ForensiBlock: A Provenance-Driven Blockchain Framework for Data Forensics and Auditability

Asma Jodeiri Akbarfam; Mahdieh Heidaripour; Hoda Maleki; Gokila Dorai; Gagan Agrawal

doi:10.1109/TPS-ISA58951.2023.00025

ForensiBlock: A Provenance-Driven Blockchain Framework for Data Forensics and Auditability

Asma Jodeiri Akbarfam, Mahdieh Heidaripour, Hoda Maleki, Gokila Dorai, Gagan Agrawal

Computer & Cyber Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Maintaining accurate provenance records is paramount in digital forensics, as they underpin evidence credibility and integrity, addressing essential aspects like accountability and reproducibility. Blockchains have several properties that can address these requirements. Previous systems utilized public blockchains, i.e., treated blockchain as a black box, and benefiting from the immutability property. However, the blockchain was accessible to everyone, giving rise to security concerns and moreover, efficient extraction of provenance faces challenges due to the enormous scale and complexity of digital data. This necessitates a tailored blockchain design for digital forensics. Our solution, Forensiblock has a novel design that automates investigation steps, ensures secure data access, traces data origins, preserves records, and expedites provenance extraction. Forensiblock incorporates Role-Based Access Control with Staged Authorization (RBAC-SA) and a distributed Merkle root for case tracking. These features support authorized resource access with an efficient retrieval of provenance records. Particularly, comparing two methods for extracting provenance records - off-chain storage retrieval with Merkle root verification and a brute-force search - the off-chain method is significantly better, especially as the blockchain size and number of cases increase. We also found that our distributed Merkle root creation slightly increases smart contract processing time but significantly improves history access. Overall, we show that Forensiblock offers secure, efficient, and reliable handling of digital forensic data.

Original language	English (US)
Title of host publication	Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	136-145
Number of pages	10
ISBN (Electronic)	9798350323856
DOIs	https://doi.org/10.1109/TPS-ISA58951.2023.00025
State	Published - 2023
Event	5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023 - Atlanta, United States Duration: Nov 1 2023 → Nov 4 2023

Publication series

Name	Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023

Conference

Conference	5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023
Country/Territory	United States
City	Atlanta
Period	11/1/23 → 11/4/23

Keywords

Access Control
Blockchain
Data Forensics
Provenance
Query
Secu-rity
Verification

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Information Systems
Information Systems and Management
Safety, Risk, Reliability and Quality

Access to Document

10.1109/TPS-ISA58951.2023.00025

Cite this

Akbarfam, A. J., Heidaripour, M., Maleki, H., Dorai, G., & Agrawal, G. (2023). ForensiBlock: A Provenance-Driven Blockchain Framework for Data Forensics and Auditability. In Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023 (pp. 136-145). (Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/TPS-ISA58951.2023.00025

ForensiBlock: A Provenance-Driven Blockchain Framework for Data Forensics and Auditability. / Akbarfam, Asma Jodeiri; Heidaripour, Mahdieh; Maleki, Hoda et al.
Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023. Institute of Electrical and Electronics Engineers Inc., 2023. p. 136-145 (Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Akbarfam, AJ, Heidaripour, M, Maleki, H , Dorai, G & Agrawal, G 2023, ForensiBlock: A Provenance-Driven Blockchain Framework for Data Forensics and Auditability. in Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023. Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023, Institute of Electrical and Electronics Engineers Inc., pp. 136-145, 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023, Atlanta, United States, 11/1/23. https://doi.org/10.1109/TPS-ISA58951.2023.00025

Akbarfam AJ, Heidaripour M, Maleki H , Dorai G, Agrawal G. ForensiBlock: A Provenance-Driven Blockchain Framework for Data Forensics and Auditability. In Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023. Institute of Electrical and Electronics Engineers Inc. 2023. p. 136-145. (Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023). doi: 10.1109/TPS-ISA58951.2023.00025

Akbarfam, Asma Jodeiri ; Heidaripour, Mahdieh ; Maleki, Hoda et al. / ForensiBlock : A Provenance-Driven Blockchain Framework for Data Forensics and Auditability. Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023. Institute of Electrical and Electronics Engineers Inc., 2023. pp. 136-145 (Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023).

@inproceedings{24398633d2f14cfa8ea85e0aec6f49cf,

title = "ForensiBlock: A Provenance-Driven Blockchain Framework for Data Forensics and Auditability",

abstract = "Maintaining accurate provenance records is paramount in digital forensics, as they underpin evidence credibility and integrity, addressing essential aspects like accountability and reproducibility. Blockchains have several properties that can address these requirements. Previous systems utilized public blockchains, i.e., treated blockchain as a black box, and benefiting from the immutability property. However, the blockchain was accessible to everyone, giving rise to security concerns and moreover, efficient extraction of provenance faces challenges due to the enormous scale and complexity of digital data. This necessitates a tailored blockchain design for digital forensics. Our solution, Forensiblock has a novel design that automates investigation steps, ensures secure data access, traces data origins, preserves records, and expedites provenance extraction. Forensiblock incorporates Role-Based Access Control with Staged Authorization (RBAC-SA) and a distributed Merkle root for case tracking. These features support authorized resource access with an efficient retrieval of provenance records. Particularly, comparing two methods for extracting provenance records - off-chain storage retrieval with Merkle root verification and a brute-force search - the off-chain method is significantly better, especially as the blockchain size and number of cases increase. We also found that our distributed Merkle root creation slightly increases smart contract processing time but significantly improves history access. Overall, we show that Forensiblock offers secure, efficient, and reliable handling of digital forensic data.",

keywords = "Access Control, Blockchain, Data Forensics, Provenance, Query, Secu-rity, Verification",

author = "Akbarfam, {Asma Jodeiri} and Mahdieh Heidaripour and Hoda Maleki and Gokila Dorai and Gagan Agrawal",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023 ; Conference date: 01-11-2023 Through 04-11-2023",

year = "2023",

doi = "10.1109/TPS-ISA58951.2023.00025",

language = "English (US)",

series = "Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "136--145",

booktitle = "Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023",

}

TY - GEN

T1 - ForensiBlock

T2 - 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023

AU - Akbarfam, Asma Jodeiri

AU - Heidaripour, Mahdieh

AU - Maleki, Hoda

AU - Dorai, Gokila

AU - Agrawal, Gagan

PY - 2023

Y1 - 2023

N2 - Maintaining accurate provenance records is paramount in digital forensics, as they underpin evidence credibility and integrity, addressing essential aspects like accountability and reproducibility. Blockchains have several properties that can address these requirements. Previous systems utilized public blockchains, i.e., treated blockchain as a black box, and benefiting from the immutability property. However, the blockchain was accessible to everyone, giving rise to security concerns and moreover, efficient extraction of provenance faces challenges due to the enormous scale and complexity of digital data. This necessitates a tailored blockchain design for digital forensics. Our solution, Forensiblock has a novel design that automates investigation steps, ensures secure data access, traces data origins, preserves records, and expedites provenance extraction. Forensiblock incorporates Role-Based Access Control with Staged Authorization (RBAC-SA) and a distributed Merkle root for case tracking. These features support authorized resource access with an efficient retrieval of provenance records. Particularly, comparing two methods for extracting provenance records - off-chain storage retrieval with Merkle root verification and a brute-force search - the off-chain method is significantly better, especially as the blockchain size and number of cases increase. We also found that our distributed Merkle root creation slightly increases smart contract processing time but significantly improves history access. Overall, we show that Forensiblock offers secure, efficient, and reliable handling of digital forensic data.

AB - Maintaining accurate provenance records is paramount in digital forensics, as they underpin evidence credibility and integrity, addressing essential aspects like accountability and reproducibility. Blockchains have several properties that can address these requirements. Previous systems utilized public blockchains, i.e., treated blockchain as a black box, and benefiting from the immutability property. However, the blockchain was accessible to everyone, giving rise to security concerns and moreover, efficient extraction of provenance faces challenges due to the enormous scale and complexity of digital data. This necessitates a tailored blockchain design for digital forensics. Our solution, Forensiblock has a novel design that automates investigation steps, ensures secure data access, traces data origins, preserves records, and expedites provenance extraction. Forensiblock incorporates Role-Based Access Control with Staged Authorization (RBAC-SA) and a distributed Merkle root for case tracking. These features support authorized resource access with an efficient retrieval of provenance records. Particularly, comparing two methods for extracting provenance records - off-chain storage retrieval with Merkle root verification and a brute-force search - the off-chain method is significantly better, especially as the blockchain size and number of cases increase. We also found that our distributed Merkle root creation slightly increases smart contract processing time but significantly improves history access. Overall, we show that Forensiblock offers secure, efficient, and reliable handling of digital forensic data.

KW - Access Control

KW - Blockchain

KW - Data Forensics

KW - Provenance

KW - Query

KW - Secu-rity

KW - Verification

UR - http://www.scopus.com/inward/record.url?scp=85186524859&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85186524859&partnerID=8YFLogxK

U2 - 10.1109/TPS-ISA58951.2023.00025

DO - 10.1109/TPS-ISA58951.2023.00025

M3 - Conference contribution

AN - SCOPUS:85186524859

T3 - Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023

SP - 136

EP - 145

BT - Proceedings - 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 1 November 2023 through 4 November 2023

ER -

ForensiBlock: A Provenance-Driven Blockchain Framework for Data Forensics and Auditability

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this