International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: A New Approach to Secure Logging

Di Ma
Gene Tsudik
Search ePrint
Search Google
Abstract: The need for secure logging is well-understood by the security professionals, including both researchers and practitioners. The ability to efficiently verify all (or some) log entries is important to any application employing secure logging techniques. In this paper, we begin by examining state-of-the-art in secure logging and identify some problems inherent to systems based on trusted third-party servers. We then propose a different approach to secure logging based upon recently developed Forward-Secure Sequential Aggregate (FssAgg) authentication techniques. Our approach offers both space-efficiency and provable security. We illustrate two concrete schemes -- one private-verifiable and one public-verifiable -- that offer practical secure logging without any reliance on on-line trusted third parties or secure hardware. We also investigate the concept of immutability in the context of forward secure sequential aggregate authentication to provide finer grained verification. Finally, we report on some experience with a prototype built upon a popular code version control system.
  title={A New Approach to Secure Logging},
  booktitle={IACR Eprint archive},
  keywords={applications / secure logging, MACs, signatures, forward secure stream integrity, truncation attack},
  note={This is the full version of the paper appearing at DBSEC 2008. 13992 received 23 Apr 2008},
  author={Di Ma and Gene Tsudik},