Time-Scoped Searching of Encrypted Audit Logs

  • Darren Davis
  • Fabian Monrose
  • Michael K. Reiter
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3269)


In this paper we explore restricted delegation of searches on encrypted audit logs. We show how to limit the exposure of private information stored in the log during such a search and provide a technique to delegate searches on the log to an investigator. These delegated searches are limited to authorized keywords that pertain to specific time periods, and provide guarantees of completeness to the investigator. Moreover, we show that investigators can efficiently find all relevant records, and can authenticate retrieved records without interacting with the owner of the log. In addition, we provide an empirical evaluation of our techniques using encrypted logs consisting of approximately 27,000 records of IDS alerts collected over a span of a few months.


Intrusion Detection System Random Oracle Bloom Filter Symmetric Encryption Authorized Keyword 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation. In: Proceedings of the 38th Symposium on Foundations of Computer Science (1997)Google Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Random oracles are practical: A Paradigm for Designing Efficient Protocols. In: 1st ACM Conference on Computer and Communications Security, November 1993, pp. 62–73 (1993)Google Scholar
  3. 3.
    Bellovin, S.M., Cheswick, W.R.: Privacy-Enhanced Searches Using Encrypted Bloom Filters. Cryptology ePrint Archive, Report 2004/022 (2004)Google Scholar
  4. 4.
    Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public Key Encryption with Keyword Search. Cryptology ePrint Archive, Report 2003/195 (2004)Google Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity Based Encryption from the Weil Paring. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Caswell, B., Beale, J., Foster, J., Faircloth, J.: Snort 2.0 Intrusion detection system (May 2004), See
  7. 7.
    Chang, Y., Mitzenmacher, M.: Privacy Preserving Keyword Searches on Remote Encrypted Data. Cryptology ePrint Archive, Report 2004/051 (2004)Google Scholar
  8. 8.
    Federal Information Processing Standards. Digital Signature Standards (DSS) – FIPS 186 (May 1994)Google Scholar
  9. 9.
    Goh, E.: Secure Indexes. Cryptology EPrint Archive, Report 2003/216 (2003)Google Scholar
  10. 10.
    Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM Journal of Computing 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Harber, S., Stornetta, W.: How to Time-Stamp a Digital Document. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991)Google Scholar
  12. 12.
    Kelsey, J., Schneier, B.: Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs. In: Web Proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (1999)Google Scholar
  13. 13.
    Mont, M., Harrison, K., Sadler, M.: The HP Time Vault Service: Exploiting IBE for Timed Release of Confidential Information. In: Proceedings 13th Annual WWW Conference, Security and Privacy Track (2003)Google Scholar
  14. 14.
    Stanford Applied Cryptography Group. IBE Secure Email, See
  15. 15.
    Schneier, B., Kelsey, J.: Cryptographic Support for Secure Logs on Untrusted Machines. In: Proceedings of the 7th USENIX Security Symposium, pp. 53–62 (1998)Google Scholar
  16. 16.
    Song, D., Wagner, D., Perrig, A.: Practical Techniques for Searches on Encrypted Data. In: Proceedings of IEEE Symposium on Security and Privacy (May 2000)Google Scholar
  17. 17.
    Waters, B.R., Balfanz, D., Durfe, G., Smetters, D.K.: Building an Encrypted and Searchable Audit Log. In: Proceedings of Network and Distributed System Symposium (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Darren Davis
    • 1
  • Fabian Monrose
    • 1
  • Michael K. Reiter
    • 2
  1. 1.Johns Hopkins UniversityBaltimoreUSA
  2. 2.Carnegie Mellon UniversityPittsburghUSA

Personalised recommendations