Event auditing system
First Claim
1. A method for creating an audit log entry having enhanced security against tampering, comprising the steps of:
- (a) receiving a quantity to be logged;
(b) concatenating said quantity with at least a portion of a verification chain entry for a preceding entry;
(c) using an entry-specific cryptographic key having been derived by computing a cryptographic hash on at least a cryptographic key for a preceding entry, performing a verifiable cryptographic operation on the result of step (b) to generate a current verification chain entry; and
(d) writing, to a memory, an audit log entry including said quantity and said generated verification chain entry.
5 Assignments
0 Petitions
Accused Products
Abstract
In many computer applications, sensitive information must be kept on an untrusted machine. Such information must be protected against attackers, as well as against partially trusted entities to be given partial, but not total, access to the stored information. This invention provides a method, apparatus and computer-readable data structure for inhibiting an attacker from accessing or corrupting information stored by an untrusted machine. More specifically, in a log file generated during a process in which the untrusted machine is in limited communication with a trusted machine, entries generated prior to the attack remain secure (they cannot be modified without detection), even though subsequent entries can not be trusted. One embodiment of the invention also allows a partially trusted verifier to read and verify entries in the log file, but not to change them without detection. In another embodiment of the invention, operating with or without the trusted machine, the untrusted machine'"'"'s log file can also incorporate log files of other processes.
476 Citations
70 Claims
-
1. A method for creating an audit log entry having enhanced security against tampering, comprising the steps of:
-
(a) receiving a quantity to be logged; (b) concatenating said quantity with at least a portion of a verification chain entry for a preceding entry; (c) using an entry-specific cryptographic key having been derived by computing a cryptographic hash on at least a cryptographic key for a preceding entry, performing a verifiable cryptographic operation on the result of step (b) to generate a current verification chain entry; and (d) writing, to a memory, an audit log entry including said quantity and said generated verification chain entry. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer-readable medium embodying a software program for creating an audit log entry having enhanced security against tampering, said software program comprising:
-
(a) program code configured to receive a quantity to be logged; (b) program code configured to concatenate said quantity with at least a portion of a verification chain entry for a preceding entry; (c) program code configured to use an entry-specific cryptographic key that was derived by computing a cryptographic hash on at least a cryptographic key for a preceding entry, to perform a verifiable cryptographic operation on the result of step (b) to generate a current verification chain entry; and (d) program code configured to write, to a memory, an audit log entry including said quantity and said generated verification chain entry. - View Dependent Claims (24)
-
-
25. A computer-readable medium comprising a data structure for use as an audit log entry having enhanced security against tampering, said data structure including:
-
(a) a logged quantity; and (b) a verification chain entry comprising a verifiable cryptographic representation of; (i) at least a portion of a preceding verification chain entry, and (ii) said logged quantity; said cryptographic representation having been computed using an entry-specific cryptographic key that was derived by computing a cryptographic hash on at least a cryptographic key for said preceding entry. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A method for verifying entries in an audit log, comprising the steps of:
-
(a) receiving an audit log including a plurality of log entries, each entry having; (i) a logged quantity; and (ii) a verification chain entry comprising a verifiable cryptographic representation of; (A) at least a portion of a preceding verification chain entry, and (B) said logged quantity; said cryptographic representation having been computed using an entry-specific cryptographic key that was derived by computing a cryptographic hash on at least a cryptographic key for said preceding entry; and (b) verifying a sequence of said verification chain entries from their respective preceding verification chain entries. - View Dependent Claims (44, 45)
-
-
46. A method for creating an audit log entry having enhanced security against tampering, comprising the steps of:
-
(a) receiving a datum to be logged; (b) encrypting said datum with a first cryptographic key; (c) concatenating a permission mask and a first verification chain entry with said encrypted datum; (d) performing a first verifiable cryptographic operation on the result of step (c) to generate a second verification chain entry; and (e) using a first authentication key, performing an authenticatable cryptographic operation on said second verification chain entry to form a cryptographically authenticatable representation thereof; (f) writing, to a memory, an audit log entry including said encrypted datum, said permission mask, said second verification chain entry, and said cryptographically authenticatable representation of said second verification chain entry. - View Dependent Claims (47, 48, 49, 50, 51, 52)
-
-
53. A computer-readable medium embodying a software program for creating an audit log entry having enhanced security against tampering, said software program comprising:
-
(a) program code configured to receive a datum to be logged; (b) program code configured to encrypt said datum with a first cryptographic key; (c) program code configured to concatenate a permission mask and a first verification chain entry with said encrypted datum; (d) program code configured to perform a first verifiable cryptographic operation on the result of step (c) to generate a second verification chain entry; and (e) program code configured to use a first authentication key to perform an authenticatable cryptographic operation on said second verification chain entry to form a cryptographically authenticatable representation thereof; (f) program code configured to write, to a memory, an audit log entry including said encrypted data, said permission mask, said second verification chain entry, and said cryptographically authenticatable representation of said second verification chain entry. - View Dependent Claims (54)
-
-
55. A computer-readable medium comprising a data structure for use as an audit log entry having enhanced security against tampering, said data structure including:
-
(a) a permission mask; (b) an encrypted datum having been encrypted using a cryptographic key, said cryptographic key comprising a first cryptographic representation of; (i) said permission mask, and (ii) an authentication key; (c) a verification chain entry comprising a second cryptographic representation of; (i) a preceding verification chain entry, (ii) said permission mask, and (iii) said encrypted datum; and (d) a third cryptographic representation, of said verification chain entry, having been derived by performing an authenticatable cryptographic operation on said verification chain entry using said authentication key. - View Dependent Claims (56, 57, 58, 59, 60)
-
-
61. A method for verifying entries in an audit log, comprising the steps of:
-
(a) receiving an audit log including a plurality of log entries, each entry having; (i) a permission mask, (ii) an encrypted datum having been encrypted using a cryptographic key, said cryptographic key being a first cryptographic representation of; (A) said permission mask, and (B) an authentication key specific to said entry, (iii) a verification chain entry that is a second cryptographic representation of; (A) a preceding verification chain entry, (B) said permission mask, and (C) said encrypted datum; and (iv) a cryptographically authenticatable representation of said verification chain entry, derived by performing an authenticatable cryptographic operation on said verification chain entry using said authentication key; and (b) verifying a sequence of said verification chain entries from their respective preceding verification chain entries. - View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70)
-
Specification