Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.

Slides:



Advertisements
Similar presentations
Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.
Advertisements

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Encryption Public-Key, Identity-Based, Attribute-Based.
Digital Signatures and Hash Functions. Digital Signatures.
Public Key Management and X.509 Certificates
Introduction to Practical Cryptography Lecture 9 Searchable Encryption.
Negotiated Privacy CS551/851CRyptographyApplicationsBistro Mike McNett 30 March 2004 Stanislaw Jarecki, Pat Lincoln, Vitaly Shmatikov. Negotiated Privacy.Negotiated.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
21 June 2006Copyright 2006 University of Kent1 Delegation of Authority (DyVOSE project) David Chadwick University of Kent.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
Efficient Search on Encrypted Data. Outline SWP Linear Scan SWP encrypted index Goh Bloom Filter Hybird scheme Discussion.
Session Management A290/A590, Fall /25/2014.
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Building an Encrypted and Searchable Audit Log 11th Annual Network and Distributed Security Symposium (NDSS '04); 2004 February 5-6; San Diego; CA. Presented.
BR1 Protection and Security B. Ramamurthy Chapters 18 and 19.
Security Management.
Secure File Storage Nathanael Paul CRyptography Applications Bistro March 25, 2004.
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
Privacy Preserving Query Processing in Cloud Computing Wen Jie
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
Aggregation in Sensor Networks
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography, Authentication and Digital Signatures
CSE 548 Advanced Computer Network Security Document Search in MobiCloud using Hadoop Framework Sayan Cole Jaya Chakladar Group No: 1.
1 Practical Techniques for Searches on Encrypted Data Dawn Song, David Wagner, Adrian Perrig.
Identity-Based Secure Distributed Data Storage Schemes.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
1 Private Resource Pairing Joseph Calandrino Department of Computer Science University of Virginia August 10, 2005.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.
1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai.
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Security (and privacy) Larry Rudolph With help from Srini Devedas, Dwaine Clark.
1 Common Secure Index for Conjunctive Keyword-Based Retrieval over Encrypted Data Peishun Wang, Huaxiong Wang, and Josef Pieprzyk: SDM LNCS, vol.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
ECE509 Cyber Security : Concept, Theory, and Practice Key Management Spring 2014.
Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle Jessica Staddon Palo Alto Research Center Brent Waters Princeton University.
Freenet “…an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity.
Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
Fuzzy Identity Based Encryption Brent Waters Current Research with Amit Sahai.
Private key
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Keyword search on encrypted data. Keyword search problem  Linux utility: grep  Information retrieval Basic operation Advanced operations – relevance.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Information Systems Design and Development Security Precautions Computing Science.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Key management issues in PGP
Searchable Encryption in Cloud
Web Applications Security Cryptography 1
TRUST Area 3 Overview: Privacy, Usability, & Social Impact
pVault Sharing Architecture
Cryptographic Algorithms for Privacy in an Age of Ubiquitous Recording
based on slides by Debra Cook
Offline Auditing for Privacy
Security.
Building an Encrypted and Searchable Audit Log
Protection and Security
Presentation transcript:

Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters

Audit Logs Employed on most server systems –Web logs –Database logs Provide invaluable access to past activity –Hold users accountable for their actions –Diagnostics

Desirable Characteristics Tamper Resistant Verifiable –Can check that entries are present and have not been altered Data Access Control –Entries may be sensitive to individuals or log owner Searchability –Search for log on specific criteria –e.g keyword search

Desirable Characteristics Tamper Resistant Verifiable –Can check that entries are present and have not been altered Data Access Control –Entries may be sensitive to individuals or log owner Searchability –Search for log on specific criteria –e.g keyword search

An Audit Log for a Database System user: Alice Smith keyword: cars keyword: make keyword: ford time: 2003/08/26 23:34:24 authenticationclockkeyword extraction “select * from cars where make=‘ford’” database audit record creation keywords for audit record log storage (untrusted)

Requirements Data Access Control –Entries must be encrypted on untrusted storage –Forward security in case auditing device becomes compromised  asymmetric encryption –Limit scope of data released to that of the search Searchability –Be able to efficiently retrieve entries based on certain criteria –We focus on keyword search

A Simple Solution Encrypt all entries with a public key Auditor downloads all entries, then decrypts them, then performs the search

A Simple Solution Encrypt all entries with a public key Auditor downloads all entries, then decrypts them, then performs the search Disadvantages Auditor sees all entries and regardless of what search criteria was All entries must be transmitted from server

audit record Delegating Search Capabilities investigatoraudit escrow agent master secret “user: Alice Smith” capability for search investigator audit log capability for search audit record … 1 2 The investigator submits the capability to the audit log and receives only entries that the capability matches. The investigator requests a capability to search for all entries that were made by the user Alice.

Searching on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document

Searching on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document Encrypted Data Keywords must not be in the clear!

Searching on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document audit escrow agent master secret Encrypted Data

Searching on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document Honda Search Capability master secret Encrypted Data audit escrow agent

Searching on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document Honda Search Capability master secret Encrypted Data audit escrow agent

Searching on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document Honda Search Capability master secret Encrypted Data No information is learned audit escrow agent

Searching on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document master secret Encrypted Data audit escrow agent

Searching on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document Alice Search Capability master secret Encrypted Data audit escrow agent

Searching on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document Alice Search Capability master secret Encrypted Data Keywords Alice Ford Loans Document Embed decryption in search audit escrow agent

Identity Based Encryption (IBE) Public Key is simply a string e.g. Private Key given from master secret holder(s) Removes need for distribution of public key certificates We use scheme of Boneh and Franklin (2001)

Using IBE to Search on Asymmetrically Encrypted Data Keywords Alice Ford Loans Document Auditing Device

Using IBE to Search on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document K

Using IBE to Search on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document K FLAG | K “Alice”

Using IBE to Search on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document K FLAG | K “Alice” FLAG | K “Ford”

Using IBE to Search on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans”

Using IBE to Search on Asymmetrically Encrypted Data Auditing Device FLAG used to test K to decrypt on match Keywords Alice Ford Loans Document K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans”

Using IBE to Search on Asymmetrically Encrypted Data Auditing Device FLAG used to test K to decrypt on match Key-privacy property  keywords kept private Keywords Alice Ford Loans Document K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans”

Using IBE to Search on Asymmetrically Encrypted Data Auditing Device FLAG used to test K to decrypt on match Key-privacy property  keywords kept private “Pairing” operation per keyword Keywords Alice Ford Loans Document K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans”

Using IBE to Search on Asymmetrically Encrypted Data Alice Search Capability Document K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans”

Using IBE to Search on Asymmetrically Encrypted Data Alice Search Capability Attempt IBE decryption on each part Test for presence of FLAG Document K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans”

Using IBE to Search on Asymmetrically Encrypted Data Alice Search Capability Attempt IBE decryption on each part Test for presence of FLAG … Document K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans”

Using IBE to Search on Asymmetrically Encrypted Data Alice Search Capability Attempt IBE decryption on each part Test for presence of FLAG … Document K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans”

Using IBE to Search on Asymmetrically Encrypted Data Alice Search Capability Attempt IBE decryption on each part Test for presence of FLAG FLAG | K Document K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans”

Using IBE to Search on Asymmetrically Encrypted Data Alice Search Capability Attempt IBE decryption on each part Test for presence of FLAG On match use K to decrypt document Documen t K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans” FLAG | K

Using IBE to Search on Asymmetrically Encrypted Data Alice Search Capability Attempt IBE decryption on each part Test for presence of FLAG On match use K to decrypt document Pairing per keyword in document Document K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans” Documen t FLAG | K

Scoping of Keywords We want to type keywords e.g. Capability to search on entries about “Alice” vs. those made by “Alice” Solution: Prefix keywords with type –“user:Alice” –“kw:Alice”

Performance Encryption –One pairing per keyword in document –One exponentiation per keyword Search/Decryption –One pairing per keyword per document

Optimizations Cache pairings of frequently used keywords –eg. ê(“user:Alice”,sP) –Only need a pairing per new keyword on encryption –In limit exponentiation per keyword is dominant cost

Optimizations Cache pairings of frequently used keywords –eg. ê(“user:Alice”,sP) –Only need a pairing per new keyword on encryption –In limit exponentiation per keyword is dominant cost Reuse randomness for IBE encryption within one document –Okay since cannot use same public key per document –In decryption only one pairing per document –Save storage in log

Indexing Incremental update of an index on untrusted storage is insecure

Indexing Incremental update of an index on untrusted storage is insecure Keywords Alice Ford Loans DocumentIndex

Indexing Incremental update of an index on untrusted storage is insecure Keywords Alice Ford Loans DocumentIndex

Indexing Incremental update of an index on untrusted storage is insecure Keywords Alice Loans Washington DocumentIndex

Indexing Incremental update of an index on untrusted storage is insecure Keywords Alice Loans Washington DocumentIndex

Indexing Build local index on auditing device and flush out to storage

Indexing Build local index on auditing device and flush out to storage Document K’ Document K’’ Document K FLAG | K | K’’ “Alice” FLAG | … “Sam”

Indexing Longer index is held in auditing device more information leaked on device compromise

Implementation Implemented a logging system for MySQL database queries Goal to protect individual’s privacy Used Stanford IBE library Pairing cost ~80ms on current machines

Related Work Searching on Encrypted Data Boneh, Crescenzo, Ostrovsky and Persiano (2003) Song, Wagner and Perrig (2000) Goh (2003) Identity Based Encryption Boneh and Franklin (2001)

Conclusion Tension between data access control and searchability in audit logs Asymmetric scheme for searching on encrypted data Explored optimizations for practical systems

Searching on Asymmetrically Encrypted Data Auditing Device Keywords Alice Ford Loans Document Keywords Alice Ford Loans Document Bob Search Capability audit escrow agent master secret Encrypted Data

Using IBE to Search on Asymmetrically Encrypted Data Keywords Alice Ford Loans Document Auditing Device Document K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans” FLAG used to test K to decrypt on match Key-privacy property  keywords kept private “Pairing” operation per keyword

Using IBE to Search on Asymmetrically Encrypted Data Document K FLAG | K “Alice” FLAG | K “Ford” FLAG | K “Loans” Alice Search Capability Attempt IBE decryption on each part Test for presence of FLAG On match use K to decrypt document Pairing per test

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.