Providing Tamper-Resistant Audit Trails with Distributed Ledger based Solutions for Forensics of IoT Systems using Cloud Resources

Westerlund, Magnus; Neovius, Mats; Pulkkis, Göran

Home // International Journal On Advances in Security, volume 11, numbers 3 and 4, 2018 // View article

Providing Tamper-Resistant Audit Trails with Distributed Ledger based Solutions for Forensics of IoT Systems using Cloud Resources

Authors:
Magnus Westerlund
Mats Neovius
Göran Pulkkis

Keywords: IoT; cloud computing; distributed ledger; blockchain; distributed clouds; security; computer forensics

Abstract:
Network and information security are often more challenging for current IoT systems than for traditional networks. Cloud computing resources used by most IoT systems are publicly accessible and thereby, through this availability, increase the risk of intrusion. The increase in the processing of sensitive data in IoT systems makes security challenges more noteworthy, particularly in light of legal issues around cross-border transfers and data protection. Technologies preventing intrusion are effective, yet not perfect. Once a system is compromised, the intruder may start to delete and to modify audit trails and system log files for covering-up the intrusion. Complete and untampered audit trails and log files are essential for the legitimate owner of an IoT system using cloud resources to estimate the losses, to reconstruct the data, to detect the origin of the intrusion attack, and eventually in a court of law be able to prosecute the attacker. Due to this, improved methods for performing forensics in IoT systems are desperately needed. IoT forensics is mostly cloud forensics, since most IoT data is currently stored in the cloud. Therefore, cloud forensics is a key component in IoT forensics. The baseline for any forensic investigation is assured data availability and integrity. In this paper, we outline how forensic evidence data can be created for IoT systems using distributed cloud resources and how the availability and integrity of this forensic data can be assured by applying distributed ledger based solutions for storing audit trails and log files securely. Given this approach, an attacker can neither delete, nor modify past trails or logs but merely stop generating new data into log files. The approach presented here is novel, yet light enough for practical use.

Pages: 288 to 300

Publication date: December 30, 2018

Published in: journal

ISSN: 1942-2636