Digital Forensics Study of a Cloud Storage Client: A Dropbox Artifact Analysis

The rapid development of cloud storage technology paired with the prevalence of smartphone usage presents wide-ranging challenges for digital forensics practitioners. Data are more easily uploaded and shared between multiple devices and across multiple platforms. So, it has increased the opportunities for criminality. Criminality undertaken in cloud computing can be directly seen on logs stored on the cloud storage server, which records user activity. However, because of user privacy protection, these logs cannot be easily used as evidence in court. This issue emphasizes the need for a reliable means of identifying, acquiring, and preserving evidential data from the client-side. This study identifies the data artifacts of a user accessing Dropbox via smartphone (Android Lollipop and Android Nougat). The data are from performing several common activities such as installing, signing up, uploading, downloading, sharing, and others. About 14 artifacts are identified by documenting the Dropbox client database changing contents as these activities are carried out. This study increases knowledge of the artifacts that are leftover by Dropbox client on Android smartphones. The results propose that these methods can be used by digital forensics investigators in carrying out investigations and cyberlaw practitioners as guidance in criminal cases.

Download Full-text

IMPLEMENTASI PROTEKSI CLIENT-SIDE PADA PRIVATE CLOUD STORAGE NEXTCLOUD

Jurnal Manajemen Informatika dan Sistem Informasi ◽

10.36595/misi.v2i1.65 ◽

2019 ◽

Vol 2 (1) ◽

pp. 16

Author(s):

Dedy Hariyadi ◽

Imam Puji Santoso ◽

Ramadhana Saputra

Keyword(s):

Cloud Storage ◽

Private Cloud ◽

Storage Server ◽

Google Drive ◽

Client Side

Saat ini hampir setiap perangkat terhubung dengan teknologi komputasi awan. Teknologi komputasi awan yang menawarkan layanan menarik adalah Cloud Storage seperti Google Drive, Dropbox, One Drive, Mega, dan lain-lain. Teknologi Cloud Storage semacam itu dapat diterapkan di lingkungan private atau on-premise. Peranti lunak Cloud Storage yang dapat diinstall di lingkungan private diantaranya, OwnCloud, Nextcloud, SeaFile, dan lain-lain. Implementasi Cloud Storage perlu diwaspadai karena memiliki celah keamanan saat transmisi data dari client ke server atau sebaliknya dan tidak terproteksinya berkas yang tersimpan pada Cloud Storage server. Pada penelitian ini menunjukkan hasil pengujian kerentanan menyimpan berkas dan direktori di penyedia Cloud Storage berserta memberikan solusi mengatasi keamanan tersebut.

Download Full-text

The Dynamic Data Privacy Protection Strategy Based on the CAP Theory

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch024 ◽

2019 ◽

pp. 470-482

Author(s):

Xinwei Sun ◽

Zhang Wei

Keyword(s):

Response Time ◽

Privacy Protection ◽

Cloud Storage ◽

Data Privacy ◽

Rapid Development ◽

Data Consistency ◽

Time Data ◽

Protection Strategy ◽

Protection Strategies ◽

Data Privacy Protection

With the rapid development of cloud storage technology, the cloud storage platform has gradually been used to store data. However, the privacy protection strategy provided by public cloud storage platform is hard to be trust by users. Moreover, they are unable to customize their own storage strategy according to their demands. This study proposed a consistency-availability-partition tolerance (CAP) theory -based data privacy protection strategy, which firstly employed CAP theory to provide privacy data protection for users and then offer users with choice to select corresponding privacy strategy to store data. Moreover, a total of three privacy protection strategies were put forward, focusing on the balance between data consistency and response time, data consistency and data availability, as well as response time and availability respectively.

Download Full-text

Analisis Forensik Android: Artefak pada Aplikasi Penyimpanan Awan Box

Jurnal Teknologi Informasi dan Ilmu Komputer ◽

10.25126/jtiik.2020732220 ◽

2020 ◽

Vol 7 (3) ◽

pp. 521

Author(s):

Gandeva Bayu Satrya ◽

A Ahmad Nasrullah

Keyword(s):

Technology Use ◽

Cloud Storage ◽

Digital Forensics ◽

Mobile Forensics ◽

Cloud Storage Service ◽

Storage Service ◽

Google Drive ◽

Client Side ◽

Cloud Storage Services

Sistem penyimpanan melalui cloud memiliki banyak keunggulan, seperti kemampuan akses dari lokasi manapun serta kemudahan penyimpanan pencadangan file-file pada komputer dan smartphone. Terdapat banyak pilihan layanan penyimpanan melalui cloud, seperti Dropbox, Microsoft OneDrive, Google Drive, dan Box. Dari beberapa jenis layanan peyimpanan tersebut Box adalah satu-satunya layanan penyimpanan cloud yang mampu menjamin tingkat reliability uptime hingga 99.9%. Awalnnya, Box hanya ditujukan untuk kegiatan bisnis saja, namun sekarang Box dapat digunakan oleh pengguna secara umum. Selain memberikan pengaruh yang positif, pertumbuhan penggunaan teknologi layanan penyimpanan cloud juga telah memberikan peningkatan dalam peluang terjadinya kejahatan di dunia maya. Forensik digital merupakan solusi terbaru dalam mengamati keamanan sistem dan jaringan, sementara forensik bergerak adalah pengembangan forensic digital yang sepenuhnya difokuskan pada media smartphone. Forensik bergerak dapat dilakukan dalam dua sisi, yaitu server dan client. Studi kasus dalam penelitian ini berfokus pada penggunaan smartphone OS Android yang terinstal Box sebagai layanan penyimpanan cloud. Sedangkan tujuan utama dari penelitian ini adalah untuk menyediakan sebuah metode forensik bergerak untuk menemukan artefak pada smartphone Android yang telah terinstal dengan aplikasi Box.AbstractStoring files in a cloud has many advantages, such as the ability to access them from any location and to keep backups of those files on computers and smartphones. There are many choices for cloud storage services, such as Dropbox, Microsoft OneDrive, Google Drive, and Box. Of these, Box is the only cloud storage service that guarantees uptime reliability 99.99% of the time. At first, Box was intended for business use only, but now it is also freely available for public use. Growth in cloud storage technology use has also resulted in increased opportunities for cybercrime to take place. Digital forensics is the latest solution for system and network security observers, while mobile forensics is a development of digital forensics that is fully focused on smartphone media. Mobile forensics can be performed on both the server and client sides. In this research, mobile forensics was performed on the client side. The case study in this paper focused on an Android operating system (OS) smartphone using Box cloud storage. The purpose of this study was to provide a mobile forensics method for finding artifacts on smartphones that have a Box application installed.

Download Full-text

A survey paper of data access privilege scheme in cloud storage server for user privacy problem

International Journal of Computer Trends and Technology ◽

10.14445/22312803/ijctt-v28p140 ◽

2015 ◽

Vol 28 (4) ◽

pp. 203-206

Author(s):

Smita Arjun Wagh ◽

◽

B.padma vathi

Keyword(s):

Cloud Storage ◽

Data Access ◽

User Privacy ◽

Storage Server ◽

Survey Paper ◽

Privacy Problem

Download Full-text

The Dynamic Data Privacy Protection Strategy Based on the CAP Theory

International Journal of Interdisciplinary Telecommunications and Networking ◽

10.4018/ijitn.2015010104 ◽

2015 ◽

Vol 7 (1) ◽

pp. 44-56 ◽

Cited By ~ 1

Author(s):

Xinwei Sun ◽

Zhang Wei

Keyword(s):

Response Time ◽

Privacy Protection ◽

Cloud Storage ◽

Data Privacy ◽

Rapid Development ◽

Data Availability ◽

Data Consistency ◽

Time Data ◽

Protection Strategy ◽

Data Privacy Protection

Download Full-text

User Privacy Protection Scheme Based on Verifiable Outsourcing Attribute-Based Encryption

Security and Communication Networks ◽

10.1155/2021/6617669 ◽

2021 ◽

Vol 2021 ◽

pp. 1-11

Author(s):

Luo Sheng

Keyword(s):

Cloud Storage ◽

Rapid Development ◽

Computational Cost ◽

Random Oracle Model ◽

Data Encryption ◽

Practical Significance ◽

Key Generation ◽

User Privacy ◽

Attribute Based Encryption ◽

Cloud Storage Services

Given the rapid development of cloud computing and cloud storage technology, a growing number of enterprises and individuals use cloud storage services to save data or back up data. In the cloud storage services, although attribute-based encryption can protect users’ data security, the computational cost of key generation, data encryption, and data decryption linearly increases with the complexity of access strategies, which becomes more critical for resource-constrained users. Therefore, this paper proposes a verifiable attribute-based encryption scheme for a fully outsourced ciphertext policy. The scheme can simultaneously realize the functions of key generation, data encryption, and data decryption outsourcing and verify the correctness of the outsourcing calculation results. This scheme can effectively reduce the computational burden of a cloud storage system. The security and verifiability of the scheme are indicated and proved with the random oracle model. The experimental results show that the scheme has the advantages of function and efficiency compared with other schemes. The research results have theoretical and practical significance.

Download Full-text

Ensuring Better Privacy of Cloud Storage Using Elliptic Curve Cryptography

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit2062160 ◽

2020 ◽

pp. 530-536

Author(s):

A. V. Deorankar ◽

Khushboo T. Khobragade

Keyword(s):

Cloud Computing ◽

Elliptic Curve ◽

Data Security ◽

Cloud Storage ◽

Rapid Development ◽

Cloud Services ◽

Public Key Encryption ◽

User Privacy ◽

Important Concern ◽

Share Data

Cloud technology is very profitable for the business evolution. In cloud computing, the data is mostly outsourced. The security and integrity of the data in the cloud system is always a main worry. Because of rapid development of adaptable cloud services, it becomes increasingly vulnerable to use cloud services to share data in a friend circle in the environment of cloud computing. The user privacy is also an important concern. Many systems and technique are being developed to address these issues, but still there is always a scope of improvement. While addressing the issues related to the user privacy and data security and integrity, we must consider the efficiency of the system while accessing and searching for the data. In this paper, we discuss about the major challenges in cloud environment. Also, presented is a brief overview on proposed system with elliptical curve cryptography is a public key encryption technique uses the properties of elliptic curve in order to generate keys instead of using the traditional methodology of generation of keys.

Download Full-text

What If Keys Are Leaked? towards Practical and Secure Re-Encryption in Deduplication-Based Cloud Storage

Information ◽

10.3390/info12040142 ◽

2021 ◽

Vol 12 (4) ◽

pp. 142

Author(s):

Weijing You ◽

Lei Lei ◽

Bo Chen ◽

Limin Liu

Keyword(s):

Experimental Evaluation ◽

Cloud Storage ◽

Security Analysis ◽

Encrypted Data ◽

Cloud Data ◽

Storage Cost ◽

Outsourced Data ◽

Proof Of Ownership ◽

Client Side ◽

Over Time

By only storing a unique copy of duplicate data possessed by different data owners, deduplication can significantly reduce storage cost, and hence is used broadly in public clouds. When combining with confidentiality, deduplication will become problematic as encryption performed by different data owners may differentiate identical data which may then become not deduplicable. The Message-Locked Encryption (MLE) is thus utilized to derive the same encryption key for the identical data, by which the encrypted data are still deduplicable after being encrypted by different data owners. As keys may be leaked over time, re-encrypting outsourced data is of paramount importance to ensure continuous confidentiality, which, however, has not been well addressed in the literature. In this paper, we design SEDER, a SEcure client-side Deduplication system enabling Efficient Re-encryption for cloud storage by (1) leveraging all-or-nothing transform (AONT), (2) designing a new delegated re-encryption (DRE), and (3) proposing a new proof of ownership scheme for encrypted cloud data (PoWC). Security analysis and experimental evaluation validate security and efficiency of SEDER, respectively.

Download Full-text

The Protection of User Preference Privacy in Personalized Information Retrieval: Challenges and Overviews

Libri ◽

10.1515/libri-2019-0140 ◽

2021 ◽

Vol 0 (0) ◽

Author(s):

Zongda Wu ◽

Chenglang Lu ◽

Youlin Zhao ◽

Jian Xie ◽

Dongdong Zou ◽

...

Keyword(s):

Information Retrieval ◽

Privacy Protection ◽

User Preference ◽

User Privacy ◽

Server Side ◽

Algorithm Efficiency ◽

Important Study ◽

Basic Reference ◽

Complete Set ◽

Technical Features

Abstract This paper reviews a large number of research achievements relevant to user privacy protection in an untrusted network environment, and then analyzes and evaluates their application limitations in personalized information retrieval, to establish the conditional constraints that an effective approach for user preference privacy protection in personalized information retrieval should meet, thus providing a basic reference for the solution of this problem. First, based on the basic framework of a personalized information retrieval platform, we establish a complete set of constraints for user preference privacy protection in terms of security, usability, efficiency, and accuracy. Then, we comprehensively review the technical features for all kinds of popular methods for user privacy protection, and analyze their application limitations in personalized information retrieval, according to the constraints of preference privacy protection. The results show that personalized information retrieval has higher requirements for users’ privacy protection, i.e., it is required to comprehensively improve the security of users’ preference privacy on the untrusted server-side, under the precondition of not changing the platform, algorithm, efficiency, and accuracy of personalized information retrieval. However, all kinds of existing privacy methods still cannot meet the above requirements. This paper is an important study attempt to the problem of user preference privacy protection of personalized information retrieval, which can provide a basic reference and direction for the further study of the problem.

Download Full-text