research-article

4P based forensics investigation framework for smart connected toys

Authors:

Benjamin Yankson,

Farkhund Iqbal,

Patrick C. K. HungAuthors Info & Claims

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

Article No.: 44, Pages 1 - 9

https://doi.org/10.1145/3407023.3409213

Published: 25 August 2020 Publication History

Abstract

Smart Connected Toys (SCTs) have the potential to collect terabytes of sensitive personal, contextual, and usage information which may be a subject of cybercrime or used as a conduit for cybercrime resulting in a digital forensic investigation which requires the examination of the digital artifact stored, processed or transmitted by the SCT. SCT forensics is challenging in most cases due to non-availability of specialized forensics tools and standardized evidence acquisition interface port. We explore the various privacy and security challenges plaguing the SCT industry and the possible safety risk SCT poses to children as a result of a lack of serious consideration technical controls surrounding the collection, processing, and storage of children's information and possible exposure to crime which will require digital forensic investigation. As a result of this gap in research and industry, we investigate current digital forensic solutions for SCTs and present an abstract forensics investigation framework with the focus on using non-conventional means which allow Investigators to successfully "Plan," "Preserve" "Process" and "Present" (4P) as a systematic means to conduct digital forensic analysis on an SCT in a situation where SCT is complicit in a criminal investigation or a subject of crime.

References

[1]

Marketwatch.com, "Connected Toys Market 2018-2026 with data by product types, applications, and regional analysis", MarketWatch, 2019. [Online]. Available:https://www.marketwatch.com/press-release/connected-toys-market-2018-2026-with-data-by-product-types-applications-and-regional-analysis-2019-01-31. [Accessed: 18-Jun-2019].

[2]

N. Bill, "Guide to Computer Forensics and Investigations." 5th Edition. Published by Thomson Course Technology, 2016.

[3]

M. Martinez, "FBI: New Barbie 'Video Girl' doll could be used for child porn." 2010. [Online]. Available:http://newsroom.blogs.cnn.com/2010/12/06/fbi-new-barbie-video-girl-doll-could-be-used-for-child-porn-2/ [Accessed : 31-Jul. -2019]

[4]

P. C. K. Hung, "Children Privacy Protection Engine for Smart Anthropomorphic Toys Proposal." 2015.

[5]

S. Chakraborty, K. R. Raghavan, M. P. Johnson, and M. B. Srivastava, "A Framework for Context-Aware Privacy of Sensor Data on Mobile Systems," the Fourteenth Workshop on Mobile Computing Systems and Applications, pp. 6. 2013.

[6]

H. Haifa, M. Yousef, S. Shaima & F. Iqbal, "State of the Art in Digital Forensics for Small Scale Digital Devices". 11th International Conference on Information and Communication Systems (ICICS), 2020

[7]

G. Tsakalidis, and K. Vergidis "A Systematic Approach Toward Description and Classification of Cybercrime Incidents," IEEE Transactions on Systems, Man, and Cybernetics: Systems. 2017.

[8]

FBI and NW3C, "2014 Internet Crime Report". 2015. [Online]. Available:https://pdf.ic3.gov/2014_IC3Report.pdf [Accessed on July 21, 2017].

[9]

Council of Europe, "Convention on Cybercrime." Nov. 23, 2001. [Online]. Available: http://www.coe.int/el/web/conventions/full-list/-/. [Accessed: Jul. 21, 2017].

[10]

"Internet Crime Complaint Center (IC3) | Search." [Online]. Available:https://www.ic3.gov/search.aspx?q="personal_choice_outfitters"&p=4. [Accessed: 22-May-2020].

[11]

P. C. K. Hung, "Children Privacy Protection Engine for Smart Anthropomorphic Toys Proposal." 2015.

[12]

J. McLaughlin, "New Court Filing Reveals Apple Faces 12 Other Requests to Break Into Locked iPhones". The Intercept. February 23, 2016.

[13]

PricewaterhouseCoopers, "The Global State of Information Security_Survey 2015---Managing Cyber Risks in an Interconnected World". Sep. 30, 2014. [Online]. Available: http://www.pwccn.com/webmedia/doc/635527689739110925_rcs_info_security_2015.pdf. [Accessed: Jul. 21, 2017].

[14]

F. Howard, "Exploring the Blackhole exploit kit: 2.3.4 Payload". March 29, 2012. [Online]. Available:https://nakedsecurity.sophos.com/exploringthe-blackhole-exploitkit14/. [Accessed: 31-Jul-2019].

[15]

D. L. Shinder and M. Cross, Scene of the Cybercrime. Burlington, MA, USA: Syngress, 2008.

[16]

P. C. K. Hung, M. Fantinato, and L. Rafferty, "A Study of Privacy Requirements for Smart Toys," The 20th Pacific Asia Conference on Information Systems (PACIS 2016), Chiayi, Taiwan, June 27 - July 1, 2016.

[17]

D. Forbrukerra, "Investigation of privacy and security issues with smart toys," Available:https://fil.forbrukerradet.no/wp-content/uploads/2016/12/2016-11-technical-analysis-of-the-dolls-bouvet.pdf, Nov.2016.

[18]

V. Verdoodt and E. Lievens, "Toying with children's emotions, the new game in town? The legality of advergames in the EU." Computer Law & Security Review vol. 32, no. 4, 599--614. 2016.

[19]

B. Yankson, F. Iqbal, and P. C. K. Hung, "Privacy Preservation Framework for Smart Connected Toys." Computing in Smart Toys, pp. 149--164. 2017

[20]

L. G. de Carvalho and M. M. Eler, "Security Tests for Smart Toys." ICEIS (2). pp.111. 2018.

[21]

B. Yankson, "PDCA Based Privacy Preservation Framework." International Journal of Information Security, Springer

[22]

Rapid7. HACKING IoT: A Case Study on Baby Monitor Exposures and Vulnerabilities. https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf, Sept. 2015.

[23]

E. Taylor and K. Michael, "Smart Toys that are the Stuff of Nightmares." IEEE Technology and Society Magazine, 35(1). pp.8--10. 2016.

[24]

Inc. Somerset Recon, "Hello Barbie Initial Security Analysis," Jan. 2016.

[25]

T. Denning, C. Matuszek, K. Koscher, J. R. Smith, and T. Kohno, "A spotlight on security and privacy risks with future household robots: attacks and lessons." The ACM international conference on Ubiquitous computing pp. 105--114. 2009.

[26]

M. Dhanhani, B. AlRasebi, A. Nuaimi, and F. Iqbal, "Forensics of "Hello Barbie" Smart Toy," Student Paper, Zayed University College of Technological Innovation

[27]

Barbiemedia.com, "Mattel Focuses on Dad with New Campaign." Jan 23, 2017. [Online]. Available:http://www.barbiemedia.com/news/detail/150.html. /. [Accessed: 31-Jul-2019].

[28]

B. Yankson, F. Iqbal, S. Aleem, B. Shah, P. C. K. Hung and A. P. de Albuquerque, "A Privacy-Preserving Context Ontology (PPCO) for Smart Connected Toys," 2019 12th CMI Conference on Cybersecurity and Privacy (CMI), Copenhagen, Denmark, 2019, pp. 1--6

[29]

B. Yankson, F. Iqbal, Z. Lu, X. Wang, and P.C.K Hung, P. "Modelling Privacy Preservation in Smart Connected Toys by Petri-Nets," Proceedings of the 52nd Hawaii International Conference on System Sciences, pp. 1696--1705, January 8 - 12, 2019.

[30]

A. Hilts, C. Parsons, and J. Knockel, "Every step you fake: A comparative analysis of fitness tracker privacy and security," 2016.

Cited By

Patel YRughani P(2024)Are We Ready to Investigate Robots? Issues and Challenges Involved in Robotic ForensicsProceedings of International Conference on Recent Innovations in Computing10.1007/978-981-97-2839-8_18(259-271)Online publication date: 13-Jul-2024
https://doi.org/10.1007/978-981-97-2839-8_18
Friedl SPernul G(2024)Device Forensics in Smart Homes: Insights on Advances, Challenges and Future DirectionsTransactions on Large-Scale Data- and Knowledge-Centered Systems LVII10.1007/978-3-662-70140-9_3(68-98)Online publication date: 25-Oct-2024
https://doi.org/10.1007/978-3-662-70140-9_3
Saleh MOthman SDriss MAl-dhaqm AAli AYafooz WEmara A(2023)A Metamodeling Approach for IoT Forensic InvestigationElectronics10.3390/electronics1203052412:3(524)Online publication date: 19-Jan-2023
https://doi.org/10.3390/electronics12030524
Show More Cited By

4P based forensics investigation framework for smart connected toys
1. Social and professional topics
  1. Computing / technology policy

Recommendations

FORZA - Digital forensics investigation framework that incorporate legal issues

What is Digital Forensics? Mark Pollitt highlighted in DFRWS 2004 [Politt MM. Six blind men from Indostan. Digital forensics research workshop (DFRWS); 2004] that digital forensics is not an elephant, it is a process and not just one process, but a ...
Digital Forensics and Crime Investigation: Legal Issues in Prosecution at National Level
SADFE '10: Proceedings of the 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering

Abstract: Revolution in Internet and ease in use of latest technology is significantly increasing the use of latest technology worldwide, day by day. Advancement in digital devices such as computers and cell phones also helped the people to work both ...
Digital Forensics

This issue is one of a pair of coordinated special issues on digital forensics by IEEE Security & Privacy and IEEE Signal Processing Magazine. S&P's special issue has articles debating the effectiveness of forensics, on capturing live forensics analysis ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

August 2020

1073 pages

ISBN:9781450388337

DOI:10.1145/3407023

Program Chairs:
Melanie Volkamer
Karlsruhe Institute of Technologie (KIT), Competence Center for Applied Security Technology (KASTEL)
,
Christian Wressnegger
Karlsruhe Institute of Technologie (KIT), Competence Center for Applied Security Technology (KASTEL)

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 August 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ARES 2020

ARES 2020: The 15th International Conference on Availability, Reliability and Security

August 25 - 28, 2020

Virtual Event, Ireland

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
175
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)3

Reflects downloads up to 27 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Patel YRughani P(2024)Are We Ready to Investigate Robots? Issues and Challenges Involved in Robotic ForensicsProceedings of International Conference on Recent Innovations in Computing10.1007/978-981-97-2839-8_18(259-271)Online publication date: 13-Jul-2024
https://doi.org/10.1007/978-981-97-2839-8_18
Friedl SPernul G(2024)Device Forensics in Smart Homes: Insights on Advances, Challenges and Future DirectionsTransactions on Large-Scale Data- and Knowledge-Centered Systems LVII10.1007/978-3-662-70140-9_3(68-98)Online publication date: 25-Oct-2024
https://doi.org/10.1007/978-3-662-70140-9_3
Saleh MOthman SDriss MAl-dhaqm AAli AYafooz WEmara A(2023)A Metamodeling Approach for IoT Forensic InvestigationElectronics10.3390/electronics1203052412:3(524)Online publication date: 19-Jan-2023
https://doi.org/10.3390/electronics12030524
Iqbal FJaffri AKhalid ZMacDermott AAli QHung P(2023)Forensic investigation of small-scale digital devices: a futuristic viewFrontiers in Communications and Networks10.3389/frcmn.2023.12127434Online publication date: 26-Jul-2023
https://doi.org/10.3389/frcmn.2023.1212743
Hyder MArshad SArfeen AFatima T(2022)Privacy preserving mobile forensic framework using role‐based access control and cryptographyConcurrency and Computation: Practice and Experience10.1002/cpe.717834:23Online publication date: 12-Jul-2022
https://doi.org/10.1002/cpe.7178
Sim JJoo MLee J(2021)Argus: A centralized control system for preserving privacy during digital forensics investigationsWIREs Forensic Science10.1002/wfs2.14434:3Online publication date: 23-Sep-2021
https://doi.org/10.1002/wfs2.1443

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten