Secure logging scheme for forensic analysis in cloud

Summary Cloud computing has emerged as a prominent technology that provides reliable on‐demand cloud services to users. Among the various kind of attacks, Distributed Denial of Service (DDoS) attack is one of the major application layer attacks that target the resources and services running in the cloud. Due to the distributed nature of attacks or crimes in the cloud, the evidence are collected from various components such as the router, switches, hard disk, log traces, and virtual machines. An attacker may collude with the cloud provider or investigators to tamper the log files or by inserting false information or by deleting the malicious activity logs altogether by leaving no trace. Hence, security is the major concern in cloud wherein investigation of crimes and attacks are very difficult. Collecting logs from the cloud providers is very hard since many users share the same network resources and the investigators rely on the providers to access the information. Therefore, in order to preserve the confidentiality, integrity, and authentication of logs, secure logging scheme is proposed to preserve the logs for forensic investigation. This paper highlights the secure logging scheme by extracting the features from logs of all virtual machine instances by double encryption scheme and also deals the integrity of the logs using hashing and verifies the signatures using Bloom filter–based R tree (BR tree). Furthermore, the verification is performed using Shamir Secret Sharing (SSS) scheme, and it is responsible for sharing the secret (private) keys to all the three parties, ie, user, investigator, and cloud providers. It is inferred from the experimental results that the proposed scheme requires minimal log processing time, minimal verification time for inserting logs, stores logs in time, and space efficient manner and scalable than existing methods.