Change search
ReferencesLink to record
Permanent link

Direct link
Improving Integrity Assurances of Log Entries From the Perspective of Intermittently Disconnected Devices
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
2014 (English)Student thesisAlternative title
Förbättring av integritetsförsäkring av loggar sett från tillfälligt bortkopplade enheter (Swedish)
Abstract [en]

It is common today in large corporate environments for system administrators to employ centralized systems for log collection and analysis. The log data can come from any device between smart-phones and large scale server clusters. During an investigation of a system failure or suspected intrusion these logs may contain vital information. However, the trustworthiness of this log data must be confirmed. The objective of this thesis is to evaluate the state of the art and provide practical solutions and suggestions in the field of secure logging. In this thesis we focus on solutions that do not require a persistent connection to a central log management system. To this end a prototype logging framework was developed including client, server and verification applications. The client employs different techniques of signing log entries. The focus of this thesis is to evaluate each signing technique from both a security and performance perspective. This thesis evaluates "Traditional RSA-signing", "Traditional Hash-chains"', "Itkis-Reyzin's asymmetric FSS scheme" and "RSA signing and tick-stamping with TPM", the latter being a novel technique developed by us. In our evaluations we recognized the inability of the evaluated techniques to detect so called `truncation-attacks', therefore a truncation detection module was also developed which can be used independent of and side-by-side with any signing technique. In this thesis we conclude that our novel Trusted Platform Module technique has the most to offer in terms of log security, however it does introduce a hardware dependency on the TPM. We have also shown that the truncation detection technique can be used to assure an external verifier of the number of log entries that has at least passed through the log client software.

Place, publisher, year, edition, pages
2014. , 62 p.
Keyword [en]
Secure logging, forward security, TPM, digital signature
National Category
Computer Science Software Engineering
URN: urn:nbn:se:bth-3994Local ID: diva2:831312
Educational program
DVACD Master of Science in Computer Security
Available from: 2015-04-22 Created: 2014-07-07 Last updated: 2016-02-22Bibliographically approved

Open Access in DiVA

fulltext(638 kB)48 downloads
File information
File name FULLTEXT01.pdfFile size 638 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Department of Computer Science and Engineering
Computer ScienceSoftware Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 48 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 121 hits
ReferencesLink to record
Permanent link

Direct link