Paper 2017/107

Secure Logging with Crash Tolerance

Erik-Oliver Blass and Guevara Noubir


Forward-secure logging protects old log entries in a log file against an adversary compromising the log device. However, we show that previous work on forward-secure logging is prone to crash-attacks where the adversary removes log entries and then crashes the log device. As the state of the log after a crash-attack is indistinguishable from the state after a real crash, e.g., power failure, the adversary can hide attack traces. We present SLiC, a new logging protocol that achieves forward-security against crash-attacks. Our main idea is to decouple the time of a log event with the position of its resulting log entry in the log file. Each event is encrypted and written to a pseudo-random position in the log file. Consequently, the adversary can only remove random log events, but not specific ones. Yet, during forensic analysis, the verifier can replay pseudo-random positions. This allows to distinguish a real crash (last events missing) from a crash-attack (random events missing). Besides a formal analysis, we also present an evaluation of SLiC as a syslog server to indicate its practicality.

Available format(s)
Cryptographic protocols
Publication info
Contact author(s)
erik-oliver blass @ airbus com
2017-04-29: revised
2017-02-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Erik-Oliver Blass and Guevara Noubir},
      title = {Secure Logging with Crash Tolerance},
      howpublished = {Cryptology ePrint Archive, Paper 2017/107},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.