CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Characterizing the query behavior in peer-to-peer file sharing systems
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Remote Physical Device Fingerprinting
IEEE Transactions on Dependable and Secure Computing
Hot or not: revealing hidden services by their clock skew
Proceedings of the 13th ACM conference on Computer and communications security
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Wireless device identification with radiometric signatures
Proceedings of the 14th ACM international conference on Mobile computing and networking
On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
ACM Transactions on Information and System Security (TISSEC)
De-anonymizing the internet using unreliable IDs
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
Content availability and bundling in swarming systems
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Attacks on physical-layer identification
Proceedings of the third ACM conference on Wireless network security
Effective digital forensics research is investigator-centric
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Forensic investigation of the OneSwarm anonymous filesharing system
Proceedings of the 18th ACM conference on Computer and communications security
A glance at an overlooked part of the world wide web
Proceedings of the 22nd international conference on World Wide Web companion
Measurement and analysis of child pornography trafficking on P2P networks
Proceedings of the 22nd international conference on World Wide Web
Hi-index | 0.00 |
Measurements of the Internet for law enforcement purposes must be forensically valid. We examine the problems inherent in using various network- and application-level identifiers in the context of forensic measurement, as exemplified in the policing of peer-to-peer file sharing networks for sexually exploitative imagery of children (child pornography). First, we present a five-month measurement performed in the law enforcement context. We then show how the identifiers in these measurements can be unreliable, and propose the tagging of remote machines. Our proposed tagging method marks remote machines by providing them with application- or system-level data which is valid, but which covertly has meaning to investigators. This tagging allows investigators to link network observations with physical evidence in a legal, forensically strong, and valid manner. We present a detailed model and analysis of our method, show how tagging can be used in several specific applications, discuss the general applicability of our method, and detail why the tags are strong evidence of criminal intent and participation in a crime.