From owner-freebsd-security  Sun Jul 19 00:30:23 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA11467
          for freebsd-security-outgoing; Sun, 19 Jul 1998 00:30:23 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from iq.org (proff@polysynaptic.iq.org [203.4.184.222])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id AAA11454
          for <freebsd-security@freebsd.org>; Sun, 19 Jul 1998 00:30:20 -0700 (PDT)
          (envelope-from proff@iq.org)
Received: (qmail 1683 invoked by uid 110); 19 Jul 1998 07:29:58 -0000
To: Bruce Schneier <schneier@counterpane.com>
cc: coderpunks@toad.com, aucrypto@suburbia.net, cryptography@c2.net,
        freebsd-security@FreeBSD.ORG
Subject: cryptographically secure logging
From: Julian Assange <proff@iq.org>
Date: 19 Jul 1998 17:29:57 +1000
Message-ID: <wxlnpqfgcq.fsf@polysynaptic.iq.org>
Lines: 28
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


     "Cryptographic Support for Secure Logs on Untrusted Machines" 

     B. Schneier and J. Kelsey, The Seventh USENIX Security Symposium
     Proceedings, USENIX Press, January 1998, pp. 53-62.

     In many real-world applications, sensitive information must be
     kept in log files on an untrusted machine.  In the event that an
     attacker captures this machine, we would like to guarantee that
     he will gain little or no information from the log files and
     limit his ability to corrupt the log files.  This paper describes
     an efficient method for making all log entries generated prior to
     the logging machine's compromise impossible for the attacker to
     read, and also impossible to undetectably modify or destroy.

I haven't read Bruce's paper, but Bruce (and others) might be
interested to know that Darren Reed and I have actually implemented
one of these for unix. It's also a very flexible syslogd replacement in
it's own right (thanks to Darren). It's called nsyslog and is
available from http://cheops.anu.edu.au/~avalon/nsyslog.html. It will
be included in the default NetBSD distribution (although it should run
on most unix platforms).

It uses only secure hashes, and essentially does for logs what
S/KEY does for authentication.

Cheers,
Julian.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message