Building an Encrypted and Searchable Audit Log

1
Building an Encrypted and Searchable Audit Log

• Brent Waters
• Dirk Balfanz
• Glenn Durfee
• D.K. Smetters

2
Audit Logs

• Employed on most server systems
• Web logs
• Database logs
• Provide invaluable access to past activity
• Hold users accountable for their actions
• Diagnostics

3
Desirable Characteristics

• Tamper Resistant
• Verifiable
• Can check that entries are present and have not
  been altered
• Data Access Control
• Entries may be sensitive to individuals or log
  owner
• Searchability
• Search for log on specific criteria
• e.g keyword search

4
Desirable Characteristics

• Tamper Resistant
• Verifiable
• Can check that entries are present and have not
  been altered
• Data Access Control
• Entries may be sensitive to individuals or log
  owner
• Searchability
• Search for log on specific criteria
• e.g keyword search

5
An Audit Log for a Database System
log storage (untrusted)
6
Requirements

• Data Access Control
• Entries must be encrypted on untrusted storage
• Forward security in case auditing device becomes
  compromised ? asymmetric encryption
• Limit scope of data released to that of the
  search
• Searchability
• Be able to efficiently retrieve entries based on
  certain criteria
• We focus on keyword search

7
A Simple Solution

• Encrypt all entries with a public key
• Auditor downloads all entries, then decrypts
  them, then performs the search

8
A Simple Solution

• Encrypt all entries with a public key
• Auditor downloads all entries, then decrypts
  them, then performs the search
• Disadvantages
• Auditor sees all entries and regardless of what
  search criteria was
• All entries must be transmitted from server

9
Delegating Search Capabilities
The investigator requests a capability to search
for all entries that were made by the user Alice.
user Alice Smith
1
capabilityfor search
mastersecret
investigator
audit escrow agent
The investigator submits the capability to the
audit log and receives only entries that the
capability matches.
capabilityfor search
2
auditrecord
auditrecord
auditrecord

audit log
investigator
10
Searching on Asymmetrically Encrypted Data
Document
11
Searching on Asymmetrically Encrypted Data
Document
Encrypted Data
Keywords must not be in the clear!
12
Searching on Asymmetrically Encrypted Data
Document
mastersecret
audit escrow agent
Encrypted Data
13
Searching on Asymmetrically Encrypted Data
Document
mastersecret
audit escrow agent
Encrypted Data
14
Searching on Asymmetrically Encrypted Data
Document
mastersecret
audit escrow agent
Encrypted Data
15
Searching on Asymmetrically Encrypted Data
Document
mastersecret
audit escrow agent
Encrypted Data
No information is learned
16
Searching on Asymmetrically Encrypted Data
Keywords Alice Ford Loans
Document
mastersecret
audit escrow agent
Encrypted Data
17
Searching on Asymmetrically Encrypted Data
Document
mastersecret
audit escrow agent
Encrypted Data
18
Searching on Asymmetrically Encrypted Data
Document
mastersecret
audit escrow agent
Embed decryption in search
Encrypted Data
Document
19
Identity Based Encryption (IBE)

• Public Key is simply a string e.g. bob_at_parc.com
• Private Key given from master secret holder(s)
• Removes need for distribution of public key
  certificates
• We use scheme of Boneh and Franklin (2001)

20
Using IBE to Search on Asymmetrically Encrypted
Data
21
Using IBE to Search on Asymmetrically Encrypted
Data
22
Using IBE to Search on Asymmetrically Encrypted
Data
23
Using IBE to Search on Asymmetrically Encrypted
Data
24
Using IBE to Search on Asymmetrically Encrypted
Data
25
Using IBE to Search on Asymmetrically Encrypted
Data

• FLAG used to test
• K to decrypt on match

26
Using IBE to Search on Asymmetrically Encrypted
Data

• FLAG used to test
• K to decrypt on match
• Key-privacy property?keywords kept private

27
Using IBE to Search on Asymmetrically Encrypted
Data

• FLAG used to test
• K to decrypt on match
• Key-privacy property?keywords kept private
• Pairing operation per keyword

28
Using IBE to Search on Asymmetrically Encrypted
Data
29
Using IBE to Search on Asymmetrically Encrypted
Data

• Attempt IBE decryption on each part
• Test for presence of FLAG

30
Using IBE to Search on Asymmetrically Encrypted
Data
011010

• Attempt IBE decryption on each part
• Test for presence of FLAG

31
Using IBE to Search on Asymmetrically Encrypted
Data
0011100

• Attempt IBE decryption on each part
• Test for presence of FLAG

32
Using IBE to Search on Asymmetrically Encrypted
Data
FLAG K

• Attempt IBE decryption on each part
• Test for presence of FLAG

33
Using IBE to Search on Asymmetrically Encrypted
Data
FLAG K

• Attempt IBE decryption on each part
• Test for presence of FLAG
• On match use K to decrypt document

Document
34
Using IBE to Search on Asymmetrically Encrypted
Data
FLAG K

• Attempt IBE decryption on each part
• Test for presence of FLAG
• On match use K to decrypt document
• Pairing per keyword in document

Document
35
Scoping of Keywords

• We want to type keywords
• e.g. Capability to search on entries about
  Alice vs. those made by Alice
• Solution Prefix keywords with type
• userAlice
• kwAlice

36
Performance

• Encryption
• One pairing per keyword in document
• One exponentiation per keyword
• Search/Decryption
• One pairing per keyword per document

37
Optimizations

• Cache pairings of frequently used keywords
• eg. ê(userAlice,sP)
• Only need a pairing per new keyword on encryption
• In limit exponentiation per keyword is dominant
  cost

38
Optimizations

• Cache pairings of frequently used keywords
• eg. ê(userAlice,sP)
• Only need a pairing per new keyword on encryption
• In limit exponentiation per keyword is dominant
  cost
• Reuse randomness for IBE encryption within one
  document
• Okay since cannot use same public key per
  document
• In decryption only one pairing per document
• Save storage in log

39
Indexing

• Incremental update of an index on untrusted
  storage is insecure

40
Indexing

• Incremental update of an index on untrusted
  storage is insecure

Index
41
Indexing

• Incremental update of an index on untrusted
  storage is insecure

Index
42
Indexing

• Incremental update of an index on untrusted
  storage is insecure

Index
43
Indexing

• Incremental update of an index on untrusted
  storage is insecure

Index
44
Indexing

• Build local index on auditing device and flush
  out to storage

45
Indexing

• Build local index on auditing device and flush
  out to storage

46
Indexing

• Longer index is held in auditing device more
  information leaked on device compromise

47
Implementation

• Implemented a logging system for MySQL database
  queries
• Goal to protect individuals privacy
• Used Stanford IBE library
• Pairing cost 80ms on current machines

48
Related Work

• Searching on Encrypted Data
• Boneh, Crescenzo, Ostrovsky and Persiano (2003)
• Song, Wagner and Perrig (2000)
• Goh (2003)
• Identity Based Encryption
• Boneh and Franklin (2001)

49
Conclusion

• Tension between data access control and
  searchability in audit logs
• Asymmetric scheme for searching on encrypted data
• Explored optimizations for practical systems

50
(No Transcript)
51
Searching on Asymmetrically Encrypted Data
Encrypted Data
52
Using IBE to Search on Asymmetrically Encrypted
Data
Document

• FLAG used to test
• K to decrypt on match
• Key-privacy property?keywords kept private
• Pairing operation per keyword

53
Using IBE to Search on Asymmetrically Encrypted
Data

• Attempt IBE decryption on each part
• Test for presence of FLAG
• On match use K to decrypt document
• Pairing per test