KSII Transactions on Internet and Information Systems (TIIS)

  • 제11권3호
  • /
  • Pages.1557-1569
  • /
  • 2017
  • /
  • 1976-7277(pISSN)
  • /
  • 1976-7277(eISSN)
한국인터넷정보학회 (Korean Society for Internet Information)
권호 표지
DOI QR코드

DOI QR Code

SPaRe: Efficient SQLite Recovery Using Database Schema Patterns

  • 투고 : 2015.05.28
  • 심사 : 2017.01.16
  • 발행 : 2017.03.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

In recent times, the Internet of Things (IoT) has rapidly emerged as one of the most influential information and communication technologies (ICT). The various constituents of the IoT together offer novel technological opportunities by facilitating the so-called "hyper-connected world." The fundamental tasks that need to be performed to provide such a function involve the transceiving, storing, and analyzing of digital data. However, it is challenging to handle voluminous data with IoT devices because such devices generally lack sufficient computational capability. In this study, we examine the IoT from the perspective of security and digital forensics. SQLite is a light-weight database management system (DBMS) used in many IoT applications that stores private information. This information can be used in digital forensics as evidence. However, it is difficult to obtain critical evidence from IoT devices because the digital data stored in these devices is frequently deleted or updated. To address this issue, we propose Schema Pattern-based Recovery (SPaRe), an SQLite recovery scheme that leverages the pattern of a database schema. In particular, SPaRe exhaustively explores an SQLite database file and identifies all schematic patterns of a database record. We implemented SPaRe on an iPhone 6 running iOS 7 in order to test its performance. The results confirmed that SPaRe recovers an SQLite record at a high recovery rate.

키워드

참고문헌

  1. Microsoft, "Make IoT real with the Internet of Your Things,"
  2. Kortuem, Gerd, et al. "Smart objects as building blocks for the internet of things." Internet Computing, IEEE 14.1 (2010): 44-51, December 2009.
  3. Sundmaeker, Harald, et al., Vision and challenges for realising the Internet of Things, 2010.
  4. A. Grant and O. Mike. The Definitive Guide to SQLite. Apress LP, 2010.
  5. Enck, William, et al. "A Study of Android Application Security," USENIX security symposium, Vol. 2. 2011.
  6. Apple iPhone
  7. Baset, Salman A., and Henning Schulzrinne. "An analysis of the skype peer-to-peer internet telephony protocol," in Proc. of IEEE INFOCOM 2006.
  8. Casey, Eoghan. Digital evidence and computer crime: forensic science, computers and the internet. Academic press, 2011.
  9. M. T. Pereira, "Forensic Analysis of the Firefox 3 Internet History and Recovery of Deleted SQLite Records," Digital Investigation, Vol. 5. No. 3, pp.93-103, 2009. https://doi.org/10.1016/j.diin.2009.01.003
  10. K. Lee, S. Yang, W. Hwang, K. Kim, T, Jang, and G. Son, A Recovery Scheme for the Deleted Overflow Data in SQLite Database", Journal of KIIT, Vol. 10, No. 11, pp.143-153, 2011.
  11. S. Jeon, J. Bang, K. Byun, and S. Lee, "A Recovery Method of Deleted Record for SQLite Database," Personal and Ubiquitous Computing, Vol. 16, No. 6, pp.707-715, 2012. https://doi.org/10.1007/s00779-011-0428-7
  12. S. Lee and H. Yum, "A Recovery Method of Deleted Record Using The Schema Pattern Analysis for SQLite Database," The workshop for digital forensic technique, 2011. 8.
  13. J. Lee, M. Shin, Y. Jang, and S. Park. "A Novel Recovery Scheme for SQLite Based on Logical Logging," Journal of KIIT, Vol. 12, No. 11, pp. 181-192, Nov. 30, 2014.