[Cryptography] Auditable logs?
John Denker
jsd at av8n.com
Mon Oct 27 16:14:05 EDT 2014
On 10/26/2014 05:28 PM, Sandy Harris wrote:
> What sort of crypto mechanisms might help here?
Let me start out ultra-simple and work up from there.
Here is a technique that applies to any file, not just
a log file. I've used this for decades. When I invent
something, I type up a description. I compute a HMAC
and send it to my lawyer, with instructions to date-stamp
it and put it in the files.
This compares very favorably to the usual practice of
having a colleague countersign my lab book. Among
other things
-- It means there can be no suggestion that I altered
the lab book after it was signed.
-- It means there is no possibility of a leak; the
HMAC is a one-way function and cannot be used to
reconstruct the meaning of the document.
-- I expect the timestamped page to be admissible under
the "business records exception"
http://en.wikipedia.org/wiki/Business_records_exception
which might not apply to my colleague since he was
not necessarily required to sign my book as a matter
of routine.
This suffices to prove that something was invented /before/
a certain date.
In contrast, proving that something happened /after/ a
certain date -- e.g. hostage proof-of-life -- is a whole
different ballgame, as discussed in a previous thread.
This is a subset of the infinitely-tricky double-agent
triple-agent problem.
The foregoing is really bare bones, not even involving
a digital signature, but it gets the job done at two
levels:
1) I trust it.
2) The adversaries seem to trust it. IANAL and my
experience with this is limited ... but in a situation
where the adversaries were spending millions of dollars
to discredit everything and everybody associated with
me, they didn't bother to challenge this.
Starting from that bare-bones baseline, you can make a
number of improvements.
One possible embellishment is to publish the HMAC in
a newspaper somewhere. There are small-circulation
newspapers that specialize in publishing "legal notices"
that nobody will ever see, yet meet the legal definition
of publication. This is a crude form of date-stamping.
A better option is to send the HMAC to a "notary service"
who adds a timestamp, digitally signs it, and sends it
back. That gives you something you can keep in your own
files, without relying on the lawyer's files.
For belt-and-suspenders protection, do both. Have it
notarized /and/ filed by a third party.
The foregoing applies to loose documents. In the case
of a log file, you can do something even stronger.
Every time you add something important, and also at
scheduled intervals (daily, weekly, or whatever),
hash the new material /along with the previous hash/.
(This is basically how the git commit logs work.) Have
the new hash signed and/or filed as above.
This creates a /chain/ that is hard to hack.
That should suffice for any application I can imagine
at the moment. If there is something else that needs
doing, please explain.
----------
PS: Note that much harder problems than this have been
solved. In particular, there is an extensive literature
on zero-knowledge proofs. This involves some elegant
cryptography.
More information about the cryptography
mailing list