A COMPREHENSIVE DATA SECURITY AND FORENSIC INVESTIGATION FRAMEWORK FOR CLOUD-IOT ECOSYSTEM
##plugins.themes.bootstrap3.article.sidebar##
##plugins.themes.bootstrap3.article.main##
Abstract
The rapid growth of cloud and IoT has various security associated issues that can withhold its extensive acceptance. Based on this premise, this paper has presented comprehensive data security and DFI framework for the CloudIoT ecosystem. In our proposed framework we have used data security model which consists of combining various cryptographic (Symmetric, Asymmetric and Hashing) algorithms. We have chosen some cryptographic algorithms to depend on the need for the applications. Moreover, we also have presented an encryption and decryption model using cryptographic algorithms for CloudIoT ecosystem. In the proposed model, we have used various cryptographic algorithms with various key lengths which secures the model more accurately. In addition, the experimental result shows asymmetric algorithms are most powerful for the key lengths. Furthermore, we also have conducted DFI model for CloudIoT environment. The proposed model provides a combination of various DFI modules or processes that helps the researchers while focusing on very specific research sub-problems within the CloudIoT forensics problem domain. The aim of this paper is to reduce the risk of CloudIoT data using various cryptographic algorithms and facilitate effective digital forensic investigation for digital forensic professionals. Finally, we have presented some experimental results and comparisons of various cryptographic algorithms in terms of performances. Moreover, also comparisons among DFI procedures and systematically analyzed the opportunities for CloudIoT forensics
##plugins.themes.bootstrap3.article.details##
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
References
J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of things (iot): A vision, architectural elements, and future directions,” Future generation computer systems, vol. 29, no. 7, pp. 1645–1660, 2013.
A. Botta, W. De Donato, V. Persico, and A. Pescape, “Integration of´ cloud computing and internet of things: a survey,” Future Generation Computer Systems, vol. 56, pp. 684–700, 2016.
C. Stergiou, K. E. Psannis, B.-G. Kim, and B. Gupta, “Secure integration of iot and cloud computing,” Future Generation Computer Systems, vol. 78, pp. 964–975, 2018.
G. Kaur and M. Mahajan, “Analyzing data security for cloud computing using cryptographic algorithms,” International Journal of Engineering Research and Applications, vol. 3, no. 5, pp. 782–786, 2013.
V. R. Pancholi and B. P. Patel, “Enhancement of cloud computing security with secure data storage using aes,” International Journal for Innovative Research in Science and Technology, vol. 2, no. 9, pp. 18–21, 2016.
N. Dragoni, A. Giaretta, and M. Mazzara, “The internet of hackable things,” in International Conference in Software Engineering for Defence Applications. Springer, 2016, pp. 129–140.
E. Oriwoh, D. Jazani, G. Epiphaniou, and P. Sant, “Internet of things forensics: Challenges and approaches,” in Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), 2013 9th International Conference Conference on. IEEE, 2013, pp. 608–615.
K. Ruan, I. Baggili, J. Carthy, and T. Kechadi, “Survey on cloud forensics and critical criteria for cloud forensic capability: A preliminary analysis,” 2011.
V. R. Kebande and I. Ray, “A generic digital forensic investigation framework for internet of things (iot),” in Future Internet of Things and Cloud (FiCloud), 2016 IEEE 4th International Conference on. IEEE, 2016, pp. 356–362.
S. Perumal, N. M. Norwawi, and V. Raman, “Internet of things
(iot) digital forensic investigation model: Top-down forensic approach methodology,” in Digital Information Processing and Communications (ICDIPC), 2015 Fifth International Conference on. IEEE, 2015, pp. 19–23.
S. Zawoad and R. Hasan, “Faiot: Towards building a forensics aware eco system for the internet of things,” in 2015 IEEE International Conference on Services Computing (SCC). IEEE, 2015, pp. 279–284.
T. Zia, P. Liu, and W. Han, “Application-specific digital forensics investigative model in internet of things (iot),” in Proceedings of the 12th International Conference on Availability, Reliability and Security. ACM, 2017, p. 55.
M. E. Alex and R. Kishore, “Forensics framework for cloud computing,” Computers & Electrical Engineering, vol. 60, pp. 193–205, 2017.
A. Pichan, M. Lazarescu, and S. T. Soh, “Cloud forensics: Technical challenges, solutions and comparative analysis,” Digital Investigation, vol. 13, pp. 38–57, 2015.
K. Ruan, J. Carthy, T. Kechadi, and I. Baggili, “Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results,” Digital Investigation, vol. 10, no. 1, pp. 34–43, 2013.
S. Alqahtany, N. Clarke, S. Furnell, and C. Reich, “Cloud forensics: a review of challenges, solutions and open problems,” in Cloud Computing (ICCC), 2015 International Conference on. IEEE, 2015, pp. 1–9.
S. Zawoad, R. Hasan, and A. Skjellum, “Ocf: an open cloud forensics model for reliable digital forensics,” in Cloud Computing (CLOUD), 2015 IEEE 8th International Conference on. IEEE, 2015, pp. 437– 444.
D. R. Rani, S. N. Sultana, and P. L. Sravani, “Challenges of digital forensics in cloud computing environment,” Indian Journal of Science and Technology, vol. 9, no. 17, 2016.
M. N. A. Wahid, A. H. Ali, B. Esparham, and M. Marwan, “A comparison of cryptographic algorithms : Des , 3 des , aes , rsa and blowfish for guessing attacks prevention,” 2018.
G. P. Kanna and V. Vasudevan, “Enhancing the security of user data using the keyword encryption and hybrid cryptographic algorithm in cloud,” in 2016 International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT). IEEE, 2016, pp. 3688–3693.
M. F. Mushtaq, S. Jamel, A. H. Disina, Z. A. Pindar, N. S. A. Shakir, and M. M. Deris, “A survey on the cryptographic encryption algorithms,” International Journal of Advanced Computer Science and Applications, vol. 8, no. 11, pp. 333–344, 2017.
M. B. Yassein, S. Aljawarneh, E. Qawasmeh, W. Mardini, and Y. Khamayseh, “Comprehensive study of symmetric key and asymmetric key encryption algorithms,” in 2017 international conference on engineering and technology (ICET). IEEE, 2017, pp. 1–7.
R. Rahim, “128 bit hash of variable length in short message service security,” International Journal of Security and Its Applications, vol. 11, no. 1, pp. 45–58, 2017.
S. L. Garfinkel, “Digital forensics research: The next 10 years,” digital investigation, vol. 7, pp. S64–S73, 2010.
K. Kent, S. Chevalier, T. Grance, and H. Dang, “Guide to integrating forensic techniques into incident response,” NIST Special Publication, vol. 10, pp. 800–86, 2006.
P. Gary, “A road map for digital forensic research,” in Digital Forensics Research Workshop, 2001.
A. Valjarevic and H. S. Venter, “A comprehensive and harmonized digital forensic investigation process model,” Journal of forensic sciences, vol. 60, no. 6, pp. 1467–1483, 2015.
B. Carrier and E. H. Spafford, “An event-based digital forensic investigation framework,” in Digital forensic research workshop, 2004, pp. 11–13.
N. L. Beebe and J. G. Clark, “A hierarchical, objectives-based framework for the digital investigations process,” Digital Investigation, vol. 2, no. 2, pp. 147–167, 2005.
M. D. Kohn, M. M. Eloff, and J. H. Eloff, “Integrated digital forensic process model,” Computers & Security, vol. 38, pp. 103–115, 2013.
V. Baryamureeba and F. Tushabe, “The enhanced digital investigation process model,” in Proceedings of the Fourth Digital Forensic Research Workshop, 2004, pp. 1–9.
A. Valjarevic and H. S. Venter, “Harmonised digital forensic investigation process model,” in Information Security for South Africa (ISSA), 2012. IEEE, 2012, pp. 1–10.
J. Dykstra and A. T. Sherman, “Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques,” Digital Investigation, vol. 9, pp. S90–S98, 2012.
M. P. Mohite and S. Ardhapurkar, “Design and implementation of a cloud based computer forensic tool,” in Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on. IEEE, 2015, pp. 1005–1009.
P. Mahajan and A. Sachdeva, “A study of encryption algorithms aes, des and rsa for security,” Global Journal of Computer Science and Technology, 2013.
L. Jiang, L. Da Xu, H. Cai, Z. Jiang, F. Bu, and B. Xu, “An iotoriented data storage framework in cloud computing platform,” IEEE Transactions on Industrial Informatics, vol. 10, no. 2, pp. 1443–1451, 2014.
M. Harbawi and A. Varol, “An improved digital evidence acquisition model for the internet of things forensic i: A theoretical framework,” in 2017 5th International Symposium on Digital Forensic and Security (ISDFS). IEEE, 2017, pp. 1–6.
