Abstract
We investigate a mechanism for secure remote logging to improve privacy guarantees in dynamic systems. Using an extended threat model for privacy, we first describe outer and inner privacy: outer privacy denotes the traditional attacker model for privacy where identity management systems control the collection of personal, observable information; inner privacy denotes the threat posed by an attacker who attempts to get hold of private log data by tampering with a device. While privacy-enhancing technologies should take outer and inner privacy into account, there is, to our knowledge, no approach for inner privacy, in particular for dynamic systems. To this end, we develop protocols to address inner privacy based on secure logging. Our approach accounts for the capacity limitations of resource-poor devices in dynamic systems, as it allows for the remote storage of log data, while fulfilling its security guarantees. Furthermore, our approach can be smoothly integrated into identity management systems to combine outer and inner privacy.
Chapter PDF
Similar content being viewed by others
Keywords
- Pervasive Computing
- Message Authentication Code
- Attack Model
- Acknowledgement Phase
- Cryptographic Technique
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
idemix. http://www.zurich.ibm.com/security/idemix/, 2005.
iManager. http://www. iig.uni-freiburg.de/telematik/atus/idm.html, 2005.
JAP anonymity and privacy. http://anon.inf.tu-dresden.de/, 2005.
R. Accorsi and A. Hohl. Delegating secure logging in pervasive computing systems. To appear in the 3rd Conf. Security in Pervasive Computing, 2006.
M. Bellare and B. Yee. Forward integrity for secure audit logs. Tech. report, Univ. of California at San Diego, Dept. of Computer Science & Engineering, 1997.
S. Creese, M. Goldsmith, R. Harrison, B. Roscoe, P. Whittaker, and I. Zakiuddin. Exploiting empirical engagement in authentication protocol design. In 2nd Conf. Security in Pervasive Computing, vol. 3450 of LNCS, pages 119–133, 2005.
U. Flegel. Pseudonymizing unix log files. In Infrastructure Security Conference, vol. 2437 of LNCS, pages 162–179, 2002.
G. Forman and J. Zahorjan. The challenges of mobile computing. IEEE Computer, 27(4):38–47, 1994.
W. Gibbs. Autonomic computing. Scientific American, 2002.
M. Graff and K. van Wyk. Secure Coding: Principles & Practices. O’Reilly, 2003.
G. Itkis. Cryptographic tamper evidence. In Conf. on Computer and Communication Security, pages 355–364, 2003.
E. Kenneally. Evidence enhancing technology. ;login, 28(6):62–66, 2003.
M. Langheinrich. A privacy awareness system for ubiquitous computing environments. In 4th Conf. on UbiComp, vol. 2498 of LNCS, pages 237–245, 2002.
G. Müller and S. Wohlgemuth. Study on mobile identity management. Deliverable for Fidis Project, Institute for Computer Science and Social Studies, 2005.
M. Satyanarayanan. Pervasive computing: Vision and challenges. IEEE Personal Communications, pages 10–17, 2001.
B. Schneier. Applied Ciyptography. John Wiley and Sons, Inc, 1996.
B. Schneier and J. Kelsey. Security audit logs to support computer forensics. ACM Transactions on Information and System Security, 2(2): 159–176, May 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
Accorsi, R. (2006). On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds) Security and Privacy in Dynamic Environments. SEC 2006. IFIP International Federation for Information Processing, vol 201. Springer, Boston, MA. https://doi.org/10.1007/0-387-33406-8_28
Download citation
DOI: https://doi.org/10.1007/0-387-33406-8_28
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-33405-9
Online ISBN: 978-0-387-33406-6
eBook Packages: Computer ScienceComputer Science (R0)