Block-DEF: A secure digital evidence framework using blockchain
Introduction
The application of the Internet has changed from host-centric to content-centric. Publishing and retrieving contents is becoming the main requirement of Internet users [45]. The content may be a file or a piece of file that is transported across the Internet, such as web pages, images, audios or videos. Accordingly, content security becomes an important part of cyber security, and it mainly focuses on three security properties: privacy, integrity and non-repudiation. Unfortunately, not all contents are properly protected. Many content objects (files) are tampered with due to network attacks or other reasons. Such file tampering has many negative effects. For example, web page tampering can be used to craft phishing attacks or broadcast illegal information. Executable files can be injected with malicious codes by the attacker to monitor user behavior or illegally access private data. For technical, economic and legal reasons, it is often necessary to investigate the corresponding digital evidence for file tampering.
The process of digging and collecting digital evidence has attracted considerable attention [32], [34]. When digital evidence is obtained, it is always transmitted directly to the third party management or stored in local devices. Evidence storage, management and transmission are all based on these systems. However, the security of digital evidence systems has been ignored. Digital evidence system may harbor vulnerabilities. These vulnerabilities can be exploited by attackers, resulting in (1) evidence tampering, in which the evidence may be maliciously modified, removed or untraceable, and (2) privacy leaks. Private information, such as evidence content, evidence providers, and other information, may be leaked. How to maintain the security of digital evidence is worth studying.
Existing secure digital evidence systems such as those described in [1], [9], [27] mostly adopt centralized designs. They provide tamper-resistant mechanisms on a single device or a centralized system via secure software, secure hardware, physical separation or hybrid strategies. The centralized design faces the following challenges: (1) the single point of failure, which may invalidate the system; (2) the scalability issue, which arises if the amount of evidence is too large to store.
The blockchain, which is widely used in cyptocurrency systems [26], [42], is a promising technology that can be used to overcome the foregoing challenges due to its distributed, tamper-resistant and private nature. However, blockchain also faces a scalability issue: blockchain bloat. In a blockchain, each node stores all blocks. As the length of the blockchain increases, the storage requirement for each node also increases. Thus, a lightweight blockchain is demanded for a secure digital evidence system. At the same time, to guarantee the availability and legitimacy of the evidence, the evidence should be traceable. How to track the evidence while ensuring privacy is also another of problems associated with the use of a blockchain.
In this paper, we choose file tampering as a case study and propose a lightweight, scalable secure digital evidence framework using blockchain (Block-DEF). The main contributions of Block-DEF are as follows. First, Block-DEF adopts a loose coupling design. Only the evidence information is stored in the blockchain, and the evidence is stored on a trusted storage platform. Thus, in Block-DEF, the storage pressure is significantly reduced. Second, two multi-signature schemes for evidence submission and retrieval are proposed, such that the traceability and the privacy of evidence are balanced. Third, to avoid blockchain bloat, a lightweight blockchain with a mixed block structure and an optimized name-based practical byzantine fault tolerance (PBFT) consensus mechanism is proposed. Each node only needs to store all the block headers and a part of the block bodies. The results of analyses and experiments show that Block-DEF effectively supports scalability, integrity, validity, privacy and traceability.
The remainders of this paper are organized as follows. Section 2 discusses related work. Section 3 presents the architecture of Block-DEF and Section 4 details the design of Block-DEF. In Section 5, we analyze and evaluate the performance of Block-DEF. We then conclude the paper in Section 6.
Section snippets
Related work
A blockchain can be viewed as a public ledger in which each node in the blockchain network stores the same ledger. The ledger consists of a sequence of blocks in which all committed transactions are stored. With the exception of the genesis block, each block has a hash pointer to the previous block. Block miners can generate new blocks and append the block to the end of the chain via various consensus mechanisms, such as proof of work (PoW) [26], proof of stake (PoS) [39], PBFT [7], and others.
Architecture of Block-DEF
In this section, we first list the requirements that Block-DEF should satisfy, and then present the architecture of Block-DEF.
Details of Block-DEF
Inspired by information-centric networking [40], [43], in Block-DEF, both files and evidences are assigned names for addressing. Thus, in this section, a naming scheme for files and evidences is first presented, and an evidence service model for evidence submission and retrieval is then described. In the end, a blockchain model with a mixed blockchain structure and a consensus mechanism is detailed.
Analysis and evaluation
In this section, we first analyze the properties of Block-DEF and discuss whether Block-DEF can fulfill the requirements proposed in Section 3.1, and then evaluate the performance of Block-DEF through some simulation experiments.
Conclusion
This paper focuses on the security of digital evidence for file tampering. Based on the blockchain technology, we proposed a secure digital evidence framework, Block-DEF. Block-DEF adopts a loose coupling design by combining a redesigned scalable blockchain module with an existing storage module, and it provides integrity and validity verification for evidences. The scalable blockchain module adopts a mixed blockchain structure and an optimized name-based PBFT. Meanwhile, to compatible for
Acknowledgment
This work is funded by the National Natural Science Foundation of China (No. 61871140, 61702223, 61702220, 61572153, U1636215) and the National Key Research and Development Plan (Grant No. 2018YFB0803504).
References (49)
- et al.
An effective key management scheme for heterogeneous sensor networks
Ad Hoc Netw.
(2007) - et al.
A survey on FinTech
J. Netw. Comput. Appl.
(2018) - et al.
IoT security: review, blockchain solutions, and open challenges
Futur. Gener. Comput. Syst.
(2018) - et al.
Block-secure: blockchain based scheme for secure p2p cloud storage
Inf. Sci.
(2018) - et al.
Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry
Futur. Gener. Comput. Syst.
(2018) - et al.
Digital video tampering detection: an overview of passive techniques
Digit. Investig.
(2016) - et al.
A data-driven method for future internet route decision modeling
Futur. Gener. Comput. Syst.
(2019) - et al.
When privacy meets economics: enabling differentially-private battery-supported meter reporting in smart grid
Proceedings of the IEEE/ACM 25th International Symposium on Quality of Service (IWQoS)
(2017) - et al.
Controllable and trustworthy blockchain-based cloud data management
Futur. Gener. Comput. Syst.
(2019) - et al.
Decentralizing privacy: using blockchain to protect personal data
Proceedings of the IEEE Security and Privacy Workshops (SPW)
(2015)
SBBox: A tamper-resistant digital archiving system
Int. J. Cyber-Secur. Digit. Forensics
Blockstack: A global naming and storage system secured by blockchains.
Proceedings of the USENIX Annual Technical Conference
Digital witness and privacy in iot: Anonymous witnessing approach
Proceedings of the IEEE Conference on Trustcom/BigDataSE/ICESS
Efficient group signature schemes for large groups
Proceedings of the Annual International Cryptology Conference
Practical byzantine fault tolerance
Proceedings of the OSDI
Block4forensic: An integrated lightweight blockchain framework for forensics applications of connected vehicles
IEEE Commun. Mag.
Secure audit logging with tamper-resistant hardware
Proceedings of the IFIP International Information Security Conference
LSCD: A low-storage clone detection protocol for cyber-physical systems
IEEE Trans. Comput. Aided Des. Integr. Circuits Syst.
Security in wireless sensor networks
Wirel. Commun. IEEE
Transactions papers a routing-driven elliptic curve cryptography based key management scheme for heterogeneous sensor networks
IEEE Trans. Wirel. Commun.
Blend arithmetic operations on tensor-based fully homomorphic encryption over real numbers
IEEE Trans. Ind. Inf.
Naming in content-oriented architectures
Proceedings of the ACM SIGCOMM Workshop on Information-centric Networking
Cited by (290)
Reversible data hiding in encrypted image with secure multi-party for telemedicine applications
2024, Biomedical Signal Processing and ControlRing Co-XOR encryption based reversible data hiding for 3D mesh model
2024, Signal ProcessingThe real estate time-stamping and registration system based on Ethereum blockchain
2024, Blockchain: Research and ApplicationsCE-PBFT: A high availability consensus algorithm for large-scale consortium blockchain
2024, Journal of King Saud University - Computer and Information SciencesSecurity analysis of a reversible data hiding scheme in encrypted images by redundant space transfer
2024, Journal of King Saud University - Computer and Information SciencesPotential applicability of blockchain technology in the maintenance of chain of custody in forensic casework
2024, Egyptian Journal of Forensic Sciences