Wireless Internet. 10th International Conference, WiCON 2017, Tianjin, China, December 16-17, 2017, Proceedings

Research Article

Distributed Cloud Forensic System with Decentralization and Multi-participation

Download
160 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-90802-1_16,
        author={Xuanyu Liu and Xiao Fu and Bin Luo and Xiaojiang Du},
        title={Distributed Cloud Forensic System with Decentralization and Multi-participation},
        proceedings={Wireless Internet. 10th International Conference, WiCON 2017, Tianjin, China, December 16-17, 2017, Proceedings},
        proceedings_a={WICON},
        year={2018},
        month={5},
        keywords={Cloud forensics Data provenance Byzantine faults Distributed systems Decentralization Multi-participation},
        doi={10.1007/978-3-319-90802-1_16}
    }
    
  • Xuanyu Liu
    Xiao Fu
    Bin Luo
    Xiaojiang Du
    Year: 2018
    Distributed Cloud Forensic System with Decentralization and Multi-participation
    WICON
    Springer
    DOI: 10.1007/978-3-319-90802-1_16
Xuanyu Liu1,*, Xiao Fu1,*, Bin Luo1,*, Xiaojiang Du2,*
  • 1: Nanjing University
  • 2: Temple University
*Contact email: dz1532002@smail.nju.edu.cn, fuxiao@nju.edu.cn, luobin@nju.edu.cn, dxj@ieee.org

Abstract

A considerable number of cloud forensic systems and tools have been proposed in recent years. Trust issue of digital evidence, a significant security topic, is indispensable for cloud forensics systems. In this paper, we propose a different cloud forensic system—Distributed Cloud Forensic System with Decentralization and Multi-participation (DCFS). The DCFS is set in an untrusted and multi-tenancy cloud environment, and it is assumed that cloud users, cloud employees, or forensic investigators can be dishonest. The DCFS, which is different from existing centralized cloud forensic systems, is a distributed and decentralized system that does not rely on any single node or any third party to obtain credible evidence from the cloud. Trust is divided into all participants in the DCFS, and these participants supervise each other. A distributed public ledger is maintained in the DCFS, and this ledger records all the proofs of forensic evidence along with other useful information. This ledger can enhance the credibility and integrity of forensic evidence to some degree and complete the chain of custody in forensic investigation. The forensic evidence, which are provided by the cloud employees, presented to the court of law using the DCFS will be more trustful.