Abstract
Sequential key generators produce a forward-secure sequence of symmetric cryptographic keys and are traditionally based on hash chains. An inherent disadvantage of such constructions is that they do not offer a fast-forward capability, i.e., lack a way to efficiently skip a large number of keys—a functionality often required in practice. This limitation was overcome only recently, with the introduction of seekable sequential key generators (SSKGs). The only currently known construction is based on the iterated evaluation of a shortcut one-way permutation, a factoring-based —and hence in practice not too efficient— building block. In this paper we revisit the challenge of marrying forward-secure key generation with seekability and show that symmetric primitives like PRGs, block ciphers, and hash functions suffice for obtaining secure SSKGs. Our scheme is not only considerably more efficient than the prior number-theoretic construction, but also extends the seeking functionality in a way that we believe is important in practice. Our construction is provably (forward-)secure in the standard model.
Chapter PDF
Similar content being viewed by others
References
Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. Journal of Cryptology 20(3), 265–294 (2007)
Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)
Bellare, M., Yee, B.S.: Forward-security in private-key cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003)
Kelsey, J., Schneier, B.: Cryptographic support for secure logs on untrusted machines. In: Proceedings of the 7th USENIX Security Symposium (1998)
Marson, G.A., Poettering, B.: Practical secure logging: Seekable sequential key generators. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 111–128. Springer, Heidelberg (2013)
Marson, G.A., Poettering, B.: Practical secure logging: Seekable sequential key generators. Cryptology ePrint Archive, Report 2013/397 (2013), http://eprint.iacr.org/2013/397
Bellare, M., Yee, B.S.: Forward integrity for secure audit logs. Technical report (1997)
Kelsey, J., Schneier, B.: Minimizing bandwidth for remote access to cryptographically protected audit logs. In: Recent Advances in Intrusion Detection (1999)
Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999)
Chong, C.N., Peng, Z., Hartel, P.H.: Secure audit logging with tamper-resistant hardware. In: Gritzalis, D., di Vimercati, S.D.C., Samarati, P., Katsikas, S.K. (eds.) SEC. IFIP Conference Proceedings, vol. 250, pp. 73–84. Kluwer (2003)
Holt, J.E.: Logcrypt: forward security and public verification for secure audit logs. In: Buyya, R., Ma, T., Safavi-Naini, R., Steketee, C., Susilo, W. (eds.) ACSW Frontiers. CRPIT, vol. 54, pp. 203–211. Australian Computer Society (2006)
Accorsi, R.: BBox: A distributed secure log architecture. In: Camenisch, J., Lambrinoudakis, C. (eds.) EuroPKI 2010. LNCS, vol. 6711, pp. 109–124. Springer, Heidelberg (2011)
Ma, D., Tsudik, G.: Extended abstract: Forward-secure sequential aggregate authentication. In: 2007 IEEE Symposium on Security and Privacy, May 20-23, pp. 86–91. IEEE Computer Society Press, Oakland (2007)
Ma, D., Tsudik, G.: A new approach to secure logging. Trans. Storage 5(1), 2:1–2:2 (2009)
Yavuz, A.A., Ning, P.: BAF: An efficient publicly verifiable secure audit logging scheme for distributed systems. In: ACSAC, pp. 219–228. IEEE Computer Society (2009)
Yavuz, A.A., Ning, P., Reiter, M.K.: BAF and FI-BAF: Efficient and publicly verifiable cryptographic schemes for secure logging in resource-constrained systems. ACM Trans. Inf. 15(2), 9 (2012)
Kelsey, J., Callas, J., Clemm, A.: Signed Syslog Messages. RFC 5848 (Proposed Standard) (May 2010)
Gutmann, P.: Secure deletion of data from magnetic and solid-state memory. In: Proceedings of the Sixth USENIX Security Symposium, San Jose, CA, vol. 14 (1996)
Marson, G.A., Poettering, B.: Even more practical secure logging: Tree-based seekable sequential key generators. Cryptology ePrint Archive, Report 2014/479 (2014), http://eprint.iacr.org/2014/479
Young, E., Hudson, T.: OpenSSL: The Open Source Toolkit for SSL/TLS, http://www.openssl.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Marson, G.A., Poettering, B. (2014). Even More Practical Secure Logging: Tree-Based Seekable Sequential Key Generators. In: Kutyłowski, M., Vaidya, J. (eds) Computer Security - ESORICS 2014. ESORICS 2014. Lecture Notes in Computer Science, vol 8713. Springer, Cham. https://doi.org/10.1007/978-3-319-11212-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-11212-1_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11211-4
Online ISBN: 978-3-319-11212-1
eBook Packages: Computer ScienceComputer Science (R0)