Dynamic audit services for integrity verification of outsourced storages in clouds
Proceedings of the 2011 ACM Symposium on Applied Computing
Efficient audit service outsourcing for data integrity in clouds
Journal of Systems and Software
ACM Transactions on Information and System Security (TISSEC)
Authenticating operation-based history in collaborative systems
Proceedings of the 17th ACM international conference on Supporting group work
SecLaaS: secure logging-as-a-service for cloud forensics
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Distributed privacy-preserving transparency logging
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Hi-index | 0.00 |
Audit logs, providing information about the current and past states of systems, are one of the most important parts of modern computer systems. Providing security for audit logs on an untrusted machine in a large distributed system is a challenging task, especially in the presence of active adversaries. In such a system, it is critical to have forward security such that when an adversary compromises a machine, she cannot modify or forge the log entries accumulated before the compromise. Unfortunately, existing secure audit logging schemes have significant limitations that make them impractical for real-life applications: Existing Public Key Cryptography (PKC) based schemes are computationally expensive for logging in task intensive or resource-constrained systems, while existing symmetric schemes are not publicly verifiable and incur significant storage and communication overheads. In this paper, we propose a novel forward secure and aggregate logging scheme called Blind-Aggregate-Forward (BAF) logging scheme, which is suitable for large distributed systems. BAF can produce publicly verifiable forward secure and aggregate signatures with near-zero computational, storage, and communication costs for the loggers, without requiring any online Trusted Third Party (TTP) support. We prove that BAF is secure under appropriate computational assumptions, and demonstrate that BAF is significantly more efficient and scalable than the previous schemes. Therefore, BAF is an ideal solution for secure logging in both task intensive and resource-constrained systems.