Search

Billard David

Professeur HES associé

Main skills

Professeur HES associé

Phone: +41 22 558 54 79

Desktop: B 4.17

Haute école de gestion de Genève
Campus Battelle, Rue de la Tambourine 17, 1227 Carouge, CH

Faculty
Economie et services

Main Degree Programme
Informatique de gestion

No data to display for this section

2019

Digital forensics and privacy-by-design :

Book chapter ArODES

example in a blockchain-based dynamic navigation system

David Billard, Baptiste Bartolomei

Dans Bourka, Athena, Italiano, Giuseppe F., Medina, Manel, Naldi, Maurizio, Rannenberg, Kai, Privacy Technologies and Policy : 7th Annual Privacy Forum, APF 2019, Rome, Italy, June 13–14, 2019, Proceedings (Pp. 151-160). 2019, Cham, Switzerland : Springer

Link to the publication

Summary:

This research presents an experimental model and prototype to exploit digital evidence in Internet of Things (IoT). The novelty of this research is to consider new data privacy mechanisms that should be implemented in IoT, in compliance with the GDPR regulation, and their impact on digital forensic processes. The testbed is an innovative project for car navigation [1, 2], GDPR compatible, which offers users the possibility to submit their GPS position into a blockchain for obtaining road traffic information and alternative paths. The vehicles are communicating among themselves through IoTs and circumvent the use of third-party services. We propose a solution for forensic investigations of such a service by building a solid case thanks to the non-repudiable, immutable, identifiable as current and authentic properties of data logged into the blockchain. This solution applies to criminal and insurance cases, where law enforcement and individuals need to prove their claims.

Blockchain-based digital evidence inventory

Scientific paper ArODES

David Billard

Journal of advances in information technology, 2019, vol. 10, no. 2, pp. 41-47

Link to the publication

Summary:

This paper proposes the use of a blockchainbased structure in order to store evidences in a digital forensics investigation. The traditional chain of evidence is augmented with properties of immutability and traceability, thanks to a cryptographic process. The blockchain is constructed by forensics experts by adding evidences through the process. Since the blockchain is immutable, it can be shared among the different parties involved in a prosecution in order to review the chain of evidence and build their case. Furthermore, the blockchain structure can be applied to other forensics fields, like drugs, firearms, NDA. This blockchain is called a Digital Evidence Inventory (DEI) and is part of a wider framework encompassing a Forensics Confidence Rating (FCR) structure, in order to give experts the ability to rate the level of confidence for each evidence and a Global Digital Timeline (GDT) to order evidence through time. The whole framework is called ‘Aldiana’.

2009

Making sense of unstructured memory dumps from cell phones

Report ArODES

David Billard, Rolf Hauri

Genève : Haute école de gestion de Genève, 2009. 16 p. Cahier de recherche No HES-SO/HEG-GE/C--09/2/1--CH

Link to the publication

2020

Dismissing poisoned digital evidence from blockchain of custody

Conference ArODES

David Billard

Proceedings of the fifth International Conference on Cyber-Technologies and Cyber-Systems CYBER 2020

Link to the conference

Summary:

This paper presents a solution to dismiss a digital evidence from a permissioned blockchain-based legal system, serving as evidence chain of custody. When challenged into court, a digital evidence can be entirely dismissed, as well as all the procedural acts originating from this evidence, including personal gathered data. Since a blockchain, by design, cannot be altered, this paper proposes an alternative solution based on an access control to the blockchain. This solution relies on an additional structure, linked to the blockchain, representing the history and current legal state of the case. Access to the blockchain is controlled by first interrogating this additional structure in order to serve only legally accepted evidence. Therefore, an evidence stored into the blockchain is not destroyed, but is no longer visible nor accessible. Furthermore, evidence data is separated from the blockchain transaction’s payload, that holds only metadata, and this separation reinforces privacy protection. The solution presented in this paper is explainable to all parties to a court trial.

Digital forensics & real cases :

Conference ArODES

from prosecutor’s request to solution

Raffaele Olivieri, Stefania Costantini, David Billard

Proceedings of the International Workshop on Applications of AI to Forensics 2020 (AI2Forensics 2020)

Link to the conference

Tainted digital evidence and privacy protection in blockchain-based systems

Conference ArODES

David Billard

Forensic Science International: Digital Investigation (Proceedings of the Seventh Annual DFRWS Europe)

Link to the conference

2019

PLC hacking on sea vessels

Conference ArODES

David Billard

Proceedings of the 5th International Scientific Conference SEA-CONF 2019

Link to the conference

Summary:

This paper presents a case of alleged PLC (Programmable Logic controller) hacking aboard a commercial ship, and the forensic investigation of PLC components. It presents the lessons drawn from this case and the particular difficulty of investigating PLC and SCADA systems onboard. Whereas hacking is often seen as taking control of a ship, or part of a ship, it is also related to the alteration of the sensors, the PLCs, the data logger or the SCADA systems. This alteration can be done from a hacking group but in the investigated case, it is more likely an action triggered either by the ship owner, or the ship manufacturer himself. This paper also advocates for an addition of a section concerning cybersecurity in the SOLAS - Safety Of Life At Sea - convention or one of other IMO (International Maritime Organization) conventions.

2018

HACIT2 :

Conference ArODES

a privacy preserving, region based and blockchain application for dynamic navigation and Forensics in VANET

Kevin Decoster, David Billard

Proceedings of the 10th EAI International Conference on Ad Hoc Networks (ADHOCNETS 2018)

Link to the conference

Summary:

The current architecture for VANET related services relies on a Client-Server approach and leads to numerous drawbacks. Among them, data privacy concerns and service availability are of prime importance. Indeed, user data collected and stored in servers by providers may be used by third-party services. Particularly for navigation, users submit their GPS position in order to obtain road tra_c information and alternative paths. These services treat user privacy for their own purpose (commercial or not) (Beresford and Stajano, 2004) even if GPRD (European Parliament, 2014) is now enforced in Europe. We propose an innovative approach using blockchain technology to avoid the use of third parties services, which enable dynamic navigation rerouting within a _xed geographic zone while ensuring user anonymity. Furthermore, the approach will allow for legal authority to enable forensic analysis of the ledger without unnecessary violation of the user anonymity and privacy.

Weighted forensics evidence using blockchain

Conference ArODES

David Billard

Proceedings of the 2018 International Conference on Computing and Data Engineering

Link to the conference

Summary:

When digital evidence is presented in front of a court of law, it is seldom associated with a scientific evaluation of its relevance, or significance. When experts are challenged about the validity of the digital evidence, the general answer is “yes, to a reasonable degree of scientific certainty”. Which means all and nothing at the same time, since no scientific metric is volunteered. In this paper we aim at providing courts of law with weighted digital evidence. Each digital evidence is assigned with a confidence rating that eventually helps juries and magistrates in their endeavor. This paper presents a novel methodology in order to: - Provide digital forensics experts with the ability to form a digital evidence chain, the Digital Evidence Inventory (DEI), in a way similar to an evidence “block chain”, in order to capture evidence; - Give experts the ability to rate the level of confidence for each evidence in a Forensics Confidence Rating (FCR) structure; - Provide experts with a Global Digital Timeline (GDT) to order evidence through time. As a result, this methodology provides courts of law with sound digital evidences, having a confidence level expressed in metrics and ordered through a timeline. The objective of this work is to add a reliable pinch of scientific certainty when dealing with digital evidence.

HACIT :

Conference ArODES

a privacy preserving and low cost solution for dynamic navigation and Forensics in VANET

Kevin Decoster, David Billard

Proceedings of the 4th International Conference on Vehicle Technology and Intelligent Transport Systems (VEHITS 2018)

Link to the conference

Summary:

The current architecture for VANET related services relies on a Client-Server approach and leads to numerous drawbacks, such as network congestion due to the bottleneck problem or, more importantly, data privacy concerns. Indeed, because of the network topology, traffic must go through nodes which limit the bandwidth and thus bound the overall network capacity. Finally, user data is collected and stored in servers, used by third party services. However, these providers are known to treat lightly user privacy by selling or using the data for their own purposes (Beresford and Stajano, 2004). By use of a decentralized and distributed communication protocol (i.e. D2D), one can overcome these problems by spreading the communication burden to all nodes in the mesh. By means of cryptographic techniques, we can ensure that the shared data is secured and controlled at the end-user side. This paper presents a study and proposes a proof of concept of a decentralized and distributed information system by means of a dynamic navigation system for VANET, using a low-cost solution such as Wifi or LTE-direct new 3GPPP protocol. This system preserves user privacy and is augmented with forensics capabilities.

2016

PISCES :

Conference ArODES

a framework for privacy by design in IoT

Noria Foukia, David Billard, Eduardo Solana

Proceedings of the 2016 14th Annual Conference on Privacy, Security and Trust (PST)

Link to the conference

Summary:

We present PISCES (Privacy Incorporated and SeCurity Enhanced Systems) framework, which aims at establishing foundations for implementing Privacy and Security by Design (PSD) in the scope of the Internet of Things (IoT). PISCES operates a strict separation between data provider and data controller, where providers are managers of their data privacy, and controllers are accountable for the privacy and protection of the data provided. This role separation is ensured by the Controller Smart Data System (CSDS) of the Smart Data System (SDS), that handles data along with its privacy settings (metadata), defined by the user, offering the possibility of private data management for IoT. The SDS also balances user privacy against the need to access information in case of law-enforcement organization activities (e.g., police investigations in fight against crime). This is made possible thanks to the building of a Privacy Validation Chain (PVC) allowing the data owner and/or any intermediary (data controllers, data processors) to know easily by whom, and to which purpose, the data is used, thus asserting that the user rights are respected or not. Finally, PISCES is thought for Internet users and service providers to get a reasonable bargain when monetizing user data; it makes necessary to define fair and mutually acceptable conditions for using the services and the data. These conditions can give incentives for the user to allow more access to his data and for the service provider to allow free usage to some services.

2015

Chip-off by matter subtraction :

Conference ArODES

frigida via

David Billard, Paul Vidonne

Proceedings of the 10th International Conference on Systematic Approaches to Digital Forensic Engineering

Link to the conference

Summary:

This work introduces an unpublished technique for extracting data from flash memory chips, especially from Ball Grid Array (BGA) components. This technique does not need any heating of the chip component, as opposed to infrared or hot air de-soldering. In addition, it avoids the need of re-balling BGA in case of missing balls at the wrong place. Thus it enhances the quality and integrity of the data extraction. However, this technique is destructive for the device motherboard and has limitations when memory chip content is encrypted. The technique works by subtracting matter by micro-milling, without heating. The technique has been extensively used in about fifty real cases for more than one year. It is named frigida via, compared to the calda via of infrared heating.

Achievements

Search

Billard David

Professeur HES associé

Main skills

Digital Forensics

Cybersecurity

Cyber Forensics

Computer disputes

Business intelligence

Data Protection

Professeur HES associé