Providing Proofs of Past Data Possession in Cloud Forensics
1. Providing Proofs of Past Data
Possession in Cloud Forensics
Shams Zawoad, Ragib Hasan
SECuRE and Trustworthy computing (SECRET) Lab
University of Alabama at Birmingham
secret.cis.uab.edu 1/23/2013
2. Problem Statement : A Motivating Story
Bob
XYZ Corporation
Did Bob
have this
file?
Cloud VM/Storage Investigator
secret.cis.uab.edu 1/23/2013 1
3. What is Digital Forensics and Cloud Forensics?
Digital Forensics
Incident Examination
Identification
Identification Collection Organization Presentation
Evidence
Identification Analysis
Cloud Forensics
• Applying digital forensics procedures in cloud.
• A subset of Network forensics [Ruan et al.]
secret.cis.uab.edu 1/23/2013 2
4. Cloud Forensics vs Traditional Digital Forensics
Traditional Cloud
• Physical access to • No physical access
computing resources
• No need to depend on • Need to depend on CSP
third party
• Single user system • Multi-tenant system
• Tools are available • No proven available tool
secret.cis.uab.edu 1/23/2013 3
5. What is Past Data Possession?
If a file ‘F’ was possessed by a user ‘U’, then Past Data
Possession states that
U possessed F at a given past time
secret.cis.uab.edu 1/23/2013 4
6. Why Is It Challenging to Provide the Past Data
Possession?
Reduced Control over Clouds
Access Control Access Control Access Control
Multi-tenancy
Application Application Application
Data Chain of Custody
Data Data
OS OS OS
Presentation
Servers Servers Servers
Network Network Network
SaaS PaaS IaaS
Customers have control
Customers do not have control
secret.cis.uab.edu 1/23/2013 5
7. In the Threat Model, Bob, Investigator, and the Cloud
can be Malicious
User can delete records or present fake records
Investigator can plant invalid evidence
CSP can provide false past data possession
or deny hosting any evidence
Every body can collude with each other
secret.cis.uab.edu 1/23/2013 6
8. Hence, The Possible Attacks can be:
Denial of possession
False presence
Evidence contamination
Repudiation by CSP
Repudiation by User
Privacy Violation
secret.cis.uab.edu 1/23/2013 7
9. What Can be the Solution?
Proposing Proof of Past Data Possession (PPDP)
• PPDP attests that a User U possessed a File F at a
given past time.
• An Auditor can use PPDP to check the Past Data
Possession.
• File can be deleted but PPDP can still preserve the
proof of data possession.
secret.cis.uab.edu 1/23/2013 8
10. PPDP Provides:
Integrity
I1: Adversaries cannot remove any evidence.
I2: Adversaries cannot plant any invalid evidence.
I3: Adversaries cannot change any existing evidence.
I4: CSP cannot deny hosting any evidence.
I5: CSP cannot repudiate any previously published proof.
secret.cis.uab.edu 1/23/2013 9
11. PPDP Provides:
Confidentiality
C1: From the proof adversaries cannot recover the
original file.
C2: From the proof adversaries cannot learn about the
version history of file.
secret.cis.uab.edu 1/23/2013 10
12. Components of PPDP
File • Private, stored in Cloud
Proof of File P • Private, Stored in Cloud
Accumulator • Private, Stored in Cloud
Signed
• Public, Available through RSS
Accumulator, PPDP
secret.cis.uab.edu 1/23/2013 11
13. Proof of Past Data Possession (PPDP)
User CSP
Proof Storage
secret.cis.uab.edu 1/23/2013 12
14. Bloom Filter as an Accumulator
A probabilistic data structure to check whether an
element is a member of a set or not.
• Stores the membership information in a bit array
• Space efficient representation.
• Performance of element insertion and membership
checking is good.
• False positive probability is not zero.
Is used in Google Chrome to maintain Black-list of
malicious URLs.
secret.cis.uab.edu 1/23/2013 13
15. Verification of Past Data Possession
PPDPu = <H(DSu), SPkc(DSu)>
No Signature
Rejects
Valid?
Yes Document
DSu
No
Rejects Exists? Bit positions
Yes
Accepts
secret.cis.uab.edu 1/23/2013 14
16. How to Identify the Generation Time of Evidence?
Investigator/ Auditor can query in two ways:
• A time range of evidence generation.
• Exact date of evidence generation.
secret.cis.uab.edu 1/23/2013 15
18. Security Analysis w.r.t. Collusion Model
C¬U ¬ I
¬CU ¬ I
¬C¬UI
¬C¬U¬I
secret.cis.uab.edu 1/23/2013 17
19. Security Analysis
Non repudiation by CSP : Proof is signed
Preservation of user’s privacy: One-way Hashing
Non repudiation by User: Advanced version of
PPDP, each evidence is signed
secret.cis.uab.edu 1/23/2013 18
20. Proof-of-Concept Implementation
FTP Server on Amazon EC2 Micro Instance.
Client Machine: Intel Core-i5-24305 CPU
@ 2.40 GHz processor and 8GB RAM.
Bloom filter : 0.01 % False Positive Probability for
1000 elements.
RSA (1024 bit) and SHA 1 (160 bit)
secret.cis.uab.edu 1/23/2013 19
21. Evaluation of Our Prototype
% Overhead associated with time needed to insert the PPDP
secret.cis.uab.edu 1/23/2013 20
22. Evaluation of Our Prototype
Average time required to find true negative match
secret.cis.uab.edu 1/23/2013 21
23. Evaluation of Our Prototype
Average time required to find a true positive match
secret.cis.uab.edu 1/23/2013 22
24. Applications of PPDP
CSP can preserve the proof without storing the
data itself.
Storage overhead for CSP but can earn money by
Forensic-as-service.
Make the Cloud more Auditable which in turn makes
Cloud more Regulatory Compliant.
secret.cis.uab.edu 1/23/2013 23
25. Conclusion
• Introduced the notion of a Proof of Past Data
Possession (PPDP) in the context of digital forensics.
• Proposed an efficient and secured cryptographic
scheme for creating a PPDP.
• Evaluated the proposed PPDP scheme using a
commercial cloud vendor.
Future work : Implement the scheme in private
cloud, later collaborate with a commercial CSP.
secret.cis.uab.edu 1/23/2013 24
A user can delete file from her cloud storage. Later, if an investigator found other evidence of her deleted file she denies to have the file . A colluding investigator can also delete file before presenting it to courtIf an investigator is not trust- worthy, he can plant a false evidence. A user can also present a fake file, which can make her free from the accusation. User and investigator can modify the evidence to prove their claim. An otherwise honest CSP can deny hosting a file or can deny a published PPDP after-the-fact. As data are co-mingled in the cloud, a malicious user can claim that s the CSP published the proof of past data possession publicly on the web, any malicious person can …