Cryptology ePrint Archive: Report 2008/185
A New Approach to Secure Logging
Di Ma and Gene Tsudik
Abstract: The need for secure logging is well-understood by the security
professionals, including both researchers and practitioners. The
ability to efficiently verify all (or some) log entries is
important to any application employing secure logging techniques.
In this paper, we begin by examining state-of-the-art in secure
logging and identify some problems inherent to systems based on
trusted third-party servers. We then propose a different approach
to secure logging based upon recently developed Forward-Secure
Sequential Aggregate (FssAgg) authentication techniques. Our
approach offers both space-efficiency and provable security. We
illustrate two concrete schemes -- one private-verifiable and one
public-verifiable -- that offer practical secure logging without
any reliance on on-line trusted third parties or secure hardware.
We also investigate the concept of immutability in the context of
forward secure sequential aggregate authentication to provide
finer grained verification. Finally, we report on some experience
with a prototype built upon a popular code version control system.
Category / Keywords: applications / secure logging, MACs, signatures, forward secure stream integrity, truncation attack
Publication Info: This is the full version of the paper appearing at DBSEC 2008.
Date: received 23 Apr 2008
Contact author: dma1 at ics uci edu
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Version: 20080424:190713 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]