(ppt)

Download Report

Transcript (ppt) 

Building an Encrypted and Searchable
Audit Log
Brent Waters
Dirk Balfanz
Glenn Durfee
D.K. Smetters
Audit Logs
• Employed on most server systems
– Web logs
– Database logs
• Provide invaluable access to past activity
– Hold users accountable for their actions
– Diagnostics
Desirable Characteristics
• Tamper Resistant
• Verifiable
– Can check that entries are present and have not been altered
• Data Access Control
– Entries may be sensitive to individuals or log owner
• Searchability
– Search for log on specific criteria
– e.g keyword search
Desirable Characteristics
• Tamper Resistant
• Verifiable
– Can check that entries are present and have not been altered
• Data Access Control
– Entries may be sensitive to individuals or log owner
• Searchability
– Search for log on specific criteria
– e.g keyword search
An Audit Log for a Database System
“select * from cars
where make=‘ford’”
audit record creation
authentication keyword extraction
database
clock
user: Alice Smith
keyword: cars
keyword: make
keyword: ford
time: 2003/08/26 23:34:24
keywords for audit record
log storage
(untrusted)
Requirements
• Data Access Control
– Entries must be encrypted on untrusted storage
– Forward security in case auditing device becomes
compromised  asymmetric encryption
– Limit scope of data released to that of the search
• Searchability
– Be able to efficiently retrieve entries based on certain criteria
– We focus on keyword search
A Simple Solution
• Encrypt all entries with a public key
• Auditor downloads all entries, then decrypts them,
then performs the search
A Simple Solution
• Encrypt all entries with a public key
• Auditor downloads all entries, then decrypts them,
then performs the search
Disadvantages
• Auditor sees all entries and regardless of what
search criteria was
• All entries must be transmitted from server
Delegating Search Capabilities
The investigator requests a capability to search
for all entries that were made by the user Alice.
“user: Alice Smith”
1
capability
for search
master
secret
investigator
audit escrow agent
The investigator submits the capability to the audit log
and receives only entries that the capability matches.
capability
for search
2
audit
record
investigator
audit
record
…
audit
record
audit log
Searching on Asymmetrically Encrypted
Data
Document Keywords
Alice
Ford
Loans
Auditing Device
Searching on Asymmetrically Encrypted
Data
Document Keywords
Alice
Ford
Loans
Auditing Device
Encrypted Data
Keywords must not
be in the clear!
Searching on Asymmetrically Encrypted
Data
Document Keywords
master
secret
audit escrow agent
Alice
Ford
Loans
Auditing Device
Encrypted Data
Searching on Asymmetrically Encrypted
Data
Document Keywords
master
secret
audit escrow agent
Alice
Ford
Loans
Auditing Device
Search
Capability
Honda
Encrypted Data
Searching on Asymmetrically Encrypted
Data
Document Keywords
master
secret
audit escrow agent
Alice
Ford
Loans
Auditing Device
Search
Capability
Honda
Encrypted Data
Searching on Asymmetrically Encrypted
Data
Document Keywords
master
secret
audit escrow agent
Alice
Ford
Loans
Auditing Device
Search
Capability
Honda
Encrypted Data
No information is
learned
Searching on Asymmetrically Encrypted
Data
Document Keywords
master
secret
audit escrow agent
Alice
Ford
Loans
Auditing Device
Encrypted Data
Searching on Asymmetrically Encrypted
Data
Document Keywords
master
secret
audit escrow agent
Alice
Ford
Loans
Auditing Device
Search
Capability
Alice
Encrypted Data
Searching on Asymmetrically Encrypted
Data
Document Keywords
master
secret
audit escrow agent
Alice
Ford
Loans
Auditing Device
Embed decryption
in search
Search
Capability
Alice
Encrypted Data
Document Keywords
Alice
Ford
Loans
Identity Based Encryption (IBE)
• Public Key is simply a string e.g. [email protected]
• Private Key given from master secret holder(s)
• Removes need for distribution of public key
certificates
• We use scheme of Boneh and Franklin (2001)
Using IBE to Search on Asymmetrically
Encrypted Data
Document Keywords
Alice
Ford
Loans
Auditing Device
Using IBE to Search on Asymmetrically
Encrypted Data
Document Keywords
Auditing Device
Alice
Ford
Loans
K
Document
Using IBE to Search on Asymmetrically
Encrypted Data
Document Keywords
Auditing Device
Alice
Ford
“Alice”
Loans
FLAG | K
K
Document
Using IBE to Search on Asymmetrically
Encrypted Data
Document Keywords
Auditing Device
“Ford”
Alice
Ford
FLAG | K
“Alice”
Loans
FLAG | K
K
Document
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
Document Keywords
FLAG | K
Auditing Device
“Ford”
Alice
Ford
FLAG | K
“Alice”
Loans
FLAG | K
K
Document
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
Document Keywords
FLAG | K
Auditing Device
“Ford”
Alice
Ford
FLAG | K
“Alice”
Loans
FLAG | K
K
•FLAG used to test
K to decrypt on match
Document
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
Document Keywords
FLAG | K
Auditing Device
“Ford”
Alice
Ford
FLAG | K
“Alice”
Loans
FLAG | K
K
•FLAG used to test
K to decrypt on match
•Key-privacy propertykeywords kept
private
Document
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
Document Keywords
FLAG | K
Auditing Device
“Ford”
Alice
Ford
FLAG | K
“Alice”
Loans
FLAG | K
K
•FLAG used to test
K to decrypt on match
•Key-privacy propertykeywords kept
private
•“Pairing” operation per keyword
Document
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
FLAG | K
Search
Capability
“Ford”
Alice
“Alice”
FLAG | K
FLAG | K
K
Document
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
FLAG | K
Search
Capability
“Ford”
Alice
“Alice”
FLAG | K
FLAG | K
•Attempt IBE decryption on each part
Test for presence of FLAG
K
Document
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
FLAG | K
Search
Capability
“Ford”
Alice
“Alice”
FLAG | K
FLAG | K
•Attempt IBE decryption on each part
Test for presence of FLAG
K
Document
011010…
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
FLAG | K
Search
Capability
“Ford”
Alice
“Alice”
FLAG | K
FLAG | K
•Attempt IBE decryption on each part
Test for presence of FLAG
K
Document
0011100…
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
FLAG | K
Search
Capability
“Ford”
Alice
“Alice”
FLAG | K
FLAG | K
•Attempt IBE decryption on each part
Test for presence of FLAG
K
Document
FLAG | K
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
FLAG | K
Search
Capability
“Ford”
Alice
“Alice”
FLAG | K
FLAG | K
•Attempt IBE decryption on each part
Test for presence of FLAG
•On match use K to decrypt document
FLAG | K
K
Document
Document
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
FLAG | K
Search
Capability
“Ford”
Alice
“Alice”
FLAG | K
FLAG | K
•Attempt IBE decryption on each part
Test for presence of FLAG
•On match use K to decrypt document
•Pairing per keyword in document
FLAG | K
K
Document
Document
Scoping of Keywords
• We want to type keywords
• e.g. Capability to search on entries about “Alice”
vs. those made by “Alice”
• Solution: Prefix keywords with type
– “user:Alice”
– “kw:Alice”
Performance
• Encryption
– One pairing per keyword in document
– One exponentiation per keyword
• Search/Decryption
– One pairing per keyword per document
Optimizations
• Cache pairings of frequently used keywords
– eg. ê(“user:Alice”,sP)
– Only need a pairing per new keyword on encryption
– In limit exponentiation per keyword is dominant cost
Optimizations
• Cache pairings of frequently used keywords
– eg. ê(“user:Alice”,sP)
– Only need a pairing per new keyword on encryption
– In limit exponentiation per keyword is dominant cost
• Reuse randomness for IBE encryption within one
document
– Okay since cannot use same public key per document
– In decryption only one pairing per document
– Save storage in log
Indexing
• Incremental update of an index on untrusted
storage is insecure
Indexing
• Incremental update of an index on untrusted
storage is insecure
Document Keywords
Alice
Ford
Loans
Index
Indexing
• Incremental update of an index on untrusted
storage is insecure
Document Keywords
Alice
Ford
Loans
Index
Indexing
• Incremental update of an index on untrusted
storage is insecure
Document Keywords
Alice
Loans
Washington
Index
Indexing
• Incremental update of an index on untrusted
storage is insecure
Document Keywords
Alice
Loans
Washington
Index
Indexing
• Build local index on auditing device and flush out
to storage
Indexing
• Build local index on auditing device and flush out
to storage
“Sam”
FLAG | …
“Alice”
FLAG | K | K’’
K’
K
Document
K’’
Document
Document
Indexing
• Longer index is held in auditing device more
information leaked on device compromise
Implementation
• Implemented a logging system for MySQL
database queries
• Goal to protect individual’s privacy
• Used Stanford IBE library
• Pairing cost ~80ms on current machines
Related Work
Searching on Encrypted Data
• Boneh, Crescenzo, Ostrovsky and Persiano (2003)
• Song, Wagner and Perrig (2000)
• Goh (2003)
Identity Based Encryption
• Boneh and Franklin (2001)
Conclusion
• Tension between data access control and
searchability in audit logs
• Asymmetric scheme for searching on encrypted
data
• Explored optimizations for practical systems
Searching on Asymmetrically Encrypted
Data
Document
Keywords
Alice
master
secret
audit escrow agent
Ford
Loans
Auditing Device
Search
Capability
Bob
Encrypted Data
Document
Keywords
Alice
Ford
Loans
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
FLAG | K
Document
Keywords
Auditing Device
Alice
Ford
Loans
“Ford”
FLAG | K
“Alice”
FLAG | K
K
Document
•FLAG used to test
K to decrypt on match
•Key-privacy propertykeywords kept
private
•“Pairing” operation per keyword
Using IBE to Search on Asymmetrically
Encrypted Data
“Loans”
FLAG | K
Search
Capability
Alice
“Ford”
FLAG | K
“Alice”
FLAG | K
K
•Attempt IBE decryption on each part
Test for presence of FLAG
•On match use K to decrypt document
•Pairing per test
Document