The present invention relates to a system and method for log maintenance, and more particularly to a logging system and method based on the one-way hash function.
Logging mechanisms records activities and events occurring in a computer system. The contents recorded by the logging mechanisms include information like, for example, boot-up and process executions of the system, user log-on logs, application utilization logs, and interaction with external servers, which can used for auditing, accounting, or rollback to a previous system state. In terms of e-commerce or networked services, historical user operations for some services (audio-visual or software service) may be considered as the basis for service charging or as the data source for service providers to analyze user's behaviors.
A logging system involves three roles, which are the user system, the verifier, and the trusted third party. Respectively, the user system maintains a secure log, the verifier checks the log against certain events, and the trusted third party helps to initialize the logging system and to verify the integrity of the log.
A log needs to be secured to be evidential and thus to the minimal satisfies the following three basic security needs. First, a log must ensure the verifiability for a verifier whether events are truly and correctly recorded in the log in the form of log entries. Second, the integrity of existing log entries after the user system is compromised by the attacker and loses the control over secret information used for secure logging must be compliant. Third, the detection capability of deletion or modification of existing log entries after the system is compromised must be provided in the log mechanism.
In addition, if the recorded event contexts are information that user is unwilling to disclose, the user shall be able to keep them private and known to specified verifiers. This would sustain a fourth security requirement:
The privacy of all log entries has to be protected and only qualified verifiers can obtain event information specified by the user system.
For example, let the trusted third party be a bank, and thus a merchant could act as the verifier who has business transactions with the user. What the merchant needs to know is the proof of the business transaction between he and the user, and the banks needs to know is the exact amount to pay from the user account to the merchant account. During the entire logging and verification process, the bank doesn't need to learn the details of the transaction, and the merchant doesn't need to know about any irrelevant transactions.
Currently, several techniques for protecting the integrity and correctness of the logs have been put forward. For example, U.S. Pat. No. 5,978,475 discloses the protocol using one-way hash function, encryption, signature, and other techniques together to protect the log. This implies heavy cryptographic operations are required to realize secure logging. Moreover, in '475 patent the trusted third party needs to learn all the events information in the log to facilitate the verification process, which implies the privacy of the user is not protected herein.