Paper 2019/506

Forward Security with Crash Recovery for Secure Logs

Erik-Oliver Blass, Airbus
Guevara Noubir, Northeastern University
Abstract

Logging is a key mechanism in the security of computer systems. Beyond supporting important forward security properties, it is critical that logging withstands both failures and intentional tampering to prevent subtle attacks leaving the system in an inconsistent state with inconclusive evidence. We propose new techniques combining forward security with crash recovery for secure log data storage. As the support of specifically forward integrity and the online nature of logging prevent the use of conventional coding, we propose and analyze a coding scheme resolving these unique design constraints. Specifically, our coding enables forward integrity, online encoding, and most importantly a constant number of operations per encoding. It adds a new log item by XORing it to $k$ cells of a table. If up to a certain threshold of cells is modified by the adversary, or lost due to a crash, we still guarantee recovery of all stored log items. The main advantage of the coding scheme is its efficiency and compatibility with forward integrity. The key contribution of the paper is the use of spectral graph theory techniques to prove that $k$ is constant in the number $n$ of all log items ever stored and small in practice, e.g., $k=5$. Moreover, we prove that to cope with up to $\sqrt{n}$ modified or lost log items, storage expansion is constant in $n$ and small in practice. For $k=5$, the size of the table is only $12\%$ more than the simple concatenation of all $n$ items. We propose and evaluate original techniques to scale the computation cost of recovery to several GBytes of security logs. We instantiate our scheme into an abstract data structure which allows to either detect adversarial modifications to log items or treat modifications like data loss in a system crash. The data structure can recover lost log items, thereby effectively reverting adversarial modifications.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Contact author(s)
erik-oliver blass @ airbus com
g noubir @ northeastern edu
History
2024-01-17: last of 4 revisions
2019-05-20: received
See all versions
Short URL
https://ia.cr/2019/506
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/506,
      author = {Erik-Oliver Blass and Guevara Noubir},
      title = {Forward Security with Crash Recovery for Secure Logs},
      howpublished = {Cryptology ePrint Archive, Paper 2019/506},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/506}},
      url = {https://eprint.iacr.org/2019/506}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.