CLASS: Cloud Log Assuring Soundness and Secrecy Scheme for Cloud Forensics

M A Manazir  Ahsan; Ainuddin  Wahid Abdul Wahab; Mohd. Yamani  Idna Idris; Suleman Khan; Eric  Bachura; Kim-Kwang  Raymond Choo

doi:10.1109/tsusc.2018.2833502

CLASS: Cloud Log Assuring Soundness and Secrecy Scheme for Cloud Forensics

M A Manazir Ahsan, Ainuddin Wahid Abdul Wahab, Mohd. Yamani Idna Idris, Suleman Khan, Eric Bachura, Kim-Kwang Raymond Choo

Research output: Contribution to journal › Article › peer-review

Abstract

User activity logs can be a valuable source of information in cloud forensic investigations; hence, ensuring the reliability and integrity of such logs is crucial. Most existing solutions for secure logging are designed for conventional systems rather than the complexity of a cloud environment. In this paper, we propose the Cloud Log Assuring Soundness and Secrecy (CLASS) process as an alternative scheme for the securing of logs in a cloud environment. In CLASS, logs are encrypted using the individual user's public key so that only the user is able to decrypt the content. In order to prevent unauthorized modification of the log, we generate proof of past log (PPL) using Rabin's fingerprint and Bloom filter. Such an approach reduces verification time significantly. Findings from our experiments deploying CLASS in OpenStack demonstrate the utility of CLASS in a real-world context.

Original language	English
Pages (from-to)	184-196
Number of pages	15
Journal	IEEE Transactions on Sustainable Computing
Volume	6
Issue number	2
Early online date	7 May 2018
DOIs	https://doi.org/10.1109/tsusc.2018.2833502
Publication status	Published - 1 Apr 2021
Externally published	Yes

Access to Document

10.1109/tsusc.2018.2833502

Cite this

@article{8f60a3f7bf1b4268b2f0fe513c98a21b,

title = "CLASS: Cloud Log Assuring Soundness and Secrecy Scheme for Cloud Forensics",

abstract = "User activity logs can be a valuable source of information in cloud forensic investigations; hence, ensuring the reliability and integrity of such logs is crucial. Most existing solutions for secure logging are designed for conventional systems rather than the complexity of a cloud environment. In this paper, we propose the Cloud Log Assuring Soundness and Secrecy (CLASS) process as an alternative scheme for the securing of logs in a cloud environment. In CLASS, logs are encrypted using the individual user's public key so that only the user is able to decrypt the content. In order to prevent unauthorized modification of the log, we generate proof of past log (PPL) using Rabin's fingerprint and Bloom filter. Such an approach reduces verification time significantly. Findings from our experiments deploying CLASS in OpenStack demonstrate the utility of CLASS in a real-world context.",

keywords = "Cloud forensics, Cloud log, Cloud log assuring soundness and secrecy, Cloud security, Proof of past log, Sustainable computing",

author = "Ahsan, {M A Manazir} and {Wahid Abdul Wahab}, Ainuddin and {Idna Idris}, {Mohd. Yamani} and Suleman Khan and Eric Bachura and {Raymond Choo}, Kim-Kwang",

year = "2021",

month = apr,

day = "1",

doi = "10.1109/tsusc.2018.2833502",

language = "English",

volume = "6",

pages = "184--196",

journal = "IEEE Transactions on Sustainable Computing",

issn = "2377-3782",

publisher = "IEEE",

number = "2",

}

TY - JOUR

T1 - CLASS: Cloud Log Assuring Soundness and Secrecy Scheme for Cloud Forensics

AU - Ahsan, M A Manazir

AU - Wahid Abdul Wahab, Ainuddin

AU - Idna Idris, Mohd. Yamani

AU - Khan, Suleman

AU - Bachura, Eric

AU - Raymond Choo, Kim-Kwang

PY - 2021/4/1

Y1 - 2021/4/1

N2 - User activity logs can be a valuable source of information in cloud forensic investigations; hence, ensuring the reliability and integrity of such logs is crucial. Most existing solutions for secure logging are designed for conventional systems rather than the complexity of a cloud environment. In this paper, we propose the Cloud Log Assuring Soundness and Secrecy (CLASS) process as an alternative scheme for the securing of logs in a cloud environment. In CLASS, logs are encrypted using the individual user's public key so that only the user is able to decrypt the content. In order to prevent unauthorized modification of the log, we generate proof of past log (PPL) using Rabin's fingerprint and Bloom filter. Such an approach reduces verification time significantly. Findings from our experiments deploying CLASS in OpenStack demonstrate the utility of CLASS in a real-world context.

AB - User activity logs can be a valuable source of information in cloud forensic investigations; hence, ensuring the reliability and integrity of such logs is crucial. Most existing solutions for secure logging are designed for conventional systems rather than the complexity of a cloud environment. In this paper, we propose the Cloud Log Assuring Soundness and Secrecy (CLASS) process as an alternative scheme for the securing of logs in a cloud environment. In CLASS, logs are encrypted using the individual user's public key so that only the user is able to decrypt the content. In order to prevent unauthorized modification of the log, we generate proof of past log (PPL) using Rabin's fingerprint and Bloom filter. Such an approach reduces verification time significantly. Findings from our experiments deploying CLASS in OpenStack demonstrate the utility of CLASS in a real-world context.

KW - Cloud forensics

KW - Cloud log

KW - Cloud log assuring soundness and secrecy

KW - Cloud security

KW - Proof of past log

KW - Sustainable computing

U2 - 10.1109/tsusc.2018.2833502

DO - 10.1109/tsusc.2018.2833502

M3 - Article

VL - 6

SP - 184

EP - 196

JO - IEEE Transactions on Sustainable Computing

JF - IEEE Transactions on Sustainable Computing

SN - 2377-3782

IS - 2

ER -

CLASS: Cloud Log Assuring Soundness and Secrecy Scheme for Cloud Forensics

Abstract

Access to Document

Fingerprint

Cite this