Time-Scoped Searching of Encrypted Audit Logs

Davis, Darren; Monrose, Fabian; Reiter, Michael K.

doi:10.1007/978-3-540-30191-2_41

Darren Davis¹⁹,
Fabian Monrose¹⁹ &
Michael K. Reiter²⁰

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3269))

Included in the following conference series:

International Conference on Information and Communications Security

852 Accesses
9 Citations

Abstract

In this paper we explore restricted delegation of searches on encrypted audit logs. We show how to limit the exposure of private information stored in the log during such a search and provide a technique to delegate searches on the log to an investigator. These delegated searches are limited to authorized keywords that pertain to specific time periods, and provide guarantees of completeness to the investigator. Moreover, we show that investigators can efficiently find all relevant records, and can authenticate retrieved records without interacting with the owner of the log. In addition, we provide an empirical evaluation of our techniques using encrypted logs consisting of approximately 27,000 records of IDS alerts collected over a span of a few months.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation. In: Proceedings of the 38th Symposium on Foundations of Computer Science (1997)
Google Scholar
Bellare, M., Rogaway, P.: Random oracles are practical: A Paradigm for Designing Efficient Protocols. In: 1st ACM Conference on Computer and Communications Security, November 1993, pp. 62–73 (1993)
Google Scholar
Bellovin, S.M., Cheswick, W.R.: Privacy-Enhanced Searches Using Encrypted Bloom Filters. Cryptology ePrint Archive, Report 2004/022 (2004)
Google Scholar
Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public Key Encryption with Keyword Search. Cryptology ePrint Archive, Report 2003/195 (2004)
Google Scholar
Boneh, D., Franklin, M.: Identity Based Encryption from the Weil Paring. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Chapter Google Scholar
Caswell, B., Beale, J., Foster, J., Faircloth, J.: Snort 2.0 Intrusion detection system (May 2004), See http://www.snort.org
Chang, Y., Mitzenmacher, M.: Privacy Preserving Keyword Searches on Remote Encrypted Data. Cryptology ePrint Archive, Report 2004/051 (2004)
Google Scholar
Federal Information Processing Standards. Digital Signature Standards (DSS) – FIPS 186 (May 1994)
Google Scholar
Goh, E.: Secure Indexes. Cryptology EPrint Archive, Report 2003/216 (2003)
Google Scholar
Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM Journal of Computing 17(2), 281–308 (1988)
Article MATH MathSciNet Google Scholar
Harber, S., Stornetta, W.: How to Time-Stamp a Digital Document. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991)
Google Scholar
Kelsey, J., Schneier, B.: Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs. In: Web Proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (1999)
Google Scholar
Mont, M., Harrison, K., Sadler, M.: The HP Time Vault Service: Exploiting IBE for Timed Release of Confidential Information. In: Proceedings 13th Annual WWW Conference, Security and Privacy Track (2003)
Google Scholar
Stanford Applied Cryptography Group. IBE Secure Email, See http://crypto.stanford.edu/ibe
Schneier, B., Kelsey, J.: Cryptographic Support for Secure Logs on Untrusted Machines. In: Proceedings of the 7th USENIX Security Symposium, pp. 53–62 (1998)
Google Scholar
Song, D., Wagner, D., Perrig, A.: Practical Techniques for Searches on Encrypted Data. In: Proceedings of IEEE Symposium on Security and Privacy (May 2000)
Google Scholar
Waters, B.R., Balfanz, D., Durfe, G., Smetters, D.K.: Building an Encrypted and Searchable Audit Log. In: Proceedings of Network and Distributed System Symposium (2004)
Google Scholar

Download references

Author information

Authors and Affiliations

Johns Hopkins University, Baltimore, MD, USA
Darren Davis & Fabian Monrose
Carnegie Mellon University, Pittsburgh, PA, USA
Michael K. Reiter

Authors

Darren Davis
View author publications
You can also search for this author in PubMed Google Scholar
Fabian Monrose
View author publications
You can also search for this author in PubMed Google Scholar
Michael K. Reiter
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Information and Communication Technologies, University of A Coruña, Spain
Javier Lopez
Chinese Academy of Sciences, Institute of Softwear, 100080, Beijing, China
Sihan Qing
Graduate School of Systems and Information Engineering, University of Tsukuba, 1-1-1 Tennodai, Tsukuba, 305-8573, Ibaraki, Japan
Eiji Okamoto

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Davis, D., Monrose, F., Reiter, M.K. (2004). Time-Scoped Searching of Encrypted Audit Logs. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_41

Download citation

DOI: https://doi.org/10.1007/978-3-540-30191-2_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23563-7
Online ISBN: 978-3-540-30191-2
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics