Forward Security with Crash Recovery for Secure Logs
Article No.: 3, Pages 1 - 28
Abstract
Logging is a key mechanism in the security of computer systems. Beyond supporting important forward security properties, it is critical that logging withstands both failures and intentional tampering to prevent subtle attacks leaving the system in an inconsistent state with inconclusive evidence. We propose new techniques combining forward security with crash recovery for secure log data storage. As the support of specifically forward integrity and the online nature of logging prevent the use of conventional coding, we propose and analyze a coding scheme resolving these unique design constraints. Specifically, our coding enables forward integrity, online encoding, and most importantly a constant number of operations per encoding. It adds a new log item by 𝖷𝖮𝖱 ing it to k cells of a table. If up to a certain threshold of cells is modified by the adversary, or lost due to a crash, we still guarantee recovery of all stored log items. The main advantage of the coding scheme is its efficiency and compatibility with forward integrity. The key contribution of the paper is the use of spectral graph theory techniques to prove that k is constant in the number n of all log items ever stored and small in practice, e.g., k = 5. Moreover, we prove that to cope with up to \(\sqrt {n}\) modified or lost log items, storage expansion is constant in n and small in practice. For k = 5, the size of the table is only 12% more than the simple concatenation of all n items. We propose and evaluate original techniques to scale the computation cost of recovery to several GBytes of security logs. We instantiate our scheme into an abstract data structure which allows to either detect adversarial modifications to log items or treat modifications like data loss in a system crash. The data structure can recover lost log items, thereby effectively reverting adversarial modifications.
References
[1]
A. Ahmad, S. Lee, and M. Peinado. 2022. HARDLOG: Practical tamper-proof system auditing using a novel audit device. In 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE, 1791–1807.
[2]
Y. Aumann and Y. Lindell. 2010. Security against covert adversaries: Efficient protocols for realistic adversaries. Journal of Cryptology 23, 2 (2010), 281–343. ISSN 0933-2790.
[3]
S. Avizheh, R. Safavi-Naini, and S. Li. 2019. Secure logging with security against adaptive crash attack. In International Symposium on Foundations & Practice of Security. Toulouse, France. https://arxiv.org/abs/1910.14169
[4]
M. Bellare and B. S. Yee. 1997. Forward Integrity for Secure Audit Logs. Technical Report. UC San Diego.
[5]
M. Bellare and B. S. Yee. 2003. Forward-security in private-key cryptography. In Topics in Cryptology - CT-RSA 2003, The Cryptographers’ Track at the RSA Conference 2003, San Francisco, CA, USA, April 13-17, 2003, Proceedings. 1–18.
[6]
E.-O. Blass and G. Noubir. 2017. Secure logging with crash tolerance. In Conference on Communications and Network Security. Las Vegas, USA, 1–10.
[7]
E.-O. Blass and G. Noubir. 2022. Source code for experiments. (2022). https://github.com/dalmayr777/secure-logging
[8]
K. D. Bowers, C. Hart, A. Juels, and N. Triandopoulos. 2014. PillarBox: Combating next-generation malware with fast forward-secure logging. In RAID. 46–67.
[9]
N. J. Calkin. 1996. Dependent sets of constant weight vectors in \(GF(q)\). Random Struct. Algorithms 9, 1-2 (1996), 49–53.
[10]
N. J. Calkin. 1997. Dependent sets of constant weight binary vectors. Combinatorics, Probability & Computing 6, 3 (1997), 263–271.
[11]
D. Coppersmith and S. Winograd. 1990. Matrix multiplication via arithmetic progressions. J. Symb. Comput. 9, 3 (1990), 251–280.
[12]
T. M. Cover and J. A. Thomas. 2006. Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing). Wiley-Interscience.
[13]
M. Dietzfelbinger and R. Pagh. 2008. Succinct data structures for retrieval and approximate membership (extended abstract). In ICALP. 385–396.
[14]
P. Erdős and A. Rényi. 1960. On the evolution of random graphs. In Publication of the Mathematical Institute of the Hungarian Academy of Sciences. 17–61.
[15]
J. Flum and M. Grohe. 2006. Parameterized Complexity Theory. Springer.
[16]
R. G. Gallager. 1962. Low-density parity-check codes. IRE Trans. Information Theory 8, 1 (1962), 21–28.
[17]
M. T. Goodrich and M. Mitzenmacher. 2011. Invertible Bloom lookup tables. In Allerton Conference on Communication, Control, and Computing. Monticello, USA, 792–799.
[18]
G. Hartung. 2016. Secure audit logs with verifiable excerpts. In CT-RSA (LNCS), Vol. 9610. 183–199.
[19]
V. T. Hoang, C. Wu, and X. Yuan. 2022. Faster yet safer: Logging system via fixed-key blockcipher. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 2389–2406.
[20]
J. E. Holt. 2006. Logcrypt: forward security and public verification for secure audit logs. In Australasian Symposium on Grid Computing and e-Research. 203–211.
[21]
V. Karande, E. Bauman, Z. Lin, and L. Khan. 2017. SGX-Log: Securing system logs with SGX. In AsiaCCS. ACM, 19–30.
[22]
Samuel T. King and Peter M. Chen. 2003. Backtracking intrusions. In 19th ACM Symposium on Operating Systems Principles, Bolton Landing, NY, USA. 223–236.
[23]
S. Lin and D. J. Costello. 2004. Error Control Coding, Second Edition. Prentice-Hall, Inc., USA.
[24]
Linux Kernel Documentation. 2020. /proc/sys/vm/dirty_expire_centisecs. (2020). Standard value is 30 sec on kernel 5.8, 64 bit, https://www.kernel.org/doc/Documentation/sysctl/vm.txt
[25]
Chris M. Lonvick. 2001. The BSD Syslog Protocol. RFC 3164. (Aug. 2001).
[26]
M. Luby. 2002. LT codes. In IEEE Annual Symposium on Foundations of Computer Science.
[27]
D. Ma and G. Tsudik. 2009. A new approach to secure logging. ACM Transactions on Storage 5, 1 (2009). ISSN: 1553-3077.
[28]
G. A. Marson and B. Poettering. 2013. Practical secure logging: Seekable sequential key generators. In ESORICS. 111–128.
[29]
G. A. Marson and B. Poettering. 2014. Even more practical secure logging: Tree-based seekable sequential key generators. In ESORICS. 37–54.
[30]
R. Paccagnella, P. Datta, W. Ul Hassan, A. Bates, C. W. Fletcher, A. Miller, and D. Tian. 2020. Custos: Practical tamper-evident auditing of operating systems using trusted execution. In NDSS. The Internet Society.
[31]
R. Paccagnella, K. Liao, D. Tian, and A. Bates. 2020. Logging to the danger zone: Race condition attacks and defenses on system audit frameworks. In Conference on Computer and Communications Security. 1551–1574.
[32]
S. Pontarelli, P. Reviriego, and M. Mitzenmacher. 2014. Improving the performance of invertible Bloom lookup tables. Inf. Process. Lett. 114, 4 (2014), 185–191.
[33]
T. Pulls and R. Peeters. 2015. Balloon: A forward-secure append-only persistent authenticated data structure. In ESORICS (LNCS), Vol. 9327. 622–641.
[34]
M. Raab and A. Steger. 1998. Balls into bins – a simple and tight analysis. In RANDOM’98 (LNCS), Vol. 1518. 159–170.
[35]
T. J. Richardson and R. L. Urbanke. 2001. Efficient encoding of low-density parity-check codes. IEEE Transactions on Information Theory 47, 2 (Feb. 2001), 638–656.
[36]
P. Rogaway. 2004. Nonce-based symmetric encryption. In Proceedings of FSE. Delhi, India, 348–359. ISBN 3-540-22171-9.
[37]
B. Schneier and J. Kelsey. 1999. Secure audit logs to support computer forensics. ACM Transactions on Information and System Security 2, 2 (1999), 159–176.
[38]
K. F. Seiden and J. P. Melanson. 1990. The auditing facility for a VMM security kernel. In IEEE Symposium on Security and Privacy, Oakland, California, USA. IEEE Computer Society, 262–277.
[39]
C. E. Shannon. 1948. A mathematical theory of communication. The Bell System Technical Journal 27, 3 (July 1948), 379–423.
[40]
A. Shokrollahi. 2004. LDPC Codes: An Introduction. Coding, Cryptography and Combinatorics, Vol. 23. Birkhäuser, 85–110. ISBN 978-3-0348-9602-3.
[41]
A. Shokrollahi. 2006. Raptor codes. IEEE Transactions on Information Theory 52, 6 (2006), 2551–2567.
[42]
V. Strassen. 1969. Gaussian elimination is not optimal. Numer. Math. 13, 4 (1969), 354–356.
[43]
Stephan van Schaik, Alex Seto, Thomas Yurek, Adam Batori, Bader AlBassam, Christina Garman, Daniel Genkin, Andrew Miller, Eyal Ronen, and Yuval Yarom. 2022. SoK: SGX.Fail: How stuff get exposed. https://sgx.fail
[44]
D. Wiedemann. 1986. Solving sparse linear equations over finite fields. IEEE Transactions on Information Theory 32, 1 (January 1986), 54–62.
[45]
XEN. 2023. (Incomplete) list of security flaws in XEN allowing to break out of VM. (2023). https://xenbits.xen.org/xsa/advisory-148.html, https://xenbits.xen.org/xsa/advisory-182.html, https://xenbits.xen.org/xsa/advisory-212.html, https://xenbits.xen.org/xsa/advisory-213.html, https://xenbits.xen.org/xsa/advisory-214.html, https://xenbits.xen.org/xsa/advisory-215.html
[46]
A. A. Yavuz, P. Ning, and M. K. Reiter. 2012. BAF and FI-BAF: Efficient and publicly verifiable cryptographic schemes for secure logging in resource-constrained systems. Transactions on Information System Security 15, 2 (2012), 9. ISSN 1094-9224.
[47]
A. A. Yavuz, P. Ning, and M. K. Reiter. 2012. Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging. In Financial Cryptography and Data Security (LNCS), Vol. 7397. 148–163.
Index Terms
- Forward Security with Crash Recovery for Secure Logs
Recommendations
Secure Logging with Security Against Adaptive Crash Attack
Foundations and Practice of SecurityAbstractLogging systems are an essential component of security systems and their security has been widely studied. Recently (2017) it was shown that existing secure logging protocols are vulnerable to crash attack in which the adversary modifies the log ...
Concurrent rollback for crash recovery in extended hypercube networks
PAS '95: Proceedings of the First Aizu International Symposium on Parallel Algorithms/Architecture SynthesisRecovering from processor failures is an important problem in the design and development of reliable systems. We present a concurrent rollback algorithm in extended hypercube networks to recover from crash failures which involves small message and time ...
On the Quality of Service of Crash-Recovery Failure Detectors
We model the probabilistic behavior of a system comprising a failure detector and a monitored crash-recovery target. We extend failure detectors to take account of failure recovery in the target system. This involves extending QoS measures to include ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
February 2024
369 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 12 December 2023
Online AM: 03 November 2023
Accepted: 18 October 2023
Revised: 09 August 2023
Received: 19 October 2022
Published in TOPS Volume 27, Issue 1
Check for updates
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 262Total Downloads
- Downloads (Last 12 months)151
- Downloads (Last 6 weeks)11
Reflects downloads up to 01 Mar 2025
Other Metrics
Citations
Cited By
View allView Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in