Re: Putting a signature on logs

From: Ariel Waissbein (wata@core-sdi.com)
Date: Mon Jul 23 2001 - 11:30:32 PDT

Next message: Conacher, Christopher: "RE: Putting a signature on logs"

Previous message: Jonas Luster: "Re: Putting a signature on logs"
In reply to: David Douthitt: "Putting a signature on logs"
Next in thread: Conacher, Christopher: "RE: Putting a signature on logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As for what I see in the thread, everybody agrees that the checksum
value idea would work fine. However, there is a question I have. If
you want to authenticate the logs for yourself, meaning that it is 
only you the person that will care for the authentication of the logs,
then any checksum such as PEO (see my previous mail in the thread)
will work. If somebody else is to trust in the authenticity of these
logs, then the plain checksum idea wont work. You'd need to fix a
protocol for authenticationg logs. An easy way to do it is have
someone calculate the PEO checksum for you (a plain checksum wouldn't
work here since you'd be able to alter the logs in your machine and
modifications would pass unnoticed.

Ariel Waissbein

David Douthitt wrote:
> 
> I've gone to using syslog-ng to keeping logs separated out, and to
> preserve logs for a long time for record purposes.
> 
> Now it occurs to me that someone could say, "Gee, how do we know that
> these logs haven't been altered?"
> 
> What about a digital signature for each log?  How would you go about
> this?  I was thinking of using gpg (GNU Privacy Guard) but haven't
> gotten far enough to know how - and my reference book is the PGP book
> from O'Reilly and Associates.
> 
> -----------------------------------------------------------------
> 
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see:
> 
> http://aris.securityfocus.com

-- 
==============[ CORE Security Technologies ]=============
Ariel Waissbein
Researcher - Corelabs

email :  ariel_waissbeinat_private
http://www.corest.com
=========================================================

I was scared. Petrified. Because (x) hearing voices isn't like 
catching a cold, you can't get rid of it with lemmon tea (y) 
it's inside, it is not some naevus, an epidermal blemish you 
can cover up or cauterise (z) I had no control over it. It was 
there of its own volition, just stopped in and (zz) I was going
bananas.
-Tibor Fischer ``The Thought Gang"

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Conacher, Christopher: "RE: Putting a signature on logs"
Previous message: Jonas Luster: "Re: Putting a signature on logs"
In reply to: David Douthitt: "Putting a signature on logs"
Next in thread: Conacher, Christopher: "RE: Putting a signature on logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 11:35:08 PDT