Affiliation:
1. Politecnico di Torino, Italy
Abstract
Computer forensic is the practice of collecting, analyzing, and reporting digital evidence in a way that is legally admissible in open court. Network forensics, an offset of computer forensic, is mainly concerned with the monitoring and analysis of network traffic, both local and WAN/internet, in order to identify security incidents and to investigate fraud or network misuse. In this chapter, the authors discuss challenges in creating high-speed network forensic tools and propose NetTrack, a tamper-proof device aimed to produce evidences with probative value via digital signatures for the network traffic. Since digitally signing each IP packet is not efficient, the authors used a specific technique exploiting the Merkle trees to create digital signatures for flows and multicasts and implemented it by using an optimized algorithm for Merkle tree traversal to save space and time. Through experiments, the authors show NetTrack signing is fast as it can produce digital evidence within a short time.
Reference51 articles.
1. OC3MON: Flexible, affordable, high-performance statistics collection.;J.Apisdorf;Proceedings of the 10th USENIX conference on System administration,1996
2. Efficient multicast authentication in internet of things
3. BBNT Patent. (2005). Systems and methods for network performance measurement using packet signature collection. Patent 6978223, Issued 20 December 2005 to BBNT Solutions LLC (Cambridge, MA). Retrieved July 11, 2017, from http://www.patentgenius.com/patent/6978223.html
4. MBS-OCSP: an OCSP based certificate revocation system for wireless environments
5. On the Performance and Use of a Space-Efficient Merkle Tree Traversal Algorithm in Real-Time Applications for Wireless and Sensor Networks
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献