Double Encryption for Data Authenticity and Integrity in Privacy-preserving Confidential Forensic Investigation
It is getting popular that users will put their data in cloud computing services or data centers. It applies to criminals too. In such computing platforms, data will be stored in large servers. In other words, evidence for crime cases may exist in a large storage media or even distributed in various storage device(s) that may be in different sites. The traditional approach of cloning a copy of data in forensic investigation will not work. Besides, those users irrelevant to the crime are not willing to disclose their private data for investigation. To solve these problems, Hou et al. provided the first solutions to let the server administrator (without knowing the investigation subject) to retrieve only the data that is relevant to the cases based on the technique of searching encrypted keywords over encrypted data. In this case, the privacy data of irrelevant users can be protected from disclosing. However, in their solutions, it is no way to confirm the authenticity and integrity of the collected data. This is critical when presenting the evidence to court. In this paper, we try to tackle this problem and provide a solution to verify the authenticity and integrity of the evidence in addition to the security requirements for privacy-preserving confidential forensic investigation. Our solution is based on a “double encryption” scheme. We provide a security analysis of the scheme and we also implemented the proposed scheme based on RSA cryptosystem. Experimental results show that the performance of the scheme is reasonable.