Cryptology ePrint Archive: Report 2008/185

A New Approach to Secure Logging

Di Ma and Gene Tsudik

Abstract: The need for secure logging is well-understood by the security professionals, including both researchers and practitioners. The ability to efficiently verify all (or some) log entries is important to any application employing secure logging techniques. In this paper, we begin by examining state-of-the-art in secure logging and identify some problems inherent to systems based on trusted third-party servers. We then propose a different approach to secure logging based upon recently developed Forward-Secure Sequential Aggregate (FssAgg) authentication techniques. Our approach offers both space-efficiency and provable security. We illustrate two concrete schemes -- one private-verifiable and one public-verifiable -- that offer practical secure logging without any reliance on on-line trusted third parties or secure hardware. We also investigate the concept of immutability in the context of forward secure sequential aggregate authentication to provide finer grained verification. Finally, we report on some experience with a prototype built upon a popular code version control system.

Category / Keywords: applications / secure logging, MACs, signatures, forward secure stream integrity, truncation attack

Publication Info: This is the full version of the paper appearing at DBSEC 2008.

Date: received 23 Apr 2008

Contact author: dma1 at ics uci edu

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20080424:190713 (All versions of this report)

Discussion forum: Show discussion | Start new discussion