新型智能终端取证技术研究

随着移动互联网的广泛应用,智能手机、平板等新型智能终端设备在各种各样的违法犯罪活动中开始扮演越来越重要的角色,从涉案手机中提取的数据常常包含与违法犯罪行为相关的重要线索和证据。然而,移动智能终端设备不断提升的安全设计可能使得取证人员无法从设备中提取数据,给电子数据取证鉴定工作提出了新的挑战。本文详细分析当前主流的iOS、Android和Windows Phone等平台下的移动设备的安全机制,研究了主要的安全机制破解和取证技术及其在目前电子数据取证工作中的应用。最后,对未来面向新型移动智能终端电子数据取证技术研究发展方向进行了探讨。     

The Challenges Facing Computer Forensics Investigators in Obtaining Information from Mobile Devices for Use in Criminal Investigations

ABSTRACT

The paper deals with the various types of mobile devices that have large storage capacities and the challenges for forensics experts in gathering information from the devices for use in criminal investigations. The paper describes various forensics tools, law challenges for the forensics examiner such as the Fourth Amendment, and chain of custody issues that a forensics expert could endure while gathering information from mobile devices. The reader will learn about the struggles to effectively manage digital evidence obtained from such mobile devices and some of the issues in using some of the more popular tools on the market to conduct forensics. Finally, the reader will conclude the various challenges that could occur for the forensics examiner in conducting investigations until law disputes are resolved and the maturity and standardization of software tools develop.     

A review study on blockchain-based IoT security and forensics

The term Internet of Things (IoT) represents all communicating countless heterogeneous devices to share data and resources via the internet. The speedy advance of IoT devices proposes limitless benefits, but it also brings new challenges regarding security and forensics. Likewise, IoT devices can generate a massive amount of data that desires integrity and security during its handling and processing in an efficient way. IoT devices and data can be vulnerable to various types of cyber-crimes at each IoT layer. For combating these cyber-crimes in IoT infrastructure, IoT forensic term has shown up. The IoT forensic is the process of performing digital forensic investigation in the IoT environment in a forensically sound and timely fashion manner. Sundry challenges face the IoT forensics that requires urgent solutions and mitigation methods; digital evidence needs to be collected, preserved, analyzed, processed, and reported in a trusted manner to be acceptable for presenting in the court of law. Preserving the evidence unchanged or tampered with is the most critical challenge in digital forensics. Authentication is another challenge facing digital forensics; who is allowed to deal with the evidence? One of the most recent solutions for supporting IoT forensics is the use of Blockchain. Using Blockchain in digital forensics guarantees data integrity, immutability, scalability, and security. Therefore, this paper presents a comprehensive review of IoT security and forensics with the integration with Blockchain technology. It begins by providing an inclusive discussion of IoT security, as well as the need for IoT forensics, and the concepts of Blockchain. Then, a review of Blockchain-based IoT security and forensics issues is presented. Finally, a discussion of open research directions is provided.

     

云计算支持下的协作式数字取证技术

为解决网络环境下电子证据分散、取证分析效率低、协作难度大等问题,在分析计算机犯罪特点以及当前数字取证所面临的相关问题基础上,针对数字取证与分析的协同需求,设计了一种具有正循环反馈机制的云计算支持下的协作式数字取证模型,并详细论述了其设计思想和体系架构.最后,研究了模型的系统实现方法、电子证据云存储调度策略、基于封锁机制的并发分析任务调度.实验表明,协作式数字取证技术可有效提高数字取证工作效率和分析结果的准确性.     

Wukong: A cloud-oriented file service for mobile Internet devices

Along with the rapid growth of heterogeneous cloud services and network technologies, an increasing number of mobile devices use cloud storage services to enlarge their capacity and share data in our daily lives. We commonly use cloud service client-side software in a straightforward fashion. However, when more devices and users participate in heterogeneous services, the difficulty of managing these services efficiently and conveniently increases. In this paper, we report a novel cloud-oriented file service, Wukong, which provides a user-friendly and highly available facilitative data access method for mobile devices in cloud settings. Wukong supports mobile applications, which may access local files only, transparently accessing cloud services with a relatively high performance. To the best of our knowledge, Wukong is the first file service that supports heterogeneous cloud services for mobile devices by using the innovative storage abstraction layer. We have implemented a prototype with several plugins and evaluated it in a systematic way. We find that this easily operable file service has a high usability and extensibility. It costs about 50 to 150 lines of code to implement a new backend service support plugin. Wukong achieves an acceptable throughput of 179.11 kB/s in an ADSL environment and 80.68 kB/s under a countryside EVDO 3G network with negligible overhead.     

基于云计算的视频取证监控系统*

在视频取证过程中,面对多摄像头非协作工作方式的视频取证的缺陷以及海量的视频数据和复杂的取证计算问题,提出了一种基于云计算的视频取证监控系统的解决方案。在该方案中,各摄像头采用协作工作方式,监控系统中的视频数据保存在云计算系统中,终端用户需要的视频监控服务由云计算平台来提供,取证过程中的目标识别和跟踪等复杂计算也由云计算平台提供。该系统可以充分利用云计算平台的虚拟存储和虚拟计算能力,解决取证现场的多摄像头的协作工作能力,提高视频取证的处理效率和取证的准确性以及提高各种终端用户的监控灵活性和方便性。     

Forensic Investigation Through Data Remnants on Hadoop Big Data Storage System

Forensic examiners are in an uninterrupted battle with criminals in the use of Big Data technology. The underlying storage system is the main scene to trace the criminal activities. Big Data Storage System is identified as an emerging challenge to digital forensics. Thus, it requires the development of a sound methodology to investigate Big Data Storage System. Since the use of Hadoop as Big Data Storage System continues to grow rapidly, investigation process model for forensic analysis on Hadoop Storage and attached client devices is compulsory. Moreover, forensic analysis on Hadoop Big Data Storage System may take additional time without knowing where the data remnants can reside. In this paper, a new forensic investigation process model for Hadoop Big Data Storage System is proposed and discovered data remnants are presented. By conducting forensic research on Hadoop Big Data Storage System, the resulting data remnants assist the forensics examiners and practitioners for generating the evidences.     

Instagram Mobile Application Digital Forensics

In this research, we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application, Instagram. This plugin extracts personal details from Instagram users, e.g., name, user name, mobile number, ID, direct text or audio, video, and picture messages exchanged between different Instagram users. While developing the plugin, we identified resources available in both Android and IOS-based devices holding key forensics artifacts. We highlighted the poor privacy scheme employed by Instagram. This work, has shown how the sensitive data posted in the Instagram mobile application can easily be reconstructed, and how the traces, as well as the URL links of visual messages, can be used to access the privacy of any Instagram user without any critical credential verification. We also employed the anti-forensics method on the Instagram Android’s application and were able to restore the application from the altered or corrupted database file, which any criminal mind can use to set up or trap someone else. The outcome of this research is a plugin for our digital forensics ready framework software which could be used by law enforcement and regulatory agencies to reconstruct the digital evidence available in the Instagram mobile application directories on both Android and IOS-based mobile phones.     

iOS设备取证技术

iOS设备是当今最具代表性的智能终端设备,其典型代表是iPhone手机和iPad平板电脑。由于智能终端设备的运行机制不同于传统计算机设备,这类设备的取证对调查人员提出了新的挑战。文章以iOS设备为例,讲解其构成、运行机制、相关取证技术和工作流程。     

Potential cyberterrorism via a multimedia smart phone based on a web 2.0 application via ubiquitous Wi-Fi access points and the corresponding digital forensics

Cyberterrorism has become a hotly debated research issue in the past decades because of the convergence of mobile computing powers and the fledging multimedia communication computing capabilities. Cyberterrorism is the exploitation of computer network tools to incur malfunction or shut down critical infrastructures with several keyboard punches, which is dramatically different from traditional terrorism. Due to the ubiquitous multimedia communication tools, they have radically transformed the ways concerning data transmission. Unfortunately, it also incurs unprecedented opportunities for committing cyber crimes that we were not able to foresee two decades ago. Undoubtedly, the mushrooming proliferation of mobile phones spectacularly triggers the information security leakage while most people heavily rely on mobile phones for daily communication. As cybercrime or cyberterrorism surges, digital forensics (DF) of mobile communication devices still enormously lags behind than computer forensics. Hence, in this research paper, we provide a hypothetical case review concerning the DF of a potential cyberterrorist attack that was triggered by a mobile multimedia smart phone utilizing a popular web 2.0 application program via ubiquitous Wi-Fi access points. The corresponding DF of the mobile device was conducted in a step-by-step manner as well as the crime scene reconstruction based on the digital evidence collected, analyzed, and preserved.     

A Secure Scheme for Storage,Retrieval, and Sharing of Digital Documents in Cloud Computing Using Attribute-Based Encryption on Mobile Devices

ABSTRACT

This work describes the analysis, design, and implementation of a secure scheme for storage, retrieval, and fine-grained sharing of digital documents in cloud computing using mobile devices. Confidentiality of digital documents stored in public clouds from a mobile device is achieved by implementing the digital envelope concept. Data are encrypted using AES, and the session key is encrypted using ciphertext-policy attribute based encryption (CP-ABE). CP-ABE also provides access control mechanisms at a fine-grain level, allowing the decryption of the AES key only to those users having the correct set of attributes. The encryption and decryption processes are carried out in a mobile device that interacts with a cloud provider, a trust server, and a key server. For practical implementation of CP-ABE, the Tate pairing was used on elliptic curves type A and F over prime fields, using affine and projective coordinates for the security levels 80, 112, and 128 bits. After evaluating the proposed system for different CP-ABE implementation options, it was observed that the elliptic curves type A allow execution times 18 times faster compared with the use of elliptic curves type F, achieving processing times that ensures the deployment of the proposed secure scheme.     

数字取证研究现状与发展态势

本文介绍了数字取证技术的发展历程和现状,结合云计算、移动互联网、大数据、物联网等为代表的新一代信息技术发展,分析了当前数字取证面临的技术挑战,基于国内外主要研究机构的相关调研情况介绍了当前数字取证技术的若干研究热点和发展态势,并给出了数字取证技术方面的研究发展思考。     

Entangled cloud storage

Entangled cloud storage (Aspnes et al., ESORICS 2004) enables a set of clients to “entangle” their files into a single clew to be stored by a (potentially malicious) cloud provider. The entanglement makes it impossible to modify or delete significant part of the clew without affecting all files encoded in the clew. A clew keeps the files in it private but still lets each client recover his own data by interacting with the cloud provider; no cooperation from other clients is needed. At the same time, the cloud provider is discouraged from altering or overwriting any significant part of the clew as this will imply that none of the clients can recover their files.We put forward the first simulation-based security definition for entangled cloud storage, in the framework of universal composability (Canetti, 2001). We then construct a protocol satisfying our security definition, relying on an entangled encoding scheme based on privacy-preserving polynomial interpolation; entangled encodings were originally proposed by Aspnes et al. as useful tools for the purpose of data entanglement. As a contribution of independent interest we revisit the security notions for entangled encodings, putting forward stronger definitions than previous work (that for instance did not consider collusion between clients and the cloud provider).Protocols for entangled cloud storage find application in the cloud setting, where clients store their files on a remote server and need to be ensured that the cloud provider will not modify or delete their data illegitimately. Current solutions, e.g., based on Provable Data Possession and Proof of Retrievability, require the server to be challenged regularly to provide evidence that the clients’ files are stored at a given time. Entangled cloud storage provides an alternative approach where any single client operates implicitly on behalf of all others, i.e., as long as one client’s files are intact, the entire remote database continues to be safe and unblemished.     

A synergetic mechanism for digital library service in mobile and cloud computing environment

Digital library services in the mobile computing have come into our daily life with the development of wireless communication and the manufacture of mobile devices. Digital libraries have collected large-scaled data for providing information service. However, there are still many problems such as limitations of computing on mobile devices and data transmission problems in the wireless network. This paper proposes a synergetic mechanism for digital library to provide information service in the mobile and cloud computing environment, which combines the digital library servers, mobile hosts and personal cloud space into a synergetic work group seamlessly. The proposed mechanism integrates the strong computing and large-scaled storage ability of cloud computing together with the convenience of mobile computing. It could help promoting knowledge sharing and improve work efficiency of users in the mobile and cloud computing environment.     

Locking Out the Investigator: The Need to Circumvent Security in Embedded Systems

ABSTRACT

Embedded devices are becoming ubiquitous in both domestic and commercial environments. Although smartphones, tablets, and video game consoles are all labeled by their primary function, most of these devices offer additional features and are capable of additional interactivity. Given the proprietary nature of such devices in terms of hardware and software and the protection mechanisms incorporated into these systems, it is and will continue to be extremely difficult to use “traditional digital forensics” methodologies to access storage media and acquire data for analysis. This paper examines how consumer law may be stifling research that the forensic community could ultimately depend upon to examine devices.     

Mobile forensic reference set (MFReS) and mobile forensic investigation for android devices

This paper proposes the mobile forensic reference set (MFReS), a mobile forensic investigation procedure and a tool for mobile forensics that we developed. The MFReS consists of repositories, databases, and services that can easily retrieve data from a database, which can be used to effectively classify meaningful data related to crime, among numerous data types in mobile devices. Mobile data consist of system data, application data, and multimedia data according to characteristics and format. We have developed a mobile forensic process that can effectively analyze information from installed applications and user behavior through these data. In particular, our tool can be useful for investigators because it can analyze the log files of all applications (apps) and analyze behavior based on timeline, geodata, and other characteristics. Our research can contribute to the study of mobile forensic support systems and suggest the direction of mobile data analysis tool development.     

MASHED: Security and privacy-aware mutual authentication scheme for heterogeneous and distributed mobile cloud computing services

ABSTRACT

Rapid development in mobile devices and cloud computing technologies has increased the number of mobile services from different vendors on the cloud platform. However, users of these services are facing different security and access control challenges due to the nonexistence of security solutions capable of providing secure access to these services, which are from different vendors, using a single key. An effective security solution for heterogeneous Mobile Cloud Computing (MCC) services should be able to guarantee confidentiality and integrity through single key-based authentication scheme. Meanwhile, a few of the existing authentication schemes for MCC services require different keys to access different services from different vendors on a cloud platform, thus increases complexity and overhead incurred through generation and storage of different keys for different services.

In this paper, an efficient mutual authentication scheme for accessing heterogeneous MCC services is proposed. The proposed scheme combines the user’s voice signature with cryptography operations to evolve efficient mutual authentication scheme devoid of key escrow problem and allows authorized users to use single key to access the heterogeneous MCC services at a reduced cost.     

Are Your Computer Files Protected Under the Fourth Amendment?

ABSTRACT

Currently, the government(s) in the United States can seize a copy of a hard drive of a computer and not violate the Fourth Amendment. This paper examines this situation and looks at ways to protect private computer files under the Fourth Amendment. This paper analyzes the historical context of the Fourth Amendment and its affinity toward tangible private property. Physical private property is protected, but intangible private property such as the information in your computer is not. It is the opinion of the author that this situation should be corrected. Since court cases influence the interpretation of the Amendment, relevant cases are discussed. Since computer forensics is the process used to submit digital evidence in a court of law, the impact of computer forensics is discussed. Seminal work in the area of the Fourth Amendment and digital information is also presented. The paper ends with suggestions on how to incorporate private computer files under the protection of the Fourth Amendment.     

面向IaaS云服务基础设施的电子证据保全与取证分析系统设计

随着云技术在计算机网络领域的广泛应用,云环境下的安全审计与电子取证需求也日益迫切。由于云取证与传统计算机取证在取证环境、证据获取及证据分析方面有较大区别,目前尚缺乏有效的针对云的电子取证方法及技术手段,云系统作为一种信息系统,其可审计性得不到保证。文章设计了一套新的云取证系统,面向IaaS云服务的基础设施,通过采集终端对云系统中虚拟机进行监控并主动采集证据,同时将采集到的证据集中存放于一处,取证系统实时取证、证据集中保全的特性可以有效应对云环境下证据易失、证据提取困难的特点,达到高效取证。     

“科研在线”平台文档的移动客户端

云计算和移动智能终端的发展极大地改变了人们的生活,也为协同工作带来更多的便利。科研在线平台中的协同文档库是基于云存储的协同工具,为用户提供面向团队的文档协作与管理服务。本文的工作是设计并实现了基于 iOS 的协同文档库移动客户端。通过对用户使用场景的分析,得出系统功能。根据移动应用的特点,设计系统框架。本文主要从网络编程、数据缓存和登录认证这三个方面的关键技术来描述系统的实现。