Jump to content

SecureLog

From Wikipedia, the free encyclopedia

In cryptology, SecureLog is an algorithm used to convert digital data into trusted data that can be verified if the authenticity is questioned. SecureLog is used in IT solutions that generates data to support compliance regulations like SOX.

History

[edit]

An algorithm used to make datalogs secure from manipulation. The first infrastructure supporting the algorithm was available on the Internet in 2006.

Operation

[edit]

SecureLog involves an active key provider, a managed data store and a verification provider.

Active Key Provider
An active key provider distributes active keys to subscribers. An active key contains encrypted data representing time and a private secret. An active key has a validity period that is set by the active key provider.
Managed data store
The managed data store is a subscriber to the active keys delivered by the active key provider. The managed data store uses the active keys to do asymmetric encryption, timestamping and archive the data into a locked database.
Verification provider
The verification provider may read segments from the locked database and verify content, timestamps and that the integrity of the data has not been broken or manipulated since it was saved.

Uses

[edit]

The algorithm is used in several different use cases:

Compliance issues
SecureLog is used to secure different types of data logs like access logs, email archives or transaction logs and is primarily in use where compliance might be an issue.
The administrator weak link problem
One drawback with archiving solutions is that there is always an administrator that in the end has access to the information. This makes it difficult to trust the integrity of the data. SecureLog is used to solve the traditional administrator problem.

Proposed uses

[edit]
Government use
In the public sector several laws handles the archiving of data. It has been proposed that SecureLog can be used by a free institution to lock government logs and stop them from potential manipulation. Several potential use cases has been identified by EDRI [1]
The traffic logging problem
The method can be used by the public to monitor what data the government is collecting from the public. It has been proposed to be used as a method to solve the privacy issues in the EU Directive on Mandatory Retention of Communications Traffic Data

References

[edit]