Abstract
We present Steady: an end-to-end secure logging system engineered to be simple in terms of design, implementation, and assumptions for real-world use. Steady gets its name from being based on a steady (heart)beat of events from a forward-secure device sent over an untrusted network through untrusted relays to a trusted collector. Properties include optional encryption and compression (with loss of confidentiality but significant gain in goodput), detection of tampering, relays that can function in unidirectional networks (e.g., as part of a data diode), cost-effective use of cloud services for relays, and publicly verifiable proofs of event authenticity. The design is formalized and security proven in the standard model. Our prototype implementation (\(\approx \)2,200 loc) shows reliable goodput of over 1M events/s (\(\approx \)160 MiB/s) for a realistic dataset with commodity hardware for a device on a GigE network using 16 MiB of memory connected to a relay running at Amazon EC2.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For example Directive 2006/24/EC http://europa.eu/!BM68tq, accessed 2018-08-08.
- 2.
Compression breaks semantic security and depending on setting completely neglects any encryption [8], as shown, e.g, in the CRIME and BREACH attacks.
- 3.
The block metadata i, \(\ell _c\), and \(\ell _p\) are hashed together with the hash of the payload that is likely high entropy, unlike the metadata.
- 4.
If the adversary can modify or remove a block already read from the relay by the collector this would cause \(\mathsf {check}\) to fail but this is not relevant for security.
- 5.
NaCl box (https://nacl.cr.yp.to/box.html) uses Salsa20 and Poly1305, we use AES256-GCM instead for the hardware speed-up on selected platforms.
- 6.
https://github.com/pylls/steady-c, Apache 2.0 license.
- 7.
https://libsodium.org/, accessed 2018-08-05.
- 8.
https://lz4.github.io/lz4/, accessed 2018-08-05.
- 9.
https://github.com/pylls/steady, Apache 2.0 license.
References
Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. Algorithmica 12(2/3), 225–244 (1994)
Bowers, K.D., Hart, C., Juels, A., Triandopoulos, N.: PillarBox: Combating next-generation malware with fast forward-secure logging. In: RAID (2014)
Buldas, A., Truu, A., Laanoja, R., Gerhards, R.: Efficient record-level keyless signatures for audit logs. In: Bernsmed, K., Fischer-Hübner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 149–164. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11599-3_9
Crosby, S.A., Wallach, D.S.: Efficient data structures for tamper-evident logging. In: Monrose, F. (ed.) Proceedings of the 18th USENIX Security Symposium, Montreal, Canada, August 10–14, 2009, pp. 317–334. USENIX Association (2009)
Hartung, G., Kaidel, B., Koch, A., Koch, J., Hartmann, D.: Practical and robust secure logging from fault-tolerant sequential aggregate signatures. In: Okamoto, T., Yu, Y., Au, M.H., Li, Y. (eds.) ProvSec 2017. LNCS, vol. 10592, pp. 87–106. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68637-0_6
Holt, J.E.: Logcrypt: forward security and public verification for secure audit logs. In: The proceedings of AusGrid and AISW (2006)
Karande, V., Bauman, E., Lin, Z., Khan, L.: SGX-Log: Securing system logs with SGX. In: AsiaCCS (2017)
Kelsey, J.: Compression and information leakage of plaintext. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 263–276. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45661-9_21
Kotz, D., Henderson, T., Abyzov, I., Yeo, J.: CRAWDAD dataset dartmouth/campus (v. 2009–09-09), September 2009. https://crawdad.org/dartmouth/campus/20090909
Ma, D., Tsudik, G.: A new approach to secure logging. TOS 5(1), 2:1–2:21 (2009)
Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_32
Pulls, T., Dahlberg, R.: Steady: A simple end-to-end secure logging system. IACR Cryptology ePrint Archive p. 737 (2018). https://eprint.iacr.org/2018/737
Schneier, B., Kelsey, J.: Cryptographic Support for Secure Logs on Untrusted Machines. In: USENIX Security Symposium, pp. 53–62. USENIX (1998)
Shepherd, C., Akram, R.N., Markantonakis, K.: EmLog: tamper-resistant system logging for constrained devices with TEEs. In: Hancke, G.P., Damiani, E. (eds.) WISTP 2017. LNCS, vol. 10741, pp. 75–92. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93524-9_5
Sinha, A., Jia, L., England, P., Lorch, J.R.: Continuous tamper-proof logging using TPM 2.0. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 19–36. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08593-7_2
Yavuz, A.A., Ning, P.: BAF: an efficient publicly verifiable secure audit logging scheme for distributed systems. In: ACSAC (2009)
Yavuz, A.A., Ning, P., Reiter, M.K.: Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 148–163. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_12
Acknowledgments
We would like to thank Christian Gotare, Anders Lidén, Mattias Nordlund, and Roel Peeters for valuable feedback. This research as part of the HITS research profile was funded by the Swedish Knowledge Foundation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Pulls, T., Dahlberg, R. (2018). Steady. In: Gruschka, N. (eds) Secure IT Systems. NordSec 2018. Lecture Notes in Computer Science(), vol 11252. Springer, Cham. https://doi.org/10.1007/978-3-030-03638-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-03638-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03637-9
Online ISBN: 978-3-030-03638-6
eBook Packages: Computer ScienceComputer Science (R0)