Where Will Your Evidence Be Located with “Cosmos Computing”?

Introduction

Imagine working a case where your digital evidence is all anonymous and encrypted.

Plus any data — files, documents, email, and all evidence of Internet use — is shredded into several pieces, with each piece individually encrypted using a different key.

To complicate matters even further, each piece of the encrypted and shredded data is then stored on different devices scattered all over the world.

What if we expand all of this to include data storage on satellites in space?

This scenario is what I call “Cosmos Computing,” and it could be the next version of the Internet.

What impact would this have on your investigations?

Let me explain one way this could happen…

Is It Even Possible?

Most of you are already familiar with cloud computing, where any type of data can be stored on a server in the Internet “cloud.”

Cloud computing has already created some big challenges for investigators. Before cloud technology existed, we could go to the IT department to obtain data from the network or collect data directly from user devices.

Now the data we need could be stored in several places, and we might not even know where the data is physically located or who controls access.

In this post, we won’t talk about the complexities related to cloud computing, such as managing security, malware, legal holds, and digital forensics data collection and preservation.

We’ll save those for another day.

What I want to describe for you is what I believe the Internet of the future might look like, and point out some issues that we need to be thinking about now.

“Cosmos”: The Next Step Beyond The Cloud…

There are several companies actively working on systems to provide broadband Internet signals from satellite networks or (believe it or not) balloons.

These include Google, OneWeb, and SpaceX.

The goal is to provide Internet access to everyone in the world, especially the people who currently have no way to connect.

One expert estimates that in the next six years, four billion new users will be connected to the Internet.

New earth-based 5G wireless networks will be 10-100 times faster than those we have today.
With all these new connections and the additional billions of Internet of Things devices that will be added, these new technologies will change the world in ways we can’t even imagine.

If we are going to have Internet signals from satellites in space, how much harder could it be to also have solar-powered satellites that store data?

Think about the possibilities of multiple networks of low, intermediate, and higher-altitude orbiting satellites, giving every individual on earth multiple sources of Internet connections…and new places to store their data.

Now Add Distributed and Decentralized Computing

With all this additional traffic, along with growing concerns related to privacy and security, I believe we might see a completely different and more sophisticated type of Internet.

Here’s one idea.

• Imagine a network where every device is capable of connecting directly to every other device. Remember, we must now think in terms of devices…not just computers. Tablets, smart phones, and connected Internet of Things devices can also be part of these networks.
• This network will need no centralized servers. Whoever owns any device they want to connect to our network can share part of that device’s processing power and data storage with other users of the network.
• When someone offers to share some of a device’s resources, first they’ll download special software to connect the device to the network.
• This software will create an encrypted “vault” on their device for use by others.
• For their contribution, the device owners are paid with an untraceable digital currency, depending on the amount of resources shared.
• For example, someone who shares 50 gigabytes of their data storage would be paid more than a person only sharing 25 gigabytes.
• Any user who wants to store data on the network will first download different software to connect.
• Users are charged a small fee, also paid with the same untraceable digital currency, but only for the amount of data storage or service they actually need.
• Data stored or transmitted on this network will always be secure, because everything will be encrypted.
• But we’ll go even further. Before it is sent, every file or other type of data will be broken into small pieces that are individually encrypted.
• Then, each piece of data will be encrypted again, just to add even more security.
• The network’s software will then make several copies of each piece of data for backup and redundancy.
• When the data is sent for storage to the network, each of our encrypted data pieces (including the copies) are sent to be stored on different devices all over the world.
• The network will be designed so that owners of those devices won’t have access to the data other users have stored with them.

To give you a physical analogy, let’s use an example of a one-page printed document that we want to save, but secure it so nobody else can ever see it.

• First, you’ll encrypt the document with a code that only you know.
• Then, you cut the page into 50 pieces.
• You make five copies of each piece of data, for a total of 250.
• Next, you seal each of the 250 pieces in 250 tamper-proof containers that require yet another code to open that only you know.
• Each of the 250 sealed containers is sent to a different trusted person to store until you need it back.
• Those 250 people can’t open the container. Even if they could they would see only one of the 50 coded pieces of the original document, and they wouldn’t be able to read any content.

Some Possible Results of This Network…

• A user’s medical records, financial records, and personal data would be secure, and the user would control every aspect of how that data were shared with another party.
• We might solve the data breach problem, since there would be no single point of attack to steal proprietary or personal information.
• Hackers wouldn’t be able to access any useful data, as it would all be encrypted.
• Distributed Denial of Service (DDoS) attacks will no longer work (if you want to learn more about DDOS attacks, here is a good place to start). The network would simply re-route the traffic around any targeted devices.
• The impact of malware would be limited due to the fragmentation and encryption of the data stored and transmitted on the network.
• Ransomware attacks and crypto-jacking would be almost impossible.

What Does This Mean For Investigators?

Since the network is completely decentralized, there is no central point of management that would have access to any of the data transmitted by or stored on the network.

No single device will store any of the encryption/decryption keys used on the network.

Court orders or subpoenas would not be effective, since no single entity or group could provide any useful data related to the activities of the network users.

The device where encrypted pieces of your evidence are stored today may be in a different location tomorrow and a different one the day after that.

In many ways, these types of networks could bring tremendous improvements to security and privacy compared to systems we all use today.

Do you still think the investigative scenario described in the introduction is impossible?

I think it’s much closer than you realize, and it raises many new questions:

• Where will your digital evidence be when these types of networks are deployed?
• How will legal jurisdiction be determined?
• Will we need new international laws?
• How will you collect and preserve digital data related to your investigation?
• What new types of technical expertise will be needed to investigate techno-crimes in this environment?

Conclusions

I think we’ve reached a point where our dependence on technology is so great that we need to make a choice.

We can choose to design new networks and systems that focus on security and privacy on the one side, but make it harder for law enforcement and/or intelligence agencies.

Or we can choose networks and devices that may not be as secure and private, but still allow access to evidence.

I’m not sure that you can have both, but that is a very complicated debate that we can have another time.

Finally…I have a confession to make.

Companies are already working on the “fictional” network I described above. I’ll tell you who they are in my next post.

Are you ready for Cosmos Computing?

If you are interested in being part of our mailing list to find out more information about techno-crimes and investigations, it’s easy to sign at the bottom of this page.