Efficient, compromise resilient and compact cryptographic constructions for digital forensics

Audit logs are a fundamental digital forensic mechanism for providing security in computer systems; they are used to keep track of important events regarding the system activities. In current large distributed systems, protecting audit logs is a challenging task, especially in the presence of active attackers. It is critical for such a system to be compromise-resilient (i.e., having forward security and append-only integrity properties) such that when an attacker compromises a logging machine, she cannot forge or selectively delete the log entries accumulated before the compromise. Unfortunately, existing secure audit logging schemes have limitations that make them impractical for real-life applications: On the one hand, the symmetric schemes are not publicly verifiable, demand high storage, require online Trusted Third Party (TTP) support, and are also vulnerable to certain attacks. On the other hand, Public Key Cryptography (PKC)-based schemes require several Expensive Operations (ExpOps) (e.g., pairing), and thus are impractical for task-intensive and/or resource-constrained systems. In this dissertation, we address the above problems by developing a series of novel cryptographic constructions that achieve the most desirable properties of both symmetric and PKC-based schemes simultaneously. First, we propose a new class of signature schemes for Unattended Wireless Sensor Networks (UWSN) called Hash-Based Sequential Aggregate and Forward-Secure Signature (HaSAFSS). Using existing verification delays as an opportunity to introduce asymmetry, HaSAFSS schemes achieve high efficiency, while still preserving public verifiability, forward security and compactness. The HaSAFSS schemes are the only schemes in which both signers and verifiers get equal benefits of computational efficiency. Symmetric HaSAFSS (Sym-HaSAFSS) and Elliptic Curve Cryptography-based HaSAFSS (ECC-HaSAFSS) achieve the optimal (constant) signer and optimal verifier storage efficiency, respectively. Self-SUstaining HaSAFSS (SU-HaSAFSS) achieves an optimal storage at both the signer and the verifier sides by introducing a little more computation overhead. Second, we develop a novel forward-secure and aggregate signature scheme called Blind-Aggregate-Forward (BAF) to address the secure audit logging needs of resource-constrained devices. BAF can address both real-time and non-real-time applications by achieving the public verifiability without requiring any online TTP support or time factor. BAF is the only scheme that can produce a publicly verifiable signature with very low computational, storage, and communication costs for the loggers. Moreover, a variant of BAF (i.e., Fast-Immutable BAF) enables fine-grained log verification by preserving the optimal logger efficiency and security. Third, we propose a new signature scheme called Log Forward-secure and Append-only Signature (LogFAS) to address the secure logging needs of task-intensive applications with a large number of loggers. LogFAS is the only secure audit logging scheme that can verify L log entries with always a small and constant number of ExpOps regardless of the value of L. It is also the only alternative in which each verifier stores only a small and constant size public key independent from the number of loggers and the number of log entries to be verified. In addition, a variation of LogFAS can identify the corrupted log entries with a sub-linear number of ExpOps when most entries are intact. We prove that all of our schemes are secure under appropriate computational assumptions (in the random oracle model). We also show that they are significantly more efficient and practical than all the previous cryptographic secure audit logging schemes.