Practical Secure Logging: Seekable Sequential Key Generators

Marson, Giorgia Azzurra; Poettering, Bertram

doi:10.1007/978-3-642-40203-6_7

Cited by 9 publications

(26 citation statements)

References 20 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast to the prior SSKG from [16], our scheme relies on just symmetric building blocks; in particular we propose instantiations that exclusively use either PRGs, block ciphers, or hash functions. By consequence, our implementation beats the one from [16] by 1-3 orders of magnitude, on current CPUs. In addition to this efficiency gain, we also identify new and appealing functionality features of our SSKG.…”

Section: Contributions and Organizationmentioning

confidence: 99%

“…Although hash chains, in principle, lead to (forward-)secure local logging, they also come with an efficiency penalty on the side of the log auditor: the latter, in order to verify a log record of a certain epoch t, first needs to recover the corresponding key K t ; however, as a high level of security requires a high key update rate, this might involve millions of hash function evaluations. This problem was addressed only recently: in [16], efficient forward-secure local logging is achieved via a seekable sequential key generator (SSKG).…”

Section: Introductionmentioning

confidence: 99%

“…We give a rough overview over the ideas in [16]. Essentially, the authors propose a generic construction of an SSKG from a shortcut one-way permutation (SCP), a primitive that implements a one-way permutation π : D → D, for a domain D, with a dedicated shortcut algorithm allowing the computation of the k-fold composition π k in sublinear time.…”

Section: Introductionmentioning

confidence: 99%

“…Essentially, the authors propose a generic construction of an SSKG from a shortcut one-way permutation (SCP), a primitive that implements a one-way permutation π : D → D, for a domain D, with a dedicated shortcut algorithm allowing the computation of the k-fold composition π k in sublinear time. The concrete SCP considered in [16] is given by the squaring operation modulo a Blum integer N , where applying the shortcut corresponds to reducing a certain exponent modulo ϕ(N ). Given an SCP, an SSKG can be obtained by letting its state consist of a single element in D, performing state updates by applying π to this element, and deriving keys by hashing it (more precisely, by applying a random oracle).…”

Section: Introductionmentioning

confidence: 99%

“…While it is instructive to observe how the forward security of the SSKG corresponds with the one-wayness of the SCP, and how its seekability is based on the SCP's shortcut property, a notable technical artifact of the squaring-based SCP is that seekability requires knowledge of ϕ(N ) while forward security requires this value to be unknown. This dilemma is side-stepped in [16] by giving only the owners of a seeking key the ability to fast-forward through the SSKG output sequence.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Even More Practical Secure Logging: Tree-Based Seekable Sequential Key Generators

Marson

Poettering

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Computer log files constitute a precious resource for system administrators for discovering and comprehending security breaches. A prerequisite of any meaningful log analysis is that attempts of intruders to cover their traces by modifying log entries are thwarted by storing them in a tamper-resistant manner. Some solutions employ cryptographic authentication when storing log entries locally, and let the authentication scheme's property of forward security ensure that the cryptographic keys in place at the time of intrusion cannot be used to manipulate past log entries without detection. This strong notion of security is typically achieved through frequent updates of the authentication keys via hash chains. However, as security demands that key updates take place rather often (ideally, at a resolution of milliseconds), in many settings this method quickly reaches the limits of practicality. Indeed, a log auditor aiming at verifying a specific log record might have to compute millions of hash iterations before recovering the correct verification key. This problem was addressed only recently by the introduction of seekable sequential key generators (SSKG). Every instance of this cryptographic primitive produces a forward-secure sequence of symmetric (authentication) keys, but also offers an explicit fast-forward functionality. The only currently known SSKG construction replaces traditional hash chains by the iterated evaluation of a shortcut one-way permutation, a factoring-based and hence in practice not too efficient building block. In this paper we revisit the challenge of marrying forward-secure key generation with seekability and show that symmetric primitives like PRGs, block ciphers, and hash functions suffice for obtaining secure SSKGs. Our scheme is not only considerably more efficient than the prior number-theoretic construction, but also extends the seeking functionality in a way that we believe is important in practice. Our construction is provably (forward-)secure in the standard model.

show abstract

Section: Contributions and Organizationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Even More Practical Secure Logging: Tree-Based Seekable Sequential Key Generators

Marson

Poettering

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

PillarBox: Combating Next-Generation Malware with Fast Forward-Secure Logging

Bowers¹,

Hart

Juels

et al. 2014

Research in Attacks, Intrusions and Defenses

View full text Add to dashboard Cite

Security analytics is a catchall term for vulnerability assessment in large organizations capturing a new emerging approach to intrusion detection. It leverages a combination of automated and manual analysis of security logs and alerts which originate from a wide and varying array of sources and are often aggregated into a massive data repository. Such log and alert sources include firewalls, VPNs, and endpoint instrumentation, such as intrusion-detection systems, syslog or other alerting host facilities, that we generically call Security Analytics Sources (SASs).Security analytics are only as good as the data being analyzed. Yet nearly all security analytics systems today suffer from a lack of even basic data protections on data collection. By merely monitoring network traffic, an adversary can eavesdrop on SAS outputs to discover sensitive SAS instrumentation and security-alerting behaviors. Moreover, by using advance malware, an adversary can undetectably suppress or tamper with SAS messages to conceal attack evidence and disrupt intrusion detection.We introduce PillarBox, a tool for securely relaying SAS data in a security analytics system. PillarBox enforces integrity: It secures SAS data against tampering, even when such data is buffered on a compromised host within an adversarially controlled network. Additionally, PillarBox (optionally) offers stealth: It can conceal SAS data, alert-generation activity and potentially even alerting rules on a compromised host, thus hiding select SAS alerting actions from an adversary.We present an implementation of PillarBox and show experimentally that it can secure messages against attacker suppression, tampering or discovery even in the most challenging environments where SASs generate real-time security alerts related to a host compromise directly targeting to diminish their alerting power. We also show, based on data from a large enterprise and on-host performance measurements, that PillarBox has minimal overhead and is practical for real-world security analytics systems.

show abstract

Secure Audit Logs with Verifiable Excerpts

Hartung

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Practical Secure Logging: Seekable Sequential Key Generators

Cited by 9 publications

References 20 publications

Even More Practical Secure Logging: Tree-Based Seekable Sequential Key Generators

Even More Practical Secure Logging: Tree-Based Seekable Sequential Key Generators

PillarBox: Combating Next-Generation Malware with Fast Forward-Secure Logging

Secure Audit Logs with Verifiable Excerpts

Contact Info

Product

Resources

About