT, Law, Cyber Security & Forensics. Pp 339-344 www.isteams.net/ITlawbookchapter2022. dx.doi.org/10.22624/AIMS/CRP-BK3-P54

Syed Umar,Nilesh Gole,Pravin G. Kulurkar,Tariku Birhanu Yadesa,Parmanand Prabhat

DOI: https://doi.org/10.1007/978-981-16-3660-8_55

2021-01-01

Abstract:Users can access shared data warehouses using a cloud infrastructure. It is important to verify the data successfully to ensure mutual data integrity. The accuracy checking of the shared data is carried out by an examination system that encourages Group members to alter data, but this method leads to complicated estimates as per the Group members. The monitoring method of the assigned agent estimates the group members lightly, but lacks the safety threats among the group members and their agents. With the implementation of Hash graph technology and the development of a management Third Party Medium (TPM) approach, a Lightweight Safe Cloud Storage Audition System (LSSA) is suggested, achieving group security protection and a lightweight group measurement. In the meantime, the TCP Sliding Fan Technology incorporates a simulated TPM pool with interconnected features to enhance support for the handler. We test our method in numerical analysis and tests, which prove that our system provides the groups with lightweight computing and ensures the safety data evaluation process.

Prof. Mallika Dwivedi,Prof. Pankaj Pali,Jaya Choubey,Abhishek Mishra,Himani Hedau

DOI: https://doi.org/10.15680/ijirset.2023.1205495

2023-11-25

Abstract:Cloud computing forensics has emerged as a critical field due to the widespread adoption of cloud services in various sectors. This comprehensive review aims to investigate the challenges and future directions in cloud computing forensics. The paper identifies key obstacles such as data volatility, multi-tenancy, and jurisdictional issues that hinder effective forensic investigations in cloud environments. It also explores current methodologies, tools, and frameworks used in cloud forensics, evaluating their strengths and limitations. Furthermore, the review highlights emerging trends and proposes potential research directions to address existing gaps. By synthesizing current knowledge and identifying future prospects, this paper seeks to provide a robust foundation for advancing cloud computing forensics, ensuring improved security and reliability in cloud services.

Li Zhou,Yong Zhang,Chunxiao Xing

DOI: https://doi.org/10.1109/COMPSACW.2010.28

2010-01-01

Abstract:Log data is critical to applications and the management and analysis of log data is a hot research topic. Existing log managements are normally tightly integrated with applications themselves, which may lead to problems including performance, local storage efficiency, security and non realtime functionality. To solve these problems, we present a SaaS method which shifts writing log data from local disk to clouds, at the same time the log management and analysis functionalities are also done by a cloud. We analyze two architectures to implement this method which are Shift-Log-by-WebService and Shift-Log-by-ActiveMQ. Initial experiments show the efficiency of later one. In the future, we can apply this tool to application systems which are based on web and database systems to improve their performances.

Wei-wei ZHAO,Qiang LI,Ai-xin ZHANG,Jian-hua LI

DOI: https://doi.org/10.3969/j.issn.1002-0802.2018.02.031

2018-01-01

Abstract:In the era of big data, cloud storage is regarded as an excellent storage tool for a variety of enterprises and individuals. Searchable encrypted audit logs may efficiently monitor data-sharing operation of every cloud storage user. A novel searchable encrypted audit log scheme is proposed for the cloud storage system of multi-cloud service providers to generate, encrypt, search and verify audit logs. Based on identity-based encryption, the cloud service provider is allowed in advance to verify the permissions of users contained in audit logs before releasing their operations while assuring the privacy. In addition, the experiment indicates that this scheme could provide the guarantee for audit-log authenticity.

Haoyang Wang,Kai Fan,Chong Yu,Kuan Zhang,Fenghua Li,Hui Li,Yintang Yang,Haojin Zhu

DOI: https://doi.org/10.1109/tsc.2023.3333347

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Aerial computing is gradually playing an essential role in edge and fog computing paradigms by virtue of mobility, availability, scalability, flexibility, and simultaneity, where the Low-altitude Computing (LAC) platform, as the end close to the data sources, is mainly responsible for data collection and storage. However, because of the long physical distance of data transmission and the vulnerability of the transmission link to various attacks, how to efficiently share the stored data while ensuring data privacy is a critical issue for LAC at present. In this paper, we propose a lightweight and secure private data storage and sharing scheme to support range queries over encrypted multi-dimensional data. Specifically, we first propose two data conversion methods for transforming location features and collected log files with multi-dimensional attributes in Unmanned Aerial Vehicles (UAVs). Based on the ideas of asymmetric scalar-product-preserving encryption (ASPE) and inner product comparison (IPC), we design a privacy-preserving storage and sharing technique for the converted data. In addition, to achieve secure and efficient data querying and result verification, we design a secure data index and build a data authentication structure (DAS) with G-tree. Finally, we rigorously analyze the security of our proposed scheme and conduct extensive experiments on a real-world database to prove that our proposed scheme is secure and easy to use in practical application scenarios.

computer science, information systems, software engineering

Kui Ren,Cong Wang

2012-01-01

Abstract:Cloud computing economically enables a fundamental paradigm of data service outsourcing, which provides lower up-front capital costs and less hands-on management. However, outsourcing data services to the commercial public cloud deprives customers' control over the systems that manage their data, raising security and privacy as the primary obstacles to the adoption of the cloud. To address these challenges, in this dissertation we explore the problem of secure and privacy-assured data service outsourcing in cloud computing. We aim at deploying the most fundamental data services including data storage, search, and sharing on the commercial public cloud, with built-in security and privacy assurance as well as high level service performance, usability, and scalability. Our contributions are as follows: Firstly, we focus on privacy-preserving secure cloud storage auditing to maintain strong storage correctness guarantee, given the difficulty that data files are no longer locally possessed by data owners. We first develop a random-masking sampling approach to allow a third party auditor to perform on-demand privacy-preserving storage correctness auditing on behalf of data owners, without violating owners' data privacy. For storage correctness assurance with data dynamics, we further investigate a novel sequence-enforced Merkle Hash Tree and manipulate it with the random sampling approach to support fully dynamic data operations. Secondly, we focus on privacy-assured and effective cloud data search services with strong privacy-assurance, while enjoying high service-level performance inherently demanded by the large number of data users and huge amount data files. We first investigate a widely applicable fuzzy/similarity keyword search problem, and develop a brand new symbol-based trie-traverse searching approach, where transformed fuzzy keywords extracted from data files are stored using a multi-way tree structure, while protecting keyword privacy. To enable search result relevance ranking, we further investigate secure ranked search, which facilitates efficient server-side result ranking without leaking any keyword related information. Thirdly, we study how to enable scalable and owner-controlled cloud data sharing services, given the challenge that data no longer resides on owners' trusted domain. We first associate data with a set of meaningful attributes, use logical composition of attributes to reflect fine-grained data access, and enforce owner's control via attribute-based encryption. For the inherent scalability requirement of cloud system, we further leverage the cloud as a mediated proxy, to which data owners can delegate most cumbersome data/user management workload, without affecting the underlying data confidentiality.

HUI Wen,LIN Chuang,ZHAO Hai-ying,YANG Yang

DOI: https://doi.org/10.3969/j.issn.1002-137X.2011.12.006

2011-01-01

Computer Science

Abstract:Current researches about media forensics face the following key challenges:heterogeneity,scalability,and efficiency.We proposed a new computing paradigm for media forensics,called "Media Forensics Cloud",which integrates the concept of cloud computing to handle large-scale media forensics service effectively.To address the above challenges,first,we presented a layered architecture of Media Forensics Cloud,which can provide efficient and scalable media forensics service.Then we presented the key technologies of Media Forensics Cloud,namely resource virtualization,forensic task parallelization,and service adaptation,by which users can efficiently access media forensics service from different terminals at anytime anywhere.Lastly,we presented a key study of Media Forensics Cloud to demonstrate the feasibility of our design.

Yanbo Yang,Jiawei Zhang,Ximeng Liu,Jianfeng Ma,Qi Jiang,Yuanzhen Liu,Baoshan Li,Yongxing Du

DOI: https://doi.org/10.1109/jiot.2022.3220850

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Smart logistics (s-Logistics) has become more and more popular driven by the intelligent Internet of Things (IoT) which deploys pervasive smart devices in s-Logistics systems. The explosive growth of s-Logistics data collected by these resource-limited IoT devices enables Fog-based s-Logistics that provides data outsourcing and sharing services via multiple clouds within small latency. Nevertheless, it also gives rise to prominent security risks of user privacy leakage considering malicious users and data integrity violation with untrusted cloud servers, which are severe to s-Logistics systems and cannot be addressed by simple encryption. To solve these issues, in this article, we propose an efficient large universe and traceable privacy-preserving data sharing (LUTPDS) for Fog-based s-Logistics. It simultaneously achieves data access control, data integrity protection, key escrow and abuse resistance, user privacy preserving, and scalability. We devise a large universe and multiauthority ciphertext-policy attribute-based encryption (CP-ABE) scheme in which access policy hiding mechanism is used for user privacy preserving, while white-box tracing and certificateless public data integrity auditing techniques are employed to resist key abuse and escrow problems. In addition, online/offline encryption and verifiable outsourced decryption are leveraged for high efficiency and cloud encryption is utilized to extend to multiple clouds. In the end, we formally prove the security of our scheme for indistinguishability of chosen plaintext attack (IND-CPA) security and traceability. Detailed performance evaluation with extensive experiments shows that our scheme is practicable for s-Logistics compared with the existing schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Abdullah Mujawib Alashjaee,Fahad Alqahtani

DOI: https://doi.org/10.1109/access.2024.3369604

IF: 3.9

2024-03-02

IEEE Access

Abstract:Secure storage model for digital forensics represents essential progress in the domain, addressing the major problems associated with protecting and maintaining digital evidence. This method employs recent encryption systems and optimal key generation methods to ensure the confidentiality and integrity of data throughout the investigative process. Cloud forensics is an intelligent development of digital forensics to be preserved against online hacking. But, centralized evidence gathered and preservation reduces the reliability of digital evidence. The architecture for digital forensics in an Infrastructure as a Service (IaaS) cloud platform is a crucial structure intended to simplify the collection and protection of evidence while preserving the integrity and origin of digital objects within cloud-based methods. This architecture integrates numerous modules and methods to address the exclusive tasks modeled by cloud computing (CC) environments in the framework of forensic investigations. This paper develops a new digital forensic architecture utilizing the Authentication with Optimal Key Generation Encryption (DFA-AOKGE) technique. The main intention of the DFA-AOKGE method is to use a BC-distributed design to allocate data between numerous peers for data collection and safe storage. Additionally, the DFA-AOKGE model uses the Secure Block Verification Mechanism (SBVM) for the authentication procedure. Also, the secret keys can be produced by the usage of the Enhanced Equilibrium Optimizer (EEO) model. Furthermore, the encryption of the data takes place using a multikey homomorphic encryption (MHE) approach and is then saved in the cloud server. The simulation value of the DFA-AOKGE methodology takes place in terms of different aspects. The simulation results exhibited that the DFA-AOKGE system shows prominent performance over other recent approaches in terms of different measures.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jian Wang,Zhen Min Tang,Xian Li Jin

DOI: https://doi.org/10.4028/www.scientific.net/amr.989-994.1513

2014-01-01

Advanced Materials Research

Abstract:Cloud Computing is gaining acceptance and increasing in popularity. However, digital forensics within Cloud becomes difficult. This paper proposes an extensible semantic model using OCL (Object Constraint Language) for cloud digital forensics data. We give a brief introduction to Trusted Digital Forensics, and then detail the modeling process using OCL and FODA (Feature Oriented Domain Analysis). Therefore, a feature tree can be built with semantic logical relation in order to get the overall semantic description of features in the forensic domain of digital data.