Audit-log integrity using redactable signatures with pseudonyms
نویسندگان
چکیده
In this paper we describe a new approach for the integrity of audit records. We show how to simultaneously establish the integrity of an entire audit data set and of any derived subsets, adapting techniques that have been used before for redactable signatures. In addition, our algorithms allow for the pseudonymization of data fields, cryptographically enforcing the consistency of chosen pseudonyms. The resulting schemes do not add significant computational overhead to a practical system, and are shown to be secure under reasonable cryptographic assumptions. We believe these algorithms can be a helpful tool to meet audit and reporting needs, in order to comply with such regulations as the US Sarbanes-Oxley Act (SOX). The algorithms enable proofs of the integrity of audit data and derived reports, while simultaneously providing means to protect privacy-sensitive information against internal and external consumers of these reports.
منابع مشابه
Redactable Signatures to Control the Maximum Noise for Differential Privacy in the Smart Grid
The Smart Grid is currently developed and fundamental security requirements like integrity and origin authentication need to be addressed while minimizing arising privacy issues. This paper balances two opposing goals: On the one hand, we mitigate privacy issues raised by overly precise energy consumption values via data perturbation mechanisms, e.g., add noise. On the other hand we limit the n...
متن کاملVerifiable and Redactable Medical Documents
This paper considers how to verify provenance and integrity of data in medical documents that are exchanged in a distributed system of health IT services. Provenance refers to the sources of health information within the document and integrity means that the information was not modified after generation by the source. Our approach allows intermediate parties to redact the document by removing i...
متن کاملTrust and Reliability for Public Sector Data
The public sector holds large amounts of data of various areas such as social affairs, economy, or tourism. Various initiatives such as Open Government Data or the EU Directive on public sector information aim to make these data available for public and private service providers. Requirements for the provision of public sector data are defined by legal and organizational frameworks. Surprisingl...
متن کاملGeneralizations and Extensions of Redactable Signatures with Applications to Electronic Healthcare
Redactable signatures allow for altering signed documents, retaining the validity of the signature without interaction with the original signer. In their plain form, such schemes are designed for documents having an unspecific structure, i.e. documents are simply considered as binary strings. In this work, we generalize the concept of redactable signatures towards documents that inherently prov...
متن کاملComposable and Modular Anonymous Credentials: Definitions and Practical Constructions
It takes time for theoretical advances to get used in practical schemes. Anonymous credential schemes are no exception. For instance, existing schemes suited for real-world use lack formal, composable definitions, partly because they do not support straight-line extraction and rely on random oracles for their security arguments. To address this gap, we propose unlinkable redactable signatures (...
متن کامل