Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building an Encrypted and Searchable Audit Log 11th Annual Network and Distributed Security Symposium (NDSS '04); 2004 February 5-6; San Diego; CA. Presented.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Building an Encrypted and Searchable Audit Log 11th Annual Network and Distributed Security Symposium (NDSS '04); 2004 February 5-6; San Diego; CA. Presented."— Presentation transcript:

1 Building an Encrypted and Searchable Audit Log 11th Annual Network and Distributed Security Symposium (NDSS '04); 2004 February 5-6; San Diego; CA. Presented by Yu-Sheng Chen

2 Outline Introduction-a searchable encrypted audit log Symmetric key based scheme Asymmetric key based scheme (New) Conclusion

3 An audit log Bob Server Modify xxx.c Delete xyz.dll Log in Bob 12:20 3/26/2005 Logs Investigator Alice 11:30 3/25/2005 Modify xxx.c Search “delete” 12:20 3/26/2005 Modify xxx.c Delete xyz.dll Bob

4 Introduction Audit logs are an important part of any secure system. Audit logs have sensitive information →encrypt audit logs Hardness: A audit log should be searchable! How to construct a searchable encrypted audit logging system?

5 Traditional technique Just encrypt audit logs as usual. When searching for a keyword, we need to decrypt all of the log data. Disadvantage Decrypting all regardless of what information one is looking for opens opportunities for unintended access. Require the entity with the decryption key to interactively process all the log data.

6 A good searchable encrypted log Should keep Integrity Prevent and detect tampering Control access to contents Only decrypt the relevant data to the investigator Usefulness searchable

7 A searchable encrypted log -illustration Server An Encrypted Audit Log Investigator dwdw w Search Keyword w Search capability d w for w Audit escrow Agent dwdw Search result

8 Symmetric key based scheme -Encrypt s is the secret key H K is a keyed pseudorandom functioneg: HMAC-SHA1 E K is a symmetric encryption functioneg: AES flag is a constant bit string of length l eg: 1010101010 (Server) encrypt the log entry m along with keywords w 1,w 2, …,w n For each entry choose a random symmetric encryption key K compute E K (m) choose a random bit string r For each keyword w i  a i =H s (w i )  b i =H a i (r)  c i =b i ⊕ (flag|K) The server saves as the audit log entry.

9 (Investigator) send keyword w to the agent (Agent) compute d w =H s (w) (d w is called a search capability for w) and give d w to the investigator. (Investigator) use d w to search: For each log entry (E K (m), r, c 1, c 2, …, c n ) b i ’=H d w (r) For each encrypted keyword c i  b i ’ ⊕ c i ?= (flag|***)  Yes → extract K=***  m = D K (E K (m)) Symmetric key based scheme -Search & Decrypt Encrypt for w i a i =H s (w i ) b i =H a i (r) c i =b i ⊕ (flag|K) recover

10 Symmetric key based scheme -illustration Server secret s dwdw w Search capability for w d w =H s (w) Audit escrow Agent secret s dwdw Encrypt for w i a i =H s (w i ) b i =H a i (r) c i =b i ⊕ (flag|K) Search b i ‘=H d w (r) c i ⊕ b i ‘ ?= (flag|***) An Encrypted Logs result Investigator Search Keyword w

11 Symmetric key based scheme -discuss An investigator receiving a search capability d w for a keyword w learns no new information about the capability corresponding to any other keyword w’. Primary problem If the adversary compromises s, he can create any search capability d w

12 Asymmetric key based scheme -base on IBE……….IBE IBE ( Identity-Based Encryption ) [2003Boneh&Franklin] Setup

13 Asymmetric key based scheme -base on IBE……….IBE (continue) IBE ( Identity-Based Encryption ) IBE Key Generation Any arbitrary string w can be a public key Private key d w = s H 1 (w) IBE encryptionIBE w (m) Q W =H 1 (w) g w =e(Q w,P 1 ) choose random r c = = IBE decryptionIBD dw (c) V ⊕ H 2 (e(d w,U)) = m ⊕ H 2 (g w r ) ⊕ H 2 (e(d w, rP 0 )) = m ∵ e(d w,rP 0 ) = e(sQ w,rP 0 ) = e(Q w,P 0 ) sr = e(Q w,sP 0 ) r = g w r

14 Asymmetric key based scheme -base on IBE Encrypt (Server) For each log entry ( m, w 1, w 2, …, w n ) choose a random symmetric encryption key K encrypt m using K : E K (m) For each keyword w i  compute c i = IBE w i (flag|K) The server saves as the audit log entry Search & Decrypt (Investigator) give w to Agent (Agent) compute d w = s H 1 (w) and send d w back (Investigator) For each audit log entry For each c i  IBD d w (c i ) ?= (flag|***)  Yes → extract K=***  m = D K (E K (m)) recover

15 Asymmetric key based scheme -illustration Server No secret dwdw w Search capability for w d w = s H 1 (w) Audit escrow Agent secret s dwdw Encrypt for w i c i = IBE w i (flag|K) Search IBD d w (c i ) ?= (flag|***) An Encrypted Logs result Investigator Search Keyword w

16 Asymmetric key based scheme -discuss Server only stores public parameters P, there are no secret keys for an attacker to steal. Disadvantage Low performance ∵ Computations of the pairing and modular exponentiations for each keyword w

17 Optimizations for the asymmetric scheme When encrypting a log entry (m, w 1, …, w n ) Pairing reuse g w only needs to be performed once per keyword. Indexing Buffer entries sent to the audit log. Randomness reuse For each entry, use the same r in calculation of c 1, c 2, …, c n ----- In the decryption of c 1, c 2, …, c n, only one pairing is needed for each distinct r chosen. Q w =H 1 (w) g w =e(Q w,P 1 ) In the encryption… c i = = In the decryption… V ⊕ H 2 (e(d w,U)) ?= (flag|***)

18 Optimization result

19 Conclusion A searchable encrypted audit log A asymmetric key based scheme Server uses keywords as public key to encrypt. Investigator asks the audit escrow agent “search capabilities” to do search. Advantage: Server does not store secrets. Disadvantage: Low performance Optimization The End

Download ppt "Building an Encrypted and Searchable Audit Log 11th Annual Network and Distributed Security Symposium (NDSS '04); 2004 February 5-6; San Diego; CA. Presented."

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.

Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.

Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Negotiated Privacy CS551/851CRyptographyApplicationsBistro Mike McNett 30 March 2004 Stanislaw Jarecki, Pat Lincoln, Vitaly Shmatikov. Negotiated Privacy.Negotiated.

Negotiated Privacy CS551/851CRyptographyApplicationsBistro Mike McNett 30 March 2004 Stanislaw Jarecki, Pat Lincoln, Vitaly Shmatikov. Negotiated Privacy.Negotiated.
Information Security for Sensors Overwhelming Random Sequences and Permutations Shlomi Dolev, Niv Gilboa, Marina Kopeetsky, Giuseppe Persiano, and Paul.

Information Security for Sensors Overwhelming Random Sequences and Permutations Shlomi Dolev, Niv Gilboa, Marina Kopeetsky, Giuseppe Persiano, and Paul.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Identity Based Encryption

Identity Based Encryption
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
A Designer’s Guide to KEMs Alex Dent

A Designer’s Guide to KEMs Alex Dent
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承.

Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承.

Similar presentations

Ads by Google