Practical and Robust Secure Logging from Fault-Tolerant Sequential Aggregate Signatures

Hartung, Gunnar; Kaidel, Björn; Koch, Alexander; Koch, Jessica; Hartmann, Dominik

doi:10.1007/978-3-319-68637-0_6

Cited by 11 publications

(10 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, existing forward-secure signature schemes relying on the notion of epoch (e.g., [73], [44], [41]) fully achieve G1 only when configured to generate signatures at the granularity of one log event (epoch = 1), but generating a new key and/or signature per log event incurs impractically large computational costs (violating G5). On the other hand, when epoch = n the most recent pre-compromise events remain vulnerable.…”

Section: Threat Model and Goalsmentioning

confidence: 99%

“…CUSTOS' logging phase is the only one that can scale to more than a million events per second. [41]. For SGX-Log and BGLS, we conservatively set highly-favorable parameters for performance.…”

Section: ) Prior Work Comparisonmentioning

confidence: 99%

“…Yavuz et al presented an optimized signing procedure at the cost of a key size that is linear with the number of log entries and no support for fine-grained audits [128]. Most recently, Hartung et al [41] presented a scheme that combines forward-secure sequential aggregate signatures with forward-secure signatures, but still incurs impractically large computational costs to generate proofs.…”

Section: A Secure Loggingmentioning

confidence: 99%

“…Existing commercial solutions to this tamper-evident logging problem involve specialized Write-Once-Read-Many (WORM) storage devices [47], [85] or fully-trusted remote storage servers [58], [94]. Concurrent to commercial efforts, a variety of cryptographic solutions have been presented in the literature, spanning symmetric cryptography [10], [108], [44], digital signatures [73], [127], [41], and tamper-evident data structures [20], [101].…”

Section: Introductionmentioning

confidence: 99%

“…Furthermore, our logger supports third-party verifiability of log integrity, and, unlike prior work [57], [89], does not break compatibility with log analysis applications by avoiding reliance on log encryption. 2) Real-time Decentralized Auditing: Differently from many prior solutions (e.g., [73], [57], [41], [128], [44]), we also focus on how to discover log tampering through auditing. Intuitively, the more frequently logs are audited, the earlier anti-forensic attackers will be detected after intrusion: thus, there is a clear motivation for auditing to be a frequent operation.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution

Paccagnella

Datta

Hassan

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

System auditing is a central concern when investigating and responding to security incidents. Unfortunately, attackers regularly engage in anti-forensic activities after a breakin, covering their tracks from the system logs in order to frustrate the efforts of investigators. While a variety of tamper-evident logging solutions have appeared throughout the industry and the literature, these techniques do not meet the operational and scalability requirements of system-layer audit frameworks. In this work, we introduce CUSTOS, a practical framework for the detection of tampering in system logs. CUSTOS consists of a tamper-evident logging layer and a decentralized auditing protocol. The former enables the verification of log integrity with minimal changes to the underlying logging framework, while the latter enables near real-time detection of log integrity violations within an enterprise-class network. CUSTOS is made practical by the observation that we can decouple the costs of cryptographic log commitments from the act of creating and storing log events, without trading off security, leveraging features of off-the-shelf trusted execution environments. Supporting over one million events per second, we show that CUSTOS' tamper-evident logging protocol is three orders of magnitude (1000×) faster than prior solutions and incurs only between 2% and 7% runtime overhead over insecure logging on intensive workloads. Further, we show that CUSTOS' auditing protocol can detect violations in near realtime even in the presence of a powerful distributed adversary and with minimal (3%) network overhead. Our case study on a real-world APT attack scenario demonstrates that CUSTOS forces anti-forensic attackers into a "lose-lose" situation, where they can either be covert and not tamper with logs (which can be used for forensics), or erase logs but then be detected by CUSTOS.

show abstract

Section: Threat Model and Goalsmentioning

confidence: 99%

Section: ) Prior Work Comparisonmentioning

confidence: 99%

Section: A Secure Loggingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution

Paccagnella

Datta

Hassan

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

BCALS: Blockchain‐based secure log management system for cloud computing

Ali

Khan

Ahmed

et al. 2021

Trans Emerging Tel Tech

View full text Add to dashboard Cite

A computing environment requires a robust and comprehensive process to track and document user activities to uphold confidence in the system. Audit logs are used for this purpose to monitor the actions of administrators and users. However, these logs are vulnerable to multidimensional attacks, including modification of logs, erasability of logs, and privacy of the user. Since administrators have unprecedented access to these logs, they can modify, delete, and even destroy them. Securing these logs against malicious activities is the prime requirement of audit log management. Existing schemes have several limitations, including immutability, computational expensiveness, missing semantics, and are not verifiable. Various schemes have been proposed for this purpose, but a standard method is required to structure heterogeneous logs and their security semantically. To cope with these limitations, in this paper, we propose a Log Management System using blockchain. The proposed system will ensure audit logs' security, which will eventually strengthen users' trust in the computing environment and make it unbreachable even by the administrators. It has been evinced that our model performed better in terms of performance and features already mentioned when compared with existing schemes.

show abstract

Steady

Pulls¹,

Dahlberg²

2018

Secure IT Systems

View full text Add to dashboard Cite

Practical and Robust Secure Logging from Fault-Tolerant Sequential Aggregate Signatures

Cited by 11 publications

References 17 publications

Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution

Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution

BCALS: Blockchain‐based secure log management system for cloud computing

Steady

Contact Info

Product

Resources

About