A number of logs are generated from IT devices. Since logs have important information regarding a system, they are used for finding the trace of an intrusion or obtaining important information through a big data analysis. Hence, the logs have become a major attack surface for attackers. To protect logs, IT devices require secure logging methods as a mandatory service. Secure logging can provide detection of malicious manipulation of logs and verification of their origin. In this paper, we propose a secure logging method satisfying forward and backward secrecy based on ARM TrustZone for embedded systems, which enables to efficiently generate secure logs through inter-process communication without modification of the existing system (Syslog). Also, we show that the proposed method does not require extra overhead compared with the existing logging method.
[1]
Paul England,et al.
Continuous Tamper-Proof Logging Using TPM 2.0
,
2014,
TRUST.
[2]
Bruce Schneier,et al.
Secure audit logs to support computer forensics
,
1999,
TSEC.
[3]
Kent E. Seamons,et al.
Logcrypt: Forward Security and Public Verification for Secure Audit Logs
,
2005,
IACR Cryptol. ePrint Arch..
[4]
Latifur Khan,et al.
SGX-Log: Securing System Logs With SGX
,
2017,
AsiaCCS.
[5]
Dong Hoon Lee,et al.
T-Box: A Forensics-Enabled Trusted Automotive Data Recording Method
,
2019,
IEEE Access.
[6]
Mihir Bellare,et al.
Forward Integrity For Secure Audit Logs
,
1997
.