Digital Forensics in the Cloud: Encrypted Data Evidence Tracking ZHUANG TIAN, BSc (Hons) a thesis submitted to the graduate faculty of design and creative technologies Auckland University of Technology in partial fulfilment of the requirements for the degree of Master of Forensic Information Technology School of Computer and Mathematical Sciences Auckland, New Zealand 2014 ii Declaration I hereby declare that this submission is my own work and that, to the best of my knowledge and belief, it contains no material previously published or written by another person nor material which to a substantial extent has been accepted for the qualification of any other degree or diploma of a University or other institution of higher learning, except where due acknowledgement is made in the acknowledgements. ........................... Zhuang Tian iii Acknowledgements This thesis was completed at the Faculty of Design and Creative Technologies in the school of Computing and Mathematical Sciences at Auckland University of Technology, New Zealand. While conducting the research project I received support from many people in one way or another, without whose support, this thesis would not have been completed in its present form. It is my pleasure to take this opportunity to thank all of you, without the intention or possibility to be complete. I would like to apologize to those who I did not mention by name here; however, I highly value your kind support. Firstly, I would like to deeply thank my thesis supervisor Prof. Brian Cusack for the exceptional support given during the thesis project. He provided me with the freedom to explore research directions and to choose the routes that I wanted to investigate. Dr. Cusack’s encouragement, excellent guidance, creative suggestions, and critical comments have greatly contributed to this thesis. Dr. Cusack, I would like to thank you very much for your daily supervision. Moreover, he provided me ongoing inspiration, without which the finalised copy of this thesis would not have been achieved. I enjoyed our discussions and had learned a great deal from you. Also, I would like to thank my program leader Dr. Alastair Aisbet and MFIT Lab Instructor, Thomas Laurenson, Junewon Park and Ammann Roman for their mentorships, who gave endless efforts to organise the critical research environment much needed for this project. In addition, we would like to thank my fellow MFIT students, especially Yao Lu, Ting Ting Goh and Wei Li, who provided stimulating discussions, challenging questions, peer encouragement and many exciting debates in our chosen area of Digital Forensic research, and side interests in cloud data encryption topics. Similarly, I would like to express my deep appreciation to all of the lecturers who gave me knowledge as well as taught me the concepts during the lectures of MFIT. I would like to thank my thesis proof readers, who gave feedback on communication improvement. Finally, I would also like to express my sincere thanks to my late father, (Dayang Tian), my mother, Suping Zhang, my parents-in-law Fuchang Huang and Shenli Yin, iv whose continual support, encouragement, love, praying for my progress and for teaching me the values in life that brought me where I am today. I greatly appreciate my wife, Rui Huang. She persistently supported me throughout my master’s study. Without her, I could have never untaken the program. Even when I was struggling with the direction of my life, she consistently encouraged me and helped me be confident over and over again. v Abstract Cloud computing is an emerging model that separates application and information resources from the underlying infrastructure, and the mechanisms used to deliver them. The elastic nature, cost effective price and convenient connectivity make the cloud become more and more attractive as a storage medium for digital forensic investigators. The increasing volumes of data are also a driver for investigators use of a cloud for storing evidence and performing analysis. However, because of the distributed nature of the cloud (Cruz, & Atkison, 2011, p.306), data stored in the cloud may likely be divided into smaller chunks and placed at different data centres all over the globe. Moreover, the dynamic and remote nature of the cloud, make data relocating from data centre to data centre. Hence, data may be constantly compressed and resized. Thus, it is possible that data may be lost during the transmission; or compromised by attacks in the cloud. Furthermore, redundant storage in multiple jurisdictions (Yan, 2011, p.612) and the lack of transparent real-time information about where data is stored introduces judicial issues and further complications for investigations. Virtualisation also impacts on the privacy of other users (Dahbur, & Mohammad, 2011, p.2) of the cloud. To maintain information security, organisations can encrypt data before storing them in the Cloud; and then decrypt after retrieving the data from the Cloud. The key challenges that a digital investigator is facing before committing to the cloud, is how to ensure that the security of evidence data will be maintained; and privacy will be protected in order to fulfil digital forensic investigation principles. Although solutions such as Hou, Uehara, Yiu, & Hui (2011, p.378) have been proposed to use homomorphic encryption to protect innocent evidence data from being exposed; they are, however, more suited in a relatively static database environment, and the feasibility and performance of such solutions in a public cloud are still yet to be studied and evaluated. To maintain information security, organisations can encrypt data before storing them in the Cloud; and decrypt after retrieving the data from the Cloud. The research will identify, analyse and evaluate whether or not modern encryption algorithms can be vi used in providing data security and persevering privacy for digital forensic investigation evidence data stored in the cloud. To conduct the proposed research, a trial system was created in a lab controlled environment to simulate commercial situations where data will be relocated and distributed. The normal operation of the trial system was documented as the semi-trusted Storage-as-a-service cloud, in which stored digital forensic investigation data were scattered. Hence, the integrity, confidentiality and availability of digital forensic investigation data were stressed. Then experimental data generated during the research were collected and analysed, in order to test the robustness and performances of selected encryption tools. The methodology used in a simulated environment was based on descriptive methods in which the case scenario of simulated attack on the cloud by redistributing encrypted sample file data from one storage medium to another. To investigate the robustness and performances of selected encryption tools, a customized cloud simulation were created using VMmare. The descriptive mythology allowed the elaboration of precise details relevant to the research question. The purpose of the main research question was to evaluate whether or not modern encryption algorithms can be used in providing security and preserve privacy for digital forensic investigation evidence data stored in the cloud. Consequently, the court evidence admissibility requirement was met according to digital forensic investigation principles and guidelines. The significant findings were found that the selected encryption tools were able to provide security for evidence data in the cloud at a sufficient level. Moreover, the encryption tools examined had reasonably good performance in the cloud. Though, AxCrypt had the overall best performance in terms of security features and data compression result resilience. To conclude, the research conducted confirms that modern encryption algorithms are able to maintain security and preserve privacy for digital forensic investigation evidence data stored in the cloud. Moreover, using modern encryption algorithms ensures that evidence data do meet confidentiality, availability, privacy preserving, chain-of-custody and eventually court admissibility requirements. Ultimately, digital forensic investigator compliance principles are fulfilled. vii Table of Contents Declaration .............................................................................................................. ii Acknowledgement.................................................................................................. iii Abstract .................................................................................................................... v Table of Contents .................................................................................................. vii List of Tables........................................................................................................ xiv List of Figures ........................................................................................................ xv Abbreviations ...................................................................................................... xvii Chapter One: Introduction 1.0 BACKGROUND .......................................................................................................... 1 1.1 CONCEPTS OF THE CLOUD..................................................................................... 1 1.2 OBSTACLES IN THE CLOUD ................................................................................... 3 1.3 MOTIVATION ............................................................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages209 Page
-
File Size-