Proteus: A Practical Framework for Privacy-Preserving Device Logs
Sanket Goutam, Hunter Kippen, Mike Grace, Amir Rahmati
TL;DR
Proteus is a practical framework that enables privacy-preserving device logs, allowing forensic analysis without exposing PII, using a two-layer scheme with pseudonymization, encryption, and controlled sharing, validated on Android devices.
Contribution
Proteus introduces a novel two-layer privacy-preserving logging scheme with multi-snapshot protection and controlled access, enhancing data privacy without sacrificing log fidelity.
Findings
Median latency of 0.2 ms per message
Average overhead of 97.1 bytes per PII field
Effective privacy preservation on Android devices
Abstract
Device logs are essential for forensic investigations, enterprise monitoring, and fraud detection; however, they often leak personally identifiable information (PII) when exported for third-party analysis. Existing approaches either fail to minimize PII exposure across all stages of log collection and analysis or sacrifice data fidelity, resulting in less effective analysis. We present Proteus, a privacy-preserving device logging framework that enables forensic analysis without disclosing plaintext PII or compromising fidelity, even when facing adversaries with access to multiple snapshots of the log files. To achieve this, Proteus proposes a two-layer scheme that employs keyed-hash pseudonymization of PII fields and time-rotating encryption with ratcheted ephemeral keys to prevent multi-snapshot correlation. For controlled sharing, clients export ratchet states that grant time-bounded…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDigital and Cyber Forensics · Security and Verification in Computing · Advanced Malware Detection Techniques