Proposed Digital Evidence Sharing and Preserving Mechanism in Cloud Computing Environments
اقتراح آلية لتبادل الأدلة الرقمية والحفاظ عليها في بيئات الحوسبة السحابية
Investigations and digital evidence have become an important and critical discipline that has made many researchers devote vigorous efforts to developing digital surveillance and investigation mechanisms, especially after the great expansion of the technical infrastructure on cloud computing platforms, which added more challenges to digital investigation. So far, no robust model has been found for preserving and exchanging digital evidence between clouds and users without this model causing a breach of user privacy or affecting performance. Most of the current studies on digital evidence exchange mechanisms rely at one stage of the exchange or evidence formation process on the CSP, which allows the cloud provider (or a malicious employee within the cloud provider) to manipulate the evidence or data. This research will present a proposal for a mechanism for sharing and preserving digital evidence between the cloud parties, taking into account the performance in the major cloud computing models (IaaS, PaaS, SaaS), and how this model can achieve evidence integrity and a less level of interference in the privacy of the user as well as the cloud service provider considering that may be more than one party accused as forgery. To achieve this, we have selected some digital evidence that digital investigators can rely on as digital forensic evidence in cases related to information crimes as a sample that can be exchanged and verified that none of them has tampered with this evidence, especially since cloud environments may go beyond having a single cloud that performs the service and thus there are several clouds involved in forming evidence, then we tested this mechanism by applying the SHA-2 Hashing process to digital evidence, then encrypting the output with the Elliptic Curve Cryptography algorithm and measuring the time needed to exchange and verify the evidence. We will compare the proposed model with models in previous studies to illustrate how the proposed model overcame the problem of relying on one party to form the evidence with the least impact for all parties on the level of performance or privacy, and how distributed SHA-2 hashing values proved its effectiveness in the inability of any party to deny the evidence or tamer it.