TY - GEN
T1 - VaultBox
T2 - 5th International Conference on Science of Cyber Security, SciSec 2023
AU - Trivedi, Devharsh
AU - Triandopoulos, Nikos
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023
Y1 - 2023
N2 - Security tools like Firewalls, IDS, IPS, SIEM, EDR, and NDR effectively detect and block threats. However, these tools depend on the system, application, and event logs. Logs are the key ingredient for various purposes, including troubleshooting performance issues, satisfying compliance mandates, and monitoring and improving security. In addition, logs from multiple machines are collected and fed to the Security Information and Event Management (SIEM) system for further security analysis. Therefore, a SIEM system’s efficiency and effectiveness depend heavily on the quality and quantity of logs provided. Unfortunately, logs are often targeted brutally and tampered with after a successful intrusion to cover the attack’s traces. Thus it becomes critical to protect the confidentiality, integrity, availability, and authenticity of logs at rest or transit. This paper proposes a novel scheme to prevent logs from tampering, detect any tampering, and recuperate logs if lost or corrupt. Our scheme is forward-secure, replicated, randomized, and rate-less, aiming to help securely store and transmit logs to SIEM.
AB - Security tools like Firewalls, IDS, IPS, SIEM, EDR, and NDR effectively detect and block threats. However, these tools depend on the system, application, and event logs. Logs are the key ingredient for various purposes, including troubleshooting performance issues, satisfying compliance mandates, and monitoring and improving security. In addition, logs from multiple machines are collected and fed to the Security Information and Event Management (SIEM) system for further security analysis. Therefore, a SIEM system’s efficiency and effectiveness depend heavily on the quality and quantity of logs provided. Unfortunately, logs are often targeted brutally and tampered with after a successful intrusion to cover the attack’s traces. Thus it becomes critical to protect the confidentiality, integrity, availability, and authenticity of logs at rest or transit. This paper proposes a novel scheme to prevent logs from tampering, detect any tampering, and recuperate logs if lost or corrupt. Our scheme is forward-secure, replicated, randomized, and rate-less, aiming to help securely store and transmit logs to SIEM.
KW - LT codes
KW - Rateless encoding
KW - SIEM security
KW - Secure coding
KW - Secure logging
KW - Security analytics
UR - http://www.scopus.com/inward/record.url?scp=85178512019&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85178512019&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-45933-7_24
DO - 10.1007/978-3-031-45933-7_24
M3 - Conference contribution
AN - SCOPUS:85178512019
SN - 9783031459320
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 401
EP - 422
BT - Science of Cyber Security - 5th International Conference, SciSec 2023, Proceedings
A2 - Yung, Moti
A2 - Chen, Chao
A2 - Meng, Weizhi
Y2 - 11 July 2023 through 14 July 2023
ER -