Change search
Link to record
Permanent link

Direct link
BETA
Publications (6 of 6) Show all publications
Pulls, T. & Dahlberg, R. (2018). Cryptology ePrint Archive: Report 2018/737.
Open this publication in new window or tab >>Cryptology ePrint Archive: Report 2018/737
2018 (English)Report (Other academic)
Abstract [en]

We present Steady: an end-to-end secure logging system engineered to be simple in terms of design, implementation, and assumptions for real-world use. Steady gets its name from being based on a steady (heart)beat of events from a forward-secure device sent over an untrusted network through untrusted relays to a trusted collector. Properties include optional encryption and compression (with loss of confidentiality but significant gain in goodput), detection of tampering, relays that can function in unidirectional networks (e.g., as part of a data diode), cost-effective use of cloud services for relays, and publicly verifiable proofs of event authenticity. The design is formalized and security proven in the standard model. Our prototype implementation (about 2,200 loc) shows reliable goodput of over 1M events/s (about 160 MiB/s) for a realistic dataset with commodity hardware for a device on a GigE network using 16 MiB of memory connected to a relay running at Amazon EC2.

Publisher
p. 17
Keywords
cryptographic protocols
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-71420 (URN)
Projects
HITS, 4707
Funder
Knowledge Foundation
Note

Original Publication (with major differences): NordSec 2018 DOI: 10.1007/978-3-030-03638-6_6

Available from: 2019-03-04 Created: 2019-03-04 Last updated: 2019-11-11Bibliographically approved
Pulls, T. & Dahlberg, R. (2018). Steady: A Simple End-to-End Secure Logging System. In: N. Gruschka (Ed.), N. Gruschka (Ed.), Secure IT Systems. NordSec 2018: Lecture Notes in Computer Science, vol 11252. Paper presented at Secure IT Systems. NordSec 2018, 28 November 2018 through 30 November 2018 (pp. 88-103). Springer
Open this publication in new window or tab >>Steady: A Simple End-to-End Secure Logging System
2018 (English)In: Secure IT Systems. NordSec 2018: Lecture Notes in Computer Science, vol 11252 / [ed] N. Gruschka, Springer, 2018, p. 88-103Conference paper, Published paper (Refereed)
Abstract [en]

We present Steady: an end-to-end secure logging system engineered to be simple in terms of design, implementation, and assumptions for real-world use. Steady gets its name from being based on a steady (heart)beat of events from a forward-secure device sent over an untrusted network through untrusted relays to a trusted collector. Properties include optional encryption and compression (with loss of confidentiality but significant gain in goodput), detection of tampering, relays that can function in unidirectional networks (e.g., as part of a data diode), cost-effective use of cloud services for relays, and publicly verifiable proofs of event authenticity. The design is formalized and security proven in the standard model. Our prototype implementation (2,200 loc) shows reliable goodput of over 1M events/s (160 MiB/s) for a realistic dataset with commodity hardware for a device on a GigE network using 16 MiB of memory connected to a relay running at Amazon EC2. 

Place, publisher, year, edition, pages
Springer, 2018
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 11252
Keywords
Applied cryptography, Protocols, Secure logging, Cost effectiveness, Cryptography, Network protocols, Commodity hardware, Prototype implementations, Publicly verifiable, Secure loggings, The standard model, Untrusted network, Untrusted relays, Network security
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-70592 (URN)10.1007/978-3-030-03638-6_6 (DOI)2-s2.0-85057425500 (Scopus ID)9783030036379 (ISBN)
Conference
Secure IT Systems. NordSec 2018, 28 November 2018 through 30 November 2018
Projects
HITS, 4707
Funder
Knowledge Foundation
Available from: 2018-12-20 Created: 2018-12-20 Last updated: 2019-11-11Bibliographically approved
Dahlberg, R. & Pulls, T. (2018). Verifiable Light-Weight Monitoring for Certificate Transparency Logs. In: N. Gruschka (Ed.), Secure IT Systems. NordSec 2018: Lecture Notes in Computer Science, vol. 11252. Paper presented at Secure IT Systems. NordSec 2018, 28 November 2018 through 30 November 2018 (pp. 171-183). Springer
Open this publication in new window or tab >>Verifiable Light-Weight Monitoring for Certificate Transparency Logs
2018 (English)In: Secure IT Systems. NordSec 2018: Lecture Notes in Computer Science, vol. 11252 / [ed] N. Gruschka, Springer, 2018, p. 171-183Conference paper, Published paper (Refereed)
Abstract [en]

Trust in publicly verifiable Certificate Transparency (CT) logs is reduced through cryptography, gossip, auditing, and monitoring. The role of a monitor is to observe each and every log entry, looking for suspicious certificates that interest the entity running the monitor. While anyone can run a monitor, it requires continuous operation and copies of the logs to be inspected. This has lead to the emergence of monitoring as-a-service: a trusted third-party runs the monitor and provides registered subjects with selective certificate notifications. We present a CT/bis extension for verifiable light-weight monitoring that enables subjects to verify the correctness of such certificate notifications, making it easier to distribute and reduce the trust which is otherwise placed in these monitors. Our extension supports verifiable monitoring of wild-card domains and piggybacks on CT’s existing gossip-audit security model. 

Place, publisher, year, edition, pages
Springer, 2018
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 11252
Keywords
Certificate Transparency, Monitoring, Security protocols, Network security, Transparency, Continuous operation, Light weight, Publicly verifiable, Security model, Trusted third parties, Wild cards, Patient monitoring
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-70591 (URN)10.1007/978-3-030-03638-6_11 (DOI)2-s2.0-85057389362 (Scopus ID)9783030036379 (ISBN)
Conference
Secure IT Systems. NordSec 2018, 28 November 2018 through 30 November 2018
Projects
HITS, 4707
Funder
Knowledge Foundation
Available from: 2018-12-20 Created: 2018-12-20 Last updated: 2019-11-11Bibliographically approved
Dahlberg, R., Pulls, T. & Peeters, R. (2016). Efficient Sparse Merkle Trees: Caching Strategies and Secure (Non-)Membership Proofs. In: Billy Bob Brumley, Juha Röning (Ed.), Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings. Paper presented at NordSec 2016 - 21st Nordic Conference on Secure IT Systems, Oulu, Finland, November 2nd and 4th, 2016 (pp. 199-215). Springer
Open this publication in new window or tab >>Efficient Sparse Merkle Trees: Caching Strategies and Secure (Non-)Membership Proofs
2016 (English)In: Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings / [ed] Billy Bob Brumley, Juha Röning, Springer, 2016, p. 199-215Conference paper, Published paper (Refereed)
Abstract [en]

A sparse Merkle tree is an authenticated data structure based on a perfect Merkle tree of intractable size. It contains a distinct leaf for every possible output from a cryptographic hash function, and can be simulated efficiently because the tree is sparse (i.e., most leaves are empty). We are the first to provide complete, succinct, and recursive definitions of a sparse Merkle tree and related operations. We show that our definitions enable efficient space-time trade-offs for different caching strategies, and that verifiable audit paths can be generated to prove (non-)membership in practically constant time (<4 ms) when using SHA-512/256. This is despite a limited amount of space for the cache—smaller than the size of the underlying data structure being authenticated—and full (concrete) security in the multi-instance setting.

Place, publisher, year, edition, pages
Springer, 2016
Series
Lecture notes in computer science, ISSN 0302-9743 ; 10014
Keywords
Hash Function, Certificate Authority, Cache Strategy, Cryptographic Hash Function, Empty Node
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-47716 (URN)10.1007/978-3-319-47560-8_13 (DOI)000452458200013 ()978-3-319-47559-2 (ISBN)
Conference
NordSec 2016 - 21st Nordic Conference on Secure IT Systems, Oulu, Finland, November 2nd and 4th, 2016
Projects
HITS
Funder
Knowledge Foundation
Available from: 2017-01-25 Created: 2017-01-25 Last updated: 2019-11-11Bibliographically approved
Dahlberg, R. & Pulls, T. (2016). Standardized Syslog Processing: Revisiting Secure Reliable Data Transfer and Message Compression. Karlstad: Karlstads universitet
Open this publication in new window or tab >>Standardized Syslog Processing: Revisiting Secure Reliable Data Transfer and Message Compression
2016 (English)Report (Other academic)
Abstract [en]

Today's computer logs are like smoking guns and treasure maps in case of suspicious system activities: they document intrusions, and log crucial information such as failed system updates and crashed services. An adversary thus has a clear motive to observe, alter, and delete log entries, considering that she could (i) start by using the log's content to identify new security vulnerabilities, and (ii) exploit them without ever being detected. With this in mind we consider syslog standards and open source projects that safeguard events during the storage and transit phases, and examine how data compression effects security. We conclude that there are syslog standards in place that satisfy security on a hop-by-hop basis, that there are no such standards for secure storage, and that message compression is not recommended during transit.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2016
Series
Arbetsrapport
Keywords
Syslog, rsyslog, syslog-ng, standardized logging, secure data compression
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-45392 (URN)978-91-7063-719-3 (ISBN)
Projects
HITS
Available from: 2016-09-19 Created: 2016-08-19 Last updated: 2019-11-11
Dahlberg, R., Pulls, T., Vestin, J., Høiland-Jørgensen, T. & Kassler, A. Aggregation-Based Gossip for Certificate Transparency.
Open this publication in new window or tab >>Aggregation-Based Gossip for Certificate Transparency
Show others...
(English)Other (Other academic)
Abstract [en]

Certificate Transparency (CT) is a project that mandates public logging of TLS certificates issued by certificate authorities. While a CT log is designed to be trustless, it relies on the assumption that every client sees and cryptographically verifies the same log. The solution to this problem is a gossip mechanism that ensures that clients share the same view of the logs. Despite CT being added to Google Chrome, no gossip mechanism is pending wide deployment. We suggest an aggregation-based gossip mechanism that passively observes cryptographic material that CT logs emit in plaintext, aggregating at packet processors and periodically verifying log consistency off-path. Based on 20 days of RIPE Atlas measurements that represents clients from 3500 autonomous systems and 40% of the IPv4 space, our proposal can be deployed incrementally for a realistic threat model with significant protection against undetected log misbehavior. We also discuss how to instantiate aggregation-based gossip on a variety of packet processors, and show that our P4 and XDP proof-of-concepts implementations run at line-speed.

National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-71423 (URN)
Note

Subjects:Cryptography and Security (cs.CR)Cite as:arXiv:1806.08817 [cs.CR]

Öppet arkiv, papper skickat till konferans i betydligt förändrad form

Available from: 2019-03-04 Created: 2019-03-04 Last updated: 2019-11-11Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-0840-5072

Search in DiVA

Show all publications