Hindawi

Scientific Programming
Volume 2021, Article ID 7294206, 19 pages
https://doi.org/10.1155/2021/7294206

Research Article
An Intelligent Blockchain and Software-Defined
Networking-Based Evidence Collection Architecture for
Cloud Environment

Yunus Khan and Sunita Verma

Department of Computer Engineering, Shri G. S. Institute of Technology and Sciences Indore (RGPV), Bhopal, India

Correspondence should be addressed to Yunus Khan; [email protected]

Received 18 July 2021; Accepted 2 September 2021; Published 29 September 2021

Academic Editor: Punit Gupta

Copyright © 2021 Yunus Khan and Sunita Verma. This is an open access article distributed under the Creative Commons
Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is
properly cited.

Cloud forensics is an extension of contemporary forensic science that guards against cybercriminals. However, consolidated data
assortment and storage compromise the legitimacy of digital indication. This essay proposes an evolving modern algorithm
automated forensic platform based on the blockchain idea. This proposes forensic structure design, evidence gathering, and
storage on a blockchain that are peer to peer. Secure Block Verification Mechanism (SBVM) will protect unauthorised users.
Secret keys are optimally produced using the cuckoo search optimization method. All data are saved and encrypted at the cloud
authentication server for secrecy. Confidentiality-Based Algebraically Homomorphism, a new encryption method, is given to
cryptosystem learning. Every data is assigned a block in the SDN controller, and the history is kept as metadata about data. Each
block has a Secure Hash Algorithm version 3 of 512-bit hash-based tree. Our approach uses graph theory-based graph neural
networks in Smart Contracts to track users’ data (GNNSC). Finally, a blockchain-based evidence graph allows for evidence
analysis. The experiments were run in a cloud environment with Python and network simulator-3.30 (for software-defined
network). We achieved good results in terms of evidence response time, cloud evidence insertion time, cloud evidence verification
time, computational overhead, hash calculation time, key generation times, and entire overall change rate of indication using our
newly deliberated forensic construction using blockchain (FAuB).

1. Introduction a-Service (SaaS) and Platform-as-a-a-Service (PaaS) [3]

environments when the cloud environment is categorized
Cloud computing is an emerging technological concept that, according to the service model access to that layer which are
through virtualization technology, provides users with regulated by Cloud Service Provider (CSP). It is therefore
physical resources. The cloud computing industry is growing appropriate to supply the log data generated in the inac-
with the benefit of allowing network accessing to a scalable cessible layer to the CSP through agreement [4]. Investi-
and elastic combination of shared physical or virtual re- gators have complete control over the evidence in
sources [1] with self-owned service provisioning and on- conventional digital forensics. In a cloud environment,
demand available services. There is also an enhancement in however, data centers are geographically distributed; cloud
the number of cloud users using cloud computing because of service customers (CSCs) exchange physical infrastructure,
these features. Security risks have begun to develop, how- unreliable data that disappear when the instance is shut
ever, with the rising cloud computing industry. Several down, virtual network, load balancing, and auto scaling to
security strategies for the cloud environment are being in- provide a smooth service environment [5]. Therefore, prior
vestigated with virtualization technologies, making it diffi- to a security incident for investigation, it is important not
cult to implement current digital forensic methods [2]. only to record data for cloud forensics but also to guarantee
Access to certain system layers is restricted in Software-as-a- the truthfulness of the log data, while it is impossible for the
2 Scientific Programming

investigator to directly capture the data and collect the data analyze, and release evidence. Blockchain technology
from the remote server. Forensic architecture is suggested is used to collect evidence.
for software-defined networking (SDN) using IoT [6] and (2) Evidence and information are secured against
blockchain. Blockchain’s algebraic homomorphic encryp- malicious users by using the Secure Block Verifi-
tion scheme is adapted here. Evidence data collection is cation Mechanism (SBVM) [12] driven by a cloud
performed in the presence of the SDN policy [7]. Digital authentication server (CAS). The SBVM involves
evidence or stored on cloud using the data flow switches users who have completed successfully secure veri-
during the forensic examination. A (PDMS) data manage- fication process by means of a globular logic and
ment system of provenance aware has been invented and secret key (SK).
built on the existing provenance monitoring framework [8].
(3) Based on confidentiality level or the generation of
Mchain [9] proposed an integrity management framework
digital signature [13] and encryption, the EL
based on blockchain. Therefore, many analyses make an
GAMAL algorithm is proposed. Key generation is
attempt that are distributed exploitation blockchain tech-
done by the cuckoo search optimization algorithm in
nology within the SDN cloud atmosphere [10]. During this
CB-EL GAMAL to generate strong secret keys. The
analysis, within the cloud atmosphere, we tend to use the
main contribution of the Algebraically Homographic
blockchain concept for cloud digital computer forensics.
Cryptosystem algorithm based on confidentiality is
Forensic in cloud computing is an advancement of modern
that the proposed algorithm is based on the data level
forensic science that protects against cyber criminals. Single
of sensitivity and adaptive in nature.
centralize point compilation and storage of data, however,
overcome the authenticity of digital evidence. In order to (4) Block was generated by control plane SDN and
address this serious issue, this article suggests a modern distributed across the blockchain network for all
automated forensic platform leveraging infrastructure as a facts and statistics being deposited in the cloud-
cloud service (IaaS) based on blockchain concept. This based server. For added security, a Secure Hashing-3
proposed forensic architecture uses the blockchain tech- (SHA-3-512) algorithm has been proposed for
nology to store the digital evidence and data are distributed blockchain accounts. By using neural network-based
among multiple peers. Secure Block Verification Mechanism smart contracts (GNNSCs) on graph to track data
(SBVM) is proposed to safeguarding the device from activities throughout its life cycle, the data source is
unauthorised users. Using the cuckoo search optimization preserved.
algorithm for strengthening of the cloud environment, secret
keys are optimally generated. On the bases of level of 2. Background
confidentiality, all data are stored and encrypted at cloud
authentication server. Confidentiality-Based Algebraically Siva Rama Krishna Tummalapalli [14] developed Bayesian
Homomorphic Cryptosystems learning is presented with a fuzzy clustering and cluster search laid on support vector
fast-forwarding algorithm for encryption. A block in the neural network-based intrusion detection mechanism sim-
SDN controller is created for every data, and information is ulator for clustering and two-level classifier working on
stored in the cloud service provider, and the history is cloud environment [15]. Saad Said Alkahtny developed a
recorded as metadata about data. A hash-based tree is novel architecture to support forensic evidence collection
constructed in each block by the Secure Hash Algorithm and analysis of infrastructure as a service (IaaS) in cloud
version-3 of 512 bits. By implementing graph theory-based environment formally known as cloud forensic acquisition
graph neural networks in Smart Contracts, our framework and analysis system without depending on cloud service
enables users to track their data (GNNSC). Finally, the provider and third party. This approach also provides the
construction of a Logical Graph of Evidence from block- access of deleted data and overwritten data files which is not
chain data enables evidence analysis. Experiments were provided in existing forensic investigation techniques [5].
carried out in a Python for cloud and blockchain-integrated Zareefa and Mustafa found information obtained from the
environment with network simulator-3.30 (for software- Zen Cloud Platform utilizing usable resources in the inquiry.
defined network). The proposed forensic architecture Essentially the work focused on the three fields, such as
(FAuB) shows promising results in response time, evidence adapting current techniques in the cloud world, gathering
insertion time, evidence verification time, communication objects and data from the cloud, and assessing the interest of
overhead, hash computation time, key generation time, the information collected. In the near future, we will inte-
encryption time, decryption time, and total change rate grate existing tools of Platform-as-a-Service (PaaS) and
according to a comprehensive comparative study. Software-as-a-Service (SaaS) (or all service type frameworks
in one framework) as part of the future path. Finally, this
work centered on and retrieved XCP with file system- de-
1.1. Research Contribution. In this article, the following
pendent storage repositories (SRS) dependent on LVM [16].
contributions have been made to provide additional digital
Throughout their research, Philip and Clark applied mostly
forensics research:
exif metadata found in JPEG image files. In the near future,
(1) In the case of cloud environment like infrastructure all research studies will be carried out in specific other file
as a cloud service (IaaS), the digital forensics formats such as pdf, text, excel, ppt, and others [17].
mechanism [11] design is constructed to collect, Ramakrishnan addressed the big emerging developments in
Scientific Programming 3

cloud computing protection and privacy concerns and often multilayer counting filter [24], independent of daily cloud
categorized security and privacy problems in security issues activity. No standard forensics preparedness model for cloud
mainly, privacy issues mainly, and security issues inter- environments can be applied properly. A model for improving
twined [18]. In their work, Mhlupheki George and Sibiya security [16] can be used in a cloud environment. Forensic
explained the specifications for a cloud forensics framework preparedness is a way of maximizing the potential of an or-
and what standard procedures followed during the cloud ganization to respond to violations [17]. Figure 1 and Table 1
forensic phase and how to build a cloud forensics system, as show that the number of papers published in various digital
well as cloud forensics as a CFAAS architecture service [19]. libraries like ACM, IEEE, ScienceDirect, Springer
In case of denial of service (DDoS), Alex and Kishore [16–23, 25–55], and Elsevier indicates that the lots of work have
created a program that targets if the forensic management been done in the field of cloud forensics, and it is an active
plane (FMP) gathers data regarding illegal forensic inves- research area for the current cloud market.
tigation activities. Throughout the immediate future, we Cloud logs will include useful data and information for
should be able to execute the whole attack scenario the computer forensic investigation [18, 49], which is es-
throughout cloud platform [20, 21]. In their work, Ameer sential. Earlier designed logging systems have a few in-
Pichan, Mihai Lazarescu, and Sie Teng Soh offered a systemic conveniences to provide the cloud user with security. The
approach for examining cloud forensic problems, a potential existing system gives protection and security for user files
answer for any process, and a description of forensic as a that are either saved or uploaded by the user or authenti-
business model [22]. In their investigation, Vassil, Irfan, cated [19] by the user. This paper secures logging by
Andres, and Shane applied analysis and acquisition on SaaS encrypting cloud logs using encryption techniques and
and tested the results in their case studies. Kumodd: it is a identifying assaults on the cloud framework from DDoS
tool used for the acquisition of cloud drives; Kumoocs: it is a (distributed denial of service) [25].
tool for the acquisition and analysis of Google Docs; and
Kumofs: it is a tool for remote previewing and cloud drive 3. Evidence Collection
data screening [23].
Victor R Kebane built a cloud forensic preparation To classify and access forensic data from different parts and
model as a test of the application software [7]. Grobler et al. sources in the cloud world, the processing of evidence plays a
suggested a six-dimensional virtual forensic approach to critical role. Evidences are stored in one physical host, and
include the theory-based modern forensics solution [8]. data are split into another geographical region. Therefore,
Valjarevic and Ventor created a model consisting of three after an incident occurs, the evidence is very hard to find
preparation phase assessments in the deployment and [26]. Proofs are obtained from different forensic origins such
planning model. In ISO/IEC270 43 : 2015 [9], Valjarevic and as switches, routers, servers, virtual machines, hosts, and
Ventor built a model consisting of 3 preparation phase tests browsers and from in-house storage content media such as
in the deployment and planning model [9]. Saad Said hard disk drives, ram image files, and physical memory. The
Alkahtny proposed a novel framework to assist IAAS cloud- information is retrieved from multiple sources. Data col-
based system (CFAAS) forensic discovery and analytics [10]. lection from cloud servers, web browser objects [27], and
Alex and Kishore presented a forensic paradigm of denial of physical memory analysis collects evidence.
service (DDoS) assault for cloud storage and data processing
utilizing forensic security plane (FMP) and FTK analyzer
[11]. Emi Morioko, Mehdard S, and Sharbaf presented a 3.1. Blockchain in Cloud Forensics. Blockchain is one of the
method and algorithm for the procurement of Amazon Web overestimated breaking fields and has acquired significant
Services (AWS) technical evidence [12]. Zareefa and Mustafa consequences as an invention commonly used in numerous
proposed a solution for accessing the recorded evidence fields [20, 36]. The blockchain is known mostly as a billing
value from the cloud and found an experimental result on book or digital distributed database [21]. The way blockchain
Xen cloud platform [13]. Zachary, Katrina, and Kenji used interface, render device costs, monitor, and document
snapshot submit Google Rapid Response (GRR) to plan and transactions began to emerge as a revolutionary advance
build automated forensic data acquisition system for fo- since its introduction in 2008. Blockchain [22] can be in-
rensic evidence collection [14]. In the cloud environment, expensive, removing the do with to supervise and normalize
Nhien An Le Khac, Michel Mollema, Robert Craig, and transactions and communications [23] between various
Steven Ryder are developing an innovative solution to data members of the central authorities. Other miners who have a
acquisition. We explain the legal context and address how to record of the entire transaction history in a blockchain mark
find the data center and deal with the actual job scenario of each move cryptographically [28, 50]. This renders time
AWS [15]. Peng Xu, Yadong Zhang, and Kai Shuang records that cannot be altered one by one safely, synchro-
deployed a modern streamlined data collection approach nized, and collective. Moreover, blockchain technology is
with hybrid data management review across the cloud considered IT and can be used in applications, industry, and
logging (LOC) web service [24]. industrial industries [29]. Figure 2 displays the blockchain
A cloud forensics tamperproof framework for cloud fo- design. The concept of blockchain consists of blocks like i to
rensics is developed by the author that is available in a cloud n numbers, current hash, and previous hash of the block; if
environment that is untrusted and multitenancy. This hash value of any block is changed in blockchain network, it
framework relies on a forensic system based on the compressed goes to invalid block and data tempering is detected.
4 Scientific Programming

70000
60000
50000
40000
30000
20000
10000
0
Total Publications
ACM Springer
IEEE Explore Elsevier
Science Direct
Figure 1: Year-wise analysis of research papers was published in digital libraries.

Table 1: Records of article types in various libraries on this topic.

ACM IEEE Explore Science Direct Springer Elsevier
Journals 8994 209 197 683 506
Book chapters 469 3 17 60909 12551
Conference 70 698 3 509 80
Total publications 9533 910 217 62101 13137

Blockchain network (1) Cloud Users (CU). Cloud users (CU1, CU2, . . .,
Blockchain node Blockchain node CUn) are included in our system “n” number. It is
permissible for cloud users to save and access ev-
Blockchain node idence at the server cloud.
Blockchain node
(2) Cloud Authentication Server (CAS). At the start, the
cloud clients are registered with CAS to deter un-
wanted access by users. Key generation and au-
Blockchain node Blockchain node thentication are the major responsibilities of CAS.
(3) Cloud Service Provider (CSP). Cloud users store up
all data in outer surface of their cloud on CSP
Time stamps Time stamp Time stamp hosted cloud servers. For every piece of data stored
Previoues Hash Previous Hash Previous Hash in CSP, a blockchain was developed.
Hash
(4) Dataflow Open Switches (DFSs). During this prac-
Hash Hash
tice, a software-defined network is used to gather
Transaction Transaction Transaction CSP data. We have therefore used many DFSs to
Block i Block i+1 Block i+2 relay CSP data to consumers. For data, the owned
database flow regulations applied by the control
Figure 2: Architecture of blockchain technology.
plane to user DFSs may be mainly responsible. DFSs
[R] only deploy and modify flow rules in the
software-defined network control plane.
4. Proposed Blockchain-Based Cloud (5) Software-Defined Networking Control (SDNC)
Forensic (BCF) Plane. The software-defined networking control
plane is responsible for applying network status
The proposed forensic architecture, called blockchain-based data flow rules and for gathering all CSP evidence.
forensics, is developed with the necessary algorithms in this The software-defined networking control plane
section. The proposed forensic cloud uses software-defined manages blockchain for proof collection, and a
network and blockchain concept collection of evidence and block is generated for any CSP data. The complete
investigation. machine architecture is seen in Figure 3.
Our forensic architecture’s principal objective is to
capture and conserve appropriate CSP data. We initially
4.1. Entities of the Architecture. The main objective of our developed an efficient verification design to secure the device
experimental study is to acquire reliable proof or evidence in beginning unlicensed users. Data saved to the CSP are
the cloud environment and to maintain the cloud prove- encrypted to ensure secrecy within the cloud setting.
nance of data. The following entities comprise the overall Decentralized data processing was planned based on
forensic system: blockchain technology.
Scientific Programming 5

IaaS Cloud mysterious key. The cryptosystem is both an encryption plot

(this part) which assists Alice and Bob with the issue of
SDN Controller Plane
trading delicate data over an uncertain channel listened in by
their enemy Eve and a computerized signature conspire (the
following segment) which assists them with making ad-
vanced marks. The mark conspire is somewhat unique in
relation to the encryption plot and different advanced mark
plans; for example, the Schnorr signature plot and the digital
DFS
signature algorithm (DSA) depend on ElGamal’s unmis-
takable plan however with more limited keys. The public key
Evidence created is as follows:
collection
CB-EL-GAMAL Based Encryption Pu(SK) � Pr(SK) × P. (2)

We may be capable of making out here the random

generation of the private key (Pr(SK)) that attackers can
crack quickly. The cuckoo algorithm is used to enhance the
CBVM
key generation process.
Authentication fail Cloud User
4.3. Cuckoo Search Explanations. Each egg is a solution in a
nest, and a new solution is the cuckoo egg. The aim is to
Figure 3: Blockchain-based cloud forensic (BCF) architecture. substitute not so nice nesting solutions with new and
hopefully better solutions (cuckoos). The simplest shape of
Smart contracts can be used for the motto of recording each nest is an egg [19]. The algorithm can be applied to
and storing data history. For successful proof analyses, the more complex cases in which several eggs are present in each
graph-based research approach is recommended. nest representing a set of solutions.
Three idealized rules are based on CS:

4.2. Cloud User Authentication. CAS is first registered with (1) Per cuckoo lays one egg on a single basis and dumps
all cloud customers. User ID and password are user cre- the egg into a randomly chosen nest.
dentials that are taken into account when logging (PW). CAS The better nests with good egg content will hold the
produces a secret key (SK) for each documented CU by next generation.
means of the cuckoo algorithm. Both users are valid at (2) The number of available host nests is set, and host
anywhere using the circular theorem’s secret code (SC), SK, birds will possibly find the egg laid by a cuckoo.
ID, and P.
(3) In this scenario, the host bird will throw away the
egg/give up the nest and make a whole new nest.
4.2.1. Key Creation and Generation with the Help of Cuckoo For continuous nonlinear optimization, the cuckoo
Algorithm. The cuckoo search algorithm is a newly invented optimization algorithm is used. The lifestyle of the cuckoo
metaheuristic search optimization algorithm used to solve family of birds is influenced by COA. This development
problems of optimization. This is a metaheuristic nature optimization algorithm is based on the life style of these
inspired algorithm focused on the brood parasitism of birds, their egg laying, and their breeding features. As other
certain cuckoo birds, as well as spontaneous Levy flight emerging approaches, a cuckoo optimization algorithm is
walking. It has been carried out in a number of areas. The introduced by an initial population. Here are two categories
cuckoo algorithm is used in this research meant for the main of cucumbers in various societies: mature cucumbers and
generation of cryptography process. larvae. The algorithm is based on the attempted survival.
The EL GAMAL equation is usually defined as follows. Any are discarded as they fight for life. The remaining
Alice: cuckoos migrate to well again seats and begin raising and
Choose the secret1 ≤ a ≤ p − 11 ≤ a ≤ p − 1, laying their eggs. Finally, the surviving cuckoos converge in
(1) such a way that there is a society of cuckoos with the same
Computer A � gamodpA � gamoda.
rate of profit.
Alice sends the public key pk � (p, g, A) pk � (p, g, A) to To address the optimization issue, the variable values of
Bob. the problem should take shape of an array. The “habitat” is
ElGamal is a public key cryptosystem dependent on the called this array.
discrete logarithm issue for a gathering GG; for example, In an optimization problem, the next Nvar of a habitat
each individual has a key pair (sk, pk) (sk, pk), where sksk is will be a 1 × Nvar array that shows the current living location
the mysterious key and pkpk is the public key, and given just of cuckoos. This array is described as follows:
the public key, one needs to track down the discrete loga- Habit � 􏼂X1 , X2 . . . , Xn 􏼃. (3)
rithm (take care of the discrete logarithm issue) to get the
6 Scientific Programming

The suitability (profit) of the current habitat is obtained are checked. The CAS key is a random code that makes it
by computing the function profit (p-f ) in the habitat. Thus, impossible for an attacker to invent the code for each user.
By the following equation, a circle is defined as follows:
profitf · b · (habit)f.b􏼂X1 , X2 . . . , Xn 􏼃. (4)
(Ax − Ox)2 +(By − Oy)2 � R2 . (7)
To establish an optimization search algorithm, a habitat
matrix of Npop ∗ Nvar size will be prepared and a random Each user builds an SC consisting of origin points by
number of eggs will be allocated for each habitat. using origin points (Ax, By). The user chooses an SC that
Allowing for the number of eggs that every one cuckoo follows the circle equation to effectively complete the au-
lays and as well as the space between the cuckoos and the thentication. While a client has to use the cloud, the client
current optimized zone, the laying radius will be calculated. shall have each one ID and password along with the time
After that, in that zone, the cuckoos start to lie. The laying stamp (TS).
radius is calculated as follows: Algorithms illustrate the method of SBVM-based
number of current cuckoos ggs authentication. A user who has legitimate passwords will
ELR � a × ×(Var(hi) − Var(low)). complete the validation effectively. By making an al-
total number of eggs
lowance for SC next to TS, the protection level of the
(5)
SBVM is increased. Although the SC differs over time, the
Then, each cuckoo begins to lay her eggs in the nest attacker cannot split the SC. The attacker cannot use SC
within her ELR. for the next authentication without being aware of the
Thus, after each laying round, the less profitable percent source points despite the SC being cracked at a time by
of eggs (p%) (usually 10 percent) (their profit function is at the attacker.
the lower level) is destroyed. In the host nest, other chicks
power up and develop.
4.4. Confidential Data Encryption. Users who have suc-
cessfully completed the authentication process will enter the
4.3.1. The Cuckoo’s Migration. While growing up and get- cloud computing environment in the planned forensic
ting older, cuckoos live in their environments, but when the system. Within the cloud storage, users store their infor-
laying time comes, they migrate to superior habitats where mation in the form of ciphertext with extra security of digital
the eggs have more chances to survive. The group with the signature. When mentioned in the prior paragraph, secret
best location will be targeted after composing the groups in keys are produced by means of the cuckoo search algorithm.
different living locations in general (justified area or problem Data are translated into ciphertext by using the created
search space), and other cuckoos will migrate there. strong secret key in the confidentiality encryption (CB- EL
When the cuckoos that are grown live all around the GAMAL) algorithm (Algorithm 2).
environment, it is not easy to determine which group be- The EL GAMAL algorithm is paired through the CB-EL
longs to each cuckoo. The cuckoos will be grouped by “K GAMAL algorithm probability and algebra. Algebraically
means” to solve this issue. homogenous crypto systems are a quick-release solution that
This method is actually a traditional method of grouping is embedded in the decryption and encryption process across
(finding a K between 3 and 5 is usually acceptable). many unseen layers. The input layer of the homomorphic
They do not travel the direct way when the cuckoos cryptosystem algorithm is used to encrypt, and Pu(SK) is
migrate to the target. With the deflection of (φ), they just initialized, and encryption is done on the secret layer. CB-EL
travel (ƛ %, almost a percent) of the way. GAMAL, however, is confidential and carries out the fol-
These two parameters (φ) help cuckoos to explore a lowing data encryption procedures.
larger area. ƛ is a random number between 0 and 1, and φ is a Algorithm 3 demonstrates the overall technique with an
number between (Algorithm 1): efficient hidden key for the CB-EL GAMAL algorithm [56].
By implementing graph theory-based graph neural networks
µ µ
− + . (6) in Smart Contracts, our framework enables users to track
6 6 their data (GNNSC). The CB-EL GAMAL algorithm being
In the method, the cuckoo algorithm selects an enhanced proposed is shown in Figure 4. The neural network is used
vector f(x) and is allotted to Pr (SK). Determining the secret for the encryption process and calculating ciphertext in
key generated is difficult for cyber criminals because the hidden layer for secret key generation, in which crypto-
cuckoo algorithm selects the random number more systems learning is a fast-forwarding method that is in-
optimally. corporated for the encryption and decryption process
through multiple hidden layers [45].
Similarly, the input layer begins the ciphertext, and the
4.3.2. Authentication Using Secure Block Verification output layer gets the original text when the data are
Mechanism (SBVM). For those logged-in users, CAS pro- decrypted. The participation in encryption of the Homo-
duces secret keys and beginning points. For each operator of graphic Cryptosystems Algebraically algorithm [27]
a particular circle, the root points are (Ox, Oy) co-ordinates. strengthens data security. To retain the documentation of
For each user in CAS, the respective credentials (ID, PW, possession, the data will be signed by the customer sooner
and SC) are saved. In all stages of verification, all passwords than outsourcing to the cloud computing surroundings.
Scientific Programming 7

Start Function objective f (x), x � (x1), x2, . . ., XD) T;

Initial host nest population xi, I � 1, 2, . . ., n)
Duration or stop criterium (t < max generation)
Get a cuckoo to Levy Flights by random means;
Analyze Fi fitness
Select a nest randomly between n (say j)
If (Fi > Fj)
Substitute j for the current result
Finish If
A fraction of the worst nests is deserted and new nests are created
Maintain the right options (or quality solutions nests)
Grading the solution and finding the right solution
End for
Posting and visualizing outcomes of processes
End Start

ALGORITHM 1: The Pseudo-code of Cuckoo Optimization Algorithm.

Input: password for users

Output: Status of authentication
(1) Begin
(2) For CU//Registration of Cloud User
(3) Register ID, Password ⟶ CAS
(4) CAS uses cuckoo algorithm to produce Secret Key (SK)
(5) CAS provides SKs; Origin Points ⟶ CU
(6) End for//Registration completed by Cloud User
(7) If Ui requires on right to use cloud//Require validation
(8) Calculate secret code (SC) via equation (7)
(9) CUi submits IDi, Password, SC, TS ⟶ CAS
(10) CAS verifies User credentials
(11) If (User Credentials are correct match)
(12) Ui � Authorized user
(13) Else
(14) Ui � Unauthorized user
(15) End if
(16) Else
(17) End process
(18) End if
(19) End

ALGORITHM 2: SBVM authorization mechanism (Pseudocode).

Digital signature using the EL GAMAL algorithm generates for analysis. The offenders will conceal their details and erase
the same as mentioned, and the hash value is first created to the evidence in a variety of parts of the infrastructure as a
sign the data as service cloud system. The key issue with the infrastructure as
a service cloud infrastructure can be with the intention of
HV � Hash(D). (8) data collection being spread on a wide scale. In comparison,
cloud consumers monitor more than scholars, making it a
The digital signature is then created: difficult challenge to gather and preserve data. SDN and
blockchain technologies are utilized in the proposed digital
HV + Pr(SK).K2
signature � , (9) forensic infrastructure to gather and maintain cloud forensic
K1 data to combat all this issue. The evidence will be stored
where the random numbers are k1 and k2. The data have to
be registered by the same data proprietor if data are updated within the blockchain ledger under the control of the SDN
or ownership control. In cloud forensics, some relevant meanings are as
follows.

4.5. Efficient Collection of Evidence Using Blockchain Evidence Integrity. Integrity of the evidence guarantees that
Technology. In cybercrime, digital data are important source the certificate reflects correctly the information contained in
8 Scientific Programming

Input: Public key and input data

Outputs: Ciphertext
(1) Initialize public key (Pu(SK)) and Input data (d)
(2) If (d � Confidential)
(3) Split data d ⟶ d1 and d2
(4) For data d1
(5) Calculate ciphertext 1(c1) as,
(6) c1 � d1 φ d2
(7) End for
(8) For data d2
(9) Initiate Pu(SK), d2 at input layer
(10) Calculate ciphertext 2 (c2) in hidden layer,
(11) ca � k × P//k is a random number
(12) cb � d2 + k × Pu(SK)
(13) c2 � (ca, cb)
(14) End for
(15) Get ciphertext (c) as,
(16) c � (c1, c2)
(17) Else
(18) For d
(19) Repeat step number (8 to 13)
(20) End for
(21) End if
(21) End

ALGORITHM 3: CB- EL GAMAL (Pseudocode).

Input layer Hidden layer Output layer

di

Ci
Pu (SK)

Figure 4: Neural network for encryption.

the PC. Several areas of the cloud influence knowledge can be represented. Data may be moved from the first re-
respectfulness, but preserving integrity is a core component sponder, prosecutors (one or more), and judges to various
of the cloud crime scene investigation. The recognized layers of hierarchy of the automated forensics system. These
technique to encrypt trustful information uses validated provisional owners treat the proof during this lifetime.
hash techniques, for example, MD5, SHA1, and SHA-256. Because any evidence-based measure is held in the block-
chain, our proposed work holds the custody chain.
Data Origin. It is a form of authentication that corroborates
a party as the (original) source of specified data generated in Digital Evidence Ownership Proof. Digital evidence of
the past at some (typically unspecified) time. ownership is defined here as the proof of existing digital
proof of ownership. Multiple owners can manage the data
Data Volatility. Unpredictability, after the power is switched during its lifespan. If the status of the data has shifted, the
off, memory or power failure of the material occurs. This is original owner must sign the data to retain the proof of
an important problem from a measurable standpoint since cloud-based ownership. The patented evidence is retained
both memory and CPU procedures would vanish if the in the framework as the transition in ownership is still
server crashes. If virtual computers are involved, these preserved in the blockchain data history.
difficulties increase (VM). For ec IaaS, VM does not have
permanent storage in this way; if the VM crashes, the volatile Graph Neural Network (GNN)-Based Smart Contracts. It is a
data may be lost. computer program that tracks data history automatically.
When the necessary conditions are met, the smart contract is
Custody in Chain. The method of retaining and recording activated and executed. To optimize smart contracts, graph
the chronological past of treating data as digital information theory algorithm rules are deployed in this work [56].
Scientific Programming 9

Data Lineage. It documents the history of possession and thought out otherwise noteworthy and stored in the
paper process throughout its entire life cycle. In other words, blockchain.
the record sequence showing the behavior taken from the
data is known as a lineage or origin. With the aid of 5. Cloud Forensic Investigation
blockchain, we retain the data root; that is, in our work, any
alteration made to the data is saved and traced by GNNSC in If a cybercrime has been detected, the designated investi-
the blockchain. gator (police and lawyers) must examine the digital evi-
The evidence has the hash value of the public ledger in dence. CAS also authenticates the investigator prior to the
the blockchain. We give a SHA-3-512 algorithm better in inquiry. If a criminal enters an election voting room, his
terms of security for hash value generation. The hash value in basic details, such as his Aadhar number and voter id, are
SHA-3 is determined accordingly for each block: kept in the election commission’s database. If he tries to
update or erase the evidence history by hacking the database,
hash � sponge[g, pa d, q](T, L). (10) deleting, or modifying his entry into the voting space, he is
attempting to upgrade or remove the evidence history.
The hash unique value can be calculated here designed for Given that every one of the evidence record logs stored
input, that is, transaction (T) padding q, permutation g within a blockchain, we know that it is a distributed ledger
function, and output length L. The hash value is often created and our suggested forensic architecture will be useful in this
by the “sponge building” mechanism in SHA-3-512 as in situation. It also passes the strong authentication before
EQATERY (10) rather than by the “sponge building” proce- gaining access to the device. According to the investigator,
dure. Accepting SHA-3-512 for hash calculations may bring the following steps should be taken when analyzing data.
various benefits over the current system with respect to time
consumption and protection. Let us look at the U1 user’s data 5.1. Evidence Identification. The first step in a digital forensic
d1 at time t1 in the cloud. After that, the block is formed by d1 investigation is to locate a possible evidence source of re-
and the hash value is created by SHA-3-512. Each transaction, liable evidence. As a result, the investigator must obtain legal
i.e., the shift kept on d1, is based on the time the GNNSC block consent from the relevant authority as shown in Table 3.
was installed in the system. Every update is processed and
circulated as evidence in the blockchain network between the
peers. The log contains the user name, IP address, time, and all 5.2. Evidence Acquisition. The investigator possibly will
other hardware information of the proof. The proof log, in- gather round all evidence log records of the blockchain by
formation history, is kept as the proof for each change found in way of the consent of officially authorized authorities. The
detail in the blockchain. Past of data can involve lines that evidence log recorded inside the study contains mutual
describe changes, ownership transition, and other behaviors on credentials of the user and evidence based on hardware.
cloud-specific data. Algorithm 4 explains the method of col- During this time, the investigators will have to adhere to
lecting evidence. In favor of each single data residing within the court restrictions while also abiding by SLA agreements.
cloud, the evidence can be gathered and preserved within the
blockchain here. Furthermore, in the cloud environment, 5.3. Evidence Analysis. The investigator then goes through
GNNSC tracks and wheels the ease of access of data stored by all data logs and compiles a report on digital evidence.
users. Logical graph with evidence for better research, this paper
During our initiative, we use smart contracts to alert cloud proposes a graph of proof. The evidence is used to build a
server when a graph theory law, which is often integrated as a graph of data with matching log attributes. If the perpetrator
proof record within the blockchain, is met. Many registered checks in at a polling site, submit the history of persons
users will be able to the right of entry information contained visited in the voting center, i.e., original details, just before
in the cloud atmosphere. This thesis draws intelligent con- the cloud to the administration of the election commission,
tracts from the graphology that functions on a secret stage of i.e., a registered person. The evidence is currently being
data. The smart contract is executed by means of the graph developed on blockchain for each one log record attribute
theory principles used in the framework. Figure 5 demon- (source_IP, timestamp, actions made, transaction hash,
strates GNNSC’s pictorial representation. FSC presence tracks server of virtual machine, DFS_ID, and the like).
all big activities conducted under the data contained in the Think about the case where the suspect’s check-in history
cloud server machine. Thus, any accurate evidence of the was changed at t2. Then, in a subsequent block of log at-
cloud server machine is gathered, and the correctness of tributes, the next log is modified. Similarly, as soon as the
evidence is conserved using blockchain technologies in our hacker tries to access the information or erase it from the
proposed forensic architecture. cloud, this should be treated as evidence and recorded in the
Table 2 displays the laws of graph theory in GNNSC [57]. subsequent block. The investigator must complete the fol-
Because of these sets of laws, the statement is generated and lowing steps to create a graph of evidence:
saved like an evidence log. A modification of the data made
after previous access is the previous danger. If the earlier (1) Sequentially arrange the evidence according to the
hazard is restricted and information is nonconfidential, the timestamp
log right of entry evidence will be overlooked and the report (2) Store each evidence through its attributes of log
will not be produced. The produced statement is well record
10 Scientific Programming

Input: cloud, user, data

Outcome: collected digital evidence
(1) Start
(2) For every CUi ϵ CU
(3) Creates Cloud users with GNNSC
(4) End for
(5) For every data
(6) U1 stores d1 in Infrastructure as a Cloud Service
(7) Create the block for d1
(8) Calculate Hash value (d1) with the help of Equation (10)
(9) Track d1 and modernize the evidence
(10) End for
(11) For every transaction on d1
(12) Store Log timestamp, source or origin IP, Visual machine disk filetransaction hashdetails, Virtual Machine server, actions
made, etc.
(13) If (Graphtheoryrulesarenottrue)//GNNSC
(14) Report Generation
(15) Else
(16) Do not produce the report
(17) End of if
(18) End of for
(19) End

ALGORITHM 4: Efficient Evidence Collection Method (Pseudocode).

Input
Smart Contracts
Data type

Past Risk Output Report

Graph Neural
Generated
Network
Yes/No
Action Mode

Figure 5: Pictorial representation of GNNSC.

Table 2: Attribute rules for GNNSC.

Data type Past risk Action performed Report generation by GNNSC
Nonconfidential Low Read No
Confidential Low Read No
Nonconfidential Low Edit No
Confidential Low Edit Yes
Nonconfidential Low Delete Yes
Confidential Low Delete Yes
Nonconfidential High Read No
Confidential High Read Yes
Nonconfidential High Edit No
Confidential High Edit Yes
Nonconfidential High Delete Yes
Confidential High Delete Yes

Table 3: Evidence sample along with attributes.

Evidence
Virtual
identity Different Accessed Performed Block
IP_Source Upload_User Hash_Tn Location_Attribute machine DFS
(ID) timestamps user actions hash
server

001 Ts1 192.168.10.xx User A User A m-bits Upload n-bits ZZZ Pqrst 1
002 Ts2 192.168.10.xx User A User A m-bits Read n-bits ZZZ Pqrst 2
Scientific Programming 11

Table 3: Continued.
Evidence
Virtual
identity Different Accessed Performed Block
IP_Source Upload_User Hash_Tn Location_Attribute machine DFS
(ID) timestamps user actions hash
server

003 Ts3 192.168.10.xy User A User X m-bits Read n-bits ZZZ Pqrst 3
004 Ts4 192.168.10.xx User A User X m-bits Edit n-bits zzz pqrstklj 3
005 Ts5 192.168.10.xx User A User X m-bits Edit n-bits ZZZ pqrstbvf 1
006 Ts6 192.168.10.xy User A User A m-bits Upload n-bits ZZZ Pqrst 2
007 Ts7 192.168.10.xx User A User B m-bits Upload n-bits ZZZ Pqrst 1
008 Ts8 192.168.10.xx User A User B m-bits Delete n-bits zzz Pqrst 1

(3) Build an evidence graph according the evidence simulation environment in this section and at that time
order and log record attributes judge on our designed architecture of cloud forensic to the
prior centralized log record process collection.
Table 2 shows properties of the survey evidence col-
lection. A graph of evidence can be constructed using these
data, as seen in Figure 6. The investigator can see from the
graph of evidence that the suspect has edited (modified) the 5.5.1. Configuration and Simulation. In a combined simu-
evidence (User X). However, the authorized user’s location lation platform, we configure our designed architecture for
and IP addresses are different. Consider the case where the cloud forensic. Using CloudSim, we introduced an IaaS
suspect’s check-in history was changed at t2. Then, in a cloud environment in Python. Blockchain is the built data
subsequent block of log attributes, the next log is modified. storage mechanism of IaaS cloud in Python Programming as
Similarly, when the suspect tries to hack these data or erase described in the following Algorithm 5:
them from the cloud, this is treated as evidence and recorded Both tests were run on Ubuntu OS by means of an Core-
in the subsequent block. i7 Intel CPU running next to 2.80 GHz, 16 GB of RAM, and a
1000 GB SSD. The simulator version network 3.30 simulator,
that is committed to network simulation for the software-
5.4. Reporting of Evidence. At the evidence review level, defined networks, is also compatible with the cloud and
every one of the evidence within the graph of evidence is blockchain environment. The Python platform’s perfor-
authenticated using a cryptographic digital signature that is mance is merged by ns-3.30, in the direction to create a
kept together in the midst of the value of hash and data. Data simulation environment.
should be signed earlier than being sent to the cloud The Ubuntu operating system underpins the entire work;
according to our proposal. As a result, at what time an we use NetBeans-8.2 for PYTHON blockchain setup, Net-
intruder could modify the evidence data, he or she should work Simulator-3 for software-based network simulator,
generate a digital signed signature. and CloudSim for IaaS cloud deployment.
For all evidence, the current transaction’s hash value is Table 4 of our experiments explains the important pa-
stored at the blockchain. The hash significance of data stored rameters of simulation used in the direction of applying our
in the cloud must match the Merkle tree root value of the designed architecture of cloud forensic. Prior to we get
block. The investigator compiles a report based on these interested in the study, we will go through a real-world use of
findings and submits it to the court as a digital testimony. the proposed forensic scheme.
From acquisition to submission to juridictionary, algorithm, The Proof-of-Work principle is used by the miner to
number 4 illustrates the collection process of evidence. validate the blockchain. A corresponding block is generated
As a result, our designed architecture of cloud forensic, for each piece of data that the user stores in the cloud
which incorporates blockchain and SDN technologies, al- environment and the stored hash values.
lows for secure collecting evidence from the cloud. A strong
authentication protocol stops unauthorised users from
Use Case Diagram of Our Designed Architecture of Cloud
gaining access to the cloud environment, while a sensitivity
Forensic Using Blockchain (FAuB). IaaS will be a cloud
aware encryption process improves data protection. Evi-
environment to be extremely versatile and can be used by
dence storage using blockchain and SDN is an intellectual
any rising business. Many real-world implementations will
approach for distributed data protection. From evidence
benefit from our designed architecture of cloud forensic IaaS
analysis to evidence reporting to the court, our designed
platform. In this paper, we look at one application of the
architecture of cloud forensic facilitates the whole
proposed work in crime detection. Consider several voting
investigation.
centers that store their data such as voter records, financial
information, maintenance information, personnel informa-
5.5. Investigational Result Evaluation. Within this investi- tion, and surveillance information into IaaS cloud. Each data
gation result evolution, we compare the efficiency mea- should be encrypted depending on top of the extent of data
surements of the designed architecture of cloud forensic protection earlier than being outsourced to the cloud, as per
with the earlier research contributions. We present our our job. Furthermore, each voting center’s administrator
12 Scientific Programming

UA User

Evidence
001 002 003 004 005 006 007 008

UA UB User
UX

192.168.10.x 192.168.10.x 192.168.10.x 192.168.10.xy Source

Location
ZZZ zzz

VM
pqrst pqrstbvf pqrstklj

Delete Edit Action

Read Upload Update

Figure 6: Evidence analysis scenario.

Evidence as: input

Evidence as: inputGraph of evidence as an: output
(1) Begin
(2) Using the SBVM system, verify the investigator’s identity.
(3) Determine the case’s evidence.
(4) Collect evidence in the form of {Evidence_Identity, Time_stamp, IP_Source, uploaded_User, accessed_User,
Performed_Actions, Hash_Tn, Block Hash, Location_Attribute, virtual machine server, and OFS ID} from blockchain.
(5) Create an evidence graph by means of attributes of evidence.
(6) For every one of the evidence
(7) Ensure that {Block_Hash && IP_Source} are right and correct.
(8) If this is the case (Verification D True)
(9) Verify the signature//Validation of evidence
(10) If this is the case (Signature is valid)
(11) Collect reliable evidence
(12) Else
(13) Prepare illegitimate evidence
(14) End if
(15) End if
(16) End for
(17) Prepare and share the copy of evidence with the jurisdictionary court.
(18) End

ALGORITHM 5: For forensic investigation.

must be CAS-registered. The SDN controller collects evidence be used in the data obtained from security cameras. This
designed for every one of the data stored within the cloud could aid detectives in locating the suspect as soon as
atmosphere and stores it on a blockchain. Additionally, each possible. Any change made to the voter registration database
admin may use GNNSC to monitor their data. and surveillance data is recorded within the blockchain as
Figure 7 depicts an example of the anticipated use case. evidence. The perpetrator will erase or change the register of
Consider the case of a suspect who voted for a few hours at the voter registry and the data of surveillance contained
the polling center A. The suspect’s information will then be inside the cloud if we do not have a good forensics mech-
found in the voting center A’s election record file. Fur- anism architecture. Every evidence is preserved in the
thermore, video of the perpetrator in the polling center will blockchain, that is, a distributed block ledger, in our
Scientific Programming 13

Table 4: Simulation configuration setting.

Parameters Value
Number of users 120
Number of OFSs 8
Number of controllers 1
Number of cloud authentication servers (CAS) 1
Number of keys generated 120
Cuckoo Maximum iteration 120
Number of hidden layers 4
EL GAMAL
Key size 256
Block size 576
Word size 64 bits
SHA-3 Number of rounds 24
Customized contract GNNSC
Maximum handles 2048
Number of virtual machines 35
Cloud Average RAM 512 MB
Average bandwidth 1000000 MB
Simulation time 100 ms

Court

DFS
DFS
Digital Evidence
Submission

BlockChain

Modify Evidence

IaaS Cloud Suspect

SDN
controller
Figure 7: Digital forensic crime investigation case diagram.

proposed forensic architecture. We also store the VM logs in architecture of cloud forensic that collects in addition to
the blockchain as evidence. The investigator will obtain storing digital information safely using SDN and blockchain
information from the blockchain even though the hacker technologies to overcome these challenges.
changes and modifies the details on the cloud. Plotting an
evidence graph with the collected data log will reveal (1) Response Time Comparison. The time in use for users on
whether there are any differences in the evidence. The in- the way to get a response to a data request is known as
vestigator will pass the digital evidence from a CoC to the response time. The number of users interested in the forensic
court based on the evidence obtained from blockchain. method validates this metric. In supplementary terminology,
response time refers to the time it takes the forensic method
5.5.2. Comparative Analysis. This section compares our to provide the necessary information or documentation to
designed architecture of cloud forensic to the current the users.
CFLOG [5] framework for safely collecting digital evidence. In Figure 8, the designed architecture of cloud forensic
In CFLOG, the evidence is collected and stored in a cen- SDN-blockchain-based forensic framework is compared
tralized fashion, which is a major contrast between current with the current CFLOG framework, which has a centralized
forensic infrastructure and CFLOG. As mentioned in Sec- framework. The numeral of requests of users increases by
tion 3, this causes several problems. We designed an means of the increase inside the number of users in both
14 Scientific Programming

works, so the response time steadily increases with the in- from the controller. In addition, for the improved studies,
creasing user numbers. Still, for more user number, our evidence testing is carried out by creating a graph of ev-
designed architecture of cloud forensic responds to the idence. Furthermore, we suggested SHA-3-based hash
requested users easily. That use of software-defined network computation to maintain evidence consistency while re-
technologies improves the ability of scaling or the ability to ducing time consumption. As a result, we gain evidence
accommodate a large number of users at the same time. As a integrity with the least amount of time spent on evidence
result, any cloud user can link to the server of the cloud verification.
instantly as well as download the data requested by users. In the presence of ten users, CFLOG takes 62 milli-
Similarly, the prosecutor should be able to obtain infor- seconds to collect and validate digital evidence, while the
mation from the blockchain without having to wait for the planned digital forensics FAuB takes just 37 milliseconds,
SDN controller to respond. reducing the verification time by nearly half.
As a result, the proposed forensic architecture reduces
the time of response. CSP performs together data managing (4) Computational Overhead Comparison. The bandwidth
as well as evidence collection in a consolidated fashion in amount used in the direction of executing a particular ac-
CFLOG, which increases the response time when there are a tivity (transfer data, reading, update, generation of evidence,
large number of users. The CFLOG system takes 100 ms to and verification of evidence) within the system of forensic is
answer in the presence of 120 users, while the designed known as computational overhead.
architecture of cloud forensic system takes 72 ms intended Figure 11 depicts a comparison of computational
for the identical amount of user numbers. As a result, the overhead based on different user numbers. Because the
designed architecture of cloud forensic outperforms the amount of data on the way to be interpreted grows in
CFLOG system by 27%. tandem with the number of users, the computational
overhead increases. The computational overhead is raised in
(2) Evidence Insertion Time Comparison. The point in the the absence of blockchain technologies owing to centralized
time it takes to (or create) insert digital data of evidence device administration. Both data and evidence collection in
collected on a server of the cloud is known as evidence CFLOG occurs in CSP, which raises the overhead.
insertion time. It can know how to exist and describe at the The suggested forensic method, on the other hand, keeps
same time as the time it takes SDN plane controller to indication processing like collection, hash reckoning, and
generate a proof meant for the CSP’s stored data inside our conservancy on the SDN controller, reducing the total
analysis. computational overhead. Furthermore, incorporating SDN
The insertion of evidence period as a function of the technology increases scalability without adding overhead.
different user numbers is shown in Figure 9. When the user Thus, the proposed digital forensic infrastructure adds 8 KB
number grows, so does the volume of data that must be alive of overhead for ten cloud customers, while the CFLOG
stored and the number of pieces digital evidence that must framework adds 10 KB of overhead.
be generated. As a result, the amount of time it takes to insert
evidence increases as the number of users increases in all (5) Total Change Rate Comparison. The rate of total change is
works. Every one of the evidence should be unruffled and calculated by dividing the amount of evidence modification
stockpiled in a consolidated way beneath the supervision of by total evidence existing within the forensic framework
CSP in the CFLOG process. facing problems with the old CFLOG system as shown in
As a result, the centralized evidence collection procedure Figure 12. When a hacker person changes data to organize
lengthens the time it takes to insert evidence. In addition, we on the way to destroy evidence, the net modification rate
protect the history of data in our work, which means that each rises. The collected data must be accurate, and the evidence’s
change to data is treated as evidence and incorporated into the accuracy must be maintained for an effective forensic
blockchain. The SDN controller, on the other hand, is in method. Since only registered users are included in the
charge of creating and preserving documentation without the proposed forensics scheme, any information along with data
intervention of CSP. As a result, relative to previous work, of unauthorised users is refused. Furthermore, we use
evidence insertion in blockchain takes less time. blockchain technology based on top of the SHA-3 algorithm
to maintain the credibility of evidence.
(3) Evidence Verification Time Comparison. The time it takes According to our findings, the proposed forensic method
an investigator in the direction of collecting and validating modifies 11.1% of the evidence. However, since we guarantee
the evidence commencing a blockchain is known as evidence credibility, CoC, and PoO for evidence, this alteration is also
verification time. registered as evidence in the blockchain. Because (i) cen-
The time taken for verification of evidence within the tralized infrastructure ever since CSP can be able to be
CFLOG process and the proposed forensic system is malicious, (ii) node single vulnerability (an attacker just
compared in Figure 10. The proposed automated forensic wants to break CSP’s), (iii) no credibility is protected, as well
technology achieves the shortest possible time for evidence as (iv) interference to unauthorised user’s accessing, ap-
verification. The investigator would use CSP to collect proximately 60% of evidence is changed in the CFLOG
evidence in the CFLOG process, and the verification is process. We overcome all issues by means of the help of
done in the conventional method. Instead of CSP, the blockchain and SDN technologies that reduces the system’s
investigator in the suggested work aggregates all evidence overall change total rate.
Scientific Programming 15

100

Response Time (ms)

80
60
40
20
0
10 20 30 40 50 60 70 80 90 100 110 120
Number of Users

FAuB
CFLOG
Figure 8: Response time comparison analysis.

100
Evidence insertion

80
time (ms)

60
40
20
0
10 20 30 40 50 60 70 80 90 100 110 120
Number of User

FAuB
CFLOG
Figure 9: Evidence insertion time comparison analysis.

100
Evidance Varification

80
Time (ms)

60
40
20
0
10 20 30 40 50 60 70 80 90 100 110 120
Number of User
FAuB
CFLOG
Figure 10: Evidence verification comparison analysis.

20
Computational
Overhead (KB)

15
10
5
0
10 20 30 40 50 60 70 80 90 100 110 120
Number of User

FAuB
CFLOG
Figure 11: Computational overhead comparison analysis.

Table 5 compares the cumulative outcomes of the CFLOG (6) Efficiency of CB-EL GAMAL with Cuckoo Algorithm.
process and the proposed forensic system in terms of per- The elliptic curve cryptography (ECC) algorithm is reg-
formance measurements. We will see that each metric has ularly used design for digital signature concept in
improved with the proposed digital forensic FAuB architecture. blockchain technology. On the other hand, there are
16 Scientific Programming

Total change Rate (%)

80
60
40
20
0
10 20 30 40 50 60 70 80 90 100 110 120
Number of User

FAuB
CFLOG
Figure 12: Total change rate comparison analysis.

several issues with key generation, encryption, and de- Table 5: Analysis and comparison.
cryption. We suggested the CB-EL GAMAL algorithm Performance analysis Proposed digital forensic
with the cuckoo search optimization algorithm for key CFLOG
parameter architecture
generation to improve the conventional ECC algorithm. Computational overhead
As a result, we compare our proposed CB-EL GAMAL 12.5 9.10
time in KB
algorithm with the Paillier encryption algorithm proposed Evidence verification time
70 42.1
for blockchain technology using the cuckoo search op- in ms
timization algorithm. Evidence insertion time in
71 44.2
The suggested CB-EL GAMAL algorithm is examined ms
in detail from Figures 13–16. For a stable blockchain Response time in ms 88.5 65.3
Total change rate in % 52 11.1
architecture, the Paillier encryption algorithm is pro-
posed. The Paillier encryption scheme, on the other hand,
quickly improves key generation, encryption, and de-
cryption times. The Paillier scheme consumes more time
because it involves massive homomorphic computations.
Key Generation Time in

600
On the other hand, data encryption is necessary in the 500
environment of cloud and here the determination by several 400
(ms)

users. The algorithm of Paillier takes an average of 500 300

milliseconds to generate a key. Encryption and decryption, 200
on the other hand, necessitate a significant amount of time, 100
which is incompatible with the cloud environment. 0
10 20 30 40 50 60 70 80 90 100 110 120
The proposed CB-EL GAMAL algorithm, on the other Number of User
hand, reduces the key generation time by using the cuckoo
algorithm, which has a quick convergence time. Similarly, CB-EL GAMAL
the CB-EL GAMAL algorithm’s deep architecture reduces Paillier
the time taken for encryption and decryption. As a result, the Figure 13: Key generation comparison analysis.
suggested SA-ECC algorithm outperforms the traditional
algorithm in terms of increasing protection without in-
creasing time consumption.
Encryption Time in (ms)

300
(7) SHA-3 Algorithm Efficiency. The most widely used 250
hashing algorithm is used in blockchain technology. Hash 200
computation in our proposed forensic scheme to increase 150
the hash computation time and security standard is calcu- 100
lated by the SHA-3 algorithm. 50
Graph 10 compares the hash computation time of the 0
10 20 30 40 50 60 70 80 90 100 110 120
proposed SHA-3 algorithm with that of the previous (SHA- Number of Users
256) 2 algorithm. In this review, SHA-3 reduces the cal-
culation time of hash for 100 users to 16 milliseconds lacking CB-EL GAMAL
sacrificing security. Inside general, SHA-3 outperforms Paillier
SHA-256 against a variety of security threats, including Figure 14: Encryption time comparison analysis.
length extension attacks. As a result, Merkle tree SHA-3
algorithm can construct a tree and increase protection
without adding time to the process. according to the report. The use of blockchain and SDN
Overall, the proposed digital forensic FAuB archi- technologies increases the efficiency and scalability of the
tecture outperforms the current CFLOG scheme system.
Scientific Programming 17

Data Availability
Time in (ms)
400
Decryption

200
The datasets generated during and/or analyzed during the
0 current study are not publicly available but are available
10 20 30 40 50 60 70 80 90 100 110 120 from the corresponding author who was an organizer of the
Number of Users
study.
CB-EL GAMAL with Cuckoo
Paillear
Conflicts of Interest
Figure 15: Decryption time comparison analysis.
The authors declare that they have no conflicts of interest.

References
50
Hash Computation

40 [1] A. A. Syed, M. Shahzad, and S. Farhan, “Analysis of cloud

Time in (ms)

30 forensics techniques for emerging technologies,” in Pro-

20 ceedings of the International Conference on Computing, Net-
10 working, Telecommunications & Engineering Sciences
0 Applications (CoNTESA), Tirana, Albania, December 2020.
10 20 30 40 50 60 70 80 90 100 110 120 [2] N. Kumar and I. Chana, “Load balancing and job migration
Number of Users techniques in grid: a survey of recent trends,” Wireless Per-
Secure Hash Algorithm-3 (256-2)
sonal Communications, vol. 79, pp. 2089–2125, 2014.
Secure Hash Algorithm-3
[3] N. Rathore and I. Chana, “Job migration with fault tolerance
based QoS scheduling using hash table functionality in social
Figure 16: Hash computational time comparison analysis. Grid computing,” Journal of Intelligent and Fuzzy Systems,
vol. 27, no. 6, pp. 2821–2833, 2014.
[4] A. Ahmed, F. A. Hany, and B. W. Gary, “Expert review of a
6. Conclusion cloud forensic readiness framework for organizations,”
Journal of Cloud Computing, vol. 8, p. 11, 2019.
In this research work, with blockchain technology, a [5] V. Sharma, R. Kumar, and N. Kumar Rathore, “Topological
valuable architecture of digital forensic is proposed to broadcasting using parameter sensitivity-based logical prox-
gather and safeguard unfailing evidence from the sub- imity graphs in coordinated ground-flying ad hoc networks,”
structure as a service cloud environment. Cloud authen- Journal of Wireless Mobile Networks Ubiquitous Computing
tication server CAS, with a secure verification mechanism and Dependable Applications (JoWUA), SCOPUS indexed,
vol. 6, no. 3, pp. 54–72, 2015.
known as the SBVM, authenticates all cloud users. The CB-
[6] A. K. Abdullahi, J. Aman, N. Y. Mohd, M. Aminu,
EL GAMAL algorithm was proposed for data security. The K. I. Mohamad, and R. M. N., “Evidence collection and fo-
cuckoo algorithm is proposed to generate secret key. A rensic challenges in cloud environment,” MACE Technical
block in the controller is formed for every evidence stowed Journal (MTJ) MTJ, vol. 1, no. 1, pp. 2710–6632, 2019.
in the cloud. The integrity of evidence is ensured in every [7] O. Akter, A. Arnisha, A. Akther, M. A. Uddin, and
block by SHA-3-512-based hash tree building. All evidence M. Manowarul Islam, “Cloud forensics: challenges and
is collected, and blockchain technology maintains evidence blockchain based solutions,” International Journal of Wireless
integrity, data origin, data link, digital evidence, ownership and Microwave Technologies, vol. 10, no. 5, pp. 1–12, 2020.
evidence, and custody chain. GNNSC is deployed in the [8] N. Kumar, “Dynamic threshold-based load balancing algo-
system to trace data activities. The CB-EL GAMAL algo- rithms,” in Wireless Personal Communication, vol. 91,
rithm is proposed for data protection. The cuckoo algo- pp. 151–185, no. 1, Springer Publication, New-York, NY,
USA, 2016.
rithm generates optimum keys before that. At the
[9] N. K. Rathore and I. Chana, “Job migration policies for grid
controller, a block is spawned for each piece of cloud data. environment,” Wireless Personal Communications, vol. 89,
Merkle tree structure based on SHA-3 guarantees the no. 1, pp. 241–269, 2016.
consistency of evidence in each block. All documentation is [10] A. K. Samuel and J. Suhardi & Tutun, “Modeling cloud fo-
collected, and the chain of custody and proof of ownership rensics readiness using MetaAnalysis approach,” in Pro-
(CoC and PoO) are maintained using blockchain tech- ceedings of the IEEE, International Conference on Information
nology. GNNSC is installed in the system to monitor data Technology Systems and Innovation (ICITSI), Bandung,
events. Finally, the use of a graph for evidence analysis Indonesia, 2020.
simplifies the evidence analysis. Overall, the forensic device [11] A. K. Haider, E. Gregory, and D. Herbert, “Blockchain for
is investigated using a Python and ns-3.30 simulation modern digital forensics: the chain-of-custody as a distributed
ledger,” in Part of the Advanced Sciences and Technologies for
environment. Experimental findings suggest that the
Security Applications Book Series (ASTSA), Springer, Berlin,
proposed forensic architecture outperforms the current Germany, 2019.
unified forensic system. To improve the digital forensic [12] A. Akbarzadeh and E. Shadkam, “The study of cuckoo op-
infrastructure, we want to integrate network forensics in timization algorithm for production planning problem,” In-
software-based networks as well as cloud forensics in the ternational Journal of Computer Applications in Technology,
future [58–60]. vol. 2, no. 3, 2015.
18 Scientific Programming

[13] N. K. Jain, N. K. Rathore, and A. Mishra, “An efficient image Intelligence and Big Data (ICAIBD), IEEE, Chengdu, China,
forgery detection using biorthogonal wavelet transform and 2020.
improved relevance vector machine,” Wireless Personal [30] P. R. Brandao, “Computer forensics in cloud computing
Communications, vol. 101, no. 4, pp. 1983–2008, 2018. systems,” Budapest International Research in Exact Sciences
[14] N. Jain, N. Rathore, and A. Mishra, “An efficient image (BirEx) Journal, vol. 1, no. 1, pp. 71–86, 2019.
forgery detection using biorthogonal wavelet transform and [31] N. Kumar, “Faults in grid,” International Journal of Software
improved relevance vector machine with some attacks,” and Computer Science Engineering, MANTECH PUB-
Interciencia Journal, vol. 42, no. 11, pp. 95–120, 2017. LIATIONS, vol. 1, no. 1, pp. 1–19, 2016.
[15] D. Choudhary and S. Malasri, “Machine learning techniques [32] R. K. T. Siva and A. S. N. Chakravarthy, Intrusion Detection
for estimating amount of coolant required in shipping of System for Cloud Forensics Using Bayesian Fuzzy Clustering
temperature sensitive products,” International Journal of and Optimization Based SVNN, Springer-Verlag GmbH
Emerging Technology and Advanced Engineering, vol. 10, Germany, part of Springer Nature, Berlin, Germany, 2020.
no. 10, pp. 67–70, 2021. [33] R. Neeraj, “Installation of Alchemi.net in computational grid,”
[16] N. K. Rathore, D. Pandey, R. I. Doewes, and A. Bhatt, “A novel i-manager’s Journal on Computer Science, vol. 4, no. 2, pp. 1–5,
security technique based on controlled pixel based encryption 2016.
of image blocks for sharing a secret image,” in Wireless [34] R. A. Rahman, S. Masrom, S. Masrom, N. B. Zakaria, and
Personal Communication, Springer Publication, New York, S. Halid, “Auditor choice prediction model using corporate
NY, USA, 2021. governance and ownership attributes: machine learning ap-
[17] E. H. Ezz and D. H. Manjaiah, “An efficient digital forensic proach,” International Journal of Emerging Technology and
model for cybercrime investigation in cloud computing,” Advanced Engineering, vol. 11, no. 7, pp. 87–94, 2021.
Multimedia Tools and Applications, vol. 80, pp. 14255–14282, [35] K. Neeraj, “Ethical hacking & security against cyber crime,”
Springer, Berlin, Germany. Journal of Information Technology, vol. 5, no. 1, pp. 7–11, 2016.
[18] R. Neeraj and I. Chana, “Variable threshold-based hierar- [36] F. Khan and N. Rathore, “Internet of Things a review article,”
chical load balancing technique in Grid,” Engineering with Journal of Cloud Computing, vol. 5, no. 1, pp. 20–25, 2018.
[37] N. Kumar and F. Khan, “Survey of IoT,” Journal of Cloud
computers, vol. 31, pp. 597–615, 2015.
Computing, ManTech Publication, vol. 1, no. 1, pp. 1–13, 2018.
[19] K. Mndeep, K. Navreet, and K. Suman, “A literature review on
[38] N. Rathore, “Map reduce architecture for grid,” Journal of
cyber forensic and its analysis tools,” International Journal of
Software Engineering, vol. 10, no. 1, pp. 21–30, 2015.
Advanced Research In Computer And Communication Engi-
[39] A. Nahar and S. Sharma, “Machine learning techniques for
neering, vol. 5, no. 1, 2016.
diabetes prediction: a Review, 2020,” International Journal of
[20] L. Pradeep and N. Rathore, “Load balancing algorithm in
Emerging Technology and Advanced Engineering (ISSN
distributed network,” Solid State Technology, vol. 63, no. 2s,
2250–2459), vol. 10, no. 3, pp. 28–34, 2020.
2020.
[40] N. Kumar, “Checkpointing: fault tolerance mechanism,”
[21] N. Jain, A. Mishra, and N. Kumar, “Image forgery detection
Journal of Cloud Computing, vol. 3, no. 4, pp. 27–34, 2016.
using singular value decomposition with some attacks,” in [41] F. Ye, Y. Zheng, X. Fu, B. Luo, X. Du, and M. Guizani,
National Academy of Science Letters, Springer Publication, “TamForen: a tamper-proof cloud forensic framework,” in
Berlin, Germany, 2020. Transactions on Emerging Telecommunications Technologies,
[22] P. Srivastava and A. Choudhary, “Evolving evidence gathering p. e4178, John Wiley & Sons, Hoboken, NJ, USA, 2020.
process: cloud forensics,” in Proceedings of the International [42] N. Kumar and J. Rathore, “Efficient checkpoint Algorithm for
Conference on Big Data, Machine Learning and their Appli- distributed system,” International Journal of Engineering and
cations, vol. 150, Springer Nature Singapore Pte Ltd., Alla- Computer Science (IJECS), E-ISSN, vol. 1, no. 2, pp. 59–66,
habad, India, July 2021. 2019.
[23] N. Rathore, U. Rawat, and S. C. Kulhari, “Efficient hybrid load [43] I. Chana and N. Kumar, “Checkpointing algorithm in
balancing algorithm,” National Academy of Science Letters, alchemi.NET, pragyaan: journal of information technology,
Springer Publication, Berlin, Germany, 2020. IMS dehradun,” IEEE, CSI and MPCET, vol. 8, no. 1,
[24] M. G. Al-Thani, D. Yang, and D. y. Yang, “Machine learning pp. 32–38, 2010.
for the prediction of returned checks closing status,” Inter- [44] A. Goel and R. K. Bhujade, “A functional review, analysis and
national Journal of Emerging Technology and Advanced En- comparison ofposition permutation based image encryption
gineering, vol. 11, no. 6, pp. 19–26, 2021. techniques,” International Journal of Emerging Technology
[25] N. Kumar and P. K. Singh, “A comparative analysis of fuzzy and Advanced Engineering, vol. 10, no. 7, pp. 97–99, 2020.
based load balancing algorithm,” Journal of Computer Science, [45] Neeraj, “GridSim installation and implementation process,”
vol. 5, no. 2, pp. 23–33, 2017. Journal of Cloud Computing, vol. 2, no. 4, pp. 29–40, 2015.
[26] H. Singh and N. Kumar, “Analysis of grid simulators [46] N. Kumar and I. Chana, “Report on hierarchal load balancing
architechture,” Journal of Mobile Applications and Technol- technique in grid environment,” Journal of Information
ogies (JMT), vol. 4, no. 2, pp. 32–41, 2017. Technology, vol. 2, no. 4, pp. 21–35, 2013.
[27] N. Kumar, “A review towards: load balancing techniques,” [47] S. Meshram, S. Kumar, and S. Shukla, “Enhanced robust and
Journal of Power Systems Engineering (JPS), vol. 4, no. 4, invisible of digital imageusing discrete cosine transform
pp. 47–60, 2017. technique and binary shifting technique,” International
[28] N. Kumar, “Efficient agent-based priority scheduling and load Journal of Emerging Technology and Advanced Engineering,
balancing using fuzzy logic in grid computing,” Journal of vol. 10, no. 10, pp. 113–118, 2020.
Computer Science, vol. 3, no. 3, pp. 11–22, 2015. [48] D. Pandey, U. Rawat, and N. Kumar Rathore, “Distributed
[29] P. Liwen, L. Jing, and Li. Jin, “Information fusion-based biomedical scheme for controlled recovery of medical
digital forensics framework in cloud environment,” in Pro- encrypted images,” in Innovation and Research in BioMedical
ceedings of the 3rd International Conference on Artificial Engineering, Elsevier, Amsterdam, Netherlands, 2020.
Scientific Programming 19

[49] N. Rathore, “Performance of hybrid load balancing algorithm

in distributed web server system,” in Wireless Personal
Communication, vol. 101, pp. 1233–1246, no. 4, Springer
Publication, New York, NY, USA, 2018.
[50] N. Kumar Rathore, “Checkpointing: fault tolerance mecha-
nism,” Journal of Cloud Computing, vol. 3, no. 4, pp. 27–34,
2016.
[51] R. Bhatt, P. Maheshwary, P. Shukla, P. Shukla, M. Shrivastava,
and S. Changlani, “Implementation of fruit fly optimization
algorithm (FFOA) to escalate the attacking efficiency of node
capture attack in wireless sensor networks (WSN),” Computer
Communications, vol. 149, pp. 134–145, 2020.
[52] M. Saad Hamid, N. A. Manap, R. A. Hamzah, and
A. F. Kadmin, “Stereo matching algorithm based on hybrid
convolutional neural network and directional intensity dif-
ference,” International Journal of Emerging Technology and
Advanced Engineering, vol. 11, no. 6, pp. 87–96, 2021.
[53] D. Pathak and A. Verma, “Efficient and improved smart
parking system based on IoT,” International Journal of
Emerging Technology and Advanced Engineering, vol. 10, no. 3,
pp. 22–27, 2020.
[54] D. A. Pereira, R. R. Muñoz, and R. R. Muñoz, “Information
system for integrated medical records with access via IOT
technology,” International Journal of Emerging Technology
and Advanced Engineering, vol. 11, no. 4, pp. 6–17, 2021.
[55] E. D. Madyatmadja, T. R. Yulia, T. R. Yulia,
D. J. M. Sembiring, and S. M. B. P. Angin, “IoT usage on smart
campus: a systematic literature review,” International Journal
of Emerging Technology and Advanced Engineering, vol. 11,
no. 5, pp. 45–52, 2021.
[56] K. Vijayalakshmi, “Comparitive approach of data mining for
diabetes prediction and classification,” International Journal
of Emerging Technology and Advanced Engineering, vol. 10,
no. 2, pp. 19–26, 2020.
[57] V. K. Gugulothu and S. K. Mohan Rao, “Classification of IRS
LISS-III IMAGES by usingartificial neural networks,” Inter-
national Journal of Emerging Technology and Advanced En-
gineering, vol. 10, no. 4, pp. 24–31, 2020.
[58] Y. Peng and Z. Zheng, “Spectral clustering and transductive
SVM based hyperspectral image classification,” International
Journal of Emerging Technology and Advanced Engineering,
vol. 10, no. 4, pp. 72–77, 2020.
[59] N. R. Adytia and G. P. Kusuma, “Indonesian license plate
detection and identification using deep learning,” Interna-
tional Journal of Emerging Technology and Advanced Engi-
neering, vol. 11, no. 7, pp. 1–7, 2021.
[60] R. Chakraborty, S. Sanyal, and P. Das, “IoT based thermal
signature detector with alarm & e-mail notification with
integrated social gathering screening using computer vision,”
International Journal of Emerging Technology and Advanced
Engineering, vol. 10, no. 4, pp. 164–171, 2020.