| |||||||||||||
making the logs temper evident through git like hash chainsmaking the logs temper evident through git like hash chainsPosted Nov 20, 2011 8:16 UTC (Sun) by drag (subscriber, #31333)In reply to: making the logs temper evident through git like hash chains by rgmoore Parent article: The Journal - a proposed syslog replacement
Well that's the obvious first thing one should think of. I thought of it too.
Then I read in the article about a mythical 'Write-once storage'. If you can write out the hash to a write-only interface then that would solve that problem.
Unfortunately I don't know of a good write-once media. Maybe cdroms, but I don't know about that.
Maybe special flash media with the 'erase block' part of the hardware disabled and a logging FS. I don't know.
It is a solvable problem, but not one that is as easy as first glance.
(Log in to post comments)
making the logs temper evident through git like hash chains Posted Nov 27, 2011 2:18 UTC (Sun) by rgmoore (✭ supporter ✭, #75) [Link] But the big security benefit in that case is from the existence of the WORM memory, since any data written to it is inherently tamper-proof. You could stick to an un-hashed text log and still have confidence that it hadn't been rewritten by an intruder. The benefit of the hash chain is that you can provide tamper evident recording by keeping only a fraction of the hashes, which is most important if the WORM storage is expensive or difficult to deal with. Of course keeping only a fraction of the hashes leaves open a potential window if the attacker can break in an alter the records between writes to WORM.
making the logs temper evident through git like hash chains Posted Nov 27, 2011 5:47 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link]
however, since systems don't actually include WORM memory, and are very unlikely to (except for very specialized systems), how does that actually help?
remember that WORM memory needs to be a replaceable thing since by default you can't erase it to make room for new data.
|
|||||||||||||