Privacy preserving confidential forensic investigation for shared or remote servers

The Best Paper AwardIt is getting popular that customers make use of third party data service providers to store their data and emails. It is common to have a large server shared by many different users. This creates a big problem for forensic investigation. It may not be easy to clone a copy of data from the storage device(s) due to the huge volume of data. Even if it is possible to make a clone, there are many irrelevant information/data stored in the same device for which the investigators have no right to access. The other alternative is to let the service provider search the relevant information and retrieve the data for the investigator provided a warrant can be provided. However, sometimes, due to the confidentiality of the crime, the investigator may not want the service provider to know what information they are looking for or the service provider herself may be one of the suspects. The problem becomes even more obvious in terms of cloud computing technology. In this paper, we address this problem and using homomorphic encryption and commutative encryption, we provide two forensically sound schemes to solve the problem so that the investigators can obtain the necessary evidence while the privacy of other users can be protected and at the same time, the service provider cannot know what information the investigators are interested in. © 2011 IEEE.published_or_final_versionThe 7th International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIHMSP 2011), Dalian, China, 14-16 October 2011. In Proceedings of the 7th IIHMSP, 2011, p. 378-38

Encryption as a Service (EaaS) as a Solution for Cryptography in Cloud

AbstractIn recent years, there has been a vast interest in optimal usage of computing resources so that massive data can be processed with minimal cost. The need to use a pool of shared resources in a wide area network that provide elasticity, high capacity of computation and ability to store information on location-independent storages have led to the advent of cloud-computing. However, the global nature of cloud brings about some challenges in security domain when physical control over our information in cloud is impossible. Thus, encrypting critical data becomes essential, and strongly advisable. The server-side encryption in an untrustworthy environment like public cloud is too risky. On the other hand, client-side encryption can undermine the benefits of cloud since it is a time-consuming task for encryption and decryption. To address this issue, we developed a private cloud as an intermediary. In this paper, based on XaaS concept, we design an Encryption as a Service in order to get rid of the security risks of cloud provider's encryption and the inefficiency of client-side encryption

Moulded RSA and DES (MRDES) Algorithm for Data Security

In the recent days transmission of large amount of data through online is very prominent. Security is necessary while transmitting large amount of data. Since the data may belost or hacked at some point of transmission. Normally there are three important factors interms of security. They are key generation, encryption and decryption. There are two types of crypto system namely symmetric cryptosystem and asymmetric cryptosystem. There are many publicly available cryptosystems. It may lead the intruders to view the original message sent by the sender using all the possible keys. In order to provide secure transmission of data, a novel encryption algorithm is proposed by analyzing all the existing algorithms. The existing Rivest–Shamir–Adleman (RSA) and Data encryption standard (DES) algorithm are moulded together rto produce the proposed MRDES encryption algorithm. The performance of the proposed Moulded RSA and DES is higher than the existing encryption algorithms and provides higher data  security

Moulded RSA and DES (MRDES) Algorithm for Data Security

In the recent days transmission of large amount of data through online is very prominent. Security is necessary while transmitting large amount of data. Since the data may belost or hacked at some point of transmission. Normally there are three important factors interms of security. They are key generation, encryption and decryption. There are two types of crypto system namely symmetric cryptosystem and asymmetric cryptosystem. There are many publicly available cryptosystems. It may lead the intruders to view the original message sent by the sender using all the possible keys. In order to provide secure transmission of data, a novel encryption algorithm is proposed by analyzing all the existing algorithms. The existing Rivest–Shamir–Adleman (RSA) and Data encryption standard (DES) algorithm are moulded together rto produce the proposed MRDES encryption algorithm. The performance of the proposed Moulded RSA and DES is higher than the existing encryption algorithms and provides higher data  security

A survey on privacy issues in digital forensics

Privacy issues have always been a major concern in computer forensics and security and in case of any investigation whether it is pertaining to computer or not always privacy issues appear. To enable privacy’s protection in the physical world we need the law that should be legislated, but in a digital world by rapidly growing of technology and using the digital devices more and more that generate a huge amount of private data it is impossible to provide fully protected space in cyber world during the transfer, store and collect data. Since its introduction to the field, forensics investigators, and developers have faced challenges in finding the balance between retrieving key evidences and infringing user privacy. This paper looks into developmental trends in computer forensics and security in various aspects in achieving such a balance. In addition, the paper analyses each scenario to determine the trend of solutions in these aspects and evaluate their effectiveness in resolving the aforementioned issues

DF 2.0: An Automated, Privacy Preserving, and Efficient Digital Forensic Framework That Leverages Machine Learning for Evidence Prediction and Privacy Evaluation

The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although data privacy protection is not a performance measure, however, preventing privacy violations during the digital forensic investigation, is also a big challenge. With a perception that the completeness of investigation and the data privacy preservation are incompatible with each other, the researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation process or the data privacy preservation. However, a comprehensive approach that preserves data privacy without affecting the capabilities of the investigator or the overall efficiency of the investigation process is still an open problem. In the current work, the authors have proposed a digital forensic framework that uses case information, case profile data and expert knowledge for automation of the digital forensic analysis process; utilizes machine learning for finding most relevant pieces of evidence; and maintains data privacy of non-evidential private files. All these operations are coordinated in a way that the overall efficiency of the digital forensic investigation process increases while the integrity and admissibility of the evidence remain intact. The framework improves validation which boosts transparency in the investigation process. The framework also achieves a higher level of accountability by securely logging the investigation steps. As the proposed solution introduces notable enhancements to the current investigative practices more like the next version of Digital Forensics, the authors have named the framework `Digital Forensics 2.0\u27, or `DF 2.0\u27 in short