Abstract—Audit logs are now considered good practice and a standard approach for business systems. The integrity of the auditing records themselves is critical. By simply storing all the interactions in a separate audit log does not guarantee the integrity of the log. Data tampering can be done through unauthorized access and in some cases through authorized users. Results of such action can be unpleasant for business and their clients. Therefore, a demand for audit log security is needed more than ever. This paper describes a mechanism based on cryptographic hash functions and trusted time stamping that prevents an outsider or inside intruder from silently corrupting the audit log. In addition it is shown that the proposed mechanism can be realized in database systems with little overhead and that the hash based techniques and trusted time stamping can be used efficiently and correctly to determine if the audit log has been compromised.
Index Terms—Audit logs, hashing, database
Rashmita Jena, M. Aparna, Chinmaya Sahu, and Rajeev Ranjan are with the Department of Computer Science National Institute of Science and Technology Palur Hills, Berhampur Orissa, India (e-mail:firstname.lastname@example.org; email@example.com; firstname.lastname@example.org; email@example.com).
Rajesh Atmakuri is with Wipro InfoTech Electronic city Bangalore Karnataka, India (e-mail: firstname.lastname@example.org).
Cite: Rashmita Jena, M. Aparna, Chinmaya Sahu, Rajeev Ranjan, and Rajesh Atmakuri, "Ensuring Audit Log Accountability through Hash Based Techniques," International Journal of Future Computer and Communication vol. 1, no. 4 pp. 327-329, 2012.