Providing Tamper-Resistant Audit Trails with Distributed Ledger based Solutions for Forensics of IoT Systems using Cloud Resources

Magnus Westerlund, Mats Neovius, Göran Pulkkis

    Research output: Contribution to journalArticleScientificpeer-review


    Network and information security are often more challenging for currentIoT systems than for traditional networks. Cloud computing resources used by mostIoT systems are publicly accessible and thereby, through this availability,increase the risk of intrusion. The increase in the processing of sensitivedata in IoT systems makes security challenges more noteworthy, particularly inlight of legal issues around cross-border transfers and data protection.Technologies preventing intrusion are effective, yet not perfect. Once a systemis compromised, the intruder may start to delete and to modify audit trails andsystem log files for covering-up the intrusion. Complete and untampered audit trails and log files areessential for the legitimate owner of an IoT system using cloud resources toestimate the losses, to reconstruct the data, to detect the origin of theintrusion attack, and eventually in a court of law be able to prosecute theattacker. Due to this, improved methods for performing forensics in IoT systemsare desperately needed.IoT forensics is mostly cloud forensics, since most IoT data iscurrently stored in the cloud. Therefore, cloudforensics is a key component in IoT forensics. The baseline for any forensicinvestigation is assured data availability and integrity. In this paper, weoutline how forensic evidence data can be created for IoT systems using distributedcloud resources and how the availability and integrity of this forensic datacan be assured by applying distributed ledger based solutions for storing audittrails and log files securely. Given this approach, an attacker can neither delete,nor modify past trails or logs but merely stop generating new data into logfiles. The approach presented here is novel, yet light enough for practicaluse.

    Original languageUndefined/Unknown
    Pages (from-to)288–300
    JournalInternational Journal on Advances in Security
    Issue number3&4
    Publication statusPublished - 2018
    MoE publication typeA1 Journal article-refereed

    Cite this