This document discusses Internet of Things (IoT) forensics. It begins with an overview of IoT, including its key characteristics and architecture. It then discusses digital forensics and how IoT forensics deals with cybercrimes across the three layers of an IoT system. It identifies categories of evidence for IoT crime scenes, including smart devices, hardware/software, and external resources. It outlines security challenges for IoT like authentication, updates, and privacy. Finally, it discusses the scope of IoT forensics work, including evidence identification, analysis, and attack attribution.
1. Maulana Abul Kalam Azad University of Technology, W.B.
IoT Forensics
Submitted By
Aakashjit Bhattacharya
Roll Number:- 30011218021
Registration Number:- 183000410054 of 2018-2019
Guided By
Professor Debashish De & Dr. Koushik Majumder
Computer Science & Engineering Department
M.A.K.A.U.T., W.B.
3. • Internet Of Things
• Characteristics of IoT
• Digital Forensics
• IoT Forensics
• Categories of Evidences With Respect To a Crime Scene
• Cyber Security challenges in IoT
• Open Issues and Scope of work
• Conclusion
• Reference
Content
4.
5. Internet of Things
• Building block for Smart homes and Smart Cities.
• 3 layers:- Sensing layer, Communication layer, Transmission layer.
• Lot of things work parallel, to complete the entire architecture of an IoT System, which
includes low-power embedded system, big-data, Machine Learning and networking.
• Provides M2M connectivity across all the connected devices.
7. Digital Forensics
Digital forensics (sometimes known as digital forensic science) is a
branch of forensic science encompassing the recovery and
investigation of material found in digital devices, often in relation
to computer crime.
A digital forensic investigation commonly consists of 3 stages:
acquisition or imaging of exhibits, analysis, and reporting.
Evidences used in digital forensics are : hard drive of the criminals’ computer, laptop, external hard drives,
USB devices, mobile devices, etc. [2].
8. Three Possible Roles of A Computer Digital Forensics [4]
1. Computer can be the aim of the crime.
2. It can be responsible/ source of the crime.
3. It can act as an evidence/ proof of information that contains criminal acts.
9. IoT Forensics
Deals with IoT-related cybercrimes that includes investigation of connected devices, sensors and
the data stored on all possible platforms.
As security breach can take place in any of the three layers of this IoT Architecture, so IoT
forensics need to inspect all the three layers well in order to detect the crime.
10. Categories of Evidences With Respect To A Crime Scene
1. Smart devices and sensors : It includes sensors, smart devices, automation tools those
are powered by IoT Architecture, in other words, the
gadgets those are present in the Crime Scene.
2. Hardware and Software : Communication link between smart devices and the external
world which includes IPS, Firewalls, Computers.
3. External resources : Areas outside networks under investigation, that includes
Cloud, Social Media, ISPs, Network Providers.
Reference:- https://hub.packtpub.com/iot-forensics-security-connected-world/
11. Timeline of Evolution of IoT Forensics from Computer Forensic [3]
Reference :- Ana Nieto, Ruben Rios, Javier Lopez, IoT-Forensics Meets Privacy: Towards Cooperative Digital Investigations, MDPI, February 2018
12. Security Challenges in IoT[1]
Secure constrained devices Limited amounts of storage, memory, and processing capability and they
often need to be able to operate on lower power, so many encryption
algorithms can’t be used and so can’t transmit data securely in real-time.
Authorize and authenticate
devices
Many IoT device fails to establish their identity before accessing gateways,
upstream services and apps as they fail in device authentication.
Applying Device Updates 1. There is a need to keep track of which updates are available and apply
those updates consistently across distributed environments with
heterogeneous devices that communicate through a range of different
networking protocols.
2. Only Some devices support over-the-air updates, or updates without
downtime, but the other devices might need to be physically accessed
or temporarily pulled from production to apply updates.
Secure Communication Many IoT device do not encrypt message before transmitting.
https://developer.ibm.com/articles/iot-top-10-iot-security-challenges/Reference [1]
13. Security Challenges in IoT (contd.)
Ensure Data Privacy and
Integrity
The application of data privacy includes anonimizing sensitive data before
it is stored or using data separation to separate personally identifiable
information from IoT data payloads. Unrequired data must be securely
disposed of, and if data is stored, compliance should be maintained with
legal and regulatory frameworks is also an important challenge.
Secure web, mobile, and
cloud applications
As a part of multi-layered approach of IoT security, WEB MOBILE and
CLOUD APPS and SERVICES that are used to manage, access and process
IoT devices and data must be secured
Detect vulnerabilities and
incidents
When there is large scale implementation of IoT systems, then the
complexity of the system from the perspective of the variety of devices
connected, apps and services, and communication protocols involved, can
make it difficult to identify when an incident has occurred.
Predict and preempt security
issues
IoT security challenge in long term is to apply security intelligence for
detecting and mitigating issues, predicting and proactively protecting
against potential security threats.
Threat modelling[7] is one approach to predict security issues.
14. 1. Identification, collection and preservation of Evidence
2. Co-relation and analysis of evidence.
3. Attack or deficit attribution.
& Scope of work
15. [1] https://developer.ibm.com/articles/iot-top-10-iot-security-challenges/
[2] Áine MacDermott, Thar Baker, Qi Shi, IoT Forensics: Challenges For The IoA Era, IEEE Xplore 2nd April 2018.
[3] Ana Nieto, Ruben Rios, Javier Lopez, IoT-Forensics Meets Privacy: Towards Cooperative Digital Investigations, MDPI, DOI:
https://doi.org/10.3390/s18020492. Received: 28 December 2017 / Revised: 25 January 2018 / Accepted: 4 February 2018 /
Published: 7 February 2018
[4] Gianni Fenu and Fabrizio Solinas , COMPUTER FORENSICS INVESTIGATION AN APPROACH TO EVIDENCE IN CYBERSPACE,
Conference: The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec2013)
[5] https://hub.packtpub.com/iot-forensics-security-connected-world/
[6] https://www.owasp.org/index.php/Application_Threat_Modeling
References