Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images:...
Transcript of Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images:...
![Page 1: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/1.jpg)
INSTITUTE OF THEORETICAL COMPUTER SCIENCE
Secure Audit Logswith Verifiable ExcerptsMarch, 2nd 2016Gunnar Hartung
KIT – University of the State of Baden-Wuerttemberg andNational Laboratory of the Helmholtz Association
www.kit.edu
![Page 2: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/2.jpg)
Outline
1 What is Secure Logging?
2 Secure Logging with Crypto
3 Excerpts
4 Security
(Seal Image Source: CC-0 by OpenIcons)
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 2/16
![Page 3: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/3.jpg)
Introduction
What is Secure Logging?
Securing Log Files against retroactive modifications
Why care?paramount for system debugging/maintenanceintrusion detectionforensics after an intrusionAttackers cover their traces by editing log files.required/recommended by
DoD Orange Book [Lat85]NIST Handbook on Computer Security [NIS95]Common Criteria [CC12]
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 3/16
![Page 4: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/4.jpg)
Introduction
What is Secure Logging?
Securing Log Files against retroactive modifications
Why care?paramount for system debugging/maintenanceintrusion detectionforensics after an intrusionAttackers cover their traces by editing log files.required/recommended by
DoD Orange Book [Lat85]NIST Handbook on Computer Security [NIS95]Common Criteria [CC12]
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 3/16
![Page 5: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/5.jpg)
Why Excerpts?
$
sues
Bank shows
logfiles
log files contains lots of confidential informationvery large, hard to analyze
Excerpts solve both problems!
Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 4/16
![Page 6: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/6.jpg)
Why Excerpts?
$
sues
Bank shows
logfiles
log files contains lots of confidential informationvery large, hard to analyze
Excerpts solve both problems!
Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 4/16
![Page 7: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/7.jpg)
Why Excerpts?
$
sues
Bank shows
logfiles
log files contains lots of confidential informationvery large, hard to analyze
Excerpts solve both problems!
Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 4/16
![Page 8: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/8.jpg)
Why Excerpts?
$
sues
Bank
showslog
files
log files contains lots of confidential informationvery large, hard to analyze
Excerpts solve both problems!
Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 4/16
![Page 9: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/9.jpg)
Why Excerpts?
$
sues
Bank shows
logfiles
log files contains lots of confidential informationvery large, hard to analyze
Excerpts solve both problems!
Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 4/16
![Page 10: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/10.jpg)
Why Excerpts?
$
sues
Bank shows
logfiles
log files contains lots of confidential information
very large, hard to analyzeExcerpts solve both problems!
Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 4/16
![Page 11: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/11.jpg)
Why Excerpts?
$
sues
Bank shows
logfiles
log files contains lots of confidential informationvery large, hard to analyze
Excerpts solve both problems!
Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 4/16
![Page 12: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/12.jpg)
Why Excerpts?
$
sues
Bank shows
logfiles
log files contains lots of confidential informationvery large, hard to analyze
Excerpts solve both problems!Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 4/16
![Page 13: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/13.jpg)
Standard Approaches
WORM Drives:
Standard drives withcustom firmware
Images: CC-BY-2.0 by Till Dettmering, Public Domain via Wikipedia, Ocrho
Crypto!
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 5/16
![Page 14: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/14.jpg)
Standard Approaches
WORM Drives:
Standard drives withcustom firmware
Images: CC-BY-2.0 by Till Dettmering, Public Domain via Wikipedia, Ocrho
Crypto!
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 5/16
![Page 15: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/15.jpg)
Model
Time
Setuppk
sk
1
Break In
Attacker controls inputto logging system
Old log entries shallremain verifiable
skBsk2 · · ·
Images: CC-0 by OpenClipArtVectors, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 6/16
![Page 16: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/16.jpg)
Model
TimeSetuppk
sk
1
Break In
Attacker controls inputto logging system
Old log entries shallremain verifiable
skBsk2 · · ·
Images: CC-0 by OpenClipArtVectors, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 6/16
![Page 17: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/17.jpg)
Model
TimeSetuppk
sk
1
Break In
Attacker controls inputto logging system
Old log entries shallremain verifiable
skBsk2 · · ·
Images: CC-0 by OpenClipArtVectors, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 6/16
![Page 18: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/18.jpg)
Model
TimeSetuppk
sk
1
Break In
Attacker controls inputto logging system
Old log entries shallremain verifiable
skBsk2 · · ·
Images: CC-0 by OpenClipArtVectors, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 6/16
![Page 19: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/19.jpg)
Model
TimeSetuppk
sk
1
Break In
Attacker controls inputto logging system
Old log entries shallremain verifiable
skBsk2 · · ·
Images: CC-0 by OpenClipArtVectors, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 6/16
![Page 20: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/20.jpg)
Model
TimeSetuppk
sk1
Break In
Attacker controls inputto logging system
Old log entries shallremain verifiable
skBsk2 · · ·
Images: CC-0 by OpenClipArtVectors, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 6/16
![Page 21: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/21.jpg)
Model
TimeSetuppk
sk1
Break In
Attacker controls inputto logging system
Old log entries shallremain verifiable
skB
sk2 · · ·
Images: CC-0 by OpenClipArtVectors, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 6/16
![Page 22: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/22.jpg)
Secure Logging with Crypto
m1
m2
m3
σ1
σ2
σ3
(sk1)
(sk1)
(sk1)
1
2
3
m34 σ4 (sk2)
[BY97], [SK98], [BY03], [Hol06]
don’t fully prevent truncation.
(Fully preventing truncation is surprisingly hard.Solutions: [MT08], [YP09], [YPR12])
Goal here: Prevent truncation to epoch before break-in.
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 7/16
![Page 23: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/23.jpg)
Secure Logging with Crypto
m1
m2
m3
σ1
σ2
σ3
(sk1)
(sk1)
(sk1)
1
2
3
m34 σ4 (sk2)
[BY97], [SK98], [BY03], [Hol06]
don’t fully prevent truncation.
(Fully preventing truncation is surprisingly hard.Solutions: [MT08], [YP09], [YPR12])
Goal here: Prevent truncation to epoch before break-in.
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 7/16
![Page 24: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/24.jpg)
Secure Logging with Crypto
m1
m2
m3
σ1
σ2
σ3
(sk1)
(sk1)
(sk1)
1
2
3
m34 σ4 (sk2)
[BY97], [SK98], [BY03], [Hol06]
don’t fully prevent truncation.
(Fully preventing truncation is surprisingly hard.Solutions: [MT08], [YP09], [YPR12])
Goal here: Prevent truncation to epoch before break-in.
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 7/16
![Page 25: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/25.jpg)
Secure Logging with Crypto
m1
m2
m3
σ1
σ2
σ3
(sk1)
(sk1)
(sk1)
1
2
3
m34 σ4 (sk2)
[BY97], [SK98], [BY03], [Hol06]
don’t fully prevent truncation.
(Fully preventing truncation is surprisingly hard.Solutions: [MT08], [YP09], [YPR12])
Goal here: Prevent truncation to epoch before break-in.
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 7/16
![Page 26: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/26.jpg)
Secure Logging with Crypto
m1
m2
m3
σ1
σ2
σ3
(sk1)
(sk1)
(sk1)
1
2
3
m34 σ4 (sk2)
[BY97], [SK98], [BY03], [Hol06]
don’t fully prevent truncation.
(Fully preventing truncation is surprisingly hard.Solutions: [MT08], [YP09], [YPR12])
Goal here: Prevent truncation to epoch before break-in.
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 7/16
![Page 27: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/27.jpg)
Secure Logging with Crypto
m1
m2
m3
σ1
σ2
σ3
(sk1)
(sk1)
(sk1)
1
2
3
m34 σ4 (sk2)
[BY97], [SK98], [BY03], [Hol06]don’t fully prevent truncation.
(Fully preventing truncation is surprisingly hard.Solutions: [MT08], [YP09], [YPR12])
Goal here: Prevent truncation to epoch before break-in.
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 7/16
![Page 28: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/28.jpg)
Secure Logging with Crypto
m1
m2
Switching to sk2
σ1
σ2
σ3
(sk1)
(sk1)
(sk1)
1
2
3
m34 σ4 (sk2)
[BY97], [SK98], [BY03], [Hol06]don’t fully prevent truncation.
(Fully preventing truncation is surprisingly hard.Solutions: [MT08], [YP09], [YPR12])
Goal here: Prevent truncation to epoch before break-in.
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 7/16
![Page 29: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/29.jpg)
Secure Logging with Crypto
m1
m2
Switching to sk2
σ1
σ2
σ3
(sk1)
(sk1)
(sk1)
1
2
3
m34 σ4 (sk2)
[BY97], [SK98], [BY03], [Hol06]don’t fully prevent truncation.
(Fully preventing truncation is surprisingly hard.Solutions: [MT08], [YP09], [YPR12])
Goal here: Prevent truncation to epoch before break-in.
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 7/16
![Page 30: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/30.jpg)
Secure Logging with Crypto
m1
m2
Switching to sk2
σ1
σ2
σ3
(sk1)
(sk1)
(sk1)
1
2
3
m34 σ4 (sk2)
[BY97], [SK98], [BY03], [Hol06]don’t fully prevent truncation.
(Fully preventing truncation is surprisingly hard.Solutions: [MT08], [YP09], [YPR12])
Goal here: Prevent truncation to epoch before break-in.
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 7/16
![Page 31: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/31.jpg)
Outline
1 What is Secure Logging?
2 Secure Logging with Crypto
3 Excerpts
4 Security
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 8/16
![Page 32: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/32.jpg)
New Feature: Excerpts
Excerpts should be:correct: all messages unchangedcomplete: all relevant log entries present in excerpt
Which log entries are “relevant”?
Defined by application:assign each log entry to ≥ 1 categories, identified byname νexcerpts for ≥ 1 entire categories“special” categories:
All: contains all log entriesEM: contains all epoch markers
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 9/16
![Page 33: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/33.jpg)
New Feature: Excerpts
Excerpts should be:correct: all messages unchangedcomplete: all relevant log entries present in excerpt
Which log entries are “relevant”?
Defined by application:assign each log entry to ≥ 1 categories, identified byname νexcerpts for ≥ 1 entire categories“special” categories:
All: contains all log entriesEM: contains all epoch markers
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 9/16
![Page 34: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/34.jpg)
New Feature: Excerpts
Excerpts should be:correct: all messages unchangedcomplete: all relevant log entries present in excerpt
Which log entries are “relevant”?
Defined by application:assign each log entry to ≥ 1 categories, identified byname νexcerpts for ≥ 1 entire categories“special” categories:
All: contains all log entriesEM: contains all epoch markers
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 9/16
![Page 35: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/35.jpg)
Logging with Excerpts
All: 0 A: 0 m1 σ1 (sk1)
All: 1 A: 1 B: 0 m2 σ2 (sk1)
All: 2 B: 1 m3 σ3 (sk1)
All: 3 EM: 0Switching to sk2. Counters:All: 3, A: 2, B: 2, EM: 0
σ4 (sk1)
ExcerptH( ), Category “A” σE (sk2)
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 10/16
![Page 36: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/36.jpg)
Logging with Excerpts
All: 0 A: 0 m1 σ1 (sk1)
All: 1 A: 1 B: 0 m2 σ2 (sk1)
All: 2 B: 1 m3 σ3 (sk1)
All: 3 EM: 0Switching to sk2. Counters:All: 3, A: 2, B: 2, EM: 0
σ4 (sk1)
ExcerptH( ), Category “A” σE (sk2)
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 10/16
![Page 37: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/37.jpg)
Logging with Excerpts
All: 0 A: 0 m1 σ1 (sk1)
All: 1 A: 1 B: 0 m2 σ2 (sk1)
All: 2 B: 1 m3 σ3 (sk1)
All: 3 EM: 0Switching to sk2. Counters:All: 3, A: 2, B: 2, EM: 0
σ4 (sk1)
ExcerptH( ), Category “A” σE (sk2)
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 10/16
![Page 38: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/38.jpg)
Logging with Excerpts
All: 0 A: 0 m1 σ1 (sk1)
All: 1 A: 1 B: 0 m2 σ2 (sk1)
All: 2 B: 1 m3 σ3 (sk1)
All: 3 EM: 0Switching to sk2. Counters:All: 3, A: 2, B: 2, EM: 0
σ4 (sk1)
ExcerptH( ), Category “A” σE (sk2)
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 10/16
![Page 39: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/39.jpg)
Logging with Excerpts
All: 0 A: 0 m1 σ1 (sk1)
All: 1 A: 1 B: 0 m2 σ2 (sk1)
All: 2 B: 1 m3 σ3 (sk1)
All: 3 EM: 0Switching to sk2. Counters:All: 3, A: 2, B: 2, EM: 0
σ4 (sk1)
ExcerptH( ), Category “A” σE (sk2)
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 10/16
![Page 40: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/40.jpg)
Logging with Excerpts
All: 0 A: 0 m1 σ1 (sk1)
All: 1 A: 1 B: 0 m2 σ2 (sk1)
All: 2 B: 1 m3 σ3 (sk1)
All: 3 EM: 0Switching to sk2. Counters:All: 3, A: 2, B: 2, EM: 0
σ4 (sk1)
Excerpt
H( ), Category “A” σE (sk2)
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 10/16
![Page 41: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/41.jpg)
Logging with Excerpts
All: 0 A: 0 m1 σ1 (sk1)
All: 1 A: 1 B: 0 m2 σ2 (sk1)
All: 2 B: 1 m3 σ3 (sk1)
All: 3 EM: 0Switching to sk2. Counters:All: 3, A: 2, B: 2, EM: 0
σ4 (sk1)
ExcerptH( ), Category “A”
σE (sk2)
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 10/16
![Page 42: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/42.jpg)
Logging with Excerpts
All: 0 A: 0 m1 σ1 (sk1)
All: 1 A: 1 B: 0 m2 σ2 (sk1)
All: 2 B: 1 m3 σ3 (sk1)
All: 3 EM: 0Switching to sk2. Counters:All: 3, A: 2, B: 2, EM: 0
σ4 (sk1)
ExcerptH( ), Category “A” σE (sk2)
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 10/16
![Page 43: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/43.jpg)
Outline
1 What is Secure Logging?
2 Secure Logging with Crypto
3 Excerpts
4 Security
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 11/16
![Page 44: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/44.jpg)
Security Experiment
Oracles
Append
Next Epoch
Excerpt
Break In
Shared State
Challenger
Images: CC-0 by sheikh tuhin, barretr, tiothy, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 12/16
![Page 45: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/45.jpg)
Security Experiment
Oracles
Append
Next Epoch
Excerpt
Break In
Shared State
Challenger
Images: CC-0 by sheikh tuhin, barretr, tiothy, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 12/16
![Page 46: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/46.jpg)
Security Experiment
Oracles
Append
Next Epoch
Excerpt
Break In
Shared State
Challenger
Images: CC-0 by sheikh tuhin, barretr, tiothy, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 12/16
![Page 47: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/47.jpg)
Security Experiment
Oracles
Append
Next Epoch
Excerpt
Break In
Shared State
Challenger
Images: CC-0 by sheikh tuhin, barretr, tiothy, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 12/16
![Page 48: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/48.jpg)
Security Experiment
Oracles
Append
Next Epoch
Excerpt
Break In
Shared State
Challenger
Images: CC-0 by sheikh tuhin, barretr, tiothy, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 12/16
![Page 49: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/49.jpg)
Security Experiment
Oracles
Append
Next Epoch
Excerpt
Break In
Shared State
Challenger
Images: CC-0 by sheikh tuhin, barretr, tiothy, CC-BY-SA-4.0 International by www.elbpresse.de
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 12/16
![Page 50: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/50.jpg)
Security Definition
Trivial Forgeries:excerpts requested from A’s oracleif A got ski : pure continuations of the log file state from themost recent epoch switch
Definition (Security, informal)A logging scheme is secure if no PPT adversary has anon-negligible chance of outputting a valid and non-trivialforgery in the above experiment.
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 13/16
![Page 51: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/51.jpg)
Proving Security
Theorem (Informal)If the above scheme is based on an EUF-CMA-securesignature scheme with forward-security, then it is secureaccording to the previous definition.
Proof Technique:show that attacker must forge ≥ 1 signature if changingany information before last recent epoch switchcopy that signature and output it as a forgery against thesignature scheme=⇒ tight
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 14/16
![Page 52: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/52.jpg)
Conclusion
Secure logging is important.Secure logging is hard. Mostly because of truncation.Excerpts can be useful.Excerpts can be verified securely.
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 15/16
![Page 53: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/53.jpg)
Thank you.Questions?
Contact: [email protected] ID: B1A7 C146Fingerprint: 4C39 AC36 6FAD 9E52 3144
8352 9E37 381F B1A7 C146S/MIME Cert: athttps://crypto.iti.kit.edu/?id=hartung&L=2
What is Secure Logging? Secure Logging with Crypto Excerpts Security
Gunnar Hartung – Secure Logging with Verifiable Excerpts 16/16
![Page 54: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/54.jpg)
Backup Slides
Quotes on Secure Logging Go
Forward-Secure Signatures Go
Logging Schemes Go
Security Proof Sketch Go
References Go
End Go
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 1/17
![Page 55: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/55.jpg)
Quotes on Secure Logging
“Audit data must be protected from modification andunauthorized destruction to permit detection and after-the-factinvestigations of security violations.”— [Lat85]
“It is particularly important to ensure the integrity of audit traildata against modification. [...] The audit trail files needs to beprotected since, for example, intruders may try to ‘cover theirtracks’ by modifying audit trail records. ”— [NIS95, Section 18.3.1]
“[A product] shall protect the stored audit records in the audittrail from unauthorised deletion.[A product] shall be able to prevent/detect unauthorisedmodifications to the stored audit records in the audit trail.”— [CC12, Section 8.6].
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 2/17
![Page 56: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/56.jpg)
Syntax of Forward-Secure Signatures
KeyGen(T ): Create a key pair (sk0,pk), where sk0 is the initialsecret key. (pk is constant for all epochs.) T is anupper bound on the number of epochs.
Update(ski): Compute ski+1 from ski . (If i < T − 1. ski isexpected to be erased securely.)
Sign(ski ,m): Create a signature σ for m with key ski .Verify(pk , i ,m, σ): Check if m was signed in epoch i .
1κ is implicit.
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 3/17
![Page 57: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/57.jpg)
Security Experiment
for a scheme ΣFS, an attacker A, and T ∈ poly(κ)
Setup obtain (sk0,pk)← KeyGen(T ), give pk ,T to A.Queries A interacts with the challenger:
may request signature σ for arbitrarymessages mmay force the challenger to update the secretkeymay obtain one secret key ski
afterwards: no more queries allowed
Forgery A outputs a message m∗, signature σ∗ and epochnumber i∗.
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 4/17
![Page 58: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/58.jpg)
Security Definition
Definition (Trivial Forgeries)A forgery is trivial iff:
A requested a signature for m∗ during epoch i∗ orA obtained the secret key for an epoch i ≤ i∗
Definition (Winning)A wins an instance of the experiment if it outputs a valid andnon-trivial forgery.
Definition (Security)ΣFS is secure if no PPT attacker A has non-negligible (in κ)chance to win.
Back
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 5/17
![Page 59: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/59.jpg)
Logging Schemes with Excerpts
KeyGen(T ): creates key pair sk0,pk .Update(ski ,M, σ): compute ski+1 from ski . (If i < T − 1. ski is
expected to be erased securely.) M is the currentoverall logfile, and σ is the correspondingsignature for it.
AppendAndSign(ski , (m,N),M, σ): Creates a signature for themessage m, which is inserted into thecategories N.
Extract(ski ,M, σ,N): Creates a signature for the excerpt forcategories N of M.
Verify(pk ,N,E , σ): Checks an excerpt E for completeness andcorrectness.
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 6/17
![Page 60: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/60.jpg)
New Feature: Excerpts
Definition (Category)Let M (the log file) be a sequence of log entries (mi ,Ni). Thecategory named ν is the subsequence C(ν,M) of M thatcontains all entries with ν ∈ Ni .
Definition (Excerpt)Let M (the log file) be a sequence of log entries. An excerpt forcategories N = {ν1, . . . , νn} is the subsequence
E =⋃ν∈N
C(ν,M) ,
where C(ν,M) is the category named ν.(For a proper adaptation of ∪ to sequences.)
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 7/17
![Page 61: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/61.jpg)
Proving Security
Theorem (Informal)If the above scheme is based on an EUF-CMA-securesignature scheme with forward-security, then it is secureaccording to the previous definition.
Proof Technique:show that attacker must forge ≥ 1 signature if changingany information before last recent epoch switchcopy that signature and output it as a forgery against thesignature scheme=⇒ tight
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 9/17
![Page 62: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/62.jpg)
Proof (Sketch)
Reduction:assume successful attacker A against logging schemeconstruct attacker B against ΣFS
show that B has non-negligible success probability
Emulation of the Experiment:B must emulate the logging security experiment for A.B plays the forward-secure unforgeability game againstΣFS.
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 10/17
![Page 63: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/63.jpg)
Reduction
A’s information: emulated by B through:input: pk ,T input: pk ,T
signature (logging) oracle signature oracleepoch switching epoch switchingbreaking in breaking inexcerpt oracle signatures for individual log en-
tries + signature oracle
Left to Show:Any valid and non-trivial excerpt forgery contains a valid andnon-trivial signature forgery.
Image: CC-BY-SA-3.0 Unported by Steschke, via Wikipedia
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 11/17
![Page 64: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/64.jpg)
Reduction
A’s information: emulated by B through:input: pk ,T input: pk ,Tsignature (logging) oracle signature oracle
epoch switching epoch switchingbreaking in breaking inexcerpt oracle signatures for individual log en-
tries + signature oracle
Left to Show:Any valid and non-trivial excerpt forgery contains a valid andnon-trivial signature forgery.
Image: CC-BY-SA-3.0 Unported by Steschke, via Wikipedia
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 11/17
![Page 65: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/65.jpg)
Reduction
A’s information: emulated by B through:input: pk ,T input: pk ,Tsignature (logging) oracle signature oracleepoch switching epoch switching
breaking in breaking inexcerpt oracle signatures for individual log en-
tries + signature oracle
Left to Show:Any valid and non-trivial excerpt forgery contains a valid andnon-trivial signature forgery.
Image: CC-BY-SA-3.0 Unported by Steschke, via Wikipedia
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 11/17
![Page 66: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/66.jpg)
Reduction
A’s information: emulated by B through:input: pk ,T input: pk ,Tsignature (logging) oracle signature oracleepoch switching epoch switchingbreaking in breaking in
excerpt oracle signatures for individual log en-tries + signature oracle
Left to Show:Any valid and non-trivial excerpt forgery contains a valid andnon-trivial signature forgery.
Image: CC-BY-SA-3.0 Unported by Steschke, via Wikipedia
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 11/17
![Page 67: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/67.jpg)
Reduction
A’s information: emulated by B through:input: pk ,T input: pk ,Tsignature (logging) oracle signature oracleepoch switching epoch switchingbreaking in breaking inexcerpt oracle signatures for individual log en-
tries + signature oracle
Left to Show:Any valid and non-trivial excerpt forgery contains a valid andnon-trivial signature forgery.
Image: CC-BY-SA-3.0 Unported by Steschke, via Wikipedia
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 11/17
![Page 68: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/68.jpg)
Reduction
A’s information: emulated by B through:input: pk ,T input: pk ,Tsignature (logging) oracle signature oracleepoch switching epoch switchingbreaking in breaking inexcerpt oracle signatures for individual log en-
tries + signature oracle
Left to Show:Any valid and non-trivial excerpt forgery contains a valid andnon-trivial signature forgery.
Image: CC-BY-SA-3.0 Unported by Steschke, via Wikipedia
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 11/17
![Page 69: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/69.jpg)
Forgeries
Case 1: i∗ < iBreakIn epoch markers in excerpt E:signature on (N,E) valid for epoch i∗ < iBreakIn.A never queried for a signature for E=⇒ B never queried for (N,E)(assuming proper encoding)=⇒ valid and non-trivial forgery on (N,E)
Case 2: ≥ iBreakIn epoch markers in excerpt E:⇒ changed the excerpt wrt. a previous epoch i∗ < iBreakIn
restrict the discussion to epochs before break-in
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 12/17
![Page 70: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/70.jpg)
Forgeries
Assume for contradiction:All messages (including counters!) in forged excerpt werequeried at signature oracle before.
Ensured by Verification:no messages from other categoriesno duplicatesmessage order
=⇒ forged excerpt is subsequence of “real” excerpt.non-trivial =⇒ strict subsequence (()
Verification checks for completeness =⇒ excerpt invalid=⇒ contradiction =⇒ A forged a signature
Back
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 13/17
![Page 71: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/71.jpg)
References I
Mihir Bellare and Bennet S. Yee, Forward integrity forsecure audit logs, Tech. report, University of California atSan Diego, 1997.
Mihir Bellare and Bennet Yee, Forward-security inprivate-key cryptography, Topics in Cryptology — CT-RSA2003 (Marc Joye, ed.), Lecture Notes in Computer Science,vol. 2612, Springer Berlin Heidelberg, 2003, pp. 1–18(English).
Common Criteria for Information Technology SecurityEvaluation, version 3.1 r4, part 2, September 2012,https://www.commoncriteriaportal.org/cc/.
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 14/17
![Page 72: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/72.jpg)
References II
Jason E. Holt, Logcrypt: Forward security and publicverification for secure audit logs, Proceedings of the 2006Australasian Workshops on Grid Computing ande-Research – Volume 54 (Darlinghurst, Australia,Australia), ACSW Frontiers ’06, Australian ComputerSociety, Inc., 2006, pp. 203–211.
Donald C. Latham (ed.), Department of defense trustedcomputer system evaluation criteria, US Department ofDefense, December 1985, http://csrc.nist.gov/publications/history/dod85.pdf.
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 15/17
![Page 73: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/73.jpg)
References III
Di Ma and Gene Tsudik, A new approach to securelogging, Data and Applications Security XXII (Vijay Atluri,ed.), Lecture Notes in Computer Science, vol. 5094,Springer Berlin Heidelberg, 2008, pp. 48–63 (English).
An Introduction to Computer Security: The NIST handbook,October 1995, NIST Special Publication 800-12.
Bruce Schneier and John Kelsey, Cryptographic support forsecure logs on untrusted machines, The Seventh USENIXSecurity Symposium Proceedings, 1998.
Attila A. Yavuz and Ning Peng, BAF: An efficient publiclyverifiable secure audit logging scheme for distributedsystems, Computer Security Applications Conference,2009. ACSAC ’09. Annual, Dec 2009, pp. 219–228.
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 16/17
![Page 74: Secure Audit Logs with Verifiable Excerpts › fileadmin › User › Hartung › ... · Images: CC-0 by dagobert83, ClkerFreeVectorImages, mireyaqh, sheikh tuhin What is Secure](https://reader030.fdocuments.in/reader030/viewer/2022041116/5f296597abf4bc3dbb17bf27/html5/thumbnails/74.jpg)
References IV
Attila A. Yavuz, Ning Peng, and Michael K. Reiter, Efficient,compromise resilient and append-only cryptographicschemes for secure audit logging, Financial Cryptographyand Data Security (Angelos D. Keromytis, ed.), LectureNotes in Computer Science, vol. 7397, Springer BerlinHeidelberg, 2012, pp. 148–163 (English).
Quotes on Secure Logging Forward-Secure Signatures Logging Schemes Security Proof Sketch References
Gunnar Hartung – Secure Logging with Verifiable Excerpts 17/17