NJ Croft and MS Olivier, "Sequenced Release of Privacy Accurate Call Data Record Information in a GSM Forensic Investigation," in HS Venter, JHP Eloff, L Labuschagne and MM Eloff (eds), Proceedings of the ISSA 2006 from Insight to Foresight Conference, Sandton, South Africa, July 2006 (Published electronically)
The Global System for Mobile Communication (GSM) is a popular mobile communication standard. GSM networks collect personal communication information required for the billing of its subscribers. These communication records, known as Call Data Records (CDRs), may infringe on basic subscriber privacy principles as personal details of performed network events are managed and stored by the serving GSM operator. The dilemma exists, how to achieve subscriber network operator privacy that is accountable, while retaining access to subscriber activities for a forensic investigation without the need for a search warrant. To balance the requirements of protection and forensics against those for privacy, one promising direction is to investigate methods that facilitate key escrow techniques where CDRs are concerned.
This paper discusses, from a technical perspective, the network components involved when conducting a mobile forensic analysis, and how these aspects are influenced by a forensic investigation in a GSM network. It finally shows how a balance is reached between security, privacy and forensics in a GSM network through the release of, by our definition, “privacy accurate” CDR information in a sequential manner. Access to the individual elements that comprise the private CDR information, is based on prior knowledge and proof of defined hypotheses at the outset of the investigation.
Our approach focuses on an accountable CDR Forensic Anonymity Model combined with the theory of compatible keys, forms an integral part of our requirement for the release of privacy accurate CDR information during a GSM mobile forensic investigation.
Privacy, GSM, CDR, Forensic Investigation
@INPROCEEDINGS(seqrel,
AUTHOR={Neil J Croft and Martin S Olivier},
TITLE={Sequenced Release of Privacy Accurate Call Data Record
Information in a {GSM} Forensic Investigation},
BOOKTITLE={Proceedings of the ISSA 2006 from Insight to Foresight Conference},
EDITOR={Hein S Venter and Jan H P Eloff and Les Labuschagne and Mariki M Eloff},
ADDRESS={Sandton, South Africa},
MONTH={July},
YEAR={2006},
NOTE={Published electronically}
)
The full text may be downloaded from http://mo.co.za/open/seqrel.pdf (PDF, 179K).
[Publications]
[Home]
Page maintained by
Martin Olivier
Last update: 10 November 2007