I have been following this "Putting a signature on logs" thread, and have seen the terms "checksum" and "hash" being used rather interchangeably. Care should be taken, for checksums (i.e. CRCs) and hashes (i.e. MD5) are different animals. CRCs are not mathematically sound mechanisms to detect malicious changes to data. CRCs are designed to detect random errors only, such as transmission errors in networks, or other accidental/non-malicious changes to the data. Hash functions are designed to detect maliciously inserted changes to data. CRCs are linear functions, which means there are two straightforward ways for those with malicious intent to "break" them. First, someone can make a malicious modification to a file, then deterministically calculate a second change to the file that will make the CRC be identical to the original CRC. Alternatively, someone can make a malicious modification to a file, then deterministically calculate a corresponding change to the checksum, without the need to even re-calculate the checksum (which means that even if the CRC is protected by another linear function, like a stream cipher, the encrypted version of the CRC can be modified, without having to decrypt it). This is one of the ways a UC Berkeley group broke the WEP protocol (see http://www.isaac.cs.berkeley.edu/isaac/wep-draft.pdf). According to http://www.scumbag.dk/cruzer/csfvse/, an SFV file contains CRC checksums, which means an SFV file is only a mathematically sound ways to detect random, accidental or other non-malicious modifications to files. Hash functions are not linear functions, and are therefore the correct functions to use in environments where detection of malicious (as opposed to random) errors are the primary goal. Whether a mechanism is mathematically/cryptographically sound is an entirely different question than whether it is accepted in court, but is something that ought to be understood by professionals in a forum such as this. Just a concerned cryptographer, Paul Rollins, CISSP > -----Original Message----- > From: Kenneth Lorenzo [SMTP:KLorenzoat_private] > Sent: Sunday, July 22, 2001 5:21 PM > To: Forensics List > Subject: RE: Putting a signature on logs > > can't you use programs like quick SFV to quickly calculate a checksum as > opposed to creating a digital signature? > > -----Original Message----- > From: Ariel Waissbein [mailto:wata@core-sdi.com] > Sent: Friday, July 20, 2001 4:52 PM > To: n9ubhat_private > Cc: Forensics List > Subject: Re: Putting a signature on logs > > > There is a simpler solution to this and that is PEO (primer estado > oculto or first hidden state in English) due to Emiliano Kargieman > and Ariel Futoransky [FuKa95]. PEO is used to authenticate a whole > record of logs by means of a key and a hash value (no matter how > big the logs record is!). The ideas are simple. See the papers > [FuKa95] and [FuKa]. The same idea was later published by Schneier > and Kelsey in [SchK98] and subsequent works. > > There are free--were implementations that can be downloaded from > our site http://www.corest.com/download/download.html (msyslog). > msyslog is a module of the product WISDOM which is not free-were, > any questions that might appear please email me and I'll be happy > to answer. > > > [FuKa95] > A.~Futoransky and E.~Kargieman, VCR y PEO, dos protocolos > criptogr{\'a}ficos simples, 25 Jornadas Argentinas de > Inform{\'a}tica e Investigaci{\'o}n Operativa, July 1995. > http://www.corest.com/pressroom/advisories_desplegado.php?idxsection=11&id > x= > 86 > > [FuKa98] > A.~Futoransky and E.~Kargieman, "PEO Revised". DISC'98 (D\i\'a > Intrenacional de la Seguridad en C\'omputo). DF, Mexico. 1998. > > [SchK98] > B. ~Schneier and J. ~Kelsey, Support for secure logs on > untrusted machines, Proceedings of the 7th USENIX Security Symposium, > January 1998. > > > > David Douthitt wrote: > > > > I've gone to using syslog-ng to keeping logs separated out, and to > > preserve logs for a long time for record purposes. > > > > Now it occurs to me that someone could say, "Gee, how do we know that > > these logs haven't been altered?" > > > > What about a digital signature for each log? How would you go about > > this? I was thinking of using gpg (GNU Privacy Guard) but haven't > > gotten far enough to know how - and my reference book is the PGP book > > from O'Reilly and Associates. > > > > ----------------------------------------------------------------- > > > > This list is provided by the SecurityFocus ARIS analyzer service. > > For more information on this free incident handling, management > > and tracking system please see: > > > > http://aris.securityfocus.com > > -- > ==============[ CORE Security Technologies ]============= > Ariel Waissbein > Researcher - Corelabs > > email : ariel_waissbeinat_private > http://www.corest.com > ========================================================= > > I was scared. Petrified. Because (x) hearing voices isn't like > catching a cold, you can't get rid of it with lemmon tea (y) > it's inside, it is not some naevus, an epidermal blemish you > can cover up or cauterise (z) I had no control over it. It was > there of its own volition, just stopped in and (zz) I was going > bananas. > -Tibor Fischer ``The Thought Gang" > > ----------------------------------------------------------------- > > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: > > http://aris.securityfocus.com > > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 07:59:17 PDT