Confidential Auditing

The notion of confidential auditing is to allow authorized parties (auditors) to audit computing nodes as one group without unveiling their individual records. These records can be transaction logs, tranfers of client records, etc. In a recent work we proposed a distributed cluster architecture to support confidential auditing. Our key ideas are twofold: (1) distributed storage of fragmented records, and (2) a relaxed form of multiparty private computation for query processing of auditing requests. The mutually supported, mutually monitored auditing cluster architecture depicted in the following diagram enables autonomous systems to perform network-wide logging and auditing without compromising the private information.

The relaxed form of multiparty private computation contains a set of fundamental operations such as commutative encryption, secure set intersection, secure set union, secure sum, secure maximum, secure minimum, and secure comparison. Through distributed processing of audit queries, aggregated system information such as the total number of transactions, total volume, and event traces can be generated from the cluster.

An important consideration of the confidential auditing design is the notion of anonymous yet authenticated collaboration. It allows computing nodes to share log information for global system management without unveiling their identities. This feature can be easily supported by TZKP to form an anonymous trust chain among participating nodes in a cluster.