Block-DEF: A secure digital evidence framework using blockchain

doi:10.1016/j.ins.2019.04.011

Information Sciences

Volume 491, July 2019, Pages 151-165

https://doi.org/10.1016/j.ins.2019.04.011 Get rights and content

Highlights

•
Block-DEF is proposed to solve big data and privacy challenges with a loose coupling design.
•
The blockchain bloat is avoided by combining a mixed blockchain structure with an O-NPBFT mechanism.
•
The traceability and privacy of evidence are balanced by using multi-signature schemes.

Abstract

A secure digital evidence system should ensure that evidence cannot be tampered with and that private information cannot be leaked. Blockchain, a distributed tamper-resistant and privacy-preserving ledger, provides a promising solution for decentralized secure digital evidence systems. However, due to the huge number of digital evidences and the contradiction between the traceability and the privacy of evidence, blockchain faces big data and privacy challenges. To solve the above issues, we propose a secure digital evidence framework using blockchain (Block-DEF) with a loose coupling structure in which the evidence and the evidence information are maintained separately. Only the evidence information is stored in the blockchain, and the evidence is stored on a trusted storage platform. To avoid blockchain bloat, a lightweight blockchain combining a mixed block structure with an optimized name-based practical byzantine fault tolerance consensus mechanism is proposed. To support the traceability and the privacy of evidence, the multi-signature technique is adopted for evidence submission and retrieval. The analytical and experimental results show that Block-DEF is a scalable framework, it guarantees the integrity and validity of evidence, and balances privacy and traceability well.

Introduction

The application of the Internet has changed from host-centric to content-centric. Publishing and retrieving contents is becoming the main requirement of Internet users [45]. The content may be a file or a piece of file that is transported across the Internet, such as web pages, images, audios or videos. Accordingly, content security becomes an important part of cyber security, and it mainly focuses on three security properties: privacy, integrity and non-repudiation. Unfortunately, not all contents are properly protected. Many content objects (files) are tampered with due to network attacks or other reasons. Such file tampering has many negative effects. For example, web page tampering can be used to craft phishing attacks or broadcast illegal information. Executable files can be injected with malicious codes by the attacker to monitor user behavior or illegally access private data. For technical, economic and legal reasons, it is often necessary to investigate the corresponding digital evidence for file tampering.

The process of digging and collecting digital evidence has attracted considerable attention [32], [34]. When digital evidence is obtained, it is always transmitted directly to the third party management or stored in local devices. Evidence storage, management and transmission are all based on these systems. However, the security of digital evidence systems has been ignored. Digital evidence system may harbor vulnerabilities. These vulnerabilities can be exploited by attackers, resulting in (1) evidence tampering, in which the evidence may be maliciously modified, removed or untraceable, and (2) privacy leaks. Private information, such as evidence content, evidence providers, and other information, may be leaked. How to maintain the security of digital evidence is worth studying.

Existing secure digital evidence systems such as those described in [1], [9], [27] mostly adopt centralized designs. They provide tamper-resistant mechanisms on a single device or a centralized system via secure software, secure hardware, physical separation or hybrid strategies. The centralized design faces the following challenges: (1) the single point of failure, which may invalidate the system; (2) the scalability issue, which arises if the amount of evidence is too large to store.

The blockchain, which is widely used in cyptocurrency systems [26], [42], is a promising technology that can be used to overcome the foregoing challenges due to its distributed, tamper-resistant and private nature. However, blockchain also faces a scalability issue: blockchain bloat. In a blockchain, each node stores all blocks. As the length of the blockchain increases, the storage requirement for each node also increases. Thus, a lightweight blockchain is demanded for a secure digital evidence system. At the same time, to guarantee the availability and legitimacy of the evidence, the evidence should be traceable. How to track the evidence while ensuring privacy is also another of problems associated with the use of a blockchain.

In this paper, we choose file tampering as a case study and propose a lightweight, scalable secure digital evidence framework using blockchain (Block-DEF). The main contributions of Block-DEF are as follows. First, Block-DEF adopts a loose coupling design. Only the evidence information is stored in the blockchain, and the evidence is stored on a trusted storage platform. Thus, in Block-DEF, the storage pressure is significantly reduced. Second, two multi-signature schemes for evidence submission and retrieval are proposed, such that the traceability and the privacy of evidence are balanced. Third, to avoid blockchain bloat, a lightweight blockchain with a mixed block structure and an optimized name-based practical byzantine fault tolerance (PBFT) consensus mechanism is proposed. Each node only needs to store all the block headers and a part of the block bodies. The results of analyses and experiments show that Block-DEF effectively supports scalability, integrity, validity, privacy and traceability.

The remainders of this paper are organized as follows. Section 2 discusses related work. Section 3 presents the architecture of Block-DEF and Section 4 details the design of Block-DEF. In Section 5, we analyze and evaluate the performance of Block-DEF. We then conclude the paper in Section 6.

Section snippets

Related work

A blockchain can be viewed as a public ledger in which each node in the blockchain network stores the same ledger. The ledger consists of a sequence of blocks in which all committed transactions are stored. With the exception of the genesis block, each block has a hash pointer to the previous block. Block miners can generate new blocks and append the block to the end of the chain via various consensus mechanisms, such as proof of work (PoW) [26], proof of stake (PoS) [39], PBFT [7], and others.

Architecture of Block-DEF

In this section, we first list the requirements that Block-DEF should satisfy, and then present the architecture of Block-DEF.

Details of Block-DEF

Inspired by information-centric networking [40], [43], in Block-DEF, both files and evidences are assigned names for addressing. Thus, in this section, a naming scheme for files and evidences is first presented, and an evidence service model for evidence submission and retrieval is then described. In the end, a blockchain model with a mixed blockchain structure and a consensus mechanism is detailed.

Analysis and evaluation

In this section, we first analyze the properties of Block-DEF and discuss whether Block-DEF can fulfill the requirements proposed in Section 3.1, and then evaluate the performance of Block-DEF through some simulation experiments.

Conclusion

This paper focuses on the security of digital evidence for file tampering. Based on the blockchain technology, we proposed a secure digital evidence framework, Block-DEF. Block-DEF adopts a loose coupling design by combining a redesigned scalable blockchain module with an existing storage module, and it provides integrity and validity verification for evidences. The scalable blockchain module adopts a mixed blockchain structure and an optimized name-based PBFT. Meanwhile, to compatible for

Acknowledgment

This work is funded by the National Natural Science Foundation of China (No. 61871140, 61702223, 61702220, 61572153, U1636215) and the National Key Research and Development Plan (Grant No. 2018YFB0803504).

References (49)

DuX. et al.
An effective key management scheme for heterogeneous sensor networks
Ad Hoc Netw.
(2007)
GaiK. et al.
A survey on FinTech
J. Netw. Comput. Appl.
(2018)
M.A. Khan et al.
IoT security: review, blockchain solutions, and open challenges
Futur. Gener. Comput. Syst.
(2018)
LiJ. et al.
Block-secure: blockchain based scheme for secure p2p cloud storage
Inf. Sci.
(2018)
QiuM. et al.
Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry
Futur. Gener. Comput. Syst.
(2018)
K. Sitara et al.
Digital video tampering detection: an overview of passive techniques
Digit. Investig.
(2016)
TianZ. et al.
A data-driven method for future internet route decision modeling
Futur. Gener. Comput. Syst.
(2019)
ZhangZ. et al.
When privacy meets economics: enabling differentially-private battery-supported meter reporting in smart grid
Proceedings of the IEEE/ACM 25th International Symposium on Quality of Service (IWQoS)
(2017)
ZhuL. et al.
Controllable and trustworthy blockchain-based cloud data management
Futur. Gener. Comput. Syst.
(2019)
G. Zyskind et al.
Decentralizing privacy: using blockchain to protect personal data
Proceedings of the IEEE Security and Privacy Workshops (SPW)
(2015)

M. Alam et al.

SBBox: A tamper-resistant digital archiving system

Int. J. Cyber-Secur. Digit. Forensics

(2016)

M. Ali et al.

Blockstack: A global naming and storage system secured by blockchains.

Proceedings of the USENIX Annual Technical Conference

(2016)

R.R. Ana Nieto et al.

Digital witness and privacy in iot: Anonymous witnessing approach

Proceedings of the IEEE Conference on Trustcom/BigDataSE/ICESS

(2017)

J. Benet, IPFS-content addressed, versioned, p2p file system (DRAFT 3), arXiv:1407.3561 (2014),...

S. Bonomi, M. Casini, C. Ciccotelli, B-CoC: A blockchain-based chain of custody for evidences management in digital...

J. Camenisch et al.

Efficient group signature schemes for large groups

Proceedings of the Annual International Cryptology Conference

(1997)

M. Castro et al.

Practical byzantine fault tolerance

Proceedings of the OSDI

(1999)

M. Cebe et al.

Block4forensic: An integrated lightweight blockchain framework for forensics applications of connected vehicles

IEEE Commun. Mag.

(2018)

ChongC.N. et al.

Secure audit logging with tamper-resistant hardware

Proceedings of the IFIP International Information Security Conference

(2003)

DongM. et al.

LSCD: A low-storage clone detection protocol for cyber-physical systems

IEEE Trans. Comput. Aided Des. Integr. Circuits Syst.

(2016)

DuX. et al.

Security in wireless sensor networks

Wirel. Commun. IEEE

(2008)

DuX. et al.

Transactions papers a routing-driven elliptic curve cryptography based key management scheme for heterogeneous sensor networks

IEEE Trans. Wirel. Commun.

(2011)

GaiK. et al.

Blend arithmetic operations on tensor-based fully homomorphic encryption over real numbers

IEEE Trans. Ind. Inf.

(2018)

A. Ghodsi et al.

Naming in content-oriented architectures

Proceedings of the ACM SIGCOMM Workshop on Information-centric Networking

(2011)

Cited by (290)

Reversible data hiding in encrypted image with secure multi-party for telemedicine applications
2024, Biomedical Signal Processing and Control
Privacy protection of electronic patient information (EPI) is a crucial concern in the telemedicine applications, especially when it comes to communication between patients and doctors. In this paper, we propose a high-capacity reversible data hiding (RDH) algorithm combined with secure multi-party computation for telemedicine applications. The pixel values within a 3 × 3-size image block are divided into embedded pixels (EPs) and sampled pixels (SPs), secret data is embedded into the prediction errors of EPs and SPs in two stages. In the first stage, two edge servers predict EPs using the four SPs in the block to obtain the prediction error of EPs. The secret data is embedded into EPs through addition operation and histogram shift method. In the second stage, the prediction error of SPs is calculated as the difference between EPs and SPs, and the embedding of secret data follows the same method as used in the first stage. The experimental results demonstrate that the proposed algorithm achieves a higher embedding rate compared to classical and state-of-the-art algorithms, with an average embedding rate of 0.47bpp on the UCID dataset. Furthermore, the proposed algorithm exhibits robustness against existing attacks.
Ring Co-XOR encryption based reversible data hiding for 3D mesh model
2024, Signal Processing
Reversible data hiding in encrypted domain (RDH-ED) is widely used for ensuring the security of content, protecting privacy, and facilitating the management of digital media stored in the cloud. However, research on the application of RDH-ED technology in 3D mesh model carriers is still in its infancy. This paper proposes a reversible data hiding scheme based on Ring Co-XOR encryption (RCXOR) to address the challenges with the existing RDH-ED algorithms for 3D mesh models. Specifically, the proposed scheme eliminates the need to transmit auxiliary information to a third party and increases the embedding capacity. First, the original 3D mesh model is divided into m non-overlapping rings, where different rings do not share vertices. Next, m sets of random bitstreams are generated based on the encryption key. Within each ring, the vertices are encrypted using bitwise XOR with the same random bitstream. This preserves redundancy between adjacent vertices within the same ring in the encrypted data. Finally, a multi-MSB prediction method based on the ring vertex is proposed using the RCXOR encryption technique. To this end, the ring center vertex (RCV) serves as the reference vertex for predicting the multi-MSB of the ring edge vertex (REV), creating space for data hiding. The Canonical Huffman Coding method is used to compress the label and obtain the optimal embedding capacity for data hiding. The experimental results demonstrate that the proposed algorithm surpasses the current vacating room after encryption (VRAE)-based methods in terms of embedding ability, achieving an average embedding rate of 25.63 bits per voxel (bpv) on the dataset, compared to 6 bpv for the state-of-the-art approach.
The real estate time-stamping and registration system based on Ethereum blockchain
2024, Blockchain: Research and Applications
In recent years, there has been a growing interest in real estate investments that utilize blockchain technology. Traditional real estate investments usually involve third-party intermediaries for verifying and recording informal real estate transactions. This paper proposes a blockchain-based real estate investment model and presents a detailed description of the real estate register authentication aspect of the model. The model uses blockchain technology to create tamper-evident records of real estate transactions and provide secure authentication and verification for informal real estate transactions. Meanwhile, each real estate transaction is recorded in a block, and all transaction records are kept on the blockchain. This means that inventors can access these transaction records and verify their authenticity and validity. The system can also use smart contracts to automate the process of real estate transactions, which further improves transaction efficiency and reduces costs. Furthermore, the model's timestamp and authentication mechanism can eliminate third-party intermediaries and ensure the authenticity and validity of real estate transactions through distributed ledgers and verification mechanisms. Overall, blockchain-based real estate systems offer advantages of security, transparency, efficiency, and cost reduction. With ongoing blockchain advancements, these systems are expected to play a crucial role in future real estate investment transactions.
CE-PBFT: A high availability consensus algorithm for large-scale consortium blockchain
2024, Journal of King Saud University - Computer and Information Sciences
The consortium blockchain has been widely applied in various fields such as agricultural product traceability, supply chain management, and logistics transportation. As an indispensable component of a consortium blockchain, the consensus algorithm ensures the consistency and trustworthiness of each node in the network. However, existing consensus algorithms in large-scale consortium blockchain scenarios suffer from low system throughput and high latency due to the complexity of communication processes, rendering them impractical for real-world use. To address these issues, this paper proposes a novel consensus algorithm called credit evaluation-based practical Byzantine fault tolerance (CE-PBFT). This algorithm designs a new node credit evaluation model that considers node completion rate, consensus decay, and node behavior. It effectively measures and reflects the specific reliability status of nodes during system operation, thereby enhancing system reliability and security. Additionally, the paper introduces the innovative use of decision tree algorithms to analyze network node behavior and simplifies the existing consensus protocol. Nodes are categorized as excellent, good, ordinary, or poor based on the classification results, and non-Byzantine nodes are dynamically selected accordingly. This greatly improves the overall efficiency of the system. The performance of CE-PBFT is validated through experiments and compared with PBFT, G-PBFT, RBFT, WBFT and PPoR. Experimental results demonstrate that in large-scale consortium scenarios, CE-PBFT significantly improves system throughput, effectively reduces transaction latency and communication overhead, and outperforms the compared protocols.
Security analysis of a reversible data hiding scheme in encrypted images by redundant space transfer
2024, Journal of King Saud University - Computer and Information Sciences
Redundant space transfer (RST) encryption can effectively enhance the security and embedding capacity of reversible data hiding in encrypted images. To demonstrate the security risks of RST encryption in the cloud environment, according to the known plaintext image and marked encrypted image(MEI) pairs, this paper proposes a known plaintext attack (KPA) based on hamming-weight of bit block. The proposed KPA method includes two stages. The first stage is to find the correct ciphertext image. For possible block sizes, all possible ciphertext images of MEI are reconstructed by deleting the embedded secret data. The Hamming weight image (HWI) of plaintext and all possible ciphertext images is calculated in $m \times 8 n$ domain ( $m$ , $n$ is the image size). When the histogram distance between the plaintext HWI and a possible ciphertext HWI is the minimum, the correct ciphertext image is found. The second stage is to estimate the permutation keys. The bit block characteristic matrix (BBCM) is defined by using that the bit values of plaintext and ciphertext remain unchanged in the process of RST encryption. Based on the intersection of BBCM’s index set, the block permutation key is directly estimated. Then, the bit plane permutation key in each image block is further estimated. Experimental results show that for RST encryption, when the block size is not less than 3 × 3, the block permutation and bit plane permutation key can be estimated in less than 3 min by using one pair of plain–ciphertext. The estimation accuracy of block permutation key is more than 50%, and the estimation accuracy of bit plane permutation key is 10% for Qin’s RST algorithm, most of the content information of the ciphertext image is leaked.
Potential applicability of blockchain technology in the maintenance of chain of custody in forensic casework
2024, Egyptian Journal of Forensic Sciences

View all citing articles on Scopus

View full text

Block-DEF: A secure digital evidence framework using blockchain

Highlights

Abstract

Introduction

Section snippets

Related work

Architecture of Block-DEF

Details of Block-DEF

Analysis and evaluation

Conclusion

Acknowledgment

Ad Hoc Netw.

J. Netw. Comput. Appl.

Futur. Gener. Comput. Syst.

Inf. Sci.

Futur. Gener. Comput. Syst.

Digit. Investig.

Futur. Gener. Comput. Syst.

Futur. Gener. Comput. Syst.

SBBox: A tamper-resistant digital archiving system

Int. J. Cyber-Secur. Digit. Forensics

Blockstack: A global naming and storage system secured by blockchains.

Proceedings of the USENIX Annual Technical Conference

Digital witness and privacy in iot: Anonymous witnessing approach

Proceedings of the IEEE Conference on Trustcom/BigDataSE/ICESS

Efficient group signature schemes for large groups

Proceedings of the Annual International Cryptology Conference

Practical byzantine fault tolerance

Proceedings of the OSDI

Block4forensic: An integrated lightweight blockchain framework for forensics applications of connected vehicles

IEEE Commun. Mag.

Secure audit logging with tamper-resistant hardware

Proceedings of the IFIP International Information Security Conference

LSCD: A low-storage clone detection protocol for cyber-physical systems

IEEE Trans. Comput. Aided Des. Integr. Circuits Syst.

Security in wireless sensor networks

Wirel. Commun. IEEE

Transactions papers a routing-driven elliptic curve cryptography based key management scheme for heterogeneous sensor networks

IEEE Trans. Wirel. Commun.

Blend arithmetic operations on tensor-based fully homomorphic encryption over real numbers

IEEE Trans. Ind. Inf.

Naming in content-oriented architectures

Proceedings of the ACM SIGCOMM Workshop on Information-centric Networking