Constructing a Confidential, Authenticated, Forward Secure and Offline Logging Scheme
P.C.J. van der Veeken (TU Delft - Electrical Engineering, Mathematics and Computer Science)
More Info
expand_more
Rust Implementation of the IFLS logging scheme.
https://github.com/p-v-d-Veeken/IFLSOther than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
In IT systems, a logfile provides administrators with an audit trail which can be used to review a system’s activities and a way to discover and diagnose problems which have occurred within that system. When an attacker penetrates an IT system, commonly one of their first actions is tampering with the logs, so that they can hide their malicious activities. For most types of systems a suitable secure logging solution exists. These solutions prevent an adversary from tampering with the system logs, or make it infeasible to do so undetectably. However, the solutions that exist for devices with limited computing power, “resource-constrained” devices, are all unsuited for long-term unsupervised deployment. In this scenario a device is deployed in a hostile environment for prolonged periods of time, during which it cannot communicate or otherwise interact with another party. Existing solutions for this scenario are either, not secure against all known attacks on secure logging schemes, make assumptions that are not realistic given the aforementioned scenario, or fail to account for real-world constraints that these devices and scenario impose on the capabilities of a secure logging scheme.
In this thesis we present two secure logging schemes called Immutable Forward Linked and Sealed Logging (IFLS) and Pseudorandom Indexed Forward Linked Logging (PIFL). Both schemes allow for tamper-resistant logging on low-powered devices while at the same time requiring only initial interaction with an external party. Furthermore we present a novel and efficient way of establishing an immutable link between consecutive log entries, which grants protection against most attacks on secure logging schemes. We additionally detail two methods to shield the last log entry, so that Truncation Attacks and Crash Attacks are mitigated. The combination of these techniques in IFLS and PIFL results in two schemes which are fully tamper-resistant. We find that PIFL’s pseudorandom indexing of log entries makes this scheme well-suited for use on flash storage, a storage medium that is ubiquitous in resource-constrained devices. Lastly, we confirm the real-world feasibility of our work by implementing and practically evaluating IFLS in the Rust programming language.