secret.cis.uab.edu

Providing Proofs of Past Data Possession in Cloud Forensics Shams Zawoad, Ragib HasanSECuRE and Trustworthy computing (SECRET) LabUniversity of Alabama at Birmingham

04/08/2023

secret.cis.uab.edu 04/08/2023 2

Problem Statement : A Motivating Story

Bob

Investigator

XYZ Corporation

Cloud VM/Storage

Did Bob have this file?

secret.cis.uab.edu 04/08/2023 3

What is Digital Forensics and Cloud Forensics?

Identificatio

n

Incident Identificatio

nEvidence

Identification

Collection

Organization

Examination

Analysis

Presentation

• Applying digital forensics procedures in cloud.

• A subset of Network forensics [Ruan et al.]

Digital Forensics

Cloud Forensics

secret.cis.uab.edu 04/08/2023 4

Cloud Forensics vs Traditional Digital Forensics

• Physical access to computing resources

• No need to depend on third party

• Single user system

• Tools are available

• No physical access

• Need to depend on CSP

• Multi-tenant system

• No proven available tool

Traditional Cloud

secret.cis.uab.edu 04/08/2023 5

What is Past Data Possession?

If a file ‘F’ was possessed by a user ‘U’, then Past Data Possession states that

U possessed F at a given past time

secret.cis.uab.edu 04/08/2023 6

Why Is It Challenging to Provide the Past Data Possession?

Reduced Control over Clouds

Multi-tenancyChain of Custody

Presentation

NetworkServers

OSData

Application

Access Control

NetworkServers

OSData

Application

Access Control

NetworkServers

OSData

Application

Access Control

SaaS PaaS IaaSCustomers have controlCustomers do not have control

secret.cis.uab.edu 04/08/2023 7

In the Threat Model, Bob, Investigator, and the Cloud can be Malicious

User can delete records or present fake records

Investigator can plant invalid evidence

CSP can provide false past data possession or deny hosting any evidence

Every body can collude with each other

secret.cis.uab.edu 04/08/2023 8

Hence, The Possible Attacks can be:

Denial of possession

False presenceEvidence contamination

Repudiation by CSPRepudiation by User

Privacy Violation

secret.cis.uab.edu 04/08/2023 9

What Can be the Solution?

Proposing Proof of Past Data Possession (PPDP)

• PPDP attests that a User U possessed a File F at a given past time.

• An Auditor can use PPDP to check the Past Data Possession.

• File can be deleted but PPDP can still preserve the proof of data possession.

secret.cis.uab.edu 04/08/2023 10

PPDP Provides:

I1: Adversaries cannot remove any evidence.I2: Adversaries cannot plant any invalid evidence.I3: Adversaries cannot change any existing evidence.

I4: CSP cannot deny hosting any evidence.I5: CSP cannot repudiate any previously published proof.

Integrity

secret.cis.uab.edu 04/08/2023 11

PPDP Provides:

Confidentiality

C1: From the proof adversaries cannot recover the original file.

C2: From the proof adversaries cannot learn about the version history of file.

secret.cis.uab.edu 04/08/2023 12

Components of PPDP

File

Proof of File

P

Accumulator

Signed Accumulator,

PPDP

• Private, stored in Cloud

• Private, Stored in Cloud

• Private, Stored in Cloud

• Public, Available through RSS

secret.cis.uab.edu 04/08/2023 13

Proof of Past Data Possession (PPDP)

User

Proof Storage

CSP

secret.cis.uab.edu 04/08/2023 14

Bloom Filter as an AccumulatorA probabilistic data structure to check whether an element is a member of a set or not. • Stores the membership information in a bit

array • Space efficient representation.• Performance of element insertion and

membership checking is good.• False positive probability is not zero.

Is used in Google Chrome to maintain Black-list of malicious URLs.

secret.cis.uab.edu 04/08/2023 15

Verification of Past Data PossessionPPDPu = <H(DSu),

SPkc(DSu)>

Document

Exists?No

Accepts

Yes

Rejects

Bit positions

Signature Valid?

NoReject

sYes

DSu

secret.cis.uab.edu 04/08/2023 16

Investigator/ Auditor can query in two ways:

How to Identify the Generation Time of Evidence?

• A time range of evidence generation.

• Exact date of evidence generation.

secret.cis.uab.edu 04/08/2023 17

Security Analysis w.r.t. Collusion Model

CUI

¬CUI

C¬UI

CU¬I

secret.cis.uab.edu 04/08/2023 18

Security Analysis w.r.t. Collusion Model

C¬U ¬ I

¬CU ¬ I

¬C¬UI

¬C¬U¬I

secret.cis.uab.edu 04/08/2023 19

Security Analysis

Non repudiation by CSP : Proof is signedPreservation of user’s privacy: One-way HashingNon repudiation by User: Advanced version of PPDP, each evidence is signed

secret.cis.uab.edu 04/08/2023 20

Proof-of-Concept Implementation

FTP Server on Amazon EC2 Micro Instance.

Client Machine: Intel Core-i5-24305 CPU @ 2.40 GHz processor and 8GB RAM.

Bloom filter : 0.01 % False Positive Probability for 1000 elements.

RSA (1024 bit) and SHA 1 (160 bit)

secret.cis.uab.edu 04/08/2023 21

Evaluation of Our Prototype% Overhead associated with time needed to insert the PPDP

secret.cis.uab.edu 04/08/2023 22

Evaluation of Our PrototypeAverage time required to find true negative match

secret.cis.uab.edu 04/08/2023 23

Evaluation of Our PrototypeAverage time required to find a true positive match

secret.cis.uab.edu 04/08/2023 24

Applications of PPDP

CSP can preserve the proof without storing the data itself.

Storage overhead for CSP but can earn money by Forensic-as-service.

Make the Cloud more Auditable which in turn makesCloud more Regulatory Compliant.

secret.cis.uab.edu 04/08/2023 25

Conclusion

Future work : Implement the scheme in private cloud, later collaborate with a commercial CSP.

• Introduced the notion of a Proof of Past Data Possession (PPDP) in the context of digital forensics.

• Proposed an efficient and secured cryptographic scheme for creating a PPDP.

• Evaluated the proposed PPDP scheme using a commercial cloud vendor.

secret.cis.uab.edu

Thank YouQ & A

04/08/2023