[Cryptography] Auditable logs?

Natanael natanael.l at gmail.com
Sun Oct 26 21:22:38 EDT 2014


Den 27 okt 2014 01:59 skrev "Sandy Harris" <sandyinchina at gmail.com>:
>
> Various computer-mediated activities may end up in court for a range
> of reasons and in many cases log files  will be used as evidence.
> However for most log file formats, deleting a few lines or adding a
> few bogus ones is trivial. Even forging an entire file or large chunk
> thereof is not impossible.
>
> Lawyers for one side or the other seem quite likely to attack the
> credibility of log files and/or of the sys admin who provides them. In
> at least some cases, proof "beyond reasonable doubt" is required and
> that is going to be very difficult if the lawyers trying to create
> some doubt are good.
>
> What sort of crypto mechanisms might help here? I can see various
> applications of digital signatures and timestamps that might help, but
> noting close to a full solution.

Look at the conversation about timestamping images. This is essentially the
exact same thing but for text. You're capturing a state in time of
something that needs to be recorded accurately.

Hash the data, timestamp it by publishing it widely and/or hash chaining it
(git, Bitcoin blockchain, as well as various online trusted timestamping
services etc).

To protect the generation of the logs and this authencity, you'll need a
trusted hardware platform, like with a TPM. Something which can enforce
what software has access to what. Something which the admin can't override.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141027/8d9850dd/attachment.html>


More information about the cryptography mailing list