Enabling shared audit data

Audit is an important aspect of good security and business practice; however, current solutions are not supportive of electronic data and processes. This paper describes an audit service that both acts as a central place for logging from heterogeneous IT systems and a place to search and check the audit data. Notarisation structures enabling a user to check the integrity of audit records and subsets of the audit chain relating to their transactions have been developed. The audit system uses a secure hardware device to create an alternative trust domain in which to run processes, maintaining the integrity of the audit trail whilst allowing it to be tightly integration and co-located with the overall IT infrastructure.

[1]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[2]  Naomaru Itoi Secure Coprocessor Integration with Kerberos V5 , 2000, USENIX Security Symposium.

[3]  Mihir Bellare,et al.  Forward-Security in Private-Key Cryptography , 2003, CT-RSA.

[4]  Simon Shiu,et al.  Hardware Security Appliances for Trust , 2003, iTrust.

[5]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[6]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[7]  David R. Safford,et al.  Practical Private Information Retrieval with Secure Coprocessors , 2000 .

[8]  Ana Ferreira,et al.  Towards accountability for Electronic Patient Records , 2003, 16th IEEE Symposium Computer-Based Medical Systems, 2003. Proceedings..

[9]  Bruce Schneier,et al.  Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[10]  Bruce Schneier,et al.  Cryptographic Support for Secure Logs on Untrusted Machines , 1998, USENIX Security Symposium.

[11]  Simon Shiu,et al.  Encryption and key management in a SAN , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[12]  Stuart Haber,et al.  Improving the Efficiency and Reliability of Digital Time-Stamping , 1993 .

[13]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[14]  Carlisle M. Adams,et al.  Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) , 2001, RFC.

[15]  Sean W. Smith,et al.  Using a High-Performance, Programmable Secure Coprocessor , 1998, Financial Cryptography.

[16]  Marco Casassa Mont,et al.  A flexible role-based secure messaging service: exploiting IBE technology for privacy in health care , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[17]  Jan Willemson,et al.  Time-Stamping with Binary Linking Schemes , 1998, CRYPTO.

[18]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[19]  Adrian Baldwin,et al.  Enhanced Accountability for Electronic Processes , 2004, iTrust.

[20]  Simon Shiu,et al.  Hardware Encapsulation of Security Services , 2003, ESORICS.

[21]  Roger C. Schank,et al.  SCRIPTS, PLANS, GOALS, AND UNDERSTANDING , 1988 .

[22]  Marco Casassa Mont,et al.  Trust services: a framework for service-based solutions , 2002, Proceedings 26th Annual International Computer Software and Applications.