can't you use programs like quick SFV to quickly calculate a checksum as opposed to creating a digital signature? -----Original Message----- From: Ariel Waissbein [mailto:wata@core-sdi.com] Sent: Friday, July 20, 2001 4:52 PM To: n9ubhat_private Cc: Forensics List Subject: Re: Putting a signature on logs There is a simpler solution to this and that is PEO (primer estado oculto or first hidden state in English) due to Emiliano Kargieman and Ariel Futoransky [FuKa95]. PEO is used to authenticate a whole record of logs by means of a key and a hash value (no matter how big the logs record is!). The ideas are simple. See the papers [FuKa95] and [FuKa]. The same idea was later published by Schneier and Kelsey in [SchK98] and subsequent works. There are free--were implementations that can be downloaded from our site http://www.corest.com/download/download.html (msyslog). msyslog is a module of the product WISDOM which is not free-were, any questions that might appear please email me and I'll be happy to answer. [FuKa95] A.~Futoransky and E.~Kargieman, VCR y PEO, dos protocolos criptogr{\'a}ficos simples, 25 Jornadas Argentinas de Inform{\'a}tica e Investigaci{\'o}n Operativa, July 1995. http://www.corest.com/pressroom/advisories_desplegado.php?idxsection=11&idx= 86 [FuKa98] A.~Futoransky and E.~Kargieman, "PEO Revised". DISC'98 (D\i\'a Intrenacional de la Seguridad en C\'omputo). DF, Mexico. 1998. [SchK98] B. ~Schneier and J. ~Kelsey, Support for secure logs on untrusted machines, Proceedings of the 7th USENIX Security Symposium, January 1998. David Douthitt wrote: > > I've gone to using syslog-ng to keeping logs separated out, and to > preserve logs for a long time for record purposes. > > Now it occurs to me that someone could say, "Gee, how do we know that > these logs haven't been altered?" > > What about a digital signature for each log? How would you go about > this? I was thinking of using gpg (GNU Privacy Guard) but haven't > gotten far enough to know how - and my reference book is the PGP book > from O'Reilly and Associates. > > ----------------------------------------------------------------- > > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: > > http://aris.securityfocus.com -- ==============[ CORE Security Technologies ]============= Ariel Waissbein Researcher - Corelabs email : ariel_waissbeinat_private http://www.corest.com ========================================================= I was scared. Petrified. Because (x) hearing voices isn't like catching a cold, you can't get rid of it with lemmon tea (y) it's inside, it is not some naevus, an epidermal blemish you can cover up or cauterise (z) I had no control over it. It was there of its own volition, just stopped in and (zz) I was going bananas. -Tibor Fischer ``The Thought Gang" ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 17:35:40 PDT