Abstract
Due to the forensic value of audit logs, it is vital to provide compromise resiliency and append-only properties in a logging system to prevent active attackers. Unfortunately, existing symmetric secure logging schemes are not publicly verifiable and cannot address applications that require public auditing (e.g., public financial auditing), besides being vulnerable to certain attacks and dependent on continuous trusted server support. Moreover, Public Key Cryptography (PKC)-based secure logging schemes require Expensive Operations (ExpOps) that are costly for both loggers and verifiers, and thus are impractical for computation-intensive environments.
In this paper, we propose a new class of secure audit logging scheme called Log F orward-secure and A ppend-only S ignature (LogFAS). LogFAS achieves the most desirable properties of both symmetric and PKC-based schemes. LogFAS can produce publicly verifiable forward-secure and append-only signatures without requiring any online trusted server support or time factor. Most notably, LogFAS is the only PKC-based secure audit logging scheme that achieves the high verifier computational and storage efficiency. That is, LogFAS can verify L log entries with always a small-constant number of ExpOps regardless of the value of L. Moreover, each verifier stores only a small and constant-size public key regardless of the number of log entries to be verified or the number of loggers in the system. In addition, a LogFAS variation allows fine-grained verification of any subset of log entries and fast detection of corrupted log entries. All these properties make LogFAS an ideal scheme for secure audit logging in computation-intensive applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdalla, M., Reyzin, L.: A New Forward-Secure Digital Signature Scheme. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 116–129. Springer, Heidelberg (2000)
Anderson, R.: Two remarks on public-key cryptology, invited lecture. In: Proceedings of the 4th ACM Conference on Computer and Communications Security (CCS 1997) (1997)
Bellare, M., Micciancio, D.: A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 163–192. Springer, Heidelberg (1997)
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS 1993), pp. 62–73. ACM, NY (1993)
Bellare, M., Rogaway, P.: Collision-Resistant Hashing: Towards Making UOWHFs Practical. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 470–484. Springer, Heidelberg (1997)
Bellare, M., Yee, B.S.: Forward integrity for secure audit logs. Technical report, San Diego, CA, USA (1997)
Bellare, M., Yee, B.S.: Forward-Security in Private-Key Cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003)
Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)
Crosby, S., Wallach, D.S.: Efficient data structures for tamper evident logging. In: Proceedings of the 18th Conference on USENIX Security Symposium (August 2009)
Davis, D., Monrose, F., Reiter, M.: Time-Scoped Searching of Encrypted Audit Logs. In: López, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 532–545. Springer, Heidelberg (2004)
Fall, K.: A delay-tolerant network architecture for challenged internets. In: Proceedings of the 9th Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM 2003), pp. 27–34. ACM (2003)
Holt, J.E.: Logcrypt: Forward security and public verification for secure audit logs. In: Proc. of the 4th Australasian Workshops on Grid Computing and e-Research (ACSW 2006), pp. 203–211 (2006)
Impagliazzo, R., Naor, M.: Efficient cryptographic schemes provably as secure as subset sum. In: Proceedings of the 30th Annual Symposium on Foundations of Computer Science, pp. 236–241. IEEE Computer Society, Washington, DC (1989)
Itkis, G.: Cryptographic tamper evidence. In: Proc. of the 10th ACM Conference on Computer and Communications Security (CCS 2003), pp. 355–364. ACM, New York (2003)
Krawczyk, H.: Simple forward-secure signatures from any signature scheme. In: Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS 2000), pp. 108–115. ACM (2000)
Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. Journal of Cryptology 14(4), 255–293 (2001)
Ma, D.: Practical forward secure sequential aggregate signatures. In: Proceedings of the 3rd ACM Symposium on Information, Computer and Communications Security (ASIACCS 2008), pp. 341–352. ACM, NY (2008)
Ma, D., Tsudik, G.: Forward-secure sequential aggregate authentication. In: Proceedings of the 28th IEEE Symposium on Security and Privacy (S&P 2007), pp. 86–91 (May 2007)
Ma, D., Tsudik, G.: A new approach to secure logging. In: Proc. of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC 2008), pp. 48–63 (2008)
Ma, D., Tsudik, G.: A new approach to secure logging. ACM Transaction on Storage (TOS) 5(1), 1–21 (2009)
Oprea, A., Bowers, K.D.: Authentic Time-Stamps for Archival Storage. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 136–151. Springer, Heidelberg (2009)
Papamanthou, C., Tamassia, R., Triandopoulos, N.: Authenticated hash tables. In: Proc. of the 15th ACM Conference on Computer and Communications Security (CCS 2008), pp. 437–448. ACM, New York (2008)
Pointcheval, D., Stern, J.: Security Proofs for Signature Schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)
Schneier, B., Kelsey, J.: Cryptographic support for secure logs on untrusted machines. In: Proc. of the 7th Conference on USENIX Security Symposium. USENIX Association (1998)
Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Transaction on Information System Security 2(2), 159–176 (1999)
Schnorr, C.: Efficient signature generation by smart cards. Journal of Cryptology 4(3), 161–174 (1991)
Shamus. Multiprecision integer and rational arithmetic c/c++ library (MIRACL), http://www.shamus.ie/
Shoup, V.: NTL: A library for doing number theory, http://www.shoup.net/ntl/
Yavuz, A.A., Ning, P.: BAF: An efficient publicly verifiable secure audit logging scheme for distributed systems. In: Proceedings of 25th Annual Computer Security Applications Conference (ACSAC 2009), pp. 219–228 (2009)
Yavuz, A.A., Ning, P.: Hash-based sequential aggregate and forward secure signature for unattended wireless sensor networks. In: Proceedings of the 6th Annual International Conference on Mobile and Ubiquitous Systems (MobiQuitous 2009) (July 2009)
Yavuz, A.A., Ning, P., Reiter, M.K.: Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging. Technical Report TR-2011-21, Raleigh, NC, USA (September 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yavuz, A.A., Ning, P., Reiter, M.K. (2012). Efficient, Compromise Resilient and Append-Only Cryptographic Schemes for Secure Audit Logging. In: Keromytis, A.D. (eds) Financial Cryptography and Data Security. FC 2012. Lecture Notes in Computer Science, vol 7397. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32946-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-32946-3_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32945-6
Online ISBN: 978-3-642-32946-3
eBook Packages: Computer ScienceComputer Science (R0)