Accountability of Things: Large-Scale Tamper-Evident Logging for Smart Devices
David Koisser, Ahmad-Reza Sadeghi
TL;DR
This paper presents a scalable, tamper-evident logging scheme for large networks of smart devices, enabling efficient detection and proof of log tampering with minimal storage overhead.
Contribution
It introduces a novel binary hash tree construction around timestamps, providing scalable, efficient, and proof-enabled tamper-evident logs for large-scale device environments.
Findings
Localizes log tampering within sub-second resolution
Maintains constant ~8KB per hour per device overhead
Supports efficient proof construction for logged events
Abstract
Our modern world relies on a growing number of interconnected and interacting devices, leading to a plethora of logs establishing audit trails for all kinds of events. Simultaneously, logs become increasingly important for forensic investigations, and thus, an adversary will aim to alter logs to avoid culpability, e.g., by compromising devices that generate and store logs. Thus, it is essential to ensure that no one can tamper with any logs without going undetected. However, existing approaches to establish tamper evidence of logs do not scale and cannot protect the increasingly large number of devices found today, as they impose large storage or network overheads. Additionally, most schemes do not provide an efficient mechanism to prove that individual events have been logged to establish accountability when different devices interact. This paper introduces a novel scheme for…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDigital and Cyber Forensics · Network Security and Intrusion Detection · Advanced Malware Detection Techniques