Abstract
Secure perimeter schemes (e.g. DRM) and tracing traitor schemes (e.g. watermarking, audit logging) strive to mitigate the problems of content escaping the control of the rights holder. Secure audit logging records the user’s actions on content and enables detection of some forms of tampering with the logs. We implement the Schneier and Kelsey’s secure audit logging protocol [6], strengthening the protocol by using tamper-resistant hardware (an iButton) in three ways: Firstly, our implementation of the protocol works offline as well as online. Secondly, we use unforgeable timestamps to increase the possibilities of fraud detection. Lastly, we generate the authentication keys, core security of Schneier and Kelsey’s protocol on the iButton to alleviate the possibilities of malicious client generating the bad keys. We provide a performance assessment of our implementation to show under which circumstances the protocol is practical to use.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35691-4_52
Chapter PDF
Similar content being viewed by others
Keywords
- Digital Right Management
- Cryptographic Operation
- Digital Right Management System
- Core Security
- Secure Audit
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Mihir Bellare and Bennet S. Yee. Forward integrity for secure audit logs. Technical report, UC at San Diego, Dept. of Computer Science and Engineering, November 1997. http:// citeseer.nj.nec.com/ bellare97forward.pdf.
Cheun N. Chong, René van Bingen, Pieter H. Bartel, and Geert Kleinhuis. Security attribute based digital rights management. In Joint Int. Workshop on Interactive Distributed Multimedia Systems/Protocols for Multimedia Systems (IDMS/PROMS), pages 339–352. Springer-Verlag, Berlin, November 2002.
FIPS-PUB-180–1. Secure hash standard. Technical report, US Departmenet of Commerce/NIST, Washington D. C., United Stats, April 1995.
Leslie Lamport. Password authentication with insecure communication. In Cornmunications of the ACM, volume 24, pages 770–772. ACM Press, November 1981.
Alfred J. Menezes, Paul C. Van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography, chapter 12. CRC Press, 2001. ISBN: 0–8493–8523–7.
Bruce Schneier and John Kelsey. Cryptographic support for secure logs on un-trusted machines. In The 7th USENIX Security Symposium Proceedings, pages 53–62. USENIX Press, January 1998.
Bruce Schneier and John Kelsey. Secure audit logs to support computer forensics. In ACM Transactions on Information and System Security, volume 2, pages 159176. ACM Press, May 1999.
William Shapiro and Radek Vingralek. How to manage persistent state in DRM systems. In Proceedings of the ACM Workshop in Security and Privacy in Digital Rights Management, November 2001. http://www.starlab.com/sander/spdrm/papers.html.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this paper
Cite this paper
Chong, C.N., Peng, Z., Hartel, P.H. (2003). Secure Audit Logging with Tamper-Resistant Hardware. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S. (eds) Security and Privacy in the Age of Uncertainty. SEC 2003. IFIP — The International Federation for Information Processing, vol 122. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35691-4_7
Download citation
DOI: https://doi.org/10.1007/978-0-387-35691-4_7
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6489-5
Online ISBN: 978-0-387-35691-4
eBook Packages: Springer Book Archive