Skip to main content

Blockchain-based tamper-proof and transparent investigation model for cloud VMs

Abstract

In cloud forensics, ensuring the integrity of the evidence such that it is admissible in a court of law is essential. There is always a possibility that multiple stakeholders involved in the investigation of cloud incidents can collude to tamper with the evidence for their benefit. To ensure the integrity of evidence in the cloud, most researchers in this domain have proposed applying blockchain to cloud forensic artifacts. These artifacts include cloud logs, the chain of custody, and the metadata of files on the cloud. Most of the proposed solutions are computing the hash value of the forensic artifacts and pushing the hash value to the blockchain. Later, these hash values verify the integrity of the forensic artifact. In this paper, along with ensuring the integrity of evidence by using hash values, we propose an investigation model that provides tamper-proof and transparent investigation across the stakeholders involved in the investigation of the cloud virtual machines. Also, using blockchain technology in the proposed investigation model ensures the availability of evidence for analysis throughout the investigation to all participating stakeholders. We validated the proposed model using a case study for the proof of concept and evaluated its performance using Hyperledger Caliper.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

References

  1. Jacobson A (2021) Half of companies suffer cloud security incidents. Risk Manage 68(1):30–30

    Google Scholar 

  2. Novaes N, Nelson, et al. (2020) A case study of the capital one data breach. Stuart E. and Moraes G. de Paula, Anchises and Malara Borges, Natasha, A Case Study of the Capital One Data Breach . https://doi.org/10.2139/ssrn.3542567

  3. Aditya S (2020) U.S. pharma giant suffers data breach, exposes private data of drug users

  4. Kent, K, Suzanne C, Tim G (2006) “Guide to integrating forensic techniques into incident. Tech Rep 800-886. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-86.pdf

  5. Ruan K et al (2013) Cloud forensics definitions and critical criteria for cloud forensic capability: an overview of survey results. Digit Investig 101:34–43. https://doi.org/10.1016/j.diin.2013.02.004

    Article  Google Scholar 

  6. Herman M et al (2020) NIST Cloud Computing Forensic Science Challenges. National Institute of Standards and Technology: 10-70. http://www.mindach.us/Consulting-Information-Technologies/security/cyber_crime/NIST-8006.pdf

  7. Dasaklis TK, Fran C, Constantinos P (2021) "SoK: Blockchain solutions for forensics." Technology Development for Security Practitioners. Springer, Cham. 21-40. https://doi.org/10.1007/978-3-030-69460-9_2

  8. Rane S, Arati D (2019) BlockSLaaS: Blockchain assisted secure logging-as-a-service for cloud forensics. In: International Conference on Security & Privacy. Springer, Singapore,. https://doi.org/10.1007/978-981-13-7561-3_6

  9. Lone AH, Roohie NM (2019) Forensic-chain: blockchain based digital forensics chain of custody with PoC in Hyperledger Composer. Digit Investig 28:44–55. https://doi.org/10.1016/j.diin.2019.01.002

    Article  Google Scholar 

  10. Aktera O et al (2020) Cloud Forensics: challenges and Blockchain Based Solutions. https://doi.org/10.5815/ijwmt.2020.05.01

  11. Park JH, Jun YP, Eui NH (2017) Block chain based data logging and integrity management system for cloud forensics. Computer Science and Information Technology 149. https://csitcp.net/paper/7/711csit12.pdf

  12. Liang X et al. (2017) Provchain: a blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability. In: : 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID). IEEE, https://doi.org/10.1109/CCGRID.2017.8

  13. Tian Z et al (2019) Block-DEF: a secure digital evidence framework using blockchain. Inform Sci 491:151–165. https://doi.org/10.1016/j.ins.2019.04.011

    Article  Google Scholar 

  14. Zhang Y et al. (2017) A blockchain-based process provenance for cloud forensics. In: 2017 3rd IEEE International Conference on Computer and Communications (ICCC). IEEE, https://doi.org/10.1109/CompComm.2017.8322979

  15. Bonomi S, Marco C, Claudio C (2018) B-coc: A blockchain-based chain of custody for evidences management in digital forensics. arXiv preprint arXiv:1807.10359https://doi.org/10.4230/OASIcs.Tokenomics.2019.12

  16. Lone AH, Roohie NM (2018) Forensic-chain: ethereum blockchain based digital forensics chain of custody. Sci Pract Cyber Secur J 1:21–27

    Google Scholar 

  17. Li M et al (2021) LEChain: a blockchain-based lawful evidence management scheme for digital forensics. Future Gener Comput Syst 115(2021):406–420. https://doi.org/10.1016/j.future.2020.09.038

    Article  Google Scholar 

  18. Hyperledger (2021) “Hyperledger Fabric.” https://hyperledger-fabric.readthedocs.io/en/latest/whatis.html

  19. Amazon (2020) AWS Security Incident Response Guide. https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf

  20. Google (2018) Data incident response process. https://cloud.google.com/security/incident-response

  21. Openstack (2021) Installation guide. https://docs.openstack.org//install-guide/InstallGuide.pdf

  22. Hyperledger Caliper (2021) Hyperledger Caliper Getting Started https://hyperledger.github.io/caliper/v0.4.2/getting-started/

Download references

Funding

The authors did not receive support from any organization for the submitted work.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Pranitha Sanda.

Ethics declarations

Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Sanda, P., Pawar, D. & Radha, V. Blockchain-based tamper-proof and transparent investigation model for cloud VMs. J Supercomput (2022). https://doi.org/10.1007/s11227-022-04567-4

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11227-022-04567-4

Keywords

  • Digital forensics
  • Cloud forensics
  • Permissioned blockchain
  • VM snapshot
  • Investigation model