Distributed Immutabilization of Secure Logs

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9871)

Abstract

Several applications require robust and tamper-proof logging systems, e.g. electronic voting or bank information systems. At Scytl we use a technology, called immutable logs, that we deploy in our electronic voting solutions. This technology ensures the integrity, authenticity and non-repudiation of the generated logs, thus in case of any event the auditors can use them to investigate the issue. As a security recommendation it is advisable to store and/or replicate the information logged in a location where the logger has no writing or modification permissions. Otherwise, if the logger gets compromised, the data previously generated could be truncated or altered using the same private keys. This approach is costly and does not protect against collusion between the logger and the entities that hold the replicated data. In order to tackle these issues, in this article we present a proposal and implementation to immutabilize integrity proofs of the secure logs within the Bitcoin’s blockchain. Due to the properties of the proposal, the integrity of the immutabilized logs is guaranteed without performing log data replication and even in case the logger gets latterly compromised.

Keywords

Secure logging Blockchain Distributed immutabilization Integrity Trust 

References

  1. 1.
    Bellare, M., Yee, B.S.: Forward integrity for secure audit logs. Technical report (1997)Google Scholar
  2. 2.
    Bentov, I., Gabizon, A., Mizrahi, A.: Cryptocurrencies without proof of work. In: Proceedings of 3rd Workshop on Bitcoin and Blockchain Research (2016)Google Scholar
  3. 3.
    Colu. Colored Coins Protocol Specification. Accessed June 2016Google Scholar
  4. 4.
    Cornet, A.O., Bosch, J.M.B.: Method and system of generating immutable audit logs, 15 January 2009. US Patent App. 12/096,048Google Scholar
  5. 5.
    Croman, K., Decker, C., Eyal, I., Gencer, A.E., Juels, A., Kosba, A., Miller, A., Saxena, P., Shi, E., Gün, E.: On scaling decentralized blockchains. In: Proceedings of 3rd Workshop on Bitcoin and Blockchain Research (2016)Google Scholar
  6. 6.
    Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 436–454. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45472-5_28 Google Scholar
  7. 7.
    Galindo, D., Guasch, S., Puiggalí, J.: 2015 Neuchâtel’s Cast-as-Intended Verification Mechanism. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 3–18. Springer, Heidelberg (2015). doi:10.1007/978-3-319-22270-7_1 CrossRefGoogle Scholar
  8. 8.
    BitFury Group, Garzik, J.: Public versus private blockchains. Part 1: permissioned blockchains. Technical report, BitFury Group, October 2015Google Scholar
  9. 9.
    Karame, G.O., Androulaki, E., Roeschlin, M., Gervais, A., Čapkun, S.: Misbehavior in bitcoin: a study of double-spending and accountability. ACM Trans. Inf. Syst. Secur. 18(1), 2: 1–2: 32 (2015)CrossRefGoogle Scholar
  10. 10.
    Ma, D., Tsudik, G.: A new approach to secure logging. Trans. Storage 5(1), 2: 1–2: 21 (2009)CrossRefGoogle Scholar
  11. 11.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)Google Scholar
  12. 12.
    National Institute of Standards and Technology. FIPS 198-1, The Keyed-Hash Message Authentication Code (HMAC), Federal Information Processing Standard (FIPS), Publication 198-1. Technical report, U.S. Department of Commerce, July 2008Google Scholar
  13. 13.
    National Institute of Standards and Technology. FIPS 180-4, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 180-4. Technical report, U.S. Department of Commerce, March 2012Google Scholar
  14. 14.
    National Institute of Standards and Technology. FIPS 186-4, Digital Signature Standard (DSS), Federal Information Processing Standard (FIPS), Publication 186-4. Technical report, U.S. Department of Commerce, July 2013Google Scholar
  15. 15.
    Puiggalí, J., Chóliz, J., Guasch, S.: Best practices in internet voting. In: NIST: Workshop on UOCAVA Remote Voting Systems, Washington DC, August 2010Google Scholar
  16. 16.
    Snodgrass, R.T., Yao, S.S., Collberg, C.: Tamper detection in audit logs. In: Proceedings of the Thirtieth International Conference on Very Large Data Bases, VLDB 2004, vol. 30, pp. 504–515. VLDB Endowment (2004)Google Scholar
  17. 17.
    Snow, P., Deery, B., Lu, J., Johnston, D., Kirby, P.: Factom: business processes secured by immutable audit trails on the blockchain. Whitepaper, Factom, November 2014Google Scholar
  18. 18.
    Zyskind, G., Nathan, O., Pentland, A.S.: Decentralizing privacy: using blockchain to protect personal data. In: 2015 IEEE on Security and Privacy Workshops (SPW), pp. 180–184, May 2015Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Scytl Secure Electronic VotingBarcelonaSpain

Personalised recommendations