Video Forensics in Cloud Computing: The Challenges & Recommendations
Forensic analysis of large video surveillance datasets requires computationally demanding processing and significant storage space. The current standalone and often dedicated computing infrastructure used for the purpose is rather limited due to practical limits of hardware scalability and the associated cost. Recently Cloud Computing has emerged as a viable solution to computing resource limitations, taking full advantage of virtualisation capabilities and distributed computing technologies. Consequently the opportunities provided by cloud computing service to support the requirements of forensic video surveillance systems have been recently studied in literature. However such studies have been limited to very simple video analytic tasks carried out within a cloud based architecture. The requirements of a larger scale video forensic system are significantly more and demand an in-depth study. Especially there is a need to balance the benefits of cloud computing with the potential risks of security and privacy breaches of the video data. Understanding different legal issues involved in deploying video surveillance in cloud computing will help making the proposed security architecture affective against potential threats and hence lawful. In this work we conduct a literature review to understand the current regulations and guidelines behind establishing a trustworthy, cloud based video surveillance system. In particular we discuss the requirements of a legally acceptable video forensic system, study the current security and privacy challenges of cloud based computing systems and make recommendations for the design of a cloud based video forensic system.
Frank Gens, “IDC eXchange Blog Archive New IDC IT Cloud Services Survey: Top Benefits and Challenges,” 2009. [Online]. Available: http://blogs.idc.com/ie/?p=730. [Accessed: 26-Sep-2014].
“VSaaS - Video Surveillance as a Service.” [Online]. Available: http://www.vsaas.com/. [Accessed: 24-Sep-2014].
D. Neal and S. M. Rahman, “Video surveillance in the cloud-computing?,” in 2012 7th International Conference on Electrical and Computer Engineering, 2012, pp. 58–61.
M. S. Hossain, M. M. Hassan, M. Al Qurishi, and A. Alghamdi, “Resource Allocation for Service Composition in Cloud-based Video Surveillance Platform,” in 2012 IEEE International Conference on Multimedia and Expo Workshops, 2012, pp. 408–412.
M. A. Hossain, “Analyzing the Suitability of Cloud-Based Multimedia Surveillance Systems,” in 2013 IEEE 10th International Conference on High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing, 2013, pp. 644–650.
M. A. Hossain, “Framework for a Cloud-Based Multimedia Surveillance System,” vol. 2014, 2014.
Y. Xiong, S. Wan, Y. He, and D. Su, “Design and Implementation of a Prototype Cloud Video Surveillance System,” vol. 18, no. 1, 2014.
D. A. Rodriguez-Silva, L. Adkinson-Orellana, F. J. Gonz’lez-Castano, I. Armino-Franco, and D. Gonz’lez-Martinez, “Video Surveillance Based on Cloud Storage,” in 2012 IEEE Fifth International Conference on Cloud Computing, 2012, pp. 991–992.
"Welcome to ApacheTM Hadoopa" [Online]. Available: http://hadoop.apache.org/. [Accessed: 24-Feb-2015].
“HDFS Architecture Guide.” [Online]. Available: http://hadoop.apache.org/docs/r1.2.1/hdfs_design.html. [Accessed: 24-Feb-2015].
J. Dean and S. Ghemawat, “MapReduce,” Commun. ACM, vol. 51, no. 1, p. 107, Jan. 2008.
A. Heikkinen, J. Sarvanko, M. Rautiainen, and M. Ylianttila, “Distributed multimedia content analysis with MapReduce,” in 2013 IEEE 24th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), 2013, pp. 3497–3501.
C. Ryu, D. Lee, M. Jang, C. Kim, and E. Seo, “Extensible Video Processing Framework in Apache Hadoop,” in 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, 2013, vol. 2, pp. 305–310.
“FFmpeg.” [Online]. Available: https://www.ffmpeg.org/. [Accessed: 01-Dec-2014].
C.-F. Lin, S.-M. Yuan, M.-C. Leu, and C.-T. Tsai, “A Framework for Scalable Cloud Video Recorder System in Surveillance Environment,” in 2012 9th International Conference on Ubiquitous Intelligence and Computing and 9th International Conference on Autonomic and Trusted Computing, 2012, pp. 655–660.
H. Tan and L. Chen, “An approach for fast and parallel video processing on Apache Hadoop clusters,” in 2014 IEEE International Conference on Multimedia and Expo (ICME), 2014, pp. 1–6.
“Digital Imaging Research Group :: Projects :: CrimeVis.” [Online]. Available: http://imaging.lboro.ac.uk/projects/CrimeVis/. [Accessed: 06-Oct-2014].
Cloud Security Alliance, “Security Guidance for Critical Areas of Cloud Security in Cloud Computing.” [Online]. Available: https://cloudsecurityalliance.org/research/security-guidance/. [Accessed: 01-Mar-2014].
D. Protection, “CCTV code of practice,” 2008. [Online]. Available: http://www.belb.org.uk/downloads/foi_cctv_code_of_practice.pdf. [Accessed: 15-Mar-2014].
ICO, “Guidance on the use of cloud computing,” 2012. [Online]. Available: https://ico.org.uk/media/for-organisations/documents/1540/cloud_computing_guidance_for_organisations.pdf. [Accessed: 19-Mar-2014].
T. V. Lillard, Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data. Syngress Publishing, 2010.
“In the picture : A data protection code of practice for surveillance cameras and personal information.”
“BBC News - Emergency phone and internet data laws to be passed.” [Online]. Available: http://www.bbc.co.uk/news/uk-politics-28237111. [Accessed: 08-Oct-2014].
“Surveillance Camera Code of Practice Surveillance Camera Code of Practice,” 2013.
“BBC News - Surveillance camera code of practice comes into force.” [Online]. Available: http://www.bbc.co.uk/news/uk-23636462. [Accessed: 15-Sep-2014].
N. Cohen and K. Maclennan-brown, “Publication No. 58/07 i.” .
J. L. Nagel, G. P. C. Ibbons, and L. Jeffrey, “Getting ESI Evidence Admitted : Lorraine v . Markel American Insurance Co .,” no. December, p. 2007, 2007.
M. Taylor, J. Haggerty, D. Gresty, and D. Lamb, “Forensic investigation of cloud computing systems,” Netw. Secur., vol. 2011, no. 3, pp. 4–10, Mar. 2011.
R. I. Rubin and M. J. Stempler, “Video Surveillance in Personal Injury Cases,” 2010.
D. Neal, “Video Surveillance in the Cloud?,” Int. J. Cryptogr. Inf. Secur., vol. 2, no. 3, pp. 1–19, Sep. 2012.
N. Cohen and K. Maclennen-Brown, “Retrieval of Video Evidence and Production of Working Copies from Digital CCTV Systems v2.0,” 2008. .
“Digital Images as Evidence - CCTV Information.” [Online]. Available: http://www.cctv-information.co.uk/i/Digital_Images_as_Evidence. [Accessed: 24-Sep-2014].
Q. Mahmood and C. Jensen, Security and Privacy in Video Surveillance: Requirements and Challenges, vol. 428. Berlin, Heidelberg: Springer Berlin Heidelberg, 2014.
T. Winkler and B. Rinner, “Security and Privacy Protection in Visual Sensor Networks,” ACM Comput. Surv., vol. 47, no. 1, pp. 1–42, Jul. 2014.
ENISA, “Cloud Computing: Benefits, risks and recommendation for information security.,” 2009.
R. Buyya, J. Broberg, and A. M. Goscinski, Cloud Computing Principles and Paradigms. Wiley Publishing, 2011.
E. J. Schweitzer, “Reconciliation of the cloud computing model with US federal electronic health record regulations.,” J. Am. Med. Inform. Assoc., vol. 19, no. 2, pp. 161–5, 2011.
W. a Jansen, “Cloud Hooks: Security and Privacy Issues in Cloud Computing,” 2011 44th Hawaii Int. Conf. Syst. Sci., pp. 1–10, Jan. 2011.
D. Chen and H. Zhao, “Data Security and Privacy Protection Issues in Cloud Computing,” 2012 Int. Conf. Comput. Sci. Electron. Eng., no. 973, pp. 647–651, Mar. 2012.
B. Grobauer, T. Walloschek, and E. Stocker, “Understanding Cloud Computing Vulnerabilities,” IEEE Secur. Priv. Mag., vol. 9, no. 2, pp. 50–57, Mar. 2011.
K. Dahbur, B. Mohammad, and A. B. Tarakji, “A survey of risks, threats and vulnerabilities in cloud computing,” in Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications - ISWSA ’11, 2011, pp. 1–6.
F. Rocha and M. Correia, “Lucy in the sky without diamonds: Stealing confidential data in the cloud,” in 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W), 2011, pp. 129–134.
M. T. Khorshed, A. B. M. S. Ali, and S. A. Wasimi, “A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing,” Futur. Gener. Comput. Syst., vol. 28, no. 6, pp. 833–851, Jun. 2012.
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get off of my cloud,” in Proceedings of the 16th ACM conference on Computer and communications security - CCS ’09, 2009, p. 199.
Z. Xiao and Y. Xiao, “Security and Privacy in Cloud Computing,” IEEE Commun. Surv. Tutorials, vol. 15, no. 2, pp. 843–859, 2013.
J. Brodkin, “Gartner: Seven cloud-computing security risks,” 2008.
Cloud Security Alliance, “Security research alliance to promote network security,” Network Security, vol. 1999, no. 2. pp. 3–4, 1999.
Cloud Security Alliance, “The Notorious Nine, Cloud Computing Top Threats in 2013,” no. February. pp. 1–14, 2010.
D. O. F. Philosophy, “Security Audit Compliance For Cloud Computing by,” 2014.
N. Gonzalez, C. Miers, F. Redígolo, M. Simplício, T. Carvalho, M. Näslund, and M. Pourzandi, “A quantitative analysis of current security concerns and solutions for cloud computing,” J. Cloud Comput. Adv. Syst. Appl., vol. 1, no. 1, p. 11, 2012.
K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” J. Internet Serv. Appl., vol. 4, no. 1, p. 5, 2013.
P. K. Manadhata and J. M. Wing, “An Attack Surface Metric,” IEEE Trans. Softw. Eng., vol. 37, no. 3, pp. 371–386, May 2011.
P. Balboni, V. Mascheroni, A. Paolo, and B. Law, “Data Protection and Data Security Issues Related to Cloud Computing in the EU,” Soc. Sci. Res., vol. 022, no. 022, pp. 1–12, 2010.
M. L. Kemp, S. Robb, and P. C. Deans, “Key Legal Issues with Cloud ComputingL A UK Law Perspective,” A. Bento and A. K. Aggarwal, Eds. IGI Global, 2012, pp. 242–256.
S. De Silva, “The Legal Implications of Cloud Computing,” A. Bento and A. K. Aggarwal, Eds. IGI Global, 2012, pp. 257–273.
“Opinion 05/2012 on Cloud Computing,” 2012.
D. P. Act, “Determining what is personal data,” 1998.
R. Marchini, Cloud Computing: A Practical Introduction to the Legal Issues. BSI, 2010.
T. Mather, S. Kumaraswamy, and S. Latif, Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. “O’Reilly Media, Inc.,” 2009.
“FREQUENTLY ASKED QUESTIONS RELATING TO TRANSFERS OF PERSONAL DATA FROM THE EU/EEA.”
F. Doelitzscher, C. Reich, and A. Sulistio, “Designing Cloud Services Adhering to Government Privacy Laws,” in 2010 10th IEEE International Conference on Computer and Information Technology, 2010, pp. 930–935.
“Amazon AWS Security Center.” [Online]. Available: http://aws.amazon.com/security/. [Accessed: 04-Dec-2014].
“Amazon Health care complience.” [Online]. Available: http://media.amazonwebservices.com/AWS_HIPAA_Whitepaper_Final.pdf. [Accessed: 04-Dec-2014].
“Amazon AWS Government Cloud Computing.” [Online]. Available: http://aws.amazon.com/govcloud-us/. [Accessed: 04-Dec-2014].
L. M. Vaquero, L. Rodero-Merino, and D. Morán, “Locking the sky: a survey on IaaS cloud security,” Computing, vol. 91, no. 1, pp. 93–118, Nov. 2010.
Copyright (c) 2015 Journal of Information Sciences and Computing Technologies
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
TRANSFER OF COPYRIGHT
JISCT is pleased to undertake the publication of your contribution to Journal of Information Sciences and Computing Technologies
The copyright to this article is transferred to JISCT(including without limitation, the right to publish the work in whole or in part in any and all forms of media, now or hereafter known) effective if and when the article is accepted for publication thus granting JISCT all rights for the work so that both parties may be protected from the consequences of unauthorized use.