Abstract
In this paper we explore restricted delegation of searches on encrypted audit logs. We show how to limit the exposure of private information stored in the log during such a search and provide a technique to delegate searches on the log to an investigator. These delegated searches are limited to authorized keywords that pertain to specific time periods, and provide guarantees of completeness to the investigator. Moreover, we show that investigators can efficiently find all relevant records, and can authenticate retrieved records without interacting with the owner of the log. In addition, we provide an empirical evaluation of our techniques using encrypted logs consisting of approximately 27,000 records of IDS alerts collected over a span of a few months.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation. In: Proceedings of the 38th Symposium on Foundations of Computer Science (1997)
Bellare, M., Rogaway, P.: Random oracles are practical: A Paradigm for Designing Efficient Protocols. In: 1st ACM Conference on Computer and Communications Security, November 1993, pp. 62–73 (1993)
Bellovin, S.M., Cheswick, W.R.: Privacy-Enhanced Searches Using Encrypted Bloom Filters. Cryptology ePrint Archive, Report 2004/022 (2004)
Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public Key Encryption with Keyword Search. Cryptology ePrint Archive, Report 2003/195 (2004)
Boneh, D., Franklin, M.: Identity Based Encryption from the Weil Paring. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Caswell, B., Beale, J., Foster, J., Faircloth, J.: Snort 2.0 Intrusion detection system (May 2004), See http://www.snort.org
Chang, Y., Mitzenmacher, M.: Privacy Preserving Keyword Searches on Remote Encrypted Data. Cryptology ePrint Archive, Report 2004/051 (2004)
Federal Information Processing Standards. Digital Signature Standards (DSS) – FIPS 186 (May 1994)
Goh, E.: Secure Indexes. Cryptology EPrint Archive, Report 2003/216 (2003)
Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM Journal of Computing 17(2), 281–308 (1988)
Harber, S., Stornetta, W.: How to Time-Stamp a Digital Document. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991)
Kelsey, J., Schneier, B.: Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs. In: Web Proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (1999)
Mont, M., Harrison, K., Sadler, M.: The HP Time Vault Service: Exploiting IBE for Timed Release of Confidential Information. In: Proceedings 13th Annual WWW Conference, Security and Privacy Track (2003)
Stanford Applied Cryptography Group. IBE Secure Email, See http://crypto.stanford.edu/ibe
Schneier, B., Kelsey, J.: Cryptographic Support for Secure Logs on Untrusted Machines. In: Proceedings of the 7th USENIX Security Symposium, pp. 53–62 (1998)
Song, D., Wagner, D., Perrig, A.: Practical Techniques for Searches on Encrypted Data. In: Proceedings of IEEE Symposium on Security and Privacy (May 2000)
Waters, B.R., Balfanz, D., Durfe, G., Smetters, D.K.: Building an Encrypted and Searchable Audit Log. In: Proceedings of Network and Distributed System Symposium (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Davis, D., Monrose, F., Reiter, M.K. (2004). Time-Scoped Searching of Encrypted Audit Logs. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_41
Download citation
DOI: https://doi.org/10.1007/978-3-540-30191-2_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23563-7
Online ISBN: 978-3-540-30191-2
eBook Packages: Springer Book Archive