Cited By
View all- Ali AKhan AAhmed MJeon G(2022)BCALSTransactions on Emerging Telecommunications Technologies10.1002/ett.427233:4Online publication date: 17-Apr-2022
BAFi: a practical cryptographic secure audit logging scheme for digital forensics
Authors: 
Panos Kampanakis and Attila A. YavuzAuthors Info & Claims
Panos Kampanakis and Attila A. YavuzAuthors Info & ClaimsPages 3180 - 3190
Abstract
Audit logs provide information about historical states of computer systems. They also contain highly valuable data that can be used by law enforcement in forensic investigations. Thus, ensuring the authenticity and integrity of audit logs is of vital importance. An ideal security mechanism for audit logging must also satisfy security properties such as forward-security compromise resiliency, compactness, and computational efficiency. Unfortunately, existing secure audit logging schemes lack the computational or storage efficiency for modern performance requirements. Indeed, the practicality of such schemes has not been investigated in real-life systems, where logs generated in various occasions could be terabytes of data per day.
References
[1]
Donley C, Grundemann C, Sarawat V, Sundaresan K, Vautrin O. Deterministic address mapping to reduce logging in carrier grade NAT deployments, RFC-ID 2013. "http://datatracker.ietf.org/doc/draft-donley-behave-deterministic-cgn/".
[2]
Ma D, Tsudik G. A new approach to secure logging. Proceedings of the 22nd annual IFIP WG 11.3 working conference on data and applications security dbsec '08, London, 2008; pp.48-63.
[3]
Bellare M, Yee BS. Forward Integrity for Secure Audit Logs. University of California at San Diego: San Diego, CA, USA, 1997.
[4]
Bellare M, Yee BS. Forward-security in private-key cryptography. Proceedings of the the cryptographers track at the rsa conference ct-rsa '03, San Francisco, 2003; pp.1-18.
[5]
Schneier B, Kelsey J. Cryptographic support for secure logs on untrusted machines. Proceedings of the 7th conference on USENIX security symposium, USENIX Association, New Orleans, 1998.
[6]
Ma D, Tsudik G. Forward-secure sequential aggregate authentication. Proceedings of the 28th IEEE symposium on security and privacy S&P '07, Oakland, 2007; pp.86-91.
[7]
Schneier B, Kelsey J. Secure audit logs to support computer forensics, ACM Transaction on Information System Security Volume 2 1999. Issue 2, pp.159-176.
[8]
Kesley S, Clemm A, Callas J. Signed syslog messages. IETF RFC 5848 2010.
[9]
Holt JE. Logcrypt: forward security and public verification for secure audit logs. Proceedings of the 4th Australasian workshops on grid computing and e-research ACSW '06, Tasmania, Australia, 2006; pp.203-211.
[10]
Ma D. Practical forward secure sequential aggregate signatures. Proceedings of the 3rd ACM symposium on information, computer and communications security ASIACCS '08, ACM: NY, USA, 2008; pp.341-352.
[11]
Yavuz AA, Ning P. BAF: an efficient publicly verifiable secure audit logging scheme for distributed systems. Proceedings of 25th annual computer security applications conference ACSAC '09, Hawaii, 2009; pp.219-228.
[12]
Bellare M, Rogaway P. The exact security of digital signatures: how to sign with RSA and Rabin, Springer-Verlag: 1996; pp.399-416.
[13]
Goldreich O. Foundations of Cryptography, Cambridge University Press: Cambridge, 2001.
[14]
Bellare M, Rogaway P. Random oracles are practical: a paradigm for designing efficient protocols. Proceedings of the 1st ACM conference on computer and communications security CCS '93, ACM: NY, USA, 1993; pp.62-73.
[15]
Boneh D. The decision Diffie-Hellman problem. Proceedings of the third algorithmic number theory symposium, LNCS, Uppsala, Sweden, 1998; pp.48-63.
[16]
National Institute of Standards and Technology NIST. Transitions: recommendation for transitioning the use of cryptographic algorithms and key lengths, 2011. "http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf".
[17]
National Security Agency NSA. NSA Suite B Cryptography, 2009. "http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml".
[18]
Committee on National Security Systems. National information assurance policy on the use of public standards for the secure sharing of information among national security systems, 2012. "http://www.cnss.gov/Assets/pdf/CNSSP_No.pdf".
[19]
NIST. Recommended elliptic curves for federal government use, 1999.
[20]
National Institute of Standards and Technology NIST. NIST selects winner of secure hash algorithm SHA-3 competition, 2012. "http://www.nist.gov/itl/csd/sha-100212.cfm".
[21]
National Institute of Standards and Technology NIST. Recommendation for password-based key derivation, 2010. "http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf".
[22]
Cisco Systems. High-speed logging for NAT64, 2012. "http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/ configuration/xe-3s/asr1000/iadnat-stateful-nat64.html\#GUID-83AD4883-15EA-4E03-BF57-00F2E592AED6".
[23]
rsyslog, 2013. "http://www.rsyslog.com/" rsyslog log processing.
[24]
IETF rsyslog discussion, 2013. "http://www.ietf.org/mail-archive/web/behave/current/msg10719.html".
[25]
Pereira GCCF, Naehrig M, Simplicio MA,Jr, Barreto PSLM. A family of implementation-friendly BN elliptic curves, Journal of Systems and Software 2011. Volume 24 Issue 8.
[26]
Certivox. Multiprecision integer and rational arithmetic c/c++ library MIRACL, 2013. "https://certivox.com/solutions/miracl-crypto-sdk/".
[27]
Comba PG. Exponentiation cryptosystems on the IBM PC, IBM Systems Journal 1990. Volume 29 Issue 4: pp.526-538.
[28]
Galbraith SD. Supersingular curves in cryptography, Springer-Verlag: 2001; pp.495-513.
[29]
Yavuz AA, Ning P, Reiter MK. BAF and FI-BAF: efficient and publicly verifiable cryptographic schemes for secure logging in resource-constrained systems, ACM Transaction on Information System Security 2012. Volume 15 Issue 2.
Index Terms
- BAFi: a practical cryptographic secure audit logging scheme for digital forensics
Index terms have been assigned to the content through auto-classification.
Recommendations
BAF and FI-BAF: Efficient and Publicly Verifiable Cryptographic Schemes for Secure Logging in Resource-Constrained Systems
Audit logs are an integral part of modern computer systems due to their forensic value. Protecting audit logs on a physically unprotected machine in hostile environments is a challenging task, especially in the presence of active adversaries. It is ...
BAF: An Efficient Publicly Verifiable Secure Audit Logging Scheme for Distributed Systems
ACSAC '09: Proceedings of the 2009 Annual Computer Security Applications ConferenceAudit logs, providing information about the current and past states of systems, are one of the most important parts of modern computer systems. Providing security for audit logs on an untrusted machine in a large distributed system is a challenging task,...
Forward-Secure Certificate-Based Encryption
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 02Certificate-based encryption (CBE) is a new paradigm which overcomes the shortcomings of traditional public-key encryption (PKE) and identity based encryption (IBE). CBE provides an efficient implicit certificate mechanism to eliminate third-party ...
Comments
Information & Contributors
Information
Published In
Publisher
John Wiley & Sons, Inc.
United States
Publication History
Published: 25 November 2015
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Other Metrics
Citations
Cited By
View all- Ali AKhan AAhmed MJeon G(2022)BCALSTransactions on Emerging Telecommunications Technologies10.1002/ett.427233:4Online publication date: 17-Apr-2022
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in