Title :
An Intrusion and Fault Tolerant Forensic Storage for a SIEM System
Author :
Afzaal, M. ; Di Sarno, Cesario ; Dantonio, S. ; Romano, Lucia
Author_Institution :
Dept. of Technol., Univ. of Naples Parthenope, Naples, Italy
Abstract :
Current Security Information and Events Management (SIEM) solutions lack a data storage facility which is secure enough - i.e. stored events related to security incidents cannot be forged and are always available - that it can be used for forensic purposes. Forensic storage used by current SIEM solutions uses traditional RSA algorithm to sign the security events. In this paper we have analyzed the limits of current forensic storages, and we have proposed an architecture for forensic storage, implementing a threshold-based variant of the RSA algorithm, that outperforms state of the art SIEM solutions in terms of intrusion- and fault-tolerance. We show by experiments that our forensic storage works correctly even in the presence of cyber-attacks, although with a performance penalty. We also conduct an experimental campaign to evaluate the performance cost of the proposed scheme as a function of the threshold.
Keywords :
digital forensics; fault tolerant computing; public key cryptography; RSA algorithm; SIEM system; cyber-attacks; data storage facility; fault tolerant forensic storage; intrusion tolerant detection; security events; security information and events management; threshold-based variant; Computer architecture; Correlation; Cryptography; Fault tolerance; Fault tolerant systems; Forensics; Critical Infrastructure Protection; Fault- and Intrusion-Tolerant Architecture; Forensic Storage; Threshold Cryptography;
Conference_Titel :
Signal Image Technology and Internet Based Systems (SITIS), 2012 Eighth International Conference on
Conference_Location :
Naples
Print_ISBN :
978-1-4673-5152-2
DOI :
10.1109/SITIS.2012.89
