Index
Subject
: LUG: Meeting: 2/14 Efficient, Compromise Resilient and Append-only
Cryptographic Schemes for Secure Audit Logging
From
: Carson Holgate <clholgat@ncsu.[redacted]>
Date
: Mon, 13 Feb 2012 15:28:15 -0500
Hello LUG,
We will have a presentation from one of our own, Barry Peddycord (IsharaComix), tomorrow the 14th of February in Mann 301 at 7pm.
Here is some more information about the talk from Barry:
Efficient, Compromise Resilient and Append-only Cryptographic Schemes
for Secure Audit Logging
Authors:
Attila A. Yavuz and Peng Ning (NC State University)
Michael K. Reiter (UNC Chapel Hill)
ABSTRACTED ABSTRACT:
This paper discusses a new cryptographic method for securing audit logs
on machines. Audit logs don't necessarily need to be encrypted
(confidentiality), but they do need to be tamper proof (integrity), and
this system allows audit logs to be verified using Public-Key methods
while minimizing the number of expensive operations that need to be
used. Also, this paper provides a reductive proof using the Random
Oracle Model (ROM) to theoretically prove the approach is
cryptographically sound, which hasn't been done in prior work.
ABOUT ME:
I'm a first-year Ph.D. student working as an RA for the NCSU Computer
Science department's Cyber Defense Lab under Dr. Peng Ning. My research
area is in computer and network security.
I'm giving this presentation to practice for my talk when I present this
paper at FC'12. Since this is my first big conference, I'd rather make a
fool of myself in front of the LUG instead of the conference. The
objective is to give the audience a high-level look at the contributions
and approach, and not to go through detailed examples (that's what the
paper is for).
The talk is supposed to go for about 25 minutes, but I encourage
everyone to challenge me with questions to catch me off guard so that
I'm forced to leave knowing the material pretty well.
ACTUAL ABSTRACT:
Due to the forensic value of audit logs, it is vital to provide compro-
mise resiliency and append-only properties in a logging system to prevent ac-
tive attackers. Unfortunately, existing symmetric secure logging schemes are not
publicly verifiable and cannot address applications that require public auditing
(e.g., public financial auditing), besides being vulnerable to certain attacks and
dependent on continuous trusted server support. Moreover, Public Key Cryptog-
raphy (PKC)-based secure logging schemes require Expensive Operations (Ex-
pOps) that are costly for both loggers and verifiers, and thus are impractical for
computation-intensive environments.
In this paper, we propose a new class of secure audit logging scheme called
Log Forward-secure and Append-only Signature (LogFAS). LogFAS achieves
the most desirable properties of both symmetric and PKC-based schemes. Log-
FAS can produce publicly verifiable forward-secure and append-only signatures
without requiring any online trusted server support or time factor. Most notably,
LogFAS is the only PKC-based secure audit logging scheme that achieves the
high verifier computational and storage efficiency. That is, LogFAS can verify
L log entries with always a small-constant number of ExpOps regardless of the
value of L. Moreover, each verifier stores only a small and constant-size pub-
lic key regardless of the number of log entries to be verified or the number of
loggers in the system. In addition, a LogFAS variation allows fine-grained ver-
ification of any subset of log entries and fast detection of corrupted log entries.
All these properties make LogFAS an ideal scheme for secure audit logging in
computation-intensive applications.
See you there,
Carson Holgate
NCSU LUG VP
Actually just a markov chain