LiveForen: Ensuring live forensic integrity in the cloud
Publication Type
Journal Article
Publication Date
10-2019
Abstract
To expedite the forensic investigation process in the cloud, excessive and yet volatile data need to be acquired, transmitted, and analyzed in a timely manner. A common assumption for most existing forensic systems is that credible data can always be collected from a cloud infrastructure, which might be susceptible to various exploits. In this paper, we present the design, implementation, and evaluation of LiveForen, a system that enforces a trustworthy forensic data acquisition and transmission process in the cloud, whose computer platforms' integrity has been verified. To fulfill this objective, we propose two secure protocols that verify the fingerprints of the computer platforms, as well as the attributes of the human agents, by taking advantage of the trusted platform module and the attribute-based encryption. To transmit forensic data as a data stream and verify its integrity at the same time, a unique fragile watermark is embedded into the data stream without altering the data itself. The watermark allows not only the data integrity to be verified but also any malicious data manipulation to be localized, with minimum communication overhead. The experimental results demonstrate that LiveForen achieves good scalability and limited performance overhead for authentication, data transmission, and integrity verification in an Infrastructure-as-a-Service cloud environment.
Keywords
Attribute-based encryption, Cybercrime, Cybersecurity, Fragile watermark, Trusted computing, Trusted platform module
Discipline
Information Security
Research Areas
Cybersecurity
Publication
IEEE Transactions on Information Forensics and Security
Volume
14
Issue
10
First Page
2749
Last Page
2764
ISSN
1556-6013
Identifier
10.1109/TIFS.2019.2898841
Publisher
Institute of Electrical and Electronics Engineers (IEEE)
Citation
LIU, Anyi; FU, Huirong; HONG, Yuan; LIU, Jigang; and LI, Yingjiu.
LiveForen: Ensuring live forensic integrity in the cloud. (2019). IEEE Transactions on Information Forensics and Security. 14, (10), 2749-2764.
Available at: https://ink.library.smu.edu.sg/sis_research/4410
Additional URL
https://doi.org/10.1109/TIFS.2019.2898841