Secure auditing

During the initial installation of OneSpan Authentication Server, you can enable secure auditing.

Secure auditing provides the following:

Integrity protection

With secure auditing, OneSpan Authentication Server adds a non-viewable encrypted signature to each line of an audit file or each row of an audit data store. This prevents anyone from making untraceable manual changes to the audit file.

Independent verification

Each audit file or data store can be verified using the Secure Auditing Verification Tool.

Non-repudiation

Secure auditing verifies audit data by comparing each signed line or row of audit data with the previous and subsequent entries in the audit data.

Secure auditing can also be used with a hardware security module (HSM) (see Hardware security module setup).

How secure auditing works

Secure auditing adds a cryptographic signature to each audit message written to the output. The cryptographic signature relates each message entry to the previous and subsequent entries. External auditors can cryptographically verify each signature and verify that no lines have been manually deleted or added from the audit information. The relationship between the entries is verifiable using the Secure Auditing Verification Tool.

Each audit message entry belongs to an epoch, which is a period delimited either by time or by number of audit messages. At the end of each epoch the encryption key is changed. A message is written to the audit file to indicate that an epoch has ended, and another message is written to indicate that a new epoch has begun. The length of processing for each epoch is defined during the initial configuration. A new epoch always begins at midnight. A message is written to the output to indicate the beginning and end of an epoch. Each epoch message contains information required by the Secure Auditing Verification Tool to decrypt the signatures for that epoch. This information is located at the start of each epoch message.

OneSpan does not support multiple OneSpan Authentication Server instances writing secure auditing data to the same audit database. As such, for environments running multiple instances of OneSpan Authentication Server, each instance that uses secure auditing needs its own audit database.