eCLASS: Edge-Cloud-Log Assuring-Secrecy Scheme for Digital Forensics
Abstract
:1. Introduction
1.1. Problem Statement
1.2. Contributions
- We propose a new secure logging scheme in consideration of the edge-cloud environment. This logging scheme provides log-data confidentiality and integrity using log-data segmentation, distributed storage, and multi-index-chain (MIC) techniques for solving edge-node problems such as low computing resources and the geographically separated management from the owner eCSP.
- We introduce the MIC technique and distributed-storage cluster to acquire forensic data without the cooperation of the corresponding service provider. The index files include information of the distributed log block being shared with MIC peers through the MIC network. Therefore, investigators can collect the related log blocks based on the index files and distributed-storage cluster (DSC).
- We outline a security analysis and performance evaluation that prove that the security of our scheme improved upon existing logging schemes, and that our scheme could reduce the log processing time and required storage size.
2. Related Work
2.1. Edge Cloud
“The edge cloud is deployed at the edge of the network accessed by CSCs, and has small resource capacity. The edge cloud requires specialized hardware resource on purpose, and resources in the edge cloud are constrained due to limitations of space or power.”
2.2. Conventional Cloud Logging Systems
2.3. Data Protection Techniques
2.4. Ensuring Data Integrity Technique
3. Edge-Cloud Threat Model and Security Properties
3.1. Terms and Definitions
3.2. Edge-Cloud Service Models
3.2.1 General Model
3.2.2. Mobility-Support Model (MSM)
3.2.3. Service-Extension Model
3.2.4. Edge-Federation Model
3.3. Threat Models
3.4. Security Properties
4. Proposed Scheme: eCLASS
4.1. Overview
4.2. eCLASS Specification
4.2.1. Log Collection Procedure
- Log Entry Generation
- eLEik = ith log entry generated in the kth edge node.
- eLEik = <eCSP_ID, Edge_IP, User_Device_IP, User_Device_MAC, User_ID, LTi, Service_URIi>
- Log Entry Segmentation
- Sending to DSCs
- Response to Storage Complete
- Index Generation
- Uploading EIDXm to an Investigator
- Multi-Index Generation
- Multi-Index Publication
Algorithm 1. LogCollection pseudocode for log confidentiality |
Input : eLE, H(eLE) Output : SBI, PathGSB1 to K LogCollection(edge log entry eLEs, H(eLEs)) Int s = LogSegmentation size; Int d = The number of DSCs; foreach edge node do ELE = eLE + H(eLE); /*log segmentation part*/ for (i = 1, length(ELE), i + s) SB[i] = logSegmenation(ELE, s); /*segment the ELE by LogSegmentation size*/ end for; /*log partitioning and distribution storage part*/ for (k = 1, d, i + 1) GSB[k] = Partitioning(SB[], d); /* partition the SB[] by the number of DSCs according to the partitioning method*/ Generate SBI ← add.info.Partitioning(SB[], d); send GSB[k] to DSCs over Secure API; get PathGSBk from corresponding the DSC; end for; end foreach; end; |
LogCollection of Time Complexity: T(n) T(n) = each edge node(log segmentation part + log partitioning and distribution storage part) = 2 + n(2n + 1 + 2n + 3) + 1 = 4n2 + 4n + 4 ∴ T(n) = O(N2) |
LogCollection of Space Complexity: S(n) S(n) = each edge node(log segmentation part + log partitioning and distribution storage part) = 2 + n(1 + n + 1 + n + 1 + n) = 2 + n(3n + 3) = 3n2 + 3n + 2 ∴ S(n) = O(N2) |
Algorithm 2. IndexSharing pseudocode to generate and share multi-index |
Input : SBI, PathGSB1 to K Output : MI IndexSharing(Segemtation info SBI, PathGSB1 to K) // Encrypted Index generation part foreach edge node do IDX = (SBI || PathGSB1 to k); EIDX = UserID + TL + encrypt(IDX).using_user’s_publickey; send EIDX to Investigator; end foreach; // MI generation and sharing part for investigator do MI = MIHeader+Ordering(EIDX1, EIDX2, ... , EIDXn) + MIC(Hash(MICprevious+MIHeader)); Publish MI; end for; end; |
IndexSharing of Time Complexity: T(n) T(n) = each edge node(Encrypted Index generation part) + MI generation and sharing part = n(3 + 2) = 5n ∴ T(n) = O(N) |
IndexSharing of Space Complexity: S(n) S(n) = each edge node(Encrypted Index generation part) + MI generation and sharing part = n(1 + 1) + n = 3n ∴ S(n) = O(N) |
4.2.2. Log Verification Procedure
- Log Monitoring by Users
- Log- and Index-Integrity Verification
- Multi-Index Sequence Verification
5. Performance and Security Evaluation
5.1. Implementation
- Host machine hardware configuration: Intel Core i5-8400 hexa-core CPU, 16 GB RAM, 500 GB SSD, Windows 10 Education used as host operating system.
- Network configuration: The host machine and storage server were configured with an internal network using a 100 M network switch.
- Virtual Box 6.0.0 r0127566 for Windows 10.
- Low-capacity edge node: one core of Intel Core i5-8400 CPU 2.80 GHz, 2 GB RAM, 40 GB
- Local storage.
- Medium-capacity edge node: two cores of Intel Core i5-8400 CPU 2.80 GHz, 4 GB RAM, 40 GB
- local storage.
- High-capacity edge node: four cores of Intel Core i5-8400 CPU 2.80 GHz, 4 GB RAM, 40 GB
- Local storage.
5.2. Performance Analysis
5.2.1. Logging Processing Time
5.2.2. Computing Resource Allocation
5.2.3. Operation Cost
5.3. Summary
5.4. Security Analysis
- Logging scheme that takes into account the security environment of edge nodes
- Preventing log contamination due to the collusion between owner CSP, users, and investigators
- Independent digital forensic system from CSP
5.5. eCLASS Quality of Service
6. Conclusions
- In the proposed eCLASS, we focused on computing overhead and operation cost in edge nodes. However, eCLASS consisted of three major entities: edge node (including eCSP), investigators, and DSCs. Thus, we need to design an authentication and access-control scheme for eCLASS that is composed of three entities, such as the one in Reference [36].
- Commonly, service logs are low-level data and hard for the common user to understand. In addition, many service providers use different log-data formats. Thus, we will explore standardization of the log format to cover most service-log data.
- Designing and implementing a prototype of the proposed scheme in collaboration with real-world eCSPs, storage-service providers, and forensic investigators with the aim of evaluating its utility in a real-world environment.
Author Contributions
Funding
Acknowledgments
Conflicts of Interest
References
- Huh, E.-N.; HE, X. Draft new Recommendation ITU-T Y.3508 (formerly Y.ccdc-reqts): “Cloud computing—Overview and high-level requirements of distributed cloud”—for consent. ITU-T SG13 2019, 1–27. Available online: https://www.itu.int/rec/T-REC-Y.3508/en (accessed on 29 August 2019).
- Wang, Y.; Uehara, T.; Sasaki, R. Fog Computing: Issues and Challenges in Security and Forensics. In Proceedings of the IEEE 39th Annual International Computers, Software, and Applications Conference, Taichung, Taiwan, 1–5 July 2015; pp. 53–59. [Google Scholar]
- Roman, R.; Lopezm, J.; Mambo, M. Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges. Future Gener. Comput. Syst. 2018, 78, 608–698. [Google Scholar] [CrossRef]
- Mukherjee, M.; Matam, R.; Shu, L.; Maglaras, L.; Ferrage, M.A.; Choudhury, N.; Kumar, V. Security and Privacy in fog computing: Challenges. IEEE Access 2017, 5, 19293–19304. [Google Scholar] [CrossRef]
- Yaqoob, I.; Hashem, I.A.T.; Ahmed, A.; Kazmi, S.M.A.; Hong, C.S. Internet of things forensics: Recent advances, taxonomy, requirements, and open challenges. Future Gener. Comput. Syst. 2019, 92, 265–275. [Google Scholar] [CrossRef]
- Satyanarayanan, M. The emergence of edge computing. IEEE Comput. Soc. 2017, 50, 30–39. [Google Scholar] [CrossRef]
- Zawoad, S.; Dutta, A.K.; Hasan, R. SecLaaS: Secure Logging-as-a-Service for cloud forensics. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security; ACM: New York, NY, USA, 2013; pp. 219–230. [Google Scholar]
- Ray, I.; Belyaev, K.; Strizhov, M.; Mulamba, D.; Rajaram, M. Secure Logging As a Service—Delegating Log Management to the Cloud. IEEE Syst. J. 2013, 7, 323–334. [Google Scholar] [CrossRef]
- Zawoad, S.; Dutta, A.K.; Hasanm, R. Towards Building Forensics Enabled Cloud Through Secure Logging-as-a-Service. IEEE Trans. Dependable Secur. Comput. 2016, 13, 148–162. [Google Scholar] [CrossRef]
- Sree, T.R.; Bhanu, S.M.S. Secure logging scheme for forensic analysis in cloud. Concurr. Comput. Pract. Exp. 2019, 31, e5143. [Google Scholar] [CrossRef]
- Ahsan, M.A.M.; Wahab, A.W.A.; Idris, M.Y.I.; Khan, S.; Bachura, E.; Choo, K.K.R. CLASS: Cloud Log Assuring Soundness and Secrecy Scheme for Cloud Forensics. IEEE Trans. Sustain. Comput. 2018, 1–15. [Google Scholar] [CrossRef]
- Wang, S.; Zhang, X.; Zhang, Y.; Wang, L.; Yang, J.; Wang, W. A survey on mobile edge networks: Convergence of computing, caching and communications. IEEE Access 2017, 5, 6757–6779. [Google Scholar] [CrossRef]
- Klas, G.I. Fog computing and mobile edge cloud gain momentum open fog consortium, etsi mec and cloudlets. Y.I Readings. 22 November 2015. Available online: https://yucianga.info/?p=938 (accessed on 21 September 2019).
- Dolui, K.; Datta, S.K. Comparison of edge computing implementations: Fog computing, cloudlet and mobile edge computing. In Proceedings of the 2017 Global Internet of Things Summit (GIoTS), Geneva, Switzerland, 6–9 June 2017; pp. 1–6. [Google Scholar]
- Shahzadi, S.; Iqbal, M.; Dagiuklas, T.; Qayyum, Z.U. Multi-access edge computing: Open issues, challenges and future perspectives. J. Cloud Comput. 2017, 6, 30. [Google Scholar] [CrossRef]
- Borcoci, E.; Obreja, S. Edge Computing Architectures—A Survey on Convergence of Solutions. In Proceedings of the FUTURE COMPUTING 2018: The Tenth International Conference on Future Computational Technologies and Applications, IARIA, Barcelona, Spain, 18–22 February 2018. [Google Scholar]
- Tang, B.; Chen, Z.; Hefferman, G.; Wei, T.; Haibo, H.; Yang, Q. A hierarchical distributed fog computing architecture for big data analysis in smart cities. In Proceedings of the ASE BigData and Social Informatics 2015; ACM: New York, NY, USA, 2015; pp. 1–6. [Google Scholar]
- Patrascu, A.; Patriciu, V.-V. Logging System for Cloud Computing Forensic Environments. J. Control. Eng. Appl. Inform. 2014, 16, 80–88. [Google Scholar]
- Lin, C.-Y.; Chang, M.-C.; Chiu, H.-C.; Shyu, K.-H. Secure logging framework integrating with cloud database. In Proceedings of the 2015 International Carnahan Conference on Security Technology (ICCST), Taipei, Taiwan, 21–24 September 2015; pp. 13–17. [Google Scholar]
- Zawoad, S.; Mernik, M.; Hasan, R. FAL: A forensics aware language for secure logging. In Proceedings of the 2013 Federated Conference on Computer Science and Information Systems, Krako¿w, Poland, 8–11 September 2013; pp. 1579–1586. [Google Scholar]
- Yang, L.; Cao, J.; Yuan, T.; Li, T.; Han, A.; Chan, A. A Framework for partitioning and execution of data stream application in mobile cloud computing. ACM SIGMETRICS Perform. Eval. Rev. 2013, 40, 23–32. [Google Scholar] [CrossRef]
- Selvakumar, C.; Rathanam, G.J.; Sumalatha, M.R. PDDS-Improving cloud data storage security using data partitioning technique. In Proceedings of the 2013 3rd IEEE International Advance Computing Conference (IACC), Ghaziabad, India, 22–23 February 2013; pp. 7–11. [Google Scholar]
- Karam, Y.; Baker, T.; Taleb-Bendiab, A. Security Support for Intention Driven Elastic Cloud Computing. In Proceedings of the 2012 Sixth UKSim-AMSS 6th European Modelling Symposium, Valetta, Malta, 14–16 November 2012; pp. 67–73. [Google Scholar]
- Asim, M.; Yautsiukhin, A.; Brucker, A.D.; Baker, T.; Shi, Q.; Lempereur, B. Security policy monitoring of BPMN-based service compositions. J. Softw. Evol. Process. 2018, 30, e1944. [Google Scholar] [CrossRef]
- Das, U.P.; R, V.K.; Ravishankar, B.R. Securing Data in Cloud using Disinformation Data Fog Computing. Int. J. Comput. Sci. Trends Technol. (IJCST) 2018, 6, 244–248. [Google Scholar]
- Liu, X.; Yang, Y.; Choo, K.K.R.; Wang, H. Security and Privacy Challenges for Internet-of-Things and Fog Computing. Wirel. Commun. Mob. Comput. 2018, 2018, 1–3. [Google Scholar] [CrossRef] [Green Version]
- Mohamed, E.G.; Kiram, E.; Ahmed, M.; Latifa, E.R. Blockchain and Multi-Agent System: A New Promising Approach for Cloud Data Integrity Auditing with Deduplication. Int. J. Commun. Netw. Inf. Secur. 2019, 11, 175–184. [Google Scholar]
- Rantos, K.; Drosatos, G.; Demertzis, K.; Ilioudis, C.; Papanikolaou, A. Blockchain-based consents management for personal data processing in the IoT ecosystem. In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, Porto, Portugal, 26–28 July 2018; Volume 2, pp. 572–577. [Google Scholar]
- Tariq, M.; Asim, M.; Al-Obeidat, F.; Farooqi, M.Z.; Baker, T.; Hammoudeh, M.; Ghafir, I. The Security of Big Data in Fog-Enabled IoT Applications Including Blockchain: A Survey. Sensors 2019, 19, 1788. [Google Scholar] [CrossRef] [PubMed]
- Amazon EC2 Pricing. Available online: https://aws.amazon.com/ec2/pricing/on-demand/?nc1=h_ls (accessed on 30 August 2019).
- Amazon S3 Pricing. Available online: https://aws.amazon.com/s3/pricing/?nc1=h_ls, (accessed on 30 August 2019).
- Babu, R.; Jayashree, K.; Abirami, R. Fog Computing Qos Review and Open Challenges. Int. J. Fog Comput. 2018, 1, 109–118. [Google Scholar] [CrossRef]
- Wu, Y.; Nordstrom, L.; Wang, Y.; Hauser, C. Adaptive Cyber-Security Scheme Incorporating QoS Requirements for WAMC Applications. In Proceedings of the Power Systems Computation Conference(PSCC), Dublin, Ireland, 11–15 June 2018; pp. 1–8. [Google Scholar]
- Hwang, S.-J.; Kim, D.-Y. A Study on the Optimal Assignment of the Network Bandwidth Considering the Security and QoS. In Proceedings of the Symposium of the Korean Institute of communications and Information Sciences, Jeju, Korea, 22–24 June 2009; pp. 194–195. [Google Scholar]
- Rachedi, A.; Benslimane, A. Multi-objective optimization for Security and QoS adaptation in Wireless Sensor Networks. In Proceedings of the IEEE ICC Ad-hoc and Sensor Networking Symposium, Kuala Lumpur, Malaysia, 22–27 May 2016; pp. 1–7. [Google Scholar]
- Aghili, S.F.; Mala, H.; Shojafar, M.; Peris-Lopez, P. LACO: Lightweight Three-Factor Authentication, Access Control and Ownership Transfer Scheme for E-Health Systems in IoT. Future Gener. Comput. Syst. 2019, 96, 410–424. [Google Scholar] [CrossRef]
Terms | Description |
---|---|
Log (Log entry) | The log is a network log, process log, registry log, application log, or any customized text that meets the requirements of being stored for digital forensics. |
Index | An index is created by storing segmented logs in a distributed-storage cluster and aggregating the stored information. Users and investigators can recover distributed and stored segmented logs based on information in the index. |
Multi-index (MI) | A MI is a set of uploaded indices collected by the investigator during a certain period of time. |
MI chain (MIC) | An MIC is information that prevents deletion and exchange of, and tampering with, specific indexes. MICs share information with participants in a multi-index network to ensure the integrity of data in the multi-index. A new MIC is created including previously published MIC information. |
Edge cloud service provider (eCSP) | An edge-cloud service provider is a service provider that uses an edge node to deliver cloud services. |
Edge node | An edge node deploys cloud services from an eCSP and provides services to users and Internet of Things (IoT) devices. An edge node is close to users and IoT devices, and has limited computing resources. |
Edge-cloud service user | An edge-cloud service user is an end-user who receives services through edge nodes. |
Investigator | An investigator can conduct forensic investigations into security accidents in the event of a security accident. Moreover, investigators manage and control multi-index chain networks. |
Distributed-storage cluster(DSC) | A DSC is a group of storage services that can store segmented logs and provide storage services through secure application programming interfaces (APIs). |
Threat Models | SecLaaS | CLASS | eCLASS |
---|---|---|---|
Log modification | O | O | O |
Privacy violation | O | O | O |
Ownership repudiation | O | O | O |
CSP service confidentiality violation | X | X | O |
Edge-node tempering | X | X | O |
Computing overhead in edge node | X | X | O |
Notations | Description |
---|---|
eLEin | the i-th log entry in the n-th edge node H(eLEin): hash file of the i-th log entry in the n-th edge node |
fs | function for segmentation of eLEin+H(eLEin) |
fp | function for patitioning segmentation blocks |
SBj | set of n-th segmentation block of a log entry SB={SBj|j=1, ...,w} |
GSBk | set of lth group of segmentation blocks GSB={GSBk|k=1, ...,l} |
SBIm | information on m-th partition block for log recovery |
IDXm | file that includes SBIm and PathGSBs |
EIDXm | encrypted file of IDXm |
PathGSBk | path information that GSBk has stored in a DSC |
MIg | g-th multi-index block including g-th MIHeader, EIDXs, g-th MIC. |
MIHeaderg | identification value of MIk |
Challenge/ Threat | CLASS | eCLASS |
---|---|---|
1. Modification of logs after publishing PPL/MI | Detected | Detected |
2. Log-tampering resistance of collusion with CSP, investigator, and users | Undetected | Detected through MIC network participants |
3. Log repudiation by CSP, investigator, and users | Detected | Detected |
4. User-privacy violation by collusion between CSP and investigator | Privacy preserved | Privacy preserved |
5. Log processing interruption by users | Possible; user should encrypt user log by user public key | Impossible; user can check user log after publishing MI |
6. Edge-cloud-environment compatibility | Supports accumulator with single processing | Supports distributed edge nodes and multiprocessing of several indices |
7. Users or investigators can recover logs without cooperation with CSP | Unrecoverable | Recoverable |
© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Park, J.; Huh, E.-N. eCLASS: Edge-Cloud-Log Assuring-Secrecy Scheme for Digital Forensics. Symmetry 2019, 11, 1192. https://doi.org/10.3390/sym11101192
Park J, Huh E-N. eCLASS: Edge-Cloud-Log Assuring-Secrecy Scheme for Digital Forensics. Symmetry. 2019; 11(10):1192. https://doi.org/10.3390/sym11101192
Chicago/Turabian StylePark, Junyoung, and Eui-Nam Huh. 2019. "eCLASS: Edge-Cloud-Log Assuring-Secrecy Scheme for Digital Forensics" Symmetry 11, no. 10: 1192. https://doi.org/10.3390/sym11101192
APA StylePark, J., & Huh, E.-N. (2019). eCLASS: Edge-Cloud-Log Assuring-Secrecy Scheme for Digital Forensics. Symmetry, 11(10), 1192. https://doi.org/10.3390/sym11101192