LAVA: Log Authentication and Verification Algorithm

Abstract

Log files provide essential information regarding the actions of processes in critical computer systems. If an attacker modifies log entries, then critical digital evidence is lost. Therefore, many algorithms for secure logging have been devised, each achieving different security goals under different assumptions. We analyze these algorithms and identify their essential security features. Within a common system and attacker model, we integrate these algorithms into a single (parameterizable) “meta” algorithm called LAVA that possesses the union of the security features and can be parameterized to yield the security features of former algorithms. We present a security and efficiency analysis and provide a Python module that can be used to provide secure logging for forensics and incident response.