Time-Scoped Searching of Encrypted Audit Logs

In this paper we explore restricted delegation of searches on encrypted audit logs. We show how to limit the exposure of private information stored in the log during such a search and provide a technique to delegate searches on the log to an investigator. These delegated searches are limited to authorized keywords that pertain to specific time periods, and provide guarantees of completeness to the investigator. Moreover, we show that investigators can efficiently find all relevant records, and can authenticate retrieved records without interacting with the owner of the log. In addition, we provide an empirical evaluation of our techniques using encrypted logs consisting of approximately 27,000 records of IDS alerts collected over a span of a few months.

[1]  Bruce Schneier,et al.  Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs , 1999, Recent Advances in Intrusion Detection.

[2]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[3]  Bruce Schneier,et al.  Cryptographic Support for Secure Logs on Untrusted Machines , 1998, USENIX Security Symposium.

[4]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[5]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[6]  Bill Cheswick,et al.  Privacy-Enhanced Searches Using Encrypted Bloom Filters , 2004, IACR Cryptol. ePrint Arch..

[7]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[8]  Marco Casassa Mont,et al.  The HP time vault service: exploiting IBE for timed release of confidential information , 2003, WWW '03.

[9]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[10]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[11]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[12]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[13]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[14]  Mihir Bellare,et al.  A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation , 1997, FOCS 1997.

[15]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.