research-article

Privacy-preserving email forensics

Authors:

Frederik Armknecht,

Andreas DewaldAuthors Info & Claims

Digital Investigation: The International Journal of Digital Forensics & Incident Response, Volume 14, Issue S1

Pages S127 - S136

https://doi.org/10.1016/j.diin.2015.05.003

Published: 01 August 2015 Publication History

Abstract

In many digital forensic investigations, email data needs to be analyzed. However, this poses a threat to the privacy of the individual whose emails are being examined and in particular becomes a problem if the investigation clashes with privacy laws. This is commonly addressed by allowing the investigator to run keyword searches and to reveal only those emails that contain at least some of the keywords. While this could be realized with standard cryptographic techniques, further requirements are present that call for novel solutions: (i) for investigation-tactical reasons the investigator should be able to keep the search terms secret and (ii) for efficiency reasons no regular interaction should be required between the investigator and the data owner. We close this gap by introducing a novel cryptographic scheme that allows to encrypt entire email boxes before handing them over for investigation. The key feature is that the investigator can non-interactively run keyword searches on the encrypted data and decrypt those emails (and only those) for which a configurable number of matches occurred. Our implementation as a plug-in for a standard forensic framework confirms the practical applicability of the approach.

References

[1]

C.W. Adams, Legal issues pertaining to the development of digital forensic tools, in: SADFE. IEEE computer society, 2008, pp. 123-132. http://dblp.uni-trier.de/db/conf/sadfe/sadfe2008.html#Adams08

[2]

R. Agarwal, F. Rodhain, Mine or ours: email privacy expectations, employee attitudes, and perceived work environment characteristics, in: System sciences, 2002. HICSS. Proceedings of the 35th annual Hawaii international conference on. IEEE, 2002, pp. 2471-2480.

[3]

A. Aminnezhad, A. Dehghantanha, M.T. Abdullah, A survey on privacy issues in digital forensics, Int J Cyber-Secur Digital Forensics (IJCSDF), 1 (2012) 311-323.

[4]

F. Armknecht, A. Dewald, Privacy-preserving email forensics, Department of Computer Science, University of Erlangen-Nuremberg, 2015.

[5]

L. Ballard, S. Kamara, F. Monrose, Achieving efficient conjunctive keyword searches over encrypted data, in: ICICS. vol. 3783 of lecture notes in computer science, Springer, 2005, pp. 414-426.

[6]

M. Bellare, J. Kilian, P. Rogaway, The security of the cipher block chaining¿message authentication code, J Comput Syst Sci, 61 (2000) 362-399. http://dblp.uni-trier.de/db/journals/jcss/jcss61.html#BellareKR00

Digital Library

[7]

G. Bertoni, J. Daemen, M. Peeters, G.V. Assche, The Keccak SHA-3 submission, January 2011. http://keccak.noekeon.org/

[8]

M.A. Caloyannides, Privacy protection and computer forensics, Artech House, 2004.

[9]

B. Carrier, File system forensic analysis, Addison-Wesley Pub. Co. Inc., Boston, MA, USA, 2005.

[10]

B. Carrier, The sleuth kit and autopsy: forensics tools for Linux and other Unixes, 2005, 2009. http://www.sleuthkit.org

[11]

E. Casey, Digital evidence and computer crime: forensic science, computers, and the Internet, Academic Press/Auflage, 2011.

[12]

D. Cash, S. Jarecki, C.S. Jutla, H. Krawczyk, M.C. Rosu, M. Steiner, Highly-scalable searchable symmetric encryption with support for boolean queries, in: CRYPTO (1). vol. 8042 of lecture notes in computer science, Springer, 2013, pp. 353-373.

[13]

Y.C. Chang, M. Mitzenmacher, Privacy preserving keyword searches on remote encrypted data, in: ACNS. vol. 3531 of lecture notes in computer science, 2005, pp. 442-455.

[14]

R. Curtmola, J. Garay, S. Kamara, R. Ostrovsky, Searchable symmetric encryption: improved definitions and efficient constructions, in: Proceedings of the 13th ACM conference on computer and communications security. CCS '06, ACM, New York, NY, USA, 2006, pp. 79-88. http://doi.acm.org/10.1145/1180405.1180417

Digital Library

[15]

J. Daemen, V. Rijmen, The design of Rijndael: AES - the advanced encryption standard, Springer Verlag, Berlin, Heidelberg, New York, 2002.

[16]

P. Golle, J. Staddon, B. Waters, Secure conjunctive keyword search over encrypted data, in: Proc. of the 2004 applied cryptography and network security conference. LNCS 3089, 2004, pp. 31-45.

[17]

S. Hou, T. Uehara, S. Yiu, L.C. Hui, K. Chow, Privacy preserving multiple keyword search for confidential investigation of remote forensics, in: 2011 Third international conference on multimedia information networking and security, Institute of Electrical & Electronics Engineers (IEEE), 2011. http://dx.doi.org/10.1109/MINES.2011.90

[18]

S. Hou, T. Uehara, S.M. Yiu, L.C.K. Hui, K. Chow, Privacy preserving confidential forensic investigation for shared or remote servers, in: Intelligent information hiding and multimedia signal processing (IIH-MSP), 2011 seventh international conference on. IEEE, 2011, pp. 378-383.

[19]

International Community, U. N, The universal declaration of human rights, 1948. http://www.un.org/en/documents/udhr

[20]

National Institute of Standards and Technology, FIPS 180-2, secure hash standard, federal information processing standard (FIPS), DEPARTMENT OF COMMERCE, Aug. 2002. http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf

[21]

M. Olivier, Forensics and privacy-enhancing technologies, in: Advances in digital forensics, Springer, 2005, pp. 17-31.

[22]

Oxford University Press, ???? The second edition of the 20-volume Oxford English dictionary. URL http://www.oxforddictionaries.com/words/how-many-words-are-there-in-the-english-language?q=171%2C476

[23]

A. Shamir, How to share a secret, Commun ACM, 22 (Nov. 1979) 612-613. http://doi.acm.org/10.1145/359168.359176

Digital Library

[24]

D.X. Song, D. Wagner, A. Perrig, Practical techniques for searches on encrypted data, in: Proceedings of the 2000 IEEE symposium on security and privacy. SP '00, IEEE Computer Society, Washington, DC, USA, 2000, pp. 44. http://dl.acm.org/citation.cfm?id=882494.884426

[25]

P. Stahlberg, G. Miklau, B.N. Levine, Threats to privacy in the forensic analysis of database systems, in: Proceedings of the 2007 ACM SIGMOD international conference on management of data, ACM, 2007, pp. 91-102.

[26]

S.J. Stolfo, G. Creamer, S. Hershkop, A temporal based forensic analysis of electronic communication, in: Proceedings of the 2006 international conference on digital government research, Digital Government Society of North America, 2006, pp. 23-24.

Digital Library

[27]

S.J. Stolfo, S. Hershkop, Email mining toolkit supporting law enforcement forensic analyses, in: Proceedings of the 2005 national conference on digital government research, Digital Government Society of North America, 2005, pp. 221-222.

[28]

United States v. Carey, United States v. Carey 172 F.3d 1268 (10th Cir. 1999), 1999.

[29]

University Leipzip, Wortlisten, 2001. http://wortschatz.uni-leipzig.de/html/wliste.html

[30]

C. Wei, A. Sprague, G. Warner, A. Skjellum, Mining spam email to identify common origins for forensic application, in: Proceedings of the 2008 ACM symposium on applied computing, ACM, 2008, pp. 1433-1437.

Digital Library

Cited By

Breidenbach USteinebach MLiu HVolkamer MWressnegger C(2020)Privacy-enhanced robust image hashing with bloom filtersProceedings of the 15th International Conference on Availability, Reliability and Security10.1145/3407023.3409212(1-10)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3407023.3409212
Englbrecht LPernul GVolkamer MWressnegger C(2020)A privacy-aware digital forensics investigation in enterprisesProceedings of the 15th International Conference on Availability, Reliability and Security10.1145/3407023.3407064(1-10)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3407023.3407064
Siva Kumar DSanthi Thilagam P(2019)Approaches and challenges of privacy preserving search over encrypted dataInformation Systems10.1016/j.is.2018.11.00481:C(63-81)Online publication date: 1-Mar-2019
https://dl.acm.org/doi/10.1016/j.is.2018.11.004
Show More Cited By

Index Terms

Privacy-preserving email forensics

Index terms have been assigned to the content through auto-classification.

Recommendations

Privacy-preserving multireceiver ID-based encryption with provable security

Multireceiver identity ID based encryption and ID-based broadcast encryption allow a sender to use the public identities of multiple receivers to encrypt messages so that only the selected receivers or a privileged set of users can decrypt the messages. ...
A privacy problem on Hu-Huang's proxy key generation protocol

A proxy signature scheme enables an original signer to delegate his signing capability to a proxy signer and then the proxy signer can sign a message on behalf of the original signer. Recently, several ID-based proxy signature schemes have been ...
Privacy preserving revocable predicate encryption revisited

Predicate encryption PE that provides both the access control of ciphertexts and the privacy of ciphertexts is a new paradigm of public-key encryption. An important application of PE is a searchable encryption system in cloud storage, where it enables a ...

Comments

Information & Contributors

Information

Published In

cover image Digital Investigation: The International Journal of Digital Forensics & Incident Response

Digital Investigation: The International Journal of Digital Forensics & Incident Response Volume 14, Issue S1

August 2015

164 pages

ISSN:1742-2876

Issue’s Table of Contents

Copyright © The Authors.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 August 2015

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Breidenbach USteinebach MLiu HVolkamer MWressnegger C(2020)Privacy-enhanced robust image hashing with bloom filtersProceedings of the 15th International Conference on Availability, Reliability and Security10.1145/3407023.3409212(1-10)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3407023.3409212
Englbrecht LPernul GVolkamer MWressnegger C(2020)A privacy-aware digital forensics investigation in enterprisesProceedings of the 15th International Conference on Availability, Reliability and Security10.1145/3407023.3407064(1-10)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3407023.3407064
Siva Kumar DSanthi Thilagam P(2019)Approaches and challenges of privacy preserving search over encrypted dataInformation Systems10.1016/j.is.2018.11.00481:C(63-81)Online publication date: 1-Mar-2019
https://dl.acm.org/doi/10.1016/j.is.2018.11.004
Grajeda CBreitinger FBaggili I(2017)Availability of datasets for digital forensics And what is missingDigital Investigation: The International Journal of Digital Forensics & Incident Response10.1016/j.diin.2017.06.00422:S(S94-S105)Online publication date: 1-Aug-2017
https://dl.acm.org/doi/10.1016/j.diin.2017.06.004
Zimmer ELindemann JHerrmann DFederrath H(2015)Catching Inside Attackers: Balancing Forensic Detectability and Privacy of EmployeesOpen Problems in Network Security10.1007/978-3-319-39028-4_4(43-55)Online publication date: 29-Oct-2015
https://dl.acm.org/doi/10.1007/978-3-319-39028-4_4

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents