Skip to main content
SpringerLink
Log in

Secure Audit Logs with Verifiable Excerpts

  • Conference paper
  • First Online:
Topics in Cryptology - CT-RSA 2016 (CT-RSA 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9610))

Included in the following conference series:

Abstract

Log files are the primary source of information when the past operation of a computing system needs to be determined. Keeping correct and accurate log files is important for after-the-fact forensics, as well as for system administration, maintenance, and auditing. Therefore, a line of research has emerged on how to cryptographically protect the integrity of log files even against intruders who gain control of the logging machine.

We contribute to this line of research by devising a scheme where one can verify integrity not only of the log file as a whole, but also of excerpts. This is helpful in various scenarios, including cloud provider auditing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Erasure of secret keys must be complete and irrecoverable to guarantee security, i.e., the secret keys must actually be overwritten or destroyed, instead of just removing (file) pointers or links to the secret key.

  2. 2.

    Note that \(M = \langle m_0, \ldots , m_{l-1}\rangle \ne m_0 \mathop {\Vert }\ldots \mathop {\Vert }m_{l-1}\), i.e. we consider the log entries in M to be distinguishable.

  3. 3.

    This restriction is without loss of generality, since the adversary knows \(sk_{i_\mathrm {BreakIn}}\) after this query and can thus create signatures as well as all subsequent secret keys by itself. Also, triggering the \(\mathrm {NextEpoch}\) oracle after the \(\mathrm {BreakIn}\) oracle would have no consequences on the outcome of the game.

  4. 4.

    LogFAS [26] offers such a capability.

  5. 5.

    This is an upper case \(\nu \).

  6. 6.

    Again, this restriction is without loss of generality, see Footnote 3 on page 7.

References

  1. Abdalla, M., Miner, S.K., Namprempre, C.: Forward-secure threshold signature schemes. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 441–456. Springer, Heidelberg (2001). http://dx.doi.org/10.1007/3-540-45353-9_32

    Chapter  Google Scholar 

  2. Abdalla, M., Reyzin, L.: A new forward-secure digital signature scheme. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 116–129. Springer, Heidelberg (2000). http://dx.doi.org/10.1007/3-540-44448-3_10

    Chapter  Google Scholar 

  3. Accorsi, R.: Safe-keeping digital evidence with secure logging protocols: state of the art and challenges. In: Fifth International Conference on IT Security Incident Management and IT Forensics, IMF 2009, pp. 94–110, September 2009. http://www2.informatik.uni-freiburg.de/accorsi/papers/imf09.pdf

  4. Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999). http://dx.doi.org/10.1007/3-540-48405-1_28

    Chapter  Google Scholar 

  5. Bellare, M., Yee, B.: Forward-security in private-key cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003). http://dx.doi.org/10.1007/3-540-36563-X_1

    Chapter  Google Scholar 

  6. Bellare, M., Yee, B.S.: Forward integrity for secure audit logs. Technical report, University of California at San Diego (1997)

    Google Scholar 

  7. Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003). http://dx.doi.org/10.1007/3-540-39200-9_26

    Chapter  Google Scholar 

  8. Boyen, X., Shacham, H., Shen, E., Waters, B.: Forward-secure signatures with untrusted update. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 191–200. ACM, New York (2006). http://doi.acm.org/10.1145/1180405.1180430

  9. Common criteria for information technology security evaluation, version 3.1 r4, part 2, September 2012. https://www.commoncriteriaportal.org/cc/

  10. Crosby, S.A., Wallach, D.S.: Efficient data structures for tamper-evident logging. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 317–334. USENIX Association, Berkeley, CA, USA (2009). http://dl.acm.org/citation.cfm?id=1855768.1855788

  11. Futoransky, A., Kargieman, E.: VCR and PEO revised (1998). http://www.coresecurity.com/files/attachments/PEO.pdf. Accessed 18 February 2015

  12. Holt, J.E.: Logcrypt: forward security and public verification for secure audit logs. In: Proceedings of the 2006 Australasian Workshops on Grid Computing and e-Research, ACSW Frontiers 2006, vol. 54, pp. 203–211. Australian Computer Society Inc., Darlinghurst, Australia (2006). http://dl.acm.org/citation.cfm?id=1151828.1151852

  13. Hu, F., Wu, C.H., Irwin, J.D.: A new forward secure signature scheme using bilinear maps. Cryptology ePrint Archive, Report 2003/188 (2003). http://eprint.iacr.org/

  14. Itkis, G., Reyzin, L.: Forward-secure signatures with optimal signing and verifying. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 332–354. Springer, Heidelberg (2001). http://dx.doi.org/10.1007/3-540-44647-8_20

    Chapter  Google Scholar 

  15. Latham, D.C. (ed.): Department of Defense Trusted Computer System Evaluation Criteria. US Department of Defense, December 1985. http://csrc.nist.gov/publications/history/dod85.pdf

  16. Ma, D., Tsudik, G.: A new approach to secure logging. In: Atluri, V. (ed.) DAS 2008. LNCS, vol. 5094, pp. 48–63. Springer, Heidelberg (2008). http://dx.doi.org/10.1007/978-3-540-70567-3_4

    Chapter  Google Scholar 

  17. Malkin, T., Micciancio, D., Miner, S.: Efficient generic forward-secure signatures with an unbounded number of time periods. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 400–417. Springer, Heidelberg (2002). http://dx.doi.org/10.1007/3-540-46035-7_27

    Chapter  Google Scholar 

  18. Marson, G.A., Poettering, B.: Practical secure logging: seekable sequential key generators. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 111–128. Springer, Heidelberg (2013). http://dx.doi.org/10.1007/978-3-642-40203-6_7

    Chapter  Google Scholar 

  19. An introduction to computer security: the NIST handbook. NIST Special Publication 800-12, October 1995. http://www.nist.gov/manuscript-publication-search.cfm?pub_id=890080

  20. Schneier, B., Kelsey, J.: Cryptographic support for secure logs on untrusted machines. In: The Seventh USENIX Security Symposium Proceedings (1998)

    Google Scholar 

  21. Song, D.X.: Practical forward secure group signature schemes. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, CCS 2001, pp. 225–234. ACM, New York (2001). http://doi.acm.org/10.1145/501983.502015

  22. Stathopoulos, V., Kotzanikolaou, P., Magkos, E.: A framework for secure and verifiable logging in public communication networks. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 273–284. Springer, Heidelberg (2006). http://dx.doi.org/10.1007/11962977_22

    Chapter  Google Scholar 

  23. Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. In: The 11th Annual Network and Distributed System Security Symposium (2004)

    Google Scholar 

  24. Yavuz, A.A., Peng, N.: BAF: an efficient publicly verifiable secure audit logging scheme for distributed systems. In: Computer Security Applications Conference, ACSAC 2009, Annual, pp. 219–228, December 2009

    Google Scholar 

  25. Yavuz, A.A., Peng, N., Reiter, M.K.: BAF and FI-BAF: efficient and publicly verifiable cryptographic schemes for secure logging in resource-constrained systems. ACM Trans. Inf. Syst. Secur. 15(2), 9:1–9:28 (2012). http://doi.acm.org/10.1145/2240276.2240280

    Article  Google Scholar 

  26. Yavuz, A.A., Ning, P., Reiter, M.K.: Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 148–163. Springer, Heidelberg (2012). http://dx.doi.org/10.1007/978-3-642-32946-3_12

    Chapter  Google Scholar 

  27. Zhang, J., Wu, Q., Wang, Y.: A novel efficient group signature scheme with forward security. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 292–300. Springer, Heidelberg (2003). http://dx.doi.org/10.1007/978-3-540-39927-8_27

    Chapter  Google Scholar 

Download references

Acknowledgements

I would like to thank Jörn Müller-Quade and my colleagues and friends Alexander Koch, Tobias Nilges and Bernhard Löwe for helpful discussions and remarks. I am also grateful to the anonymous reviewers for their comments. This work was supported by the German Federal Ministry of Education and Research (BMBF) as part of the MisPel program under grant no. 13N12063. The views expressed herein are the author’s responsibility and do not necessarily reflect those of BMBF.

Author information

Authors and Affiliations

  1. Karlsruhe Institute of Technology, Karlsruhe, Germany

    Gunnar Hartung

Authors
  1. Gunnar Hartung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gunnar Hartung .

Editor information

Editors and Affiliations

  1. NEC Cloud Systems Research Laboratories, Kawasaki, Japan

    Kazue Sako

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Hartung, G. (2016). Secure Audit Logs with Verifiable Excerpts. In: Sako, K. (eds) Topics in Cryptology - CT-RSA 2016. CT-RSA 2016. Lecture Notes in Computer Science(), vol 9610. Springer, Cham. https://doi.org/10.1007/978-3-319-29485-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29485-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29484-1

  • Online ISBN: 978-3-319-29485-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation