A Resilient Architecture for Forensic Storage of Events in Critical Infrastructures

Author

Afzaal, Muhammad ; Sarno, Cesario Di ; Coppolino, Luigi ; D´Antonio, Salvatore ; Romano, Luigi

Author_Institution

Dept. of Technol., Univ. of Naples “Parthenope”, Naples, Italy

fYear

2012

fDate

25-27 Oct. 2012

Firstpage

48

Lastpage

55

Abstract

In Critical Infrastructures, forensic analysis of stored events is an essential task when a security breach occurs. The goal of forensic analysis is to provide evidence to be used as valid proofs in a legal proceeding. So, it is very important to ensure the integrity of the events stored in order to perform a correct forensic analysis. Today, most of the SIEMs used to protect the Critical Infrastructures sign the security events with RSA classic algorithm in order to ensure their integrity. The signed security events cannot be admissible as evidence if the secret key is compromised, or when the module responsible for signing operations is down for any reason. In this paper a new architecture that overcomes these limitations has been proposed. Experimental tests show the performance of our architecture and the high resilience in faulty situations, i.e. some nodes are under attack.

Keywords

critical infrastructures; cryptography; RSA classic algorithm; SIEM; critical infrastructures; forensic analysis; forensic storage; resilient architecture; secret key; security breach; signed security events; valid proofs; Correlation; Cryptography; Digital signatures; Forensics; Message systems; Reliability; Critical Infrastructure Protection; Fault- and Intrusion-Tolerant Architecture; Forensic Storage; Threshold Cryptography;

fLanguage

English

Publisher

ieee

Conference_Titel

High-Assurance Systems Engineering (HASE), 2012 IEEE 14th International Symposium on

Conference_Location

Omaha, NE

ISSN

1530-2059

Print_ISBN

978-1-4673-4742-6

Type

conf

DOI

10.1109/HASE.2012.9

Filename

6375636