Audit Logging
An MPC node can be configured to do audit logging.
From a security perspective it is important that the audit log is kept separate from the MPC node itself. Blockdaemon delivers an audit log service that can receive audit log messages from the MPC nodes in a Builder Vault instance. Each MPC node will offload its audit log entries to the audit log service. The Blockdaemon audit log service can be exchanged with any external service that accepts log entries in JSON format, additionally Amazon S3 is also supported.
Even though every MPC operation produces audit log entries on multiple servers it is quite easy for non-technical auditors to get a system-wide view of the audit log with one entry pr (logical) operation.
The content of an audit log entry varies depending on the operation. Some fields, however, are common for all or at least most operations: timestamp, userID, operation.
Below is an example of an audit log view:
| Timestamp | UserID | Algorithm | Operation | KeyID | Parameters |
|---|---|---|---|---|---|
| 30/04/2020, 20:15:57 | Admin | Create user | userID=myUser | ||
| 01/05/2020, 21:21:57 | myUser | ECDSA | Keygen | ifyCwxrzzEaM3ePD40j6LtzQ7xo | |
| 01/05/2020, 21:22:29 | myUser | ECDSA | Sign | ifyCwxrzzEaM3ePD40j6LtzQ7xo | chainPath=[4,1,1,1,2] |
Updated 2 months ago