DocumentCode :
3097031
Title :
BAF: An Efficient Publicly Verifiable Secure Audit Logging Scheme for Distributed Systems
Author :
Yavuz, Attila A. ; Nin, Peng
Author_Institution :
Dept. of Comput. Sci., North Carolina State Univ., Raleigh, NC, USA
fYear :
2009
fDate :
7-11 Dec. 2009
Firstpage :
219
Lastpage :
228
Abstract :
Audit logs, providing information about the current and past states of systems, are one of the most important parts of modern computer systems. Providing security for audit logs on an untrusted machine in a large distributed system is a challenging task, especially in the presence of active adversaries. In such a system, it is critical to have forward security such that when an adversary compromises a machine, she cannot modify or forge the log entries accumulated before the compromise. Unfortunately, existing secure audit logging schemes have significant limitations that make them impractical for real-life applications: existing public key cryptography (PKC) based schemes are computationally expensive for logging in task intensive or resource-constrained systems, while existing symmetric schemes are not publicly verifiable and incur significant storage and communication overheads. In this paper, we propose a novel forward secure and aggregate logging scheme called blind-aggregate-forward (BAF) logging scheme, which is suitable for large distributed systems. BAF can produce publicly verifiable forward secure and aggregate signatures with near-zero computational, storage, and communication costs for the loggers, without requiring any online trusted third party (TTP) support. We prove that BAF is secure under appropriate computational assumptions, and demonstrate that BAF is significantly more efficient and scalable than the previous schemes. Therefore, BAF is an ideal solution for secure logging in both task intensive and resource-constrained systems.
Keywords :
cryptography; distributed processing; blind-aggregate-forward logging scheme; distributed system; public key cryptography; secure audit logging scheme; Aggregates; Application software; Computer security; Data security; Digital forensics; Distributed computing; Hardware; Information security; Public key cryptography; Secure storage; Applied cryptography; digital forensics; forward security; secure audit logging; signature aggregation;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Applications Conference, 2009. ACSAC '09. Annual
Conference_Location :
Honolulu, HI
ISSN :
1063-9527
Print_ISBN :
978-0-7695-3919-5
Type :
conf
DOI :
10.1109/ACSAC.2009.28
Filename :
5380510
Link To Document :
بازگشت