Computationally private information retrieval (extended abstract)
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
Journal of the ACM (JACM)
Breaking the O(n1/(2k-1)) Barrier for Information-Theoretic Private Information Retrieval
FOCS '02 Proceedings of the 43rd Symposium on Foundations of Computer Science
Upper Bound on Communication Complexity of Private Information Retrieval
ICALP '97 Proceedings of the 24th International Colloquium on Automata, Languages and Programming
Using a High-Performance, Programmable Secure Coprocessor
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Practical server privacy with secure coprocessors
IBM Systems Journal - End-to-end security
Protecting Client Privacy with Trusted Computing at the Server
IEEE Security and Privacy
A Geometric Approach to Information-Theoretic Private Information Retrieval
CCC '05 Proceedings of the 20th Annual IEEE Conference on Computational Complexity
An Efficient PIR Construction Using Trusted Hardware
ISC '08 Proceedings of the 11th international conference on Information Security
Almost optimal private information retrieval
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Single-database private information retrieval with constant communication rate
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Private information retrieval using trusted hardware
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Hi-index | 0.00 |
Digital forensics investigations aim to find evidence that helps confirm or disprove a hypothesis about an alleged computer-based crime. However, the ease with which computer-literate criminals can falsify computer event logs makes the prosecutor's job highly challenging. Given a log which is suspected to have been falsified or tampered with, a prosecutor is obliged to provide a convincing explanation for how the log may have been created. Here we focus on showing how a suspect computer event log can be transformed into a hypothesised actual sequence of events, consistent with independent, trusted sources of event orderings. We present two algorithms which allow the effort involved in falsifying logs to be quantified, as a function of the number of 'moves' required to transform the suspect log into the hypothesised one, thus allowing a prosecutor to assess the likelihood of a particular falsification scenario. The first algorithm always produces an optimal solution but, for reasons of efficiency, is suitable for short event logs only. To deal with the massive amount of data typically found in computer event logs, we also present a second heuristic algorithm which is considerably more efficient but may not always generate an optimal outcome.