Bruce Schneier
Abstract
In many real-world applications, sensitive information must be kept it log files on an untrusted machine. In the event that an attacker captures this machine, we would like to guarantee that he will gain little or no information from the log files and to limit his ability to corrupt the log files. We describe a computationally cheap method for making all log entries generated prior to the logging machine's compromise impossible for the attacker to read, and also impossible to modify or destroy undetectably.
- ANDERSON, R. AND NEEDHAM, R. 1995. Robustness principles for public key protocols. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '95). Springer-Verlag, New York, NY, 236-247.]] Google Scholar
- ANDERSON, R. AND KUHN, M. 1996. Tamper resistance: A cautionary note. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce (Nov.). USENIX Assoc., Berkeley, CA, 1-11.]] Google Scholar
- BELLARE, M., CANETTI, R., AND KRAWCYZK, H. 1996. Keying hash functions for message authentication. In Advances in Cryptology (CRYPTO '96, Santa Barbara, Calif.), N. Koblitz, Ed. Springer-Verlag, New York, 1-15.]] Google Scholar
- DIFFIE, W., VAN OORSCHOT, P. C., AND WIENER, M.J. 1992. Authentication and authenticated key exchanges. Des. Codes Cryptography 2, 2 (June 1992), 107-125.]] Google Scholar
- DOBBERTIN, H., BOSSELAERS, A., AND PRENEEL, B. 1996. RIPEMD-160: A strengthened version of RIPEMD. In Proceedings of the 3rd International Workshop on Fast Software Encryption. Springer-Verlag, New York, NY, 71-82.]] Google Scholar
- ELGAMAL, T. 1985. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theor. IT-31, 4, 469-472.]]Google Scholar
- HABER, S. AND STORNETTA, W. S. 1991. How to time stamp a digital document. In Advances in Cryptology (CRYPTO '90). Springer-Verlag, New York, NY, 437-455.]] Google Scholar
- KELSEY, J. AND SCHNEIER, B. 1996. Authenticating outputs of computer software using a cryptographic coprocessor. In Proceedings of the 1996 CARDIS (Sept.). 11-24.]]Google Scholar
- KELSEY, J., SCHNEIER, B., AND HALL, C. 1996. An authenticated camera. In Proceedings of the 12th Annual Conference on Computer Security Applications. IEEE Computer Society Press, Los Alamitos, CA, 24-30.]] Google Scholar
- KELSEY, J., SCHNEIER, B., AND WAGNER, D. 1998. Protocol interactions and the chosen protocol attack. In Proceedings of the 1997 Workshop on Protocols. Springer-Verlag, New York, NY, 91-104.]] Google Scholar
- LAI, X., MASSEY, J., AND MURPHY, S. 1991. Markov ciphers and differential crytanalysis. In Advances in Cryptology (CRYPTO '91). Springer-Verlag, New York, NY, 17-38.]]Google Scholar
- MCCORMAC, J. 1996. European Scrambling Systems. Waterford University Press.]]Google Scholar
- MENEZES, A. J., VAN OORSCHOT, P. C., AND VANSTONE, S.A. 1997. Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton, FL.]] Google Scholar
- NBS, 1977. NBS FIPS PUB 46, Data Encryption Standard. U.S. Department of Commerce.]]Google Scholar
- NIST, 1993. NIST FIPS PUB 180, Secure Hash Standard. U.S. Department of Commerce.]]Google Scholar
- NIST, 1994. NIST FIPS PUB 186, Digital Signature Standard. U.S. Department of Commerce.]]Google Scholar
- REITER, M. 1996. Distributing trust with the Rampart toolkit. Commun. ACM 39, 4, 71-74.]] Google Scholar
- RIORDAN, g. AND SCHNEIER, B. 1998. Environmental key generation towards clueless agents. In Mobile Agents and Security, G. Vigna, Ed. Springer-Verlag, New York, NY, 15-24.]] Google Scholar
- RIVEST, R., SHAMIR, A., AND ADELMAN, L. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (Feb.), 120-126.]] Google Scholar
- SCHNEIER, B. 1994. Description of a new variable-length key, 64-bit block cipher (blowfish): Fast software encryption. In Proceedings of the Cambridge Security Workshop. Springer-Verlag, New York, NY, 191-204.]] Google Scholar
- SCHNEIER, B. 1995. Applied cryptography (2nd ed.): protocols, algorithms, and source code in C. 2ND John Wiley & Sons, Inc., New York, NY.]] Google Scholar
- SCHNEIER, B. AND KELSEY, J. 1997. Automatic event-stream notarization using digital signatures. In Proceedings of the International Workshop on Security Protocols (Cambridge, U.K., Apr.). Springer-Verlag, New York, NY, 155-169.]] Google Scholar
- SCHNEIER, B. AND KELSEY, J. 1997. Remote auditing of software outputs using a trusted coprocessor. Future Gener. Comput. Syst. 13, 1, 9-18.]] Google Scholar
- SCHNEIER, B. AND KELSEY, J. 1998. Cryptographic support for secure logs on untrusted machines. In Proceedings of the 7th on USENIX Security Symposium (Jan.). USENIX Assoc., Berkeley, CA, 53-62.]] Google Scholar
- SCHNEIER, B. AND KELSEY, J. 1999. Tamperproof audit logs as a forensics tool for intrusion detection systems. Comput. Networks ISDN Syst. 31.]]Google Scholar
- STINSON, D. R. 1995. Cryptography: Theory and Practice. 1st CRC Press, Inc., Boca Raton, FL.]] Google Scholar
- STOLL, C. 1989. The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage. Doubleday, New York, NY.]] Google Scholar
- WILDING, E. 1997. Computer forensics: Trends and concerns. Inf. Sec. Bull. 2, 6 (Dec.), 15-18.]]Google Scholar
Index Terms
- Secure audit logs to support computer forensics
Recommendations
On the Forensic Validity of Approximated Audit Logs
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferenceAuditing is an increasingly essential tool for the defense of computing systems, but the unwieldy nature of log data imposes significant burdens on administrators and analysts. To address this issue, a variety of techniques have been proposed for ...
Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications SecurityProvenance-based causal analysis of audit logs has proven to be an invaluable method of investigating system intrusions. However, it also suffers from dependency explosion, whereby long-running processes accumulate many dependencies that are hard to ...
Malicious Behavior Detection using Windows Audit Logs
AISec '15: Proceedings of the 8th ACM Workshop on Artificial Intelligence and SecurityAs antivirus and network intrusion detection systems have increasingly proven insufficient to detect advanced threats, large security operations centers have moved to deploy endpoint-based sensors that provide deeper visibility into low-level events ...
Reviews
Jonathan K. Millen
The scheme in this paper protects the integrity of an audit log against attempts by a dishonest user or intruder to read it or to delete or change it undetectably. The basic idea is to encrypt each entry with a different key chained to the previous one by a one-way hash. An attacker may find the last key, but will not be able to reconstruct earlier ones. A separate trusted system is needed to record the starting key and the logfile opening and closing events, and a partially trusted verifier can check periodically for evidence of tampering. The advantages over periodically writing out the new entries to a safe location are that log storage is local, and the verifier can be given selective access to log entries. The scheme is complicated, with timestamps and several layered encryption and signature fields, and it takes secure communication with the trusted system as a given. The log entries have only a type field and two hashes in addition to the encrypted data; the complication is in the establishment and verification protocols and in the construction of the hashed fields. The authors explain most of the details in a way that bolsters confidence that they have thought of everything, if anyone can. Some extensions are suggested to handle abnormal shutdowns and distribution of trust.
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments