Log records come from diverse sources, in different formats, and in massive volumes. These records serve as a valuable proof and can be used as evidence e.g in legal proceedings or security violation detection. This makes digital signing and time-stamping of logs a necessity for providing authenticity and integrity of data.
In this blog we present, what we consider to be, the ideal signing scheme for log signing and will showcase how on the practical level the property of efficient signing process (both in time and space) is a key-element to ensure the signing of logs in large volume.
TrueTrail, differently from other similar solutions, dissolves those obstacles.
An ideal log signing scheme should have the following properties:
- The integrity of the whole log can be verified by the owner of the log: no records can be added, removed or altered undetectably.
- The integrity of any record can be proven to a third party without leaking any information about the contents of any other records in the log.
- The signing process is efficient in both time and space. Ideally, there is a small constant per-record processing overhead and a small constant per-log storage overhead.
- The extraction process is efficient in both time and space. Ideally, a small constant-sized proof of integrity can be extracted for any record in time sub-linear in the size of the log.
- The verification process is efficient in time. Ideally, it should be running in time linear in the size of the data to be verified—whether verifying the whole log or a single record.
For the log signing to be efficient, ideally it should be fast and easy but by nature the signing of millions of log records individually is not practical due to the volume. For any entity interested in obtaining verifiable logs, this creates a huge storage overhead. And on the other hand, signing an entire log as a single massive blob, does not result in the necessary time resolution. Meaning that all records in the file do not have the same time, which makes extracting proof for the third-party verification of the record impossible.
- state-of-the-art cryptography and
- KSI blockchain technology.
TrueTrail signs the logs in blocks determined by a fixed time interval or number of log records. Only the root hash is then signed – this reduces the storage overhead as there is just one KSI signature per block.
Hashing of log lines, aggregation to blocks and signing the block with KSI Blockchain.
Users can still extract a KSI signature for a specific record, whenever necessary. This approach allows to effectively sign log lines in bulk, but also present a single log line (together with the corresponding proof) without revealing any neighbouring data. Thus, the KSI signature-based proofs allow to understand who did what and when exactly.
Not only does TrueTrail verify the log integrity and time using KSI signatures, the automated and intelligent integrity checks detect anomalies in signing time patterns and can be used as an early warning system if the malicious party has attempted to compromise the log signing process. With this TrueTrail users have the ideal log signing solution, because it is:
- simple- time-stamping based on blockchain, no trusted 3rd parties involved;
- granular - every piece of information is separately signed/verified;
- scalable - singing/verifying massive amounts of data is possible;
- quantum resistant - signatures will remain valid and secure over long term;
- centralised - trusted service provided by a clear custodian, not open-sourced.
 "Efficient Record-Level Keyless Signatures for Audit Logs" by
A. Buldas, A. Truu, R. Laanoja, R. Gerhards, https://eprint.iacr.org/2014/552.pdf