ABSTRACT
Smart Connected Toys (SCTs) have the potential to collect terabytes of sensitive personal, contextual, and usage information which may be a subject of cybercrime or used as a conduit for cybercrime resulting in a digital forensic investigation which requires the examination of the digital artifact stored, processed or transmitted by the SCT. SCT forensics is challenging in most cases due to non-availability of specialized forensics tools and standardized evidence acquisition interface port. We explore the various privacy and security challenges plaguing the SCT industry and the possible safety risk SCT poses to children as a result of a lack of serious consideration technical controls surrounding the collection, processing, and storage of children's information and possible exposure to crime which will require digital forensic investigation. As a result of this gap in research and industry, we investigate current digital forensic solutions for SCTs and present an abstract forensics investigation framework with the focus on using non-conventional means which allow Investigators to successfully "Plan," "Preserve" "Process" and "Present" (4P) as a systematic means to conduct digital forensic analysis on an SCT in a situation where SCT is complicit in a criminal investigation or a subject of crime.
- Marketwatch.com, "Connected Toys Market 2018-2026 with data by product types, applications, and regional analysis", MarketWatch, 2019. [Online]. Available:https://www.marketwatch.com/press-release/connected-toys-market-2018-2026-with-data-by-product-types-applications-and-regional-analysis-2019-01-31. [Accessed: 18-Jun-2019].Google Scholar
- N. Bill, "Guide to Computer Forensics and Investigations." 5th Edition. Published by Thomson Course Technology, 2016.Google Scholar
- M. Martinez, "FBI: New Barbie 'Video Girl' doll could be used for child porn." 2010. [Online]. Available:http://newsroom.blogs.cnn.com/2010/12/06/fbi-new-barbie-video-girl-doll-could-be-used-for-child-porn-2/ [Accessed : 31-Jul. -2019]Google Scholar
- P. C. K. Hung, "Children Privacy Protection Engine for Smart Anthropomorphic Toys Proposal." 2015.Google Scholar
- S. Chakraborty, K. R. Raghavan, M. P. Johnson, and M. B. Srivastava, "A Framework for Context-Aware Privacy of Sensor Data on Mobile Systems," the Fourteenth Workshop on Mobile Computing Systems and Applications, pp. 6. 2013.Google Scholar
- H. Haifa, M. Yousef, S. Shaima & F. Iqbal, "State of the Art in Digital Forensics for Small Scale Digital Devices". 11th International Conference on Information and Communication Systems (ICICS), 2020Google Scholar
- G. Tsakalidis, and K. Vergidis "A Systematic Approach Toward Description and Classification of Cybercrime Incidents," IEEE Transactions on Systems, Man, and Cybernetics: Systems. 2017.Google Scholar
- FBI and NW3C, "2014 Internet Crime Report". 2015. [Online]. Available:https://pdf.ic3.gov/2014_IC3Report.pdf [Accessed on July 21, 2017].Google Scholar
- Council of Europe, "Convention on Cybercrime." Nov. 23, 2001. [Online]. Available: http://www.coe.int/el/web/conventions/full-list/-/. [Accessed: Jul. 21, 2017].Google Scholar
- "Internet Crime Complaint Center (IC3) | Search." [Online]. Available:https://www.ic3.gov/search.aspx?q="personal_choice_outfitters"&p=4. [Accessed: 22-May-2020].Google Scholar
- P. C. K. Hung, "Children Privacy Protection Engine for Smart Anthropomorphic Toys Proposal." 2015.Google Scholar
- J. McLaughlin, "New Court Filing Reveals Apple Faces 12 Other Requests to Break Into Locked iPhones". The Intercept. February 23, 2016.Google Scholar
- PricewaterhouseCoopers, "The Global State of Information Security_Survey 2015---Managing Cyber Risks in an Interconnected World". Sep. 30, 2014. [Online]. Available: http://www.pwccn.com/webmedia/doc/635527689739110925_rcs_info_security_2015.pdf. [Accessed: Jul. 21, 2017].Google Scholar
- F. Howard, "Exploring the Blackhole exploit kit: 2.3.4 Payload". March 29, 2012. [Online]. Available:https://nakedsecurity.sophos.com/exploringthe-blackhole-exploitkit14/. [Accessed: 31-Jul-2019].Google Scholar
- D. L. Shinder and M. Cross, Scene of the Cybercrime. Burlington, MA, USA: Syngress, 2008.Google Scholar
- P. C. K. Hung, M. Fantinato, and L. Rafferty, "A Study of Privacy Requirements for Smart Toys," The 20th Pacific Asia Conference on Information Systems (PACIS 2016), Chiayi, Taiwan, June 27 - July 1, 2016.Google Scholar
- D. Forbrukerra, "Investigation of privacy and security issues with smart toys," Available:https://fil.forbrukerradet.no/wp-content/uploads/2016/12/2016-11-technical-analysis-of-the-dolls-bouvet.pdf, Nov.2016.Google Scholar
- V. Verdoodt and E. Lievens, "Toying with children's emotions, the new game in town? The legality of advergames in the EU." Computer Law & Security Review vol. 32, no. 4, 599--614. 2016.Google ScholarCross Ref
- B. Yankson, F. Iqbal, and P. C. K. Hung, "Privacy Preservation Framework for Smart Connected Toys." Computing in Smart Toys, pp. 149--164. 2017Google ScholarCross Ref
- L. G. de Carvalho and M. M. Eler, "Security Tests for Smart Toys." ICEIS (2). pp.111. 2018.Google Scholar
- B. Yankson, "PDCA Based Privacy Preservation Framework." International Journal of Information Security, SpringerGoogle Scholar
- Rapid7. HACKING IoT: A Case Study on Baby Monitor Exposures and Vulnerabilities. https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf, Sept. 2015.Google Scholar
- E. Taylor and K. Michael, "Smart Toys that are the Stuff of Nightmares." IEEE Technology and Society Magazine, 35(1). pp.8--10. 2016.Google ScholarCross Ref
- Inc. Somerset Recon, "Hello Barbie Initial Security Analysis," Jan. 2016.Google Scholar
- T. Denning, C. Matuszek, K. Koscher, J. R. Smith, and T. Kohno, "A spotlight on security and privacy risks with future household robots: attacks and lessons." The ACM international conference on Ubiquitous computing pp. 105--114. 2009.Google Scholar
- M. Dhanhani, B. AlRasebi, A. Nuaimi, and F. Iqbal, "Forensics of "Hello Barbie" Smart Toy," Student Paper, Zayed University College of Technological InnovationGoogle Scholar
- Barbiemedia.com, "Mattel Focuses on Dad with New Campaign." Jan 23, 2017. [Online]. Available:http://www.barbiemedia.com/news/detail/150.html. /. [Accessed: 31-Jul-2019].Google Scholar
- B. Yankson, F. Iqbal, S. Aleem, B. Shah, P. C. K. Hung and A. P. de Albuquerque, "A Privacy-Preserving Context Ontology (PPCO) for Smart Connected Toys," 2019 12th CMI Conference on Cybersecurity and Privacy (CMI), Copenhagen, Denmark, 2019, pp. 1--6 Google ScholarCross Ref
- B. Yankson, F. Iqbal, Z. Lu, X. Wang, and P.C.K Hung, P. "Modelling Privacy Preservation in Smart Connected Toys by Petri-Nets," Proceedings of the 52nd Hawaii International Conference on System Sciences, pp. 1696--1705, January 8 - 12, 2019.Google Scholar
- A. Hilts, C. Parsons, and J. Knockel, "Every step you fake: A comparative analysis of fitness tracker privacy and security," 2016.Google Scholar
- 4P based forensics investigation framework for smart connected toys
Recommendations
FORZA - Digital forensics investigation framework that incorporate legal issues
What is Digital Forensics? Mark Pollitt highlighted in DFRWS 2004 [Politt MM. Six blind men from Indostan. Digital forensics research workshop (DFRWS); 2004] that digital forensics is not an elephant, it is a process and not just one process, but a ...
Digital Forensics and Crime Investigation: Legal Issues in Prosecution at National Level
SADFE '10: Proceedings of the 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic EngineeringAbstract: Revolution in Internet and ease in use of latest technology is significantly increasing the use of latest technology worldwide, day by day. Advancement in digital devices such as computers and cell phones also helped the people to work both ...
Digital Forensics
This issue is one of a pair of coordinated special issues on digital forensics by IEEE Security & Privacy and IEEE Signal Processing Magazine. S&P's special issue has articles debating the effectiveness of forensics, on capturing live forensics analysis ...
Comments