[Resource Topic] 2017/107: Secure Logging with Crash Tolerance

Welcome to the resource topic for 2017/107

Secure Logging with Crash Tolerance

Authors: Erik-Oliver Blass, Guevara Noubir


Forward-secure logging protects old log entries in a log file against an adversary compromising the log device. However, we show that previous work on forward-secure logging is prone to crash-attacks where the adversary removes log entries and then crashes the log device. As the state of the log after a crash-attack is indistinguishable from the state after a real crash, e.g., power failure, the adversary can hide attack traces. We present SLiC, a new logging protocol that achieves forward-security against crash-attacks. Our main idea is to decouple the time of a log event with the position of its resulting log entry in the log file. Each event is encrypted and written to a pseudo-random position in the log file. Consequently, the adversary can only remove random log events, but not specific ones. Yet, during forensic analysis, the verifier can replay pseudo-random positions. This allows to distinguish a real crash (last events missing) from a crash-attack (random events missing). Besides a formal analysis, we also present an evaluation of SLiC as a syslog server to indicate its practicality.

ePrint: https://eprint.iacr.org/2017/107

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .