Auditable log is a common approach for monitoring system performance, forensic investigations, and event analysis. Regarding the crucial role of logs in identification of attackers, adversaries often attempt to tamper with these files to hide their traces. As a result, ensuring the secure storage of logs is critical. Blockchain technology, with its immutability feature, provides an ideal solution for secure storing of logs. However, the scalability limitations of existing public blockchains have made blockchain-based solutions impractical. To address this challenge, this paper proposes an approach where logs are categorized into time-based intervals, and a chain of linked entries using Message Authentication Codes (MAC) for each type of log. In addition to MAC, a counter is assigned to each class of log to enable detection of any deletion, insertion, repetition, or even reordering of log records, as the logical chain would be disrupted. At the end of each interval, known as checkpoint, newly verified log is appended to the blockchain. This approach not only ensures the security of logs but also enhances system efficiency by reducing the amount of data stored on the blockchain through batch processing. Our implementation demonstrates that the proposed system offers improved efficiency, requiring fewer computations compared to other methods.
|