Secure audit logs to support computer forensics
ACM Transactions on Information and System Security (TISSEC)
Key-Insulated Public Key Cryptosystems
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Strong Key-Insulated Signature Schemes
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Logcrypt: forward security and public verification for secure audit logs
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Extended Abstract: Forward-Secure Sequential Aggregate Authentication
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Cryptographic support for secure logs on untrusted machines
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Security and Privacy for Implantable Medical Devices
IEEE Pervasive Computing
Practical forward secure sequential aggregate signatures
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Forward-security in private-key cryptography
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
ACM Transactions on Information and System Security (TISSEC)
Distributed privacy-preserving transparency logging
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Hi-index | 0.00 |
The need for secure logging is well-understood by the security researchers and practitioners. The ability to efficiently verify all (or some) log entries is important to any application employing secure logging techniques. In this paper, we begin by examining the state-of-the-art in secure logging and identify some problems inherent to systems based on trusted third-party servers. We then propose a different approach based upon recently developed Forward-Secure Sequential Aggregate (FssAgg) authentication techniques. Our approach offers both space-efficiency and provable security. We illustrate two concrete schemes --- one private-verifiable and one public-verifiable --- that offer practical secure logging without any reliance on on-line trusted third parties or secure hardware. We evaluate proposed schemes and report on our experience with implementing them within a secure logging system.