LoboVault Home
 

Privacy-preserving techniques for computer and network forensics

LoboVault

Please use this identifier to cite or link to this item: http://hdl.handle.net/1928/20876

Privacy-preserving techniques for computer and network forensics

Show full item record

Title: Privacy-preserving techniques for computer and network forensics
Author: Shebaro, Bilal
Advisor(s): Crandall, Jedidiah
Committee Member(s): Arnold, Dorian
Perez-Gonzalez, Fernando
Comesana-Alfaro, Pedro
Department: University of New Mexico. Dept. of Computer Science
Subject(s): Privacy-Preserving
Forensics
Tor
Netflow
LC Subject(s): Computer security.
Data protection.
Computer networks--Monitoring--Social aspects.
Computer security--Management--Social aspects.
Computer crimes--Investigation--Social aspects.
Degree Level: Doctoral
Abstract: Clients, administrators, and law enforcement personnel have many privacy concerns when it comes to network forensics. Clients would like to use network services in a freedom-friendly environment that protects their privacy and personal data. Administrators would like to monitor their network, and audit its behavior and functionality for debugging and statistical purposes (which could involve invading the privacy of its network users). Finally, members of law enforcement would like to track and identify any type of digital crimes that occur on the network, and charge the suspects with the appropriate crimes. Members of law enforcement could use some security back doors made available by network administrators, or other forensic tools, that could potentially invade the privacy of network users. In my dissertation, I will be identifying and implementing techniques that each of these entities could use to achieve their goals while preserving the privacy of users on the network. I will show a privacy-preserving implementation of network flow recording that can allow administrators to monitor and audit their network behavior and functionality for debugging and statistical purposes without having this data contain any private information about its users. This implementation is based on identity-based encryption and differential privacy. I will also be showing how law enforcement could use timing channel techniques to fingerprint anonymous servers that are running websites with illegal content and services. Finally I will show the results from a thought experiment about how network administrators can identify pattern-like software that is running on clients' machines remotely without any administrative privileges. The goal of my work is to understand what privileges administrators or law enforcement need to achieve their goals, and the privacy issues inherent in this, and to develop technologies that help administrators and law enforcement achieve their goals while preserving the privacy of network users.
Graduation Date: May 2012
URI: http://hdl.handle.net/1928/20876

Files in this item

Files Size Format View
Shebaro_Dissertation.pdf 932.9Kb PDF View/Open

This item appears in the following Collection(s)

Show full item record

UNM Libraries

Search LoboVault


Advanced Search

Browse

My Account