Log data as digital evidence: What secure logging protocols have to offer?

Proceedings - International Computer Software and Applications Conference

Volumn 2, Issue , 2009, Pages 398-403

  Accorsi, Rafael ^a  

^a UNIVERSITY OF FREIBURG   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

DIGITAL EVIDENCE; LEGAL REQUIREMENTS; LOG DATA; STATE OF THE ART;

COMPUTER APPLICATIONS; COMPUTER SOFTWARE; NETWORK SECURITY; WORD PROCESSING;

NETWORK PROTOCOLS;

EID: 70449671757     PISSN: 07303157     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/COMPSAC.2009.166     Document Type: Conference Paper

References (30)

1. R. Accorsi, "On the relationship of privacy and secure remote logging in dynamic systems," in IFIP Security and Privacy in Dynamic Environments, S. Fischer-Hübner et al., Eds., 2006, vol.201, pp. 329-339.
2. - , "Automated counterexample-driven audits of authentic system records," Ph.D. dissertation, University of Freiburg, 2008.
3. R. Accorsi and A. Hohl, "Delegating secure logging in pervasive computing systems," in Security in Pervasive Computing, ser. LNCS, J. Clark et al., Eds., 2006, vol.3934, pp. 58-72.
4. M. Alles, A. Kogan, and M. Vasarhelyi, "Black box logging and tertiary monitoring of continuous assurance systems," Inf. Sys. Cont., 2003.
5. M. Bellare and B. Yee, "Forward integrity for secure audit logs," UCSD, Dept. of Computer Science & Engineering, Tech. Rep., 1997.
6. B. Bloom, "Space/time trade-offs in hash coding with allowable errors," Comm. ACM, vol.13, no.7, pp. 422-426, 1970.
7. D. Boneh and M. Franklin, "Identity based encryption from the Weil pairing," SIAM J. of Comp., vol.32, no.3, pp. 586-615, 2003.
8. C. Chong, Z. Peng, and P. Hartel, "Secure audit logging with tamperresistant hardware," in IFIP Security and Privacy in the Age of Uncertainty, D. Gritzalis et al., Eds., vol.250. 2003, pp. 73-84.
9. J. Clark and J. Jacob, "A survey of authentication protocol literature," 1997, available at http://www.cs.york.ac.uk/~jac/papers/ drareview.ps.gz.
10. F. Cohen, Challenges to Digital Evidence. ASP Press, 2008.
11. D. Dolev and A. Yao, "On the security of public key protocols," IEEE Trans. Inf. Theo., vol.2, no.29, pp. 198-208, 1983.
12. M. Franklin, "A survey of key evolving cryptosystems," Journal of Security and Network, vol. 1, no. 1/2, pp. 46-53, 2006.
13. J. Holt, "Logcrypt: Forward security and public verification for secure audit logs," in Symp. Grid Computing and e-Research, R. Buyya et al., Eds., vol.54., 2006, pp. 203-211.
14. Kahn Consulting, "Computer security log files as evidence," http://www.kahnconsultinginc.com/images/pdfs/KCI ArcSight ESM Evaluation.pdf, 2006.
15. J. Kelsey and J. Callas, "Signed syslog messages," IETF Internet Draft, 2005, http://www.ietf.org/internet-drafts/draft-ietf-syslog- sign-16.txt.
16. E. Kenneally, "Digital logs - Proof matters," Digital Investigation, vol.1, no.2, pp. 94-101, 2004.
17. K. Kent and M. Souppaya, Guide to Computer Security Log Management, NIST, September 2006.
18. L. Lamport, "Password authentication with insecure communication," Comm. ACM, vol.24, no.11, pp. 770-772, 1981.
19. C. Lonvick, "RFC 3164: The BSD syslog protocol," 2001, http://www.ietf.org/rfc/rfc3164.txt.
20. D. Ma, "Practical forward secure sequential aggregate signatures," in ACM ASIACCS, M. Abe and V. D. Gligor, Eds., 2008, pp. 341-352.
21. D. Ma and G. Tsudik, "A new approach to secure logging," ACM TOS, vol.5, no.1, pp. 1-21, 2009.
22. U. Maurer, "New approaches to digital evidence," Proc. IEEE, vol.92, no.6, pp. 933-947, 2004.
23. D. New and M. Rose, "RFC 3195: Reliable delivery for syslog," Request for Comments, 2001, http://www.ietf.org/rfc/rfc3195.txt.
24. Y. Ohtaki, "Partial disclosure of searchable encrypted data with support for boolean queries," in Advances in Policy Enforcement, S. Jakoubi et al., Eds. 2008, pp. 1083-1090.
25. R. Oppliger and R. Ritz, "Digital evidence: Dream and reality," IEEE Security and Privacy, vol.1, no.5, pp. 44-48, 2003.
26. "Reliable syslog," http://security.sdsc.edu/software/sdsc- syslog/.
27. B. Schneier and J. Kelsey, "Security audit logs to support computer forensics," ACM TISSEC, vol.2, no.2, pp. 159-176, 1999.
28. V. Stathopoulos, P. Kotzanikolaou, and E. Magkos, "A framework for secure and verifiable logging in public communication networks," in Critical Information Infrastructures Security, ser. LNCS, J. Lopez, Ed., 2006, vol.4347, pp. 273-284.
29. "Syslog-ng web site," http://www.balabit.com/products/syslog ng/.
30. B. Waters, D. Balfanz, G. Durfee, and D. Smetters, "Building an encrypted and searchable audit log," in 11th Annual Network and Distributed System Security Symposium, 2004.