Article

Secure Audit Logs with Verifiable Excerpts

Author:

Gunnar HartungAuthors Info & Claims

Proceedings of the RSA Conference on Topics in Cryptology - CT-RSA 2016 - Volume 9610

February 2016

Pages 183 - 199

https://doi.org/10.1007/978-3-319-29485-8_11

Published: 29 February 2016 Publication History

Abstract

Log files are the primary source of information when the past operation of a computing system needs to be determined. Keeping correct and accurate log files is important for after-the-fact forensics, as well as for system administration, maintenance, and auditing. Therefore, a line of research has emerged on how to cryptographically protect the integrity of log files even against intruders who gain control of the logging machine.

We contribute to this line of research by devising a scheme where one can verify integrity not only of the log file as a whole, but also of excerpts. This is helpful in various scenarios, including cloud provider auditing.

References

[1]

Abdalla, M., Miner, S.K., Namprempre, C.: Forward-secure threshold signature schemes. In: Naccache, D. ed. CT-RSA 2001. LNCS, vol. 2020, pp. 441---456. Springer, Heidelberg 2001. http://dx.doi.org/10.1007/3-540-45353-9_32

Digital Library

[2]

Abdalla, M., Reyzin, L.: A new forward-secure digital signature scheme. In: Okamoto, T. ed. ASIACRYPT 2000. LNCS, vol. 1976, pp. 116---129. Springer, Heidelberg 2000. http://dx.doi.org/10.1007/3-540-44448-3_10

Digital Library

[3]

Accorsi, R.: Safe-keeping digital evidence with secure logging protocols: state of the art and challenges. In: Fifth International Conference on IT Security Incident Management and IT Forensics, IMF 2009, pp. 94---110, September 2009. http://www2.informatik.uni-freiburg.de/accorsi/papers/imf09.pdf

Digital Library

[4]

Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. ed. CRYPTO 1999. LNCS, vol. 1666, pp. 431---448. Springer, Heidelberg 1999. http://dx.doi.org/10.1007/3-540-48405-1_28

Digital Library

[5]

Bellare, M., Yee, B.: Forward-security in private-key cryptography. In: Joye, M. ed. CT-RSA 2003. LNCS, vol. 2612, pp. 1---18. Springer, Heidelberg 2003. http://dx.doi.org/10.1007/3-540-36563-X_1

Digital Library

[6]

Bellare, M., Yee, B.S.: Forward integrity for secure audit logs. Technical report, University of California at San Diego 1997

[7]

Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. ed. EUROCRYPT 2003. LNCS, vol. 2656, pp. 416---432. Springer, Heidelberg 2003. http://dx.doi.org/10.1007/3-540-39200-9_26

Digital Library

[8]

Boyen, X., Shacham, H., Shen, E., Waters, B.: Forward-secure signatures with untrusted update. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 191---200. ACM, New York 2006. http://doi.acm.org/10.1145/1180405.1180430

Digital Library

[9]

Common criteria for information technology security evaluation, version 3.1 r4, part 2, September 2012. https://www.commoncriteriaportal.org/cc/

[10]

Crosby, S.A., Wallach, D.S.: Efficient data structures for tamper-evident logging. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 317---334. USENIX Association, Berkeley, CA, USA 2009. http://dl.acm.org/citation.cfm?id=1855768.1855788

Digital Library

[11]

Futoransky, A., Kargieman, E.: VCR and PEO revised 1998. http://www.coresecurity.com/files/attachments/PEO.pdf. Accessed 18 February 2015

[12]

Holt, J.E.: Logcrypt: forward security and public verification for secure audit logs. In: Proceedings of the 2006 Australasian Workshops on Grid Computing and e-Research, ACSW Frontiers 2006, vol. 54, pp. 203---211. Australian Computer Society Inc., Darlinghurst, Australia 2006. http://dl.acm.org/citation.cfm?id=1151828.1151852

Digital Library

[13]

Hu, F., Wu, C.H., Irwin, J.D.: A new forward secure signature scheme using bilinear maps. Cryptology ePrint Archive, Report 2003/188 2003. http://eprint.iacr.org/

[14]

Itkis, G., Reyzin, L.: Forward-secure signatures with optimal signing and verifying. In: Kilian, J. ed. CRYPTO 2001. LNCS, vol. 2139, pp. 332---354. Springer, Heidelberg 2001. http://dx.doi.org/10.1007/3-540-44647-8_20

Digital Library

[15]

Latham, D.C. ed.: Department of Defense Trusted Computer System Evaluation Criteria. US Department of Defense, December 1985. http://csrc.nist.gov/publications/history/dod85.pdf

[16]

Ma, D., Tsudik, G.: A new approach to secure logging. In: Atluri, V. ed. DAS 2008. LNCS, vol. 5094, pp. 48---63. Springer, Heidelberg 2008. http://dx.doi.org/10.1007/978-3-540-70567-3_4

Digital Library

[17]

Malkin, T., Micciancio, D., Miner, S.: Efficient generic forward-secure signatures with an unbounded number of time periods. In: Knudsen, L.R. ed. EUROCRYPT 2002. LNCS, vol. 2332, pp. 400---417. Springer, Heidelberg 2002. http://dx.doi.org/10.1007/3-540-46035-7_27

Digital Library

[18]

Marson, G.A., Poettering, B.: Practical secure logging: seekable sequential key generators. In: Crampton, J., Jajodia, S., Mayes, K. eds. ESORICS 2013. LNCS, vol. 8134, pp. 111---128. Springer, Heidelberg 2013. http://dx.doi.org/10.1007/978-3-642-40203-6_7

[19]

An introduction to computer security: the NIST handbook. NIST Special Publication 800-12, October 1995. http://www.nist.gov/manuscript-publication-search.cfm?pub_id=890080

[20]

Schneier, B., Kelsey, J.: Cryptographic support for secure logs on untrusted machines. In: The Seventh USENIX Security Symposium Proceedings 1998

Digital Library

[21]

Song, D.X.: Practical forward secure group signature schemes. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, CCS 2001, pp. 225---234. ACM, New York 2001. http://doi.acm.org/10.1145/501983.502015

Digital Library

[22]

Stathopoulos, V., Kotzanikolaou, P., Magkos, E.: A framework for secure and verifiable logging in public communication networks. In: López, J. ed. CRITIS 2006. LNCS, vol. 4347, pp. 273---284. Springer, Heidelberg 2006. http://dx.doi.org/10.1007/11962977_22

Digital Library

[23]

Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. In: The 11th Annual Network and Distributed System Security Symposium 2004

[24]

Yavuz, A.A., Peng, N.: BAF: an efficient publicly verifiable secure audit logging scheme for distributed systems. In: Computer Security Applications Conference, ACSAC 2009, Annual, pp. 219---228, December 2009

Digital Library

[25]

Yavuz, A.A., Peng, N., Reiter, M.K.: BAF and FI-BAF: efficient and publicly verifiable cryptographic schemes for secure logging in resource-constrained systems. ACM Trans. Inf. Syst. Secur. 152, 9:1---9:28 2012. http://doi.acm.org/10.1145/2240276.2240280

Digital Library

[26]

Yavuz, A.A., Ning, P., Reiter, M.K.: Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging. In: Keromytis, A.D. ed. FC 2012. LNCS, vol. 7397, pp. 148---163. Springer, Heidelberg 2012. http://dx.doi.org/10.1007/978-3-642-32946-3_12

[27]

Zhang, J., Wu, Q., Wang, Y.: A novel efficient group signature scheme with forward security. In: Qing, S., Gollmann, D., Zhou, J. eds. ICICS 2003. LNCS, vol. 2836, pp. 292---300. Springer, Heidelberg 2003. http://dx.doi.org/10.1007/978-3-540-39927-8_27

Cited By

Blass ENoubir G(2023)Forward Security with Crash Recovery for Secure LogsACM Transactions on Privacy and Security10.1145/363152427:1(1-28)Online publication date: 3-Nov-2023
https://dl.acm.org/doi/10.1145/3631524
Nouma SYavuz A(2023)Practical Cryptographic Forensic Tools for Lightweight Internet of Things and Cold Storage SystemsProceedings of the 8th ACM/IEEE Conference on Internet of Things Design and Implementation10.1145/3576842.3582376(340-353)Online publication date: 9-May-2023
https://dl.acm.org/doi/10.1145/3576842.3582376
Trivedi DTriandopoulos N(2023)VaultBox: Enhancing the Security and Effectiveness of Security AnalyticsScience of Cyber Security 10.1007/978-3-031-45933-7_24(401-422)Online publication date: 11-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-45933-7_24

Recommendations

Forward Security with Crash Recovery for Secure Logs
Logging is a key mechanism in the security of computer systems. Beyond supporting important forward security properties, it is critical that logging withstands both failures and intentional tampering to prevent subtle attacks leaving the system in an ...
Read More
Towards Blockchain-Driven, Secure and Transparent Audit Logs
MobiQuitous '18: Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services

Audit logs serve as a critical component in the enterprise business systems that are used for auditing, storing, and tracking changes made to the data. However, audit logs are vulnerable to a series of attacks, which enable adversaries to tamper data ...
Read More
Revisiting Pairing Based Group Key Exchange
Financial Cryptography and Data Security

Secure communication within a large group of users such as participants in a phone or video conference relies on the availability of secure data and efficient data transmission. Group key exchange protocols allow a (large) group of <em>n</em>users to ...
Read More

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Proceedings of the RSA Conference on Topics in Cryptology - CT-RSA 2016 - Volume 9610

February 2016

431 pages

ISBN:9783319294841

Editor:
Kazue Sako
NEC Cloud Systems Research Laboratories, Kawasaki, Japan

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 29 February 2016

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Blass ENoubir G(2023)Forward Security with Crash Recovery for Secure LogsACM Transactions on Privacy and Security10.1145/363152427:1(1-28)Online publication date: 3-Nov-2023
https://dl.acm.org/doi/10.1145/3631524
Nouma SYavuz A(2023)Practical Cryptographic Forensic Tools for Lightweight Internet of Things and Cold Storage SystemsProceedings of the 8th ACM/IEEE Conference on Internet of Things Design and Implementation10.1145/3576842.3582376(340-353)Online publication date: 9-May-2023
https://dl.acm.org/doi/10.1145/3576842.3582376
Trivedi DTriandopoulos N(2023)VaultBox: Enhancing the Security and Effectiveness of Security AnalyticsScience of Cyber Security 10.1007/978-3-031-45933-7_24(401-422)Online publication date: 11-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-45933-7_24

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents