Paper 2008/185

A New Approach to Secure Logging

Di Ma and Gene Tsudik

Abstract

The need for secure logging is well-understood by the security professionals, including both researchers and practitioners. The ability to efficiently verify all (or some) log entries is important to any application employing secure logging techniques. In this paper, we begin by examining state-of-the-art in secure logging and identify some problems inherent to systems based on trusted third-party servers. We then propose a different approach to secure logging based upon recently developed Forward-Secure Sequential Aggregate (FssAgg) authentication techniques. Our approach offers both space-efficiency and provable security. We illustrate two concrete schemes -- one private-verifiable and one public-verifiable -- that offer practical secure logging without any reliance on on-line trusted third parties or secure hardware. We also investigate the concept of immutability in the context of forward secure sequential aggregate authentication to provide finer grained verification. Finally, we report on some experience with a prototype built upon a popular code version control system.

Metadata
Available format(s)
PDF PS
Category
Applications
Publication info
Published elsewhere. This is the full version of the paper appearing at DBSEC 2008.
Keywords
secure loggingMACssignaturesforward secure stream integritytruncation attack
Contact author(s)
dma1 @ ics uci edu
History
2008-04-24: received
Short URL
https://ia.cr/2008/185
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/185,
      author = {Di Ma and Gene Tsudik},
      title = {A New Approach to Secure Logging},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/185},
      year = {2008},
      url = {https://eprint.iacr.org/2008/185}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.