skip to main content
research-article

A new approach to secure logging

Published:31 March 2009Publication History
Skip Abstract Section

Abstract

The need for secure logging is well-understood by the security professionals, including both researchers and practitioners. The ability to efficiently verify all (or some) log entries is important to any application employing secure logging techniques. In this article, we begin by examining the state of the art in secure logging and identify some problems inherent to systems based on trusted third-party servers. We then propose a different approach to secure logging based upon recently developed Forward-Secure Sequential Aggregate (FssAgg) authentication techniques. Our approach offers both space-efficiency and provable security. We illustrate two concrete schemes—one private-verifiable and one public-verifiable—that offer practical secure logging without any reliance on online trusted third parties or secure hardware. We also investigate the concept of immutability in the context of forward-secure sequential aggregate authentication to provide finer grained verification. Finally we evaluate proposed schemes and report on our experience with implementing them within a secure logging system.

References

  1. Bellare, M. and Palacio, A. 2002. Protecting against key exposure: strongly key-insulated encryption with optimal threshold. In Cryptology ePrint Archive, Report 2002/64.Google ScholarGoogle Scholar
  2. Bellare, M. and Yee, B. 1997. Forward integrity for secure audit logs. Tech. rep. University of California at San Diego ftp://www.cs.ucsd.edu/pub/bsq/pub/fi.ps.Google ScholarGoogle Scholar
  3. Bellare, M. and Yee, B. 2003. Forward-security in private-key cryptography. In Proceedings of the RSA Conference Cryptography Track. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Burns, R., Gentry, C., Lynn, B., and Shacham, H. 2005. Verifiable audit trails for a versioning file system. In Proceedings of the Workshop on Storage and Security (StorageSS'05). 416--432. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Chong, C., Peng, Z., and Hartel, P. 2002. Secure audit logging with tamper resistant hardware. In Technical Rep. TR-CTIT-02-29, Centre for Telematics and Information Technology, Univ. Twente, The Netherlands.Google ScholarGoogle Scholar
  6. Dodis, Y., Katz, J., Xu, S., and Yung, M. 2002. Key-insulated public key cryptosystems. In Proceedings of the Annual International Conference on Theory and Practice of Cryptographic Technique (Eurocrypt'02). 65--82. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Dodis, Y., Katz, J., Xu, S., and Yung, M. 2003. Strong key-insulated public key cryptosystems. In Proceedings of the Conference on Public Key Cryptography. 130--144.Google ScholarGoogle Scholar
  8. Gutmann, P. 1996. Secure deletion of data from magnetic and solid-state memory. In Proceedings of the 6th USENIX Security Symposium. 22--25. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Halperin, D., Kohno, T., Heydt-Benjamin, T., Fu, K., and Maisel, W. 2008. Security and privacy for implantable medical devices. IEEE Pervas. Comput. 7, 1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Holt, J. 2006. Logcrypt: forward security and public verification for secure audit logs. In Proceedings of the 2006 Australasian Workshops on Grid Computing and E-Research. 203--211. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Kelsey, J. and Schneier, B. 1999. Minimizing bandwidth for remote access to cryptographically protected audit logs. In Proceedings of the Recent Advances in Intrusion Detection (RAID'99).Google ScholarGoogle Scholar
  12. Ma, D. 2008. Practical forward secure sequential aggregate signatures. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08). Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Ma, D. and Tsudik, G. 2007. Forward-secure sequentical aggregate authentication. In Proceedings of the IEEE Symposium on Security and Privacy.. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Ma, D. and Tsudik, G. 2008. A new approach to secure logging. In Proceedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC'08). Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Mykletun, E., Narasimha, M., and Tsudik, G. 2004a. Authentication and integrity in outsourced databases. In Proceedings of the ACM Annual Symposium on Network and Distributed System Security (NDSS'04).Google ScholarGoogle Scholar
  16. Mykletun, E., Narasimha, M., and Tsudik, G. 2004b. Signature bouquets: immutability for aggreagated/codensed signatures. In Proceedings of the European Symposium on Research in Computer Security (ESORICS'04). 160--176.Google ScholarGoogle Scholar
  17. Schneier, B. and Kelsey, J. 1998. Cryptographic support for secure logs on untrusted machines. Proceedings of the 7th USENIX Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Schneier, B. and Kelsey, J. 1999. Secure audit logs to support computer forensics. ACM Trans. Inform. Syst. Secur., 159--176. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Swanson, M. and Guttman, B. 1996. Generally accepted principles and practices for securing information technology systems. In National Institute of Standards and Technology Data Gateway 800--14. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. U.S. Department of Defense, C. S. C. 1985. Trusted computer system evaluation criteria.Google ScholarGoogle Scholar
  21. Waters, B., Balfanz, D., Durfee, G., and Smeters, D. K. 2004. Building an encrypted and searchable audit log. In Proceedings of the ACM Annual Symposium on Network and Distributed System Security (NDSS'04).Google ScholarGoogle Scholar

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Sign in

Full Access

  • Published in

    cover image ACM Transactions on Storage
    ACM Transactions on Storage  Volume 5, Issue 1
    March 2009
    62 pages
    ISSN:1553-3077
    EISSN:1553-3093
    DOI:10.1145/1502777
    Issue’s Table of Contents

    Copyright © 2009 ACM

    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    • Published: 31 March 2009
    • Accepted: 1 December 2008
    • Revised: 1 October 2008
    • Received: 1 May 2008
    Published in tos Volume 5, Issue 1

    Permissions

    Request permissions about this article.

    Request Permissions

    Check for updates

    Qualifiers

    • research-article
    • Research
    • Refereed

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader