SlideShare a Scribd company logo

CEE Log Integrity and the "Counterpane Paper"

Rainer Gerhards
Rainer Gerhards

What are the problems in signing log data while it traverses the network? This paper was originaly written to support CEE discussion on log integrity but also clearly describes both the problem and a partial, but practical solution to it. While it uses some CEE terms, it should be easy to follow without CEE knowledge. The paper was written in December 2010 and uploaded in May 2013 to make it easier to obtain it.

TechnologyBusiness
1 of 4
CEE Log Integrity and the “Counterpane Paper” [1] Rainer Gerhards rgerhards@hq.adiscon.com December 2, 2010 Abstract While “the Counterpane paper” provides an excellent method to secure logs against modification, I think it alone is not sufficient to protect real- world CEE logs. This short document provides my reasoning. 1 Quick Summary of the Paper This is by no means a complete summary, just an extraction of the most impor- tant facts as far as CEE is related (obviously based on my personal interpretation of this relationship). In [1], Schneier and Kelsey describe a system that can be used to secure audit logs in a way the enables tamper-detection. It is important to note some basic assumption these authors make about log files. In their terms, a log file is a sequence of log Records L0, L1, . . . where each log record Li+1 has a strict predecessor Li and no log records between Li and Li+1. Let L be the ordered set of all Li. In [1, Sect. 3.5, Item 4] Schneier and Kelsey show that it is possible to verify a subset of L, but this subset is restricted to all records from L0 to Ln for some n ≤ |L|. So the subset must always include the first record and all records until the final one requested. As such, the strict sequence of log records within the log file is still preserved1 . The overall idea of the scheme is similar to cipher block chaining: To sign Li+1, a hash obtained from Li is used. As such, a “chain of trust” is created from L0 to any Ln. This chain can be verified by obtaining L0, running the algorithm in sequence on any Li with 0 < i < n and finally verifying Ln based on Ln−1. By utilizing this chain, valid signatures can be obtained. Most importantly, if any Li with 0 ≤ i < n is missing, it’s non-presence can be detected by the fact that Li+1 fails verification. The paper also provides, in section 4.4 and 4.5, methods which with logs can be secured on multiple systems. But (as far as I understand the paper), even in these cases it is required that all log records are available on all systems. It is important to note that the scheme in theory can be used to re-start log processing for each individual message. However, in that case it would not 1The method is more powerful in that a reviewer is not necessarily enabled to actually read the contents of all obtained log records, but this is not important for my reasoning and so I ignore that 1
be possible to detect mangled-with logs, as the extra protection provided over other schemes is rooted in the chaining algorithm. Signing single events - or related subsets - removes that capability. 2 Real-World Logging Scenarios I concentrate on syslog scenarios, as this is the area I am most familiar with. I think it can easily be extended to other protocols, provided that they offer relaying and filtering capabilities. Let U0, U1 be original senders, Let T0, T1 be final receivers and let R be a relay. A typical real-world deployment is that at the original sender level, some (noise) events are filtered out, and only the more important ones are sent to the relays. Inside the relay, events are often directed to different destinations based on their content. In some other setups, original senders may not discard any events and thus will forward everything. However, relays will probably still direct different mes- sages to different final destinations. In my experience, it is very uncommon that all of an original sender’s mes- sages will be forwarded inside the relay chain to the same final receiver and be stored in the final receivers log file and no partial log file is created on any interim system. 3 Why the Method from the Counterpane Pa- per is not a solution to CEE needs 3.1 Technical Issues 3.1.1 Logical Channels Now let L0 = (L00 , L01 , . . .) be U0’s logfile and L1 = (L10 , L11 , . . .) be U1’s log file. Now I assume that L01 is a noise event, so U0 will actually transmit L00 , L02 , . . . to R. At this point, the paper’s verification method will correctly detect that messages ar missing at R, but nothing else can be obtained. Most importantly, the messages are deliberately missing, so this is not a failure in itself. One may now argue that to solve this problem, the method could be used on the logical transmission channel. This is true, but this also means the method does no longer guard the authenticity of the complete L0 set of original log messages but rather the authenticity of the subset that was transmitted over the channel. Furthermore, this becomes very complex if ther are many logical channels, as is the case in multi-level relay chains. Note that RFC5848 provides a solution to many of the questions that relate to logical channels, but leaves open for extension a number of very important cases in real-world deployments. The same problem occurs if R submits different type messages (e.g. authen- tication related and kernel-related) to different destinations. Let us assume that R received the following sequence of messages: L00 , L01 , L10 , L02 , L11 . The relay is configured to forward messages of a certain type, which happen to be L01 and L10 to destination T0 and all others to T1. While the relay is now capable to 2
verify each message, T0 and T1 are not, simply because each of them misses some messages inside the chain. Please keep in mind that I am describing typical setups found in practice. It is worth noting how RFC5848 solves this problem. In its section 4.2.3, it defines “Signature Groups”, which are actually logical channels. All messages inside a signature group must go to the same set of machines and each machine must have the whole set. RFC5848 then tries to define several potential criteria for building signature groups. The primary mechanism is the syslog PRI field, which has severe limits and thus can often not be used inside larger deployments. RFC5848 acknowledges this by providing an extension option (type “3”), which is not further specified. RFC5848 still permits to check the validity of a signature in case of missing messages2 . 3.1.2 Integrity of the Log as Whole Even if I put aside the complexities of logical channels, the log file LT on a des- tionation system T can not be verified as whole iff we assume that LT contains messages from different sources. For example, let LT contain L00 , L01 , L10 , L02 , L11 . Then an attacker could remove all records L0i from LT without this being no- ticed. The methods described in section 4.4 and 4.5 may be used to guard against this issue, but this comes of the price of tying all systems very closely together. 3.2 Existing Software One of our goals in CEE is to provide a practical solution that can be quickly adopted by real-world products and thus be used to solve practical problems currently being faced. Even if all technical issues I see were solved (or my analysis be wrong), we still had the problem that the method described in the Counterpane paper requires that • only a single protocol is used for logging • all existing software is adopted to this protocol • all other protocols are no longer used • all users always and immediately update all of their systems This seems absolutely impractical to me. 4 Quick Suggestion for a Practical Solution I do not intend to specify the technical details in this short paper, but would like to convey a core idea. In my view, a log file L is a set of log records Lui where u denotes the original sender and i the i-th log record it sent. In my opinion, 2But it is important to know that this stems back to the fact that signature are not part of the message itself. I will not go into more detail here, my main point was that “logical channels” are rather complex. 3
we should seperate the integrity of the individual message from the integrity of the log as whole. Signing individual messages reliably is hard, but there already exist methods to do that (e.g. RFC5848 and many proprietary solutions). We should simply permit that Lui , for all i, uses the signature method that u supports (which may be “none”). Then, we can sign L itself using some other method. This can be the one from the Counterpane paper, but also any other method that is considered sufficiently secure for the required task (there may even be different legal requirements in different countries). So we effectively have two layers, where different methods could be used for each layer. Of course, using different methods is not really desirable. Howerver, it may be the only solution in order to get something adopted and used in practice fast (I think the support for multiple CLS encodings and multiple CLT has the very same reasons). To make the two-layer approach work, we just need to define a proper con- tainer for original log records, and some rules to ensure that the original content is not modified. Then, any message signature method could be used with any file-signature method. References [1] B. Schneier and J. Kelsey. Secure audit logs to support computer foren- sics. ACM Transactions on Information and System Security (TISSEC), 2(2):159–176, 1999. 4

Recommended

Presentation
PresentationPresentation
PresentationLior Boim
 
Study and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityStudy and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityNazmul Hossain Rakib
 
Inter Process Comunication
Inter Process ComunicationInter Process Comunication
Inter Process ComunicationLaura Sofia Bruges Holguin
 
Crucigrama pinocho
Crucigrama pinochoCrucigrama pinocho
Crucigrama pinochoLizeth Soranlly Gaviria Pineda
 
Tecnología, a la educacion 1
Tecnología, a la educacion 1Tecnología, a la educacion 1
Tecnología, a la educacion 1Emy1718
 
Cadena alimentaria
Cadena alimentariaCadena alimentaria
Cadena alimentariaMabel Lopez
 
Autopsia
Autopsia Autopsia
Autopsia lacamilaylavaleria
 
Propiedad Intelectual y Software
Propiedad Intelectual y SoftwarePropiedad Intelectual y Software
Propiedad Intelectual y SoftwareKarenn Margiory Gonzalo Hernandez
 

Recommended

Presentation
PresentationPresentation
PresentationLior Boim
 
Study and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityStudy and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityNazmul Hossain Rakib
 
Inter Process Comunication
Inter Process ComunicationInter Process Comunication
Inter Process ComunicationLaura Sofia Bruges Holguin
 
Crucigrama pinocho
Crucigrama pinochoCrucigrama pinocho
Crucigrama pinochoLizeth Soranlly Gaviria Pineda
 
Tecnología, a la educacion 1
Tecnología, a la educacion 1Tecnología, a la educacion 1
Tecnología, a la educacion 1Emy1718
 
Cadena alimentaria
Cadena alimentariaCadena alimentaria
Cadena alimentariaMabel Lopez
 
Autopsia
Autopsia Autopsia
Autopsia lacamilaylavaleria
 
Propiedad Intelectual y Software
Propiedad Intelectual y SoftwarePropiedad Intelectual y Software
Propiedad Intelectual y SoftwareKarenn Margiory Gonzalo Hernandez
 
Sopa de letras educaplay
Sopa de letras educaplaySopa de letras educaplay
Sopa de letras educaplayMabel Lopez
 
Contruyendo fracciones
Contruyendo fraccionesContruyendo fracciones
Contruyendo fraccionesLily Kiroz
 
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUMECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUMhwacer123
 
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약jmeryer
 
ECE 430 WEEK 4 DQ 1&2
ECE 430 WEEK 4 DQ 1&2ECE 430 WEEK 4 DQ 1&2
ECE 430 WEEK 4 DQ 1&2hwacer123
 
Gina Lauracio
Gina LauracioGina Lauracio
Gina LauracioVanessa Geovanna
 
Ortografia grado 4
Ortografia grado 4Ortografia grado 4
Ortografia grado 4Jonathan Guisao
 
Portafolio 1 Nelly Marina
Portafolio 1 Nelly MarinaPortafolio 1 Nelly Marina
Portafolio 1 Nelly MarinaNelly Marina
 
LATIHAN UTS GENAP MTK WAJIB
LATIHAN UTS GENAP MTK WAJIB LATIHAN UTS GENAP MTK WAJIB
LATIHAN UTS GENAP MTK WAJIB Reza Radhitya
 
El arte de escribir correctamente
El arte de escribir correctamenteEl arte de escribir correctamente
El arte de escribir correctamenteJonathan Guisao
 
Ciber crimen
Ciber crimenCiber crimen
Ciber crimeneduardo vizcarra garcia
 
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...David Sweigert
 
Please answer all 3 question below.  Thank you1.  Give a short ans.docx
Please answer all 3 question below.  Thank you1.  Give a short ans.docxPlease answer all 3 question below.  Thank you1.  Give a short ans.docx
Please answer all 3 question below.  Thank you1.  Give a short ans.docxajoy21
 
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...ijdms
 
BigDataDebugging
BigDataDebuggingBigDataDebugging
BigDataDebuggingAsi Lifshitz
 
Introducing Blockchain with Java Program, Imple.pdf
Introducing Blockchain with Java Program, Imple.pdfIntroducing Blockchain with Java Program, Imple.pdf
Introducing Blockchain with Java Program, Imple.pdfhind400342
 
Lfu
LfuLfu
LfuAnirban Mitra
 
Distributed deadlock
Distributed deadlockDistributed deadlock
Distributed deadlockMd. Mahedi Mahfuj
 
1) What layers in the protocol stack(both logically and physically) .pdf
1) What layers in the protocol stack(both logically and physically) .pdf1) What layers in the protocol stack(both logically and physically) .pdf
1) What layers in the protocol stack(both logically and physically) .pdfmcmillenfawbushrom13
 
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...Lionel Briand
 
Real Time Operating Systems
Real Time Operating SystemsReal Time Operating Systems
Real Time Operating SystemsMurtadha Alsabbagh
 
seminarembedded-150504150805-conversion-gate02.pdf
seminarembedded-150504150805-conversion-gate02.pdfseminarembedded-150504150805-conversion-gate02.pdf
seminarembedded-150504150805-conversion-gate02.pdfkarunyamittapally
 

More Related Content

Viewers also liked

Sopa de letras educaplay
Sopa de letras educaplaySopa de letras educaplay
Sopa de letras educaplayMabel Lopez
 
Contruyendo fracciones
Contruyendo fraccionesContruyendo fracciones
Contruyendo fraccionesLily Kiroz
 
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUMECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUMhwacer123
 
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약jmeryer
 
ECE 430 WEEK 4 DQ 1&2
ECE 430 WEEK 4 DQ 1&2ECE 430 WEEK 4 DQ 1&2
ECE 430 WEEK 4 DQ 1&2hwacer123
 
Portafolio 1 Nelly Marina
Portafolio 1 Nelly MarinaPortafolio 1 Nelly Marina
Portafolio 1 Nelly MarinaNelly Marina
 
LATIHAN UTS GENAP MTK WAJIB
LATIHAN UTS GENAP MTK WAJIB LATIHAN UTS GENAP MTK WAJIB
LATIHAN UTS GENAP MTK WAJIB Reza Radhitya
 
El arte de escribir correctamente
El arte de escribir correctamenteEl arte de escribir correctamente
El arte de escribir correctamenteJonathan Guisao
 

Viewers also liked (11)

Sopa de letras educaplay
Sopa de letras educaplaySopa de letras educaplay
Sopa de letras educaplay
 
Contruyendo fracciones
Contruyendo fraccionesContruyendo fracciones
Contruyendo fracciones
 
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUMECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
 
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
 
ECE 430 WEEK 4 DQ 1&2
ECE 430 WEEK 4 DQ 1&2ECE 430 WEEK 4 DQ 1&2
ECE 430 WEEK 4 DQ 1&2
 
Gina Lauracio
Gina LauracioGina Lauracio
Gina Lauracio
 
Ortografia grado 4
Ortografia grado 4Ortografia grado 4
Ortografia grado 4
 
Portafolio 1 Nelly Marina
Portafolio 1 Nelly MarinaPortafolio 1 Nelly Marina
Portafolio 1 Nelly Marina
 
LATIHAN UTS GENAP MTK WAJIB
LATIHAN UTS GENAP MTK WAJIB LATIHAN UTS GENAP MTK WAJIB
LATIHAN UTS GENAP MTK WAJIB
 
El arte de escribir correctamente
El arte de escribir correctamenteEl arte de escribir correctamente
El arte de escribir correctamente
 
Ciber crimen
Ciber crimenCiber crimen
Ciber crimen
 

Similar to CEE Log Integrity and the "Counterpane Paper"

Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...David Sweigert
 
Please answer all 3 question below.  Thank you1.  Give a short ans.docx
Please answer all 3 question below.  Thank you1.  Give a short ans.docxPlease answer all 3 question below.  Thank you1.  Give a short ans.docx
Please answer all 3 question below.  Thank you1.  Give a short ans.docxajoy21
 
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...ijdms
 
Introducing Blockchain with Java Program, Imple.pdf
Introducing Blockchain with Java Program, Imple.pdfIntroducing Blockchain with Java Program, Imple.pdf
Introducing Blockchain with Java Program, Imple.pdfhind400342
 
1) What layers in the protocol stack(both logically and physically) .pdf
1) What layers in the protocol stack(both logically and physically) .pdf1) What layers in the protocol stack(both logically and physically) .pdf
1) What layers in the protocol stack(both logically and physically) .pdfmcmillenfawbushrom13
 
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...Lionel Briand
 
seminarembedded-150504150805-conversion-gate02.pdf
seminarembedded-150504150805-conversion-gate02.pdfseminarembedded-150504150805-conversion-gate02.pdf
seminarembedded-150504150805-conversion-gate02.pdfkarunyamittapally
 
Krabbe - messaging in loose groups
Krabbe - messaging in loose groupsKrabbe - messaging in loose groups
Krabbe - messaging in loose groupsVladimir Ulogov
 
Messaging System with Spring Boot dan RabbitMQ
Messaging System with Spring Boot dan RabbitMQMessaging System with Spring Boot dan RabbitMQ
Messaging System with Spring Boot dan RabbitMQM Firman Akbar
 
Report on Heartbleed
Report on HeartbleedReport on Heartbleed
Report on HeartbleedShiva Sagar
 

Similar to CEE Log Integrity and the "Counterpane Paper" (20)

Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
 
Please answer all 3 question below.  Thank you1.  Give a short ans.docx
Please answer all 3 question below.  Thank you1.  Give a short ans.docxPlease answer all 3 question below.  Thank you1.  Give a short ans.docx
Please answer all 3 question below.  Thank you1.  Give a short ans.docx
 
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
 
BigDataDebugging
BigDataDebuggingBigDataDebugging
BigDataDebugging
 
Introducing Blockchain with Java Program, Imple.pdf
Introducing Blockchain with Java Program, Imple.pdfIntroducing Blockchain with Java Program, Imple.pdf
Introducing Blockchain with Java Program, Imple.pdf
 
Lfu
LfuLfu
Lfu
 
Distributed deadlock
Distributed deadlockDistributed deadlock
Distributed deadlock
 
1) What layers in the protocol stack(both logically and physically) .pdf
1) What layers in the protocol stack(both logically and physically) .pdf1) What layers in the protocol stack(both logically and physically) .pdf
1) What layers in the protocol stack(both logically and physically) .pdf
 
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
 
Real Time Operating Systems
Real Time Operating SystemsReal Time Operating Systems
Real Time Operating Systems
 
seminarembedded-150504150805-conversion-gate02.pdf
seminarembedded-150504150805-conversion-gate02.pdfseminarembedded-150504150805-conversion-gate02.pdf
seminarembedded-150504150805-conversion-gate02.pdf
 
Process coordination
Process coordinationProcess coordination
Process coordination
 
Tcp/Ip Model
Tcp/Ip ModelTcp/Ip Model
Tcp/Ip Model
 
Krabbe - messaging in loose groups
Krabbe - messaging in loose groupsKrabbe - messaging in loose groups
Krabbe - messaging in loose groups
 
Messaging System with Spring Boot dan RabbitMQ
Messaging System with Spring Boot dan RabbitMQMessaging System with Spring Boot dan RabbitMQ
Messaging System with Spring Boot dan RabbitMQ
 
Pdp12
Pdp12Pdp12
Pdp12
 
Unit 06 dbms
Unit 06 dbmsUnit 06 dbms
Unit 06 dbms
 
Java Notes
Java NotesJava Notes
Java Notes
 
Understanding OpenFlow
Understanding OpenFlowUnderstanding OpenFlow
Understanding OpenFlow
 
Report on Heartbleed
Report on HeartbleedReport on Heartbleed
Report on Heartbleed
 

More from Rainer Gerhards

Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?Rainer Gerhards
 
Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)Rainer Gerhards
 
Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileUsing Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileRainer Gerhards
 
RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.Rainer Gerhards
 
Fedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkFedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkRainer Gerhards
 
The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)Rainer Gerhards
 
Writing External Rsyslog Plugins
Writing External Rsyslog PluginsWriting External Rsyslog Plugins
Writing External Rsyslog PluginsRainer Gerhards
 
Wetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die GrundschuleWetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die GrundschuleRainer Gerhards
 
Rsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal PresentationRsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal PresentationRainer Gerhards
 
Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)Rainer Gerhards
 
Status of syslog as of 2005
Status of syslog as of 2005Status of syslog as of 2005
Status of syslog as of 2005Rainer Gerhards
 
LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)Rainer Gerhards
 
Rsyslog log normalization
Rsyslog log normalizationRsyslog log normalization
Rsyslog log normalizationRainer Gerhards
 

More from Rainer Gerhards (15)

Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?
 
rsyslog meets docker
rsyslog meets dockerrsyslog meets docker
rsyslog meets docker
 
Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)
 
Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileUsing Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfile
 
RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.
 
Fedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkFedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 Talk
 
The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)
 
Writing External Rsyslog Plugins
Writing External Rsyslog PluginsWriting External Rsyslog Plugins
Writing External Rsyslog Plugins
 
Wetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die GrundschuleWetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die Grundschule
 
Rsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal PresentationRsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal Presentation
 
Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)
 
State of syslog (2005)
State of syslog (2005)State of syslog (2005)
State of syslog (2005)
 
Status of syslog as of 2005
Status of syslog as of 2005Status of syslog as of 2005
Status of syslog as of 2005
 
LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)
 
Rsyslog log normalization
Rsyslog log normalizationRsyslog log normalization
Rsyslog log normalization
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

CEE Log Integrity and the "Counterpane Paper"

  • 1. CEE Log Integrity and the “Counterpane Paper” [1] Rainer Gerhards rgerhards@hq.adiscon.com December 2, 2010 Abstract While “the Counterpane paper” provides an excellent method to secure logs against modification, I think it alone is not sufficient to protect real- world CEE logs. This short document provides my reasoning. 1 Quick Summary of the Paper This is by no means a complete summary, just an extraction of the most impor- tant facts as far as CEE is related (obviously based on my personal interpretation of this relationship). In [1], Schneier and Kelsey describe a system that can be used to secure audit logs in a way the enables tamper-detection. It is important to note some basic assumption these authors make about log files. In their terms, a log file is a sequence of log Records L0, L1, . . . where each log record Li+1 has a strict predecessor Li and no log records between Li and Li+1. Let L be the ordered set of all Li. In [1, Sect. 3.5, Item 4] Schneier and Kelsey show that it is possible to verify a subset of L, but this subset is restricted to all records from L0 to Ln for some n ≤ |L|. So the subset must always include the first record and all records until the final one requested. As such, the strict sequence of log records within the log file is still preserved1 . The overall idea of the scheme is similar to cipher block chaining: To sign Li+1, a hash obtained from Li is used. As such, a “chain of trust” is created from L0 to any Ln. This chain can be verified by obtaining L0, running the algorithm in sequence on any Li with 0 < i < n and finally verifying Ln based on Ln−1. By utilizing this chain, valid signatures can be obtained. Most importantly, if any Li with 0 ≤ i < n is missing, it’s non-presence can be detected by the fact that Li+1 fails verification. The paper also provides, in section 4.4 and 4.5, methods which with logs can be secured on multiple systems. But (as far as I understand the paper), even in these cases it is required that all log records are available on all systems. It is important to note that the scheme in theory can be used to re-start log processing for each individual message. However, in that case it would not 1The method is more powerful in that a reviewer is not necessarily enabled to actually read the contents of all obtained log records, but this is not important for my reasoning and so I ignore that 1
  • 2. be possible to detect mangled-with logs, as the extra protection provided over other schemes is rooted in the chaining algorithm. Signing single events - or related subsets - removes that capability. 2 Real-World Logging Scenarios I concentrate on syslog scenarios, as this is the area I am most familiar with. I think it can easily be extended to other protocols, provided that they offer relaying and filtering capabilities. Let U0, U1 be original senders, Let T0, T1 be final receivers and let R be a relay. A typical real-world deployment is that at the original sender level, some (noise) events are filtered out, and only the more important ones are sent to the relays. Inside the relay, events are often directed to different destinations based on their content. In some other setups, original senders may not discard any events and thus will forward everything. However, relays will probably still direct different mes- sages to different final destinations. In my experience, it is very uncommon that all of an original sender’s mes- sages will be forwarded inside the relay chain to the same final receiver and be stored in the final receivers log file and no partial log file is created on any interim system. 3 Why the Method from the Counterpane Pa- per is not a solution to CEE needs 3.1 Technical Issues 3.1.1 Logical Channels Now let L0 = (L00 , L01 , . . .) be U0’s logfile and L1 = (L10 , L11 , . . .) be U1’s log file. Now I assume that L01 is a noise event, so U0 will actually transmit L00 , L02 , . . . to R. At this point, the paper’s verification method will correctly detect that messages ar missing at R, but nothing else can be obtained. Most importantly, the messages are deliberately missing, so this is not a failure in itself. One may now argue that to solve this problem, the method could be used on the logical transmission channel. This is true, but this also means the method does no longer guard the authenticity of the complete L0 set of original log messages but rather the authenticity of the subset that was transmitted over the channel. Furthermore, this becomes very complex if ther are many logical channels, as is the case in multi-level relay chains. Note that RFC5848 provides a solution to many of the questions that relate to logical channels, but leaves open for extension a number of very important cases in real-world deployments. The same problem occurs if R submits different type messages (e.g. authen- tication related and kernel-related) to different destinations. Let us assume that R received the following sequence of messages: L00 , L01 , L10 , L02 , L11 . The relay is configured to forward messages of a certain type, which happen to be L01 and L10 to destination T0 and all others to T1. While the relay is now capable to 2
  • 3. verify each message, T0 and T1 are not, simply because each of them misses some messages inside the chain. Please keep in mind that I am describing typical setups found in practice. It is worth noting how RFC5848 solves this problem. In its section 4.2.3, it defines “Signature Groups”, which are actually logical channels. All messages inside a signature group must go to the same set of machines and each machine must have the whole set. RFC5848 then tries to define several potential criteria for building signature groups. The primary mechanism is the syslog PRI field, which has severe limits and thus can often not be used inside larger deployments. RFC5848 acknowledges this by providing an extension option (type “3”), which is not further specified. RFC5848 still permits to check the validity of a signature in case of missing messages2 . 3.1.2 Integrity of the Log as Whole Even if I put aside the complexities of logical channels, the log file LT on a des- tionation system T can not be verified as whole iff we assume that LT contains messages from different sources. For example, let LT contain L00 , L01 , L10 , L02 , L11 . Then an attacker could remove all records L0i from LT without this being no- ticed. The methods described in section 4.4 and 4.5 may be used to guard against this issue, but this comes of the price of tying all systems very closely together. 3.2 Existing Software One of our goals in CEE is to provide a practical solution that can be quickly adopted by real-world products and thus be used to solve practical problems currently being faced. Even if all technical issues I see were solved (or my analysis be wrong), we still had the problem that the method described in the Counterpane paper requires that • only a single protocol is used for logging • all existing software is adopted to this protocol • all other protocols are no longer used • all users always and immediately update all of their systems This seems absolutely impractical to me. 4 Quick Suggestion for a Practical Solution I do not intend to specify the technical details in this short paper, but would like to convey a core idea. In my view, a log file L is a set of log records Lui where u denotes the original sender and i the i-th log record it sent. In my opinion, 2But it is important to know that this stems back to the fact that signature are not part of the message itself. I will not go into more detail here, my main point was that “logical channels” are rather complex. 3
  • 4. we should seperate the integrity of the individual message from the integrity of the log as whole. Signing individual messages reliably is hard, but there already exist methods to do that (e.g. RFC5848 and many proprietary solutions). We should simply permit that Lui , for all i, uses the signature method that u supports (which may be “none”). Then, we can sign L itself using some other method. This can be the one from the Counterpane paper, but also any other method that is considered sufficiently secure for the required task (there may even be different legal requirements in different countries). So we effectively have two layers, where different methods could be used for each layer. Of course, using different methods is not really desirable. Howerver, it may be the only solution in order to get something adopted and used in practice fast (I think the support for multiple CLS encodings and multiple CLT has the very same reasons). To make the two-layer approach work, we just need to define a proper con- tainer for original log records, and some rules to ensure that the original content is not modified. Then, any message signature method could be used with any file-signature method. References [1] B. Schneier and J. Kelsey. Secure audit logs to support computer foren- sics. ACM Transactions on Information and System Security (TISSEC), 2(2):159–176, 1999. 4