Date: 19 Jul 1998 17:29:57 +1000 From: Julian Assange <proff@iq.org> To: Bruce Schneier <schneier@counterpane.com> Cc: coderpunks@toad.com, aucrypto@suburbia.net, cryptography@c2.net, freebsd-security@FreeBSD.ORG Subject: cryptographically secure logging Message-ID: <wxlnpqfgcq.fsf@polysynaptic.iq.org>
next in thread | raw e-mail | index | archive | help
"Cryptographic Support for Secure Logs on Untrusted Machines"
B. Schneier and J. Kelsey, The Seventh USENIX Security Symposium
Proceedings, USENIX Press, January 1998, pp. 53-62.
In many real-world applications, sensitive information must be
kept in log files on an untrusted machine. In the event that an
attacker captures this machine, we would like to guarantee that
he will gain little or no information from the log files and
limit his ability to corrupt the log files. This paper describes
an efficient method for making all log entries generated prior to
the logging machine's compromise impossible for the attacker to
read, and also impossible to undetectably modify or destroy.
I haven't read Bruce's paper, but Bruce (and others) might be
interested to know that Darren Reed and I have actually implemented
one of these for unix. It's also a very flexible syslogd replacement in
it's own right (thanks to Darren). It's called nsyslog and is
available from http://cheops.anu.edu.au/~avalon/nsyslog.html. It will
be included in the default NetBSD distribution (although it should run
on most unix platforms).
It uses only secure hashes, and essentially does for logs what
S/KEY does for authentication.
Cheers,
Julian.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wxlnpqfgcq.fsf>