A Secure and Privacy-Friendly Logging Scheme (2405.11341v1)
Abstract: Finding a robust security mechanism for audit trail logging has long been a poorly satisfied goal. There are many reasons for this. The most significant of these is that the audit trail is a highly sought after goal of attackers to ensure that they do not get caught. Thus they have an incredibly strong incentive to prevent companies from succeeding in this worthy aim. Regulation, such as the European Union General Data Protection Regulation, has brought a strong incentive for companies to achieve success in this area due to the punitive level of fines that can now be levied in the event of a successful breach by an attacker. We seek to resolve this issue through the use of an encrypted audit trail process that saves encrypted records to a true immutable database, which can ensure audit trail records are permanently retained in encrypted form, with no possibility of the records being compromised. This ensures compliance with the General Data Protection Regulation can be achieved.
- Ponemon Institute, Ed., “2018 Cost of Insider Threats: Global”, April 2018, [Online]. Available: https://153j3ttjub71nfe89mc7r5gb-wpengine.netdna-ssl.com/wp-content/uploads/2018/04/ObserveIT-Insider-Threat-Global-Report-FINAL.pdf [accessed: 2021-04-01]
- Microsoft, Ed., “Microsoft Productivity Score”, [Online]. Available: https://adoption.microsoft.com/productivity-score/ [accessed: 2021-04-01]
- A. Hern, “Microsoft productivity score feature criticised as workplace surveillance”, The Guardian, [Online]. Available: https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance, 2020-11-26 [accessed: 2021-04-01]
- S. Hurtz, “Angestellte überwachen? Microsoft macht’s möglich”, Süddeutsche Zeitung, [Online]. Available: https://sz.de/1.5130228, 2020-11-27 [accessed: 2021-04-01]
- Hamburg Commissioner, Ed., “35.3 Million Euro Fine for Data Protection Violations in H&M’s Service Center”, Datenschutz-Hamburg GDPR fine for GDPR employee data breach, Press Release, 2020. [Online]. Available: https://datenschutz-hamburg.de/assets/pdf/2020-10-01-press-release-h+m-fine.pdf [accessed: 2021-04-01]
- D. Zimmer, “immudb”, 2021, [Online]. Available: https://www.codenotary.com/technologies/immudb/ [accessed: 2021-03-03]
- M. Paik, J. Irazábal, D. Zimmer, M. Meloni, and V. Padurean, “immudb: A Lightweight, Performant Immutable Database”, Available: https://www.codenotary.com/technologies/immudb/ [accessed: 2021-04-01]
- B. Schneier and J. Kelsey, “Secure audit logs to support computer forensics”, ACM Transactions on Information and System Security (TISSEC), 2(2), pp. 159-176, 1999.
- B. R. Waters, D. Balfanz, G. Durfee, and D. K. Smetters, “Building an Encrypted and Searchable Audit Log”, NDSS, 4, pp. 5-6, 2004.
- A. Shamir, “How to share a secret”, Communications of the ACM, vol. 22, no. 11, pp. 612-613, 1979.
- G. R. Blakley, “Safeguarding cryptographic keys”, Managing Requirements Knowledge, International Workshop on (AFIPS), Proceedings, pp. 313-317, 1979.
- G. Weir and A. Aßmuth, “Strategies for Intrusion Monitoring in Cloud Services”, pp. 49-53, 2017.
- G. Weir, A. Aßmuth, and N. Jäger, “Forensic Recovery and Intrusion Monitoring in the Cloud”, International Journal on Advances in Security, vol. 11, no. 3 & 4, pp. 264-263, 2018.
- G. Weir, A. Aßmuth, M. Whittington, and B. Duncan, “Cloud Accounting Systems, the Audit Trail, Forensics and the EU GDPR: How Hard Can It Be?” BAFA Scottish Area Group Annual Conference 2017, Aberdeen, 2017.
- H. Krawczyk, “Secret Sharing Made Short”, Advances in Cryptology CRYPTO’ 93, Proceedings, Lecture Notes in Computer Science, vol. 773, pp. 136-146, Springer, 1993.
Sponsor
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Collections
Sign up for free to add this paper to one or more collections.