Provided by: International Association for Cryptologic Research
Date Added: Jun 2013
In computer forensics, log files are indispensable resources that support auditors in identifying and understanding system threats and security breaches. If such logs are recorded locally, i.e., stored on the monitored machine itself, the problem of log authentication arises: if a system intrusion takes place, the intruder might be able to manipulate the log entries and cover their traces. Mechanisms that cryptographically protect collected log messages from manipulation should ideally have two properties: they should be forward-secure (the adversary gets no advantage from learning current keys when aiming at forging past log entries), and they should be seekable (the auditor can verify the integrity of log entries in any order or access pattern, at virtually no computational cost).