Abstract
We propose a log signing scheme that enables (a) verification of the integrity of the whole log, and (b) presentation of any record, along with a compact proof that the record has not been altered since the log was signed, without leaking any information about the contents of other records in the log. We give a formal security proof of the scheme, discuss practical considerations, and provide an implementation case study.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Accorsi, R.: BBox: A distributed secure log architecture. In: Camenisch, J., Lambrinoudakis, C. (eds.) EuroPKI 2010. LNCS, vol. 6711, pp. 109–124. Springer, Heidelberg (2011)
Adams, C., Cain, P., Pinkas, D., Zuccherato, R.: Internet X.509 public key infrastructure time-stamp protocol (TSP). IETF RFC 3161 (2001)
Buldas, A., Kroonmaa, A., Park, A.: OpenKSI digital signature format (2012)
Buldas, A., Saarepera, M.: On provably secure time-stamping schemes. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 500–514. Springer, Heidelberg (2004)
Buldas, A., Truu, A., Laanoja, R., Gerhards, R.: Efficient record-level keyless signatures for logs. Cryptology ePrint Archive, Report 2014/552 (2014)
Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP message format. IETF RFC 4880 (2007)
Gerhards, R.: The syslog protocol. IETF RFC 5424 (2009)
Holt, J.E.: Logcrypt: Forward security and public verification for secure audit logs. In: Buyya, R., Ma, T., Safavi-Naini, R., Steketee, C., Susilo, W. (eds.) AISW 2006, pp. 203–211. Australian Computer Society (2006)
Housley, R.: Cryptographic message syntax (CMS). IETF RFC 5652 (2009)
Kaliski, B.: PKCS#7: Cryptographic message syntax v 1.5. IETF RFC 2315 (1998)
Kelsey, J., Callas, J., Clemm, A.: Signed syslog messages. IETF RFC 5848 (2010)
Ma, D., Tsudik, G.: A new approach to secure logging. ACM Transactions on Storage 5(1), 2:1–2:21 (2009)
Merkle, R.C.: Protocols for public key cryptosystems. In: IEEE Symposium on Security and Privacy, pp. 122–134. IEEE Computer Society (1980)
Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Transactions on Information Systems Security 2(2), 159–176 (1999)
Stathopoulos, V., Kotzanikolaou, P., Magkos, E.: A framework for secure and verifiable logging in public communication networks. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 273–284. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Buldas, A., Truu, A., Laanoja, R., Gerhards, R. (2014). Efficient Record-Level Keyless Signatures for Audit Logs. In: Bernsmed, K., Fischer-Hübner, S. (eds) Secure IT Systems. NordSec 2014. Lecture Notes in Computer Science(), vol 8788. Springer, Cham. https://doi.org/10.1007/978-3-319-11599-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-11599-3_9
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11598-6
Online ISBN: 978-3-319-11599-3
eBook Packages: Computer ScienceComputer Science (R0)