Paper 2017/949

Practical and Robust Secure Logging from Fault-Tolerant Sequential Aggregate Signatures

Gunnar Hartung, Björn Kaidel, Alexander Koch, Jessica Koch, and Dominik Hartmann

Abstract

Keeping correct and informative log files is crucial for system maintenance, security and forensics. Cryptographic logging schemes offer integrity checks that protect a log file even in the case where an attacker has broken into the system. A relatively recent feature of these schemes is resistance against truncations, i.e. the deletion and/or replacement of the end of the log file. This is especially relevant as system intruders are typically interested in manipulating the later log entries that point towards their attack. However, there are not many schemes that are resistant against truncating the log file. Those that are have at least one of the following disadvantages: They are memory intensive (they store at least one signature per log entry), or fragile (i.e. a single error in the log renders the signature invalid and useless in determining where the error occurred). We obtain a publicly-verifiable secure logging scheme that is simultaneously robust, space-efficient and truncation secure with provable security under simple assumptions. Our generic construction uses forward-secure signatures, in a plain and a sequential aggregate variant, where the latter is additionally fault-tolerant, as recently formalized by Hartung et al. (PKC 2016). Fault-tolerant schemes can cope with a number of manipulated log entries (bounded a priori) and offer strong robustness guarantees while still retaining space efficiency. Our implementation and the accompanying performance measurements confirm the practicality of our scheme.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. ProvSec 2017
DOI
10.1007/978-3-319-68637-0_6
Keywords
Sequential Aggregate SignaturesFault-ToleranceSecure LoggingTruncation-SecurityForward-Security
Contact author(s)
alexander koch @ kit edu
History
2017-09-27: revised
2017-09-27: received
See all versions
Short URL
https://ia.cr/2017/949
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/949,
      author = {Gunnar Hartung and Björn Kaidel and Alexander Koch and Jessica Koch and Dominik Hartmann},
      title = {Practical and Robust Secure Logging from Fault-Tolerant Sequential Aggregate Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2017/949},
      year = {2017},
      doi = {10.1007/978-3-319-68637-0_6},
      note = {\url{https://eprint.iacr.org/2017/949}},
      url = {https://eprint.iacr.org/2017/949}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.