BBox: A Distributed Secure Log Architecture

  • Rafael Accorsi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6711)


This paper presents BBox, a digital black box to provide for authentic archiving in distributed systems. Based upon public key cryptography and trusted computing platforms, the BBox employs standard primitives to ensure the authenticity of records during the transmission from devices to the collector, as well as during their storage on the collector and retrieval by auditors. Besides presenting the technical underpinnings of the BBox, this paper demonstrates the authenticity guarantees it ensures and reports on the preliminary deployment figures.


Distributed log architecture public key cryptography 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Accorsi, R.: On the relationship of privacy and secure remote logging in dynamic systems. In: Fischer-Hübner, S., et al. (eds.) IFIP Conf. Proceedings, vol. 201, pp. 329–339. Springer, Heidelberg (2006)Google Scholar
  2. 2.
    Accorsi, R., Hohl, A.: Delegating secure logging in pervasive computing systems. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 58–72. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Accorsi, R.: Automated counterexample-driven audits of authentic system records. Ph.D. dissertation, University of Freiburg (2008)Google Scholar
  4. 4.
    Accorsi, R., Stocker, T.: Automated privacy audits based on pruning of log data. In: IEEE Enterprise Distributed Object Computing Conference, pp. 175–182 (2008)Google Scholar
  5. 5.
    Accorsi, R.: Safe-keeping digital evidence with secure logging protocols: State of the art and challenges. In: Goebel, O., et al. (eds.) Incident Management and Forensics, pp. 94–110. IEEE, Los Alamitos (2009)Google Scholar
  6. 6.
    Bellare, M., Yee, B.: Forward integrity for secure audit logs. Tech. report, U of California, San Diego, Dept. of Computer Science & Engineering (1997)Google Scholar
  7. 7.
    Carlin, A., Gallegos, F.: IT audit: A critical business process. IEEE Computer 40(7), 87–89 (2007)CrossRefGoogle Scholar
  8. 8.
    Chong, C., Peng, Z., Hartel, P.: Secure audit logging with tamper-resistant hardware. In: Gritzalis, D., et al. (eds.) IFIP Conf. Proceedings, vol. 250, pp. 73–84. Kluwer, Dordrecht (2003)Google Scholar
  9. 9.
    Chuvakin, A., Peterson, G.: Logging in the age of web services. IEEE Security and Privacy 7(3), 82–85 (2009)CrossRefGoogle Scholar
  10. 10.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 2(29), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Franklin, M.: A survey of key evolving cryptosystems. International Journal of Security and Networks 1(1-2), 46–53 (2006)CrossRefGoogle Scholar
  12. 12.
    Holt, J.: Logcrypt: Forward security and public verification for secure audit logs. In: Buyya, R., et al. (eds.) Australasian Symposium on Grid Computing and e-Research. CRIPT, vol. 54, pp. 203–211 (2006)Google Scholar
  13. 13.
    Kelsey, J., Callas, J.: Signed syslog messages. IETF Internet Draft (2005)Google Scholar
  14. 14.
    Kenneally, E.: Digital logs - Proof matters. Digital Investigation 1(2), 94–101 (2004)CrossRefGoogle Scholar
  15. 15.
    Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)Google Scholar
  16. 16.
    Lowis, L., Accorsi, R.: Finding vulnerabilities in SOA-based business processes. IEEE Transactions on Services Computing (2010) (to appear)Google Scholar
  17. 17.
    Lowis, L., Hohl, A.: Enabling Persistent Service Links. In: IEEE Conference on E-Commerce Technology, pp. 301–306 (2005)Google Scholar
  18. 18.
    Ma, D., Tsudik, G.: A new approach to secure logging. ACM Transactions on Storage 5(1), 1–21 (2009)CrossRefGoogle Scholar
  19. 19.
    Müller, G., Accorsi, R., Höhn, S., Sackmann, S.: Sichere Nutzungskontrolle für mehr Transparenz in Finanzmärkten. Informatik Spektrum 33(1), 3–13 (2010)CrossRefGoogle Scholar
  20. 20.
    Mercuri, R.: On auditing audit trails. Commun. ACM 46(1), 17–20 (2003)Google Scholar
  21. 21.
    Oppliger, R., Ritz, R.: Digital evidence: Dream and reality. IEEE Security and Privacy 1(5), 44–48 (2003)CrossRefGoogle Scholar
  22. 22.
  23. 23.
    Sackmann, S., Strüker, J., Accorsi, R.: Personalization in privacy-aware highly dynamic systems. Commun. ACM 49(9), 32–38 (2006)Google Scholar
  24. 24.
    Schneier, B., Kelsey, J.: Security audit logs to support computer forensics. ACM Transactions on Information and System Security 2(2), 159–176 (1999)CrossRefGoogle Scholar
  25. 25.
    Stathopoulos, V., Kotzanikolaou, P., Magkos, E.: A framework for secure and verifiable logging in public communication networks. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 273–284. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
  27. 27.
  28. 28.
    Waters, B., Balfanz, D., Durfee, G., Smetters, D.: Building an encrypted and searchable audit log. In: Network and Distributed System Security (2004)Google Scholar
  29. 29.
    Xu, W., Chadwick, D., Otenko, S.: A PKI Based Secure Audit Web Server. In: IASTED Communications, Network and Information (2005)Google Scholar
  30. 30.
    Yum, D., Kim, J., Lee, P., Hong, S.: On fast verification of hash chains. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 382–396. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Rafael Accorsi
    • 1
  1. 1.Department of TelematicsUniversity of FreiburgGermany

Personalised recommendations