Secure logging scheme for forensic analysis in cloud

摘要

Cloud computing has emerged as a prominent technology that provides reliable on-demandcloud services to users. Among the various kind of attacks, Distributed Denial of Service (DDoS)attack is one of the major application layer attacks that target the resources and services runningin the cloud. Due to the distributed nature of attacks or crimes in the cloud, the evidence arecollected from various components such as the router, switches, hard disk, log traces, and virtualmachines. An attacker may collude with the cloud provider or investigators to tamper the logfiles or by inserting false information or by deleting the malicious activity logs altogether byleaving no trace. Hence, security is the major concern in cloud wherein investigation of crimesand attacks are very difficult. Collecting logs from the cloud providers is very hard since manyusers share the same network resources and the investigators rely on the providers to accessthe information. Therefore, in order to preserve the confidentiality, integrity, and authenticationof logs, secure logging scheme is proposed to preserve the logs for forensic investigation. Thispaper highlights the secure logging scheme by extracting the features from logs of all virtualmachine instances by double encryption scheme and also deals the integrity of the logs usinghashing and verifies the signatures using Bloom filter–based R tree (BR tree). Furthermore,the verification is performed using Shamir Secret Sharing (SSS) scheme, and it is responsiblefor sharing the secret (private) keys to all the three parties, ie, user, investigator, and cloudproviders. It is inferred fromthe experimental results that the proposed scheme requires minimallog processing time, minimal verification time for inserting logs, stores logs in time, and spaceefficient manner and scalable than existing methods.