BAF and FI-BAF: Efficient and Publicly Verifiable Cryptographic Schemes for Secure Logging in Resource-Constrained Systems

A. Yavuz, P. Ning, M. Reiter
{"title":"BAF and FI-BAF: Efficient and Publicly Verifiable Cryptographic Schemes for Secure Logging in Resource-Constrained Systems","authors":"A. Yavuz, P. Ning, M. Reiter","doi":"10.1145/2240276.2240280","DOIUrl":null,"url":null,"abstract":"Audit logs are an integral part of modern computer systems due to their forensic value. Protecting audit logs on a physically unprotected machine in hostile environments is a challenging task, especially in the presence of active adversaries. It is critical for such a system to have forward security and append-only properties such that when an adversary compromises a logging machine, she cannot forge or selectively delete the log entries accumulated before the compromise. Existing public-key-based secure logging schemes are computationally costly. Existing symmetric secure logging schemes are not publicly verifiable and open to certain attacks.\n In this article, we develop a new forward-secure and aggregate signature scheme called Blind-Aggregate-Forward (BAF), which is suitable for secure logging in resource-constrained systems. BAF is the only cryptographic secure logging scheme that can produce publicly verifiable, forward-secure and aggregate signatures with low computation, key/signature storage, and signature communication overheads for the loggers, without requiring any online trusted third party support. A simple variant of BAF also allows a fine-grained verification of log entries without compromising the security or computational efficiency of BAF. We prove that our schemes are secure in Random Oracle Model (ROM). We also show that they are significantly more efficient than all the previous publicly verifiable cryptographic secure logging schemes.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"78 1","pages":"9:1-9:28"},"PeriodicalIF":0.0000,"publicationDate":"2012-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"38","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2240276.2240280","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 38

Abstract

Audit logs are an integral part of modern computer systems due to their forensic value. Protecting audit logs on a physically unprotected machine in hostile environments is a challenging task, especially in the presence of active adversaries. It is critical for such a system to have forward security and append-only properties such that when an adversary compromises a logging machine, she cannot forge or selectively delete the log entries accumulated before the compromise. Existing public-key-based secure logging schemes are computationally costly. Existing symmetric secure logging schemes are not publicly verifiable and open to certain attacks. In this article, we develop a new forward-secure and aggregate signature scheme called Blind-Aggregate-Forward (BAF), which is suitable for secure logging in resource-constrained systems. BAF is the only cryptographic secure logging scheme that can produce publicly verifiable, forward-secure and aggregate signatures with low computation, key/signature storage, and signature communication overheads for the loggers, without requiring any online trusted third party support. A simple variant of BAF also allows a fine-grained verification of log entries without compromising the security or computational efficiency of BAF. We prove that our schemes are secure in Random Oracle Model (ROM). We also show that they are significantly more efficient than all the previous publicly verifiable cryptographic secure logging schemes.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
BAF和FI-BAF:资源受限系统中安全登录的有效和可公开验证的加密方案
审计日志是现代计算机系统不可或缺的一部分,因为它们具有鉴证价值。在恶意环境中保护物理上未受保护的机器上的审计日志是一项具有挑战性的任务,特别是在存在活跃的攻击者的情况下。对于这样一个系统来说,具有前向安全性和仅附加属性是至关重要的,这样当攻击者入侵一台日志机时,他就不能伪造或选择性地删除入侵前积累的日志条目。现有的基于公钥的安全日志记录方案在计算上是昂贵的。现有的对称安全日志记录方案不能公开验证,并且容易受到某些攻击。在本文中,我们开发了一种新的前向安全和聚合签名方案,称为盲聚合前向(BAF),它适用于资源受限系统中的安全日志记录。BAF是唯一的加密安全日志记录方案,它可以生成公开可验证的、前向安全的聚合签名,并且具有较低的计算、密钥/签名存储和签名通信开销,不需要任何在线可信第三方支持。BAF的一个简单变体还允许对日志条目进行细粒度验证,而不会影响BAF的安全性或计算效率。我们证明了我们的方案在随机Oracle模型(ROM)下是安全的。我们还表明,它们比以前所有可公开验证的加密安全日志记录方案都要高效得多。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
ACM Transactions on Information and System Security
ACM Transactions on Information and System Security 工程技术-计算机:信息系统
CiteScore
4.50
自引率
0.00%
发文量
0
审稿时长
3.3 months
期刊介绍: ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.
期刊最新文献
An Efficient User Verification System Using Angle-Based Mouse Movement Biometrics A New Framework for Privacy-Preserving Aggregation of Time-Series Data Behavioral Study of Users When Interacting with Active Honeytokens Model Checking Distributed Mandatory Access Control Policies Randomization-Based Intrusion Detection System for Advanced Metering Infrastructure*
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1