SlideShare a Scribd company logo

CEE Log Integrity and the "Counterpane Paper"

Rainer Gerhards
Rainer Gerhards

What are the problems in signing log data while it traverses the network? This paper was originaly written to support CEE discussion on log integrity but also clearly describes both the problem and a partial, but practical solution to it. While it uses some CEE terms, it should be easy to follow without CEE knowledge. The paper was written in December 2010 and uploaded in May 2013 to make it easier to obtain it.

TechnologyBusiness
1 of 4
CEE Log Integrity and the “Counterpane Paper” [1] Rainer Gerhards rgerhards@hq.adiscon.com December 2, 2010 Abstract While “the Counterpane paper” provides an excellent method to secure logs against modification, I think it alone is not sufficient to protect real- world CEE logs. This short document provides my reasoning. 1 Quick Summary of the Paper This is by no means a complete summary, just an extraction of the most impor- tant facts as far as CEE is related (obviously based on my personal interpretation of this relationship). In [1], Schneier and Kelsey describe a system that can be used to secure audit logs in a way the enables tamper-detection. It is important to note some basic assumption these authors make about log files. In their terms, a log file is a sequence of log Records L0, L1, . . . where each log record Li+1 has a strict predecessor Li and no log records between Li and Li+1. Let L be the ordered set of all Li. In [1, Sect. 3.5, Item 4] Schneier and Kelsey show that it is possible to verify a subset of L, but this subset is restricted to all records from L0 to Ln for some n ≤ |L|. So the subset must always include the first record and all records until the final one requested. As such, the strict sequence of log records within the log file is still preserved1 . The overall idea of the scheme is similar to cipher block chaining: To sign Li+1, a hash obtained from Li is used. As such, a “chain of trust” is created from L0 to any Ln. This chain can be verified by obtaining L0, running the algorithm in sequence on any Li with 0 < i < n and finally verifying Ln based on Ln−1. By utilizing this chain, valid signatures can be obtained. Most importantly, if any Li with 0 ≤ i < n is missing, it’s non-presence can be detected by the fact that Li+1 fails verification. The paper also provides, in section 4.4 and 4.5, methods which with logs can be secured on multiple systems. But (as far as I understand the paper), even in these cases it is required that all log records are available on all systems. It is important to note that the scheme in theory can be used to re-start log processing for each individual message. However, in that case it would not 1The method is more powerful in that a reviewer is not necessarily enabled to actually read the contents of all obtained log records, but this is not important for my reasoning and so I ignore that 1
be possible to detect mangled-with logs, as the extra protection provided over other schemes is rooted in the chaining algorithm. Signing single events - or related subsets - removes that capability. 2 Real-World Logging Scenarios I concentrate on syslog scenarios, as this is the area I am most familiar with. I think it can easily be extended to other protocols, provided that they offer relaying and filtering capabilities. Let U0, U1 be original senders, Let T0, T1 be final receivers and let R be a relay. A typical real-world deployment is that at the original sender level, some (noise) events are filtered out, and only the more important ones are sent to the relays. Inside the relay, events are often directed to different destinations based on their content. In some other setups, original senders may not discard any events and thus will forward everything. However, relays will probably still direct different mes- sages to different final destinations. In my experience, it is very uncommon that all of an original sender’s mes- sages will be forwarded inside the relay chain to the same final receiver and be stored in the final receivers log file and no partial log file is created on any interim system. 3 Why the Method from the Counterpane Pa- per is not a solution to CEE needs 3.1 Technical Issues 3.1.1 Logical Channels Now let L0 = (L00 , L01 , . . .) be U0’s logfile and L1 = (L10 , L11 , . . .) be U1’s log file. Now I assume that L01 is a noise event, so U0 will actually transmit L00 , L02 , . . . to R. At this point, the paper’s verification method will correctly detect that messages ar missing at R, but nothing else can be obtained. Most importantly, the messages are deliberately missing, so this is not a failure in itself. One may now argue that to solve this problem, the method could be used on the logical transmission channel. This is true, but this also means the method does no longer guard the authenticity of the complete L0 set of original log messages but rather the authenticity of the subset that was transmitted over the channel. Furthermore, this becomes very complex if ther are many logical channels, as is the case in multi-level relay chains. Note that RFC5848 provides a solution to many of the questions that relate to logical channels, but leaves open for extension a number of very important cases in real-world deployments. The same problem occurs if R submits different type messages (e.g. authen- tication related and kernel-related) to different destinations. Let us assume that R received the following sequence of messages: L00 , L01 , L10 , L02 , L11 . The relay is configured to forward messages of a certain type, which happen to be L01 and L10 to destination T0 and all others to T1. While the relay is now capable to 2
verify each message, T0 and T1 are not, simply because each of them misses some messages inside the chain. Please keep in mind that I am describing typical setups found in practice. It is worth noting how RFC5848 solves this problem. In its section 4.2.3, it defines “Signature Groups”, which are actually logical channels. All messages inside a signature group must go to the same set of machines and each machine must have the whole set. RFC5848 then tries to define several potential criteria for building signature groups. The primary mechanism is the syslog PRI field, which has severe limits and thus can often not be used inside larger deployments. RFC5848 acknowledges this by providing an extension option (type “3”), which is not further specified. RFC5848 still permits to check the validity of a signature in case of missing messages2 . 3.1.2 Integrity of the Log as Whole Even if I put aside the complexities of logical channels, the log file LT on a des- tionation system T can not be verified as whole iff we assume that LT contains messages from different sources. For example, let LT contain L00 , L01 , L10 , L02 , L11 . Then an attacker could remove all records L0i from LT without this being no- ticed. The methods described in section 4.4 and 4.5 may be used to guard against this issue, but this comes of the price of tying all systems very closely together. 3.2 Existing Software One of our goals in CEE is to provide a practical solution that can be quickly adopted by real-world products and thus be used to solve practical problems currently being faced. Even if all technical issues I see were solved (or my analysis be wrong), we still had the problem that the method described in the Counterpane paper requires that • only a single protocol is used for logging • all existing software is adopted to this protocol • all other protocols are no longer used • all users always and immediately update all of their systems This seems absolutely impractical to me. 4 Quick Suggestion for a Practical Solution I do not intend to specify the technical details in this short paper, but would like to convey a core idea. In my view, a log file L is a set of log records Lui where u denotes the original sender and i the i-th log record it sent. In my opinion, 2But it is important to know that this stems back to the fact that signature are not part of the message itself. I will not go into more detail here, my main point was that “logical channels” are rather complex. 3
we should seperate the integrity of the individual message from the integrity of the log as whole. Signing individual messages reliably is hard, but there already exist methods to do that (e.g. RFC5848 and many proprietary solutions). We should simply permit that Lui , for all i, uses the signature method that u supports (which may be “none”). Then, we can sign L itself using some other method. This can be the one from the Counterpane paper, but also any other method that is considered sufficiently secure for the required task (there may even be different legal requirements in different countries). So we effectively have two layers, where different methods could be used for each layer. Of course, using different methods is not really desirable. Howerver, it may be the only solution in order to get something adopted and used in practice fast (I think the support for multiple CLS encodings and multiple CLT has the very same reasons). To make the two-layer approach work, we just need to define a proper con- tainer for original log records, and some rules to ensure that the original content is not modified. Then, any message signature method could be used with any file-signature method. References [1] B. Schneier and J. Kelsey. Secure audit logs to support computer foren- sics. ACM Transactions on Information and System Security (TISSEC), 2(2):159–176, 1999. 4

Recommended

Presentation
PresentationPresentation
Presentation
Lior Boim
 
Study and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityStudy and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer security
Nazmul Hossain Rakib
 
Inter Process Comunication
Inter Process ComunicationInter Process Comunication
Inter Process Comunication
Laura Sofia Bruges Holguin
 
Crucigrama pinocho
Crucigrama pinochoCrucigrama pinocho
Crucigrama pinocho
Lizeth Soranlly Gaviria Pineda
 
Tecnología, a la educacion 1
Tecnología, a la educacion 1Tecnología, a la educacion 1
Tecnología, a la educacion 1
Emy1718
 
Cadena alimentaria
Cadena alimentariaCadena alimentaria
Cadena alimentaria
Mabel Lopez
 
Autopsia
Autopsia Autopsia
Autopsia
lacamilaylavaleria
 
Propiedad Intelectual y Software
Propiedad Intelectual y SoftwarePropiedad Intelectual y Software
Propiedad Intelectual y Software
Karenn Margiory Gonzalo Hernandez
 

Recommended

Presentation
PresentationPresentation
Presentation
Lior Boim
 
Study and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityStudy and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer security
Nazmul Hossain Rakib
 
Inter Process Comunication
Inter Process ComunicationInter Process Comunication
Inter Process Comunication
Laura Sofia Bruges Holguin
 
Crucigrama pinocho
Crucigrama pinochoCrucigrama pinocho
Crucigrama pinocho
Lizeth Soranlly Gaviria Pineda
 
Tecnología, a la educacion 1
Tecnología, a la educacion 1Tecnología, a la educacion 1
Tecnología, a la educacion 1
Emy1718
 
Cadena alimentaria
Cadena alimentariaCadena alimentaria
Cadena alimentaria
Mabel Lopez
 
Autopsia
Autopsia Autopsia
Autopsia
lacamilaylavaleria
 
Propiedad Intelectual y Software
Propiedad Intelectual y SoftwarePropiedad Intelectual y Software
Propiedad Intelectual y Software
Karenn Margiory Gonzalo Hernandez
 
Sopa de letras educaplay
Sopa de letras educaplaySopa de letras educaplay
Sopa de letras educaplay
Mabel Lopez
 
Contruyendo fracciones
Contruyendo fraccionesContruyendo fracciones
Contruyendo fracciones
Lily Kiroz
 
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUMECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
hwacer123
 
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
jmeryer
 
ECE 430 WEEK 4 DQ 1&2
ECE 430 WEEK 4 DQ 1&2ECE 430 WEEK 4 DQ 1&2
ECE 430 WEEK 4 DQ 1&2
hwacer123
 
Gina Lauracio
Gina LauracioGina Lauracio
Gina Lauracio
Vanessa Geovanna
 
Ortografia grado 4
Ortografia grado 4Ortografia grado 4
Ortografia grado 4
Jonathan Guisao
 
Portafolio 1 Nelly Marina
Portafolio 1 Nelly MarinaPortafolio 1 Nelly Marina
Portafolio 1 Nelly Marina
Nelly Marina
 
LATIHAN UTS GENAP MTK WAJIB
LATIHAN UTS GENAP MTK WAJIB LATIHAN UTS GENAP MTK WAJIB
LATIHAN UTS GENAP MTK WAJIB
Reza Radhitya
 
El arte de escribir correctamente
El arte de escribir correctamenteEl arte de escribir correctamente
El arte de escribir correctamente
Jonathan Guisao
 
Ciber crimen
Ciber crimenCiber crimen
Ciber crimen
eduardo vizcarra garcia
 
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
David Sweigert
 
Please answer all 3 question below.  Thank you1.  Give a short ans.docx
Please answer all 3 question below.  Thank you1.  Give a short ans.docxPlease answer all 3 question below.  Thank you1.  Give a short ans.docx
Please answer all 3 question below.  Thank you1.  Give a short ans.docx
ajoy21
 
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
ijdms
 
BigDataDebugging
BigDataDebuggingBigDataDebugging
BigDataDebugging
Asi Lifshitz
 
Introducing Blockchain with Java Program, Imple.pdf
Introducing Blockchain with Java Program, Imple.pdfIntroducing Blockchain with Java Program, Imple.pdf
Introducing Blockchain with Java Program, Imple.pdf
hind400342
 
Lfu
LfuLfu
Lfu
Anirban Mitra
 
Distributed deadlock
Distributed deadlockDistributed deadlock
Distributed deadlock
Md. Mahedi Mahfuj
 
1) What layers in the protocol stack(both logically and physically) .pdf
1) What layers in the protocol stack(both logically and physically) .pdf1) What layers in the protocol stack(both logically and physically) .pdf
1) What layers in the protocol stack(both logically and physically) .pdf
mcmillenfawbushrom13
 
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Lionel Briand
 
Real Time Operating Systems
Real Time Operating SystemsReal Time Operating Systems
Real Time Operating Systems
Murtadha Alsabbagh
 
seminarembedded-150504150805-conversion-gate02.pdf
seminarembedded-150504150805-conversion-gate02.pdfseminarembedded-150504150805-conversion-gate02.pdf
seminarembedded-150504150805-conversion-gate02.pdf
karunyamittapally
 

More Related Content

Viewers also liked

ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUMECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
hwacer123
 
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
jmeryer
 
ECE 430 WEEK 4 DQ 1&2
ECE 430 WEEK 4 DQ 1&2ECE 430 WEEK 4 DQ 1&2
ECE 430 WEEK 4 DQ 1&2
hwacer123
 

Viewers also liked (11)

Sopa de letras educaplay
Sopa de letras educaplaySopa de letras educaplay
Sopa de letras educaplay
 
Contruyendo fracciones
Contruyendo fraccionesContruyendo fracciones
Contruyendo fracciones
 
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUMECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
ECE 203 WEEK 1 ONGOING ASSESSMENT IN DEVELOPING MEANINGFUL CURRICULUM
 
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
단기금융상품\【 FUN88。CO。KR】\제주도여행견적비교 유레일패스예약
 
ECE 430 WEEK 4 DQ 1&2
ECE 430 WEEK 4 DQ 1&2ECE 430 WEEK 4 DQ 1&2
ECE 430 WEEK 4 DQ 1&2
 
Gina Lauracio
Gina LauracioGina Lauracio
Gina Lauracio
 
Ortografia grado 4
Ortografia grado 4Ortografia grado 4
Ortografia grado 4
 
Portafolio 1 Nelly Marina
Portafolio 1 Nelly MarinaPortafolio 1 Nelly Marina
Portafolio 1 Nelly Marina
 
LATIHAN UTS GENAP MTK WAJIB
LATIHAN UTS GENAP MTK WAJIB LATIHAN UTS GENAP MTK WAJIB
LATIHAN UTS GENAP MTK WAJIB
 
El arte de escribir correctamente
El arte de escribir correctamenteEl arte de escribir correctamente
El arte de escribir correctamente
 
Ciber crimen
Ciber crimenCiber crimen
Ciber crimen
 

Similar to CEE Log Integrity and the "Counterpane Paper"

Please answer all 3 question below.  Thank you1.  Give a short ans.docx
Please answer all 3 question below.  Thank you1.  Give a short ans.docxPlease answer all 3 question below.  Thank you1.  Give a short ans.docx
Please answer all 3 question below.  Thank you1.  Give a short ans.docx
ajoy21
 
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
ijdms
 
1) What layers in the protocol stack(both logically and physically) .pdf
1) What layers in the protocol stack(both logically and physically) .pdf1) What layers in the protocol stack(both logically and physically) .pdf
1) What layers in the protocol stack(both logically and physically) .pdf
mcmillenfawbushrom13
 
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Lionel Briand
 
seminarembedded-150504150805-conversion-gate02.pdf
seminarembedded-150504150805-conversion-gate02.pdfseminarembedded-150504150805-conversion-gate02.pdf
seminarembedded-150504150805-conversion-gate02.pdf
karunyamittapally
 

Similar to CEE Log Integrity and the "Counterpane Paper" (20)

Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
Intrusion Detection and Discovery via Log Correlation to support HIPAA Securi...
 
Please answer all 3 question below.  Thank you1.  Give a short ans.docx
Please answer all 3 question below.  Thank you1.  Give a short ans.docxPlease answer all 3 question below.  Thank you1.  Give a short ans.docx
Please answer all 3 question below.  Thank you1.  Give a short ans.docx
 
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
 
BigDataDebugging
BigDataDebuggingBigDataDebugging
BigDataDebugging
 
Introducing Blockchain with Java Program, Imple.pdf
Introducing Blockchain with Java Program, Imple.pdfIntroducing Blockchain with Java Program, Imple.pdf
Introducing Blockchain with Java Program, Imple.pdf
 
Lfu
LfuLfu
Lfu
 
Distributed deadlock
Distributed deadlockDistributed deadlock
Distributed deadlock
 
1) What layers in the protocol stack(both logically and physically) .pdf
1) What layers in the protocol stack(both logically and physically) .pdf1) What layers in the protocol stack(both logically and physically) .pdf
1) What layers in the protocol stack(both logically and physically) .pdf
 
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
 
Real Time Operating Systems
Real Time Operating SystemsReal Time Operating Systems
Real Time Operating Systems
 
seminarembedded-150504150805-conversion-gate02.pdf
seminarembedded-150504150805-conversion-gate02.pdfseminarembedded-150504150805-conversion-gate02.pdf
seminarembedded-150504150805-conversion-gate02.pdf
 
Process coordination
Process coordinationProcess coordination
Process coordination
 
Tcp/Ip Model
Tcp/Ip ModelTcp/Ip Model
Tcp/Ip Model
 
Krabbe - messaging in loose groups
Krabbe - messaging in loose groupsKrabbe - messaging in loose groups
Krabbe - messaging in loose groups
 
Messaging System with Spring Boot dan RabbitMQ
Messaging System with Spring Boot dan RabbitMQMessaging System with Spring Boot dan RabbitMQ
Messaging System with Spring Boot dan RabbitMQ
 
Pdp12
Pdp12Pdp12
Pdp12
 
Unit 06 dbms
Unit 06 dbmsUnit 06 dbms
Unit 06 dbms
 
Java Notes
Java NotesJava Notes
Java Notes
 
Understanding OpenFlow
Understanding OpenFlowUnderstanding OpenFlow
Understanding OpenFlow
 
Report on Heartbleed
Report on HeartbleedReport on Heartbleed
Report on Heartbleed
 

More from Rainer Gerhards

RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.
Rainer Gerhards
 

More from Rainer Gerhards (15)

Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?
 
rsyslog meets docker
rsyslog meets dockerrsyslog meets docker
rsyslog meets docker
 
Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)
 
Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileUsing Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfile
 
RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.
 
Fedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkFedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 Talk
 
The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)
 
Writing External Rsyslog Plugins
Writing External Rsyslog PluginsWriting External Rsyslog Plugins
Writing External Rsyslog Plugins
 
Wetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die GrundschuleWetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die Grundschule
 
Rsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal PresentationRsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal Presentation
 
Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)
 
State of syslog (2005)
State of syslog (2005)State of syslog (2005)
State of syslog (2005)
 
Status of syslog as of 2005
Status of syslog as of 2005Status of syslog as of 2005
Status of syslog as of 2005
 
LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)
 
Rsyslog log normalization
Rsyslog log normalizationRsyslog log normalization
Rsyslog log normalization
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

CEE Log Integrity and the "Counterpane Paper"

  • 1. CEE Log Integrity and the “Counterpane Paper” [1] Rainer Gerhards rgerhards@hq.adiscon.com December 2, 2010 Abstract While “the Counterpane paper” provides an excellent method to secure logs against modification, I think it alone is not sufficient to protect real- world CEE logs. This short document provides my reasoning. 1 Quick Summary of the Paper This is by no means a complete summary, just an extraction of the most impor- tant facts as far as CEE is related (obviously based on my personal interpretation of this relationship). In [1], Schneier and Kelsey describe a system that can be used to secure audit logs in a way the enables tamper-detection. It is important to note some basic assumption these authors make about log files. In their terms, a log file is a sequence of log Records L0, L1, . . . where each log record Li+1 has a strict predecessor Li and no log records between Li and Li+1. Let L be the ordered set of all Li. In [1, Sect. 3.5, Item 4] Schneier and Kelsey show that it is possible to verify a subset of L, but this subset is restricted to all records from L0 to Ln for some n ≤ |L|. So the subset must always include the first record and all records until the final one requested. As such, the strict sequence of log records within the log file is still preserved1 . The overall idea of the scheme is similar to cipher block chaining: To sign Li+1, a hash obtained from Li is used. As such, a “chain of trust” is created from L0 to any Ln. This chain can be verified by obtaining L0, running the algorithm in sequence on any Li with 0 < i < n and finally verifying Ln based on Ln−1. By utilizing this chain, valid signatures can be obtained. Most importantly, if any Li with 0 ≤ i < n is missing, it’s non-presence can be detected by the fact that Li+1 fails verification. The paper also provides, in section 4.4 and 4.5, methods which with logs can be secured on multiple systems. But (as far as I understand the paper), even in these cases it is required that all log records are available on all systems. It is important to note that the scheme in theory can be used to re-start log processing for each individual message. However, in that case it would not 1The method is more powerful in that a reviewer is not necessarily enabled to actually read the contents of all obtained log records, but this is not important for my reasoning and so I ignore that 1
  • 2. be possible to detect mangled-with logs, as the extra protection provided over other schemes is rooted in the chaining algorithm. Signing single events - or related subsets - removes that capability. 2 Real-World Logging Scenarios I concentrate on syslog scenarios, as this is the area I am most familiar with. I think it can easily be extended to other protocols, provided that they offer relaying and filtering capabilities. Let U0, U1 be original senders, Let T0, T1 be final receivers and let R be a relay. A typical real-world deployment is that at the original sender level, some (noise) events are filtered out, and only the more important ones are sent to the relays. Inside the relay, events are often directed to different destinations based on their content. In some other setups, original senders may not discard any events and thus will forward everything. However, relays will probably still direct different mes- sages to different final destinations. In my experience, it is very uncommon that all of an original sender’s mes- sages will be forwarded inside the relay chain to the same final receiver and be stored in the final receivers log file and no partial log file is created on any interim system. 3 Why the Method from the Counterpane Pa- per is not a solution to CEE needs 3.1 Technical Issues 3.1.1 Logical Channels Now let L0 = (L00 , L01 , . . .) be U0’s logfile and L1 = (L10 , L11 , . . .) be U1’s log file. Now I assume that L01 is a noise event, so U0 will actually transmit L00 , L02 , . . . to R. At this point, the paper’s verification method will correctly detect that messages ar missing at R, but nothing else can be obtained. Most importantly, the messages are deliberately missing, so this is not a failure in itself. One may now argue that to solve this problem, the method could be used on the logical transmission channel. This is true, but this also means the method does no longer guard the authenticity of the complete L0 set of original log messages but rather the authenticity of the subset that was transmitted over the channel. Furthermore, this becomes very complex if ther are many logical channels, as is the case in multi-level relay chains. Note that RFC5848 provides a solution to many of the questions that relate to logical channels, but leaves open for extension a number of very important cases in real-world deployments. The same problem occurs if R submits different type messages (e.g. authen- tication related and kernel-related) to different destinations. Let us assume that R received the following sequence of messages: L00 , L01 , L10 , L02 , L11 . The relay is configured to forward messages of a certain type, which happen to be L01 and L10 to destination T0 and all others to T1. While the relay is now capable to 2
  • 3. verify each message, T0 and T1 are not, simply because each of them misses some messages inside the chain. Please keep in mind that I am describing typical setups found in practice. It is worth noting how RFC5848 solves this problem. In its section 4.2.3, it defines “Signature Groups”, which are actually logical channels. All messages inside a signature group must go to the same set of machines and each machine must have the whole set. RFC5848 then tries to define several potential criteria for building signature groups. The primary mechanism is the syslog PRI field, which has severe limits and thus can often not be used inside larger deployments. RFC5848 acknowledges this by providing an extension option (type “3”), which is not further specified. RFC5848 still permits to check the validity of a signature in case of missing messages2 . 3.1.2 Integrity of the Log as Whole Even if I put aside the complexities of logical channels, the log file LT on a des- tionation system T can not be verified as whole iff we assume that LT contains messages from different sources. For example, let LT contain L00 , L01 , L10 , L02 , L11 . Then an attacker could remove all records L0i from LT without this being no- ticed. The methods described in section 4.4 and 4.5 may be used to guard against this issue, but this comes of the price of tying all systems very closely together. 3.2 Existing Software One of our goals in CEE is to provide a practical solution that can be quickly adopted by real-world products and thus be used to solve practical problems currently being faced. Even if all technical issues I see were solved (or my analysis be wrong), we still had the problem that the method described in the Counterpane paper requires that • only a single protocol is used for logging • all existing software is adopted to this protocol • all other protocols are no longer used • all users always and immediately update all of their systems This seems absolutely impractical to me. 4 Quick Suggestion for a Practical Solution I do not intend to specify the technical details in this short paper, but would like to convey a core idea. In my view, a log file L is a set of log records Lui where u denotes the original sender and i the i-th log record it sent. In my opinion, 2But it is important to know that this stems back to the fact that signature are not part of the message itself. I will not go into more detail here, my main point was that “logical channels” are rather complex. 3
  • 4. we should seperate the integrity of the individual message from the integrity of the log as whole. Signing individual messages reliably is hard, but there already exist methods to do that (e.g. RFC5848 and many proprietary solutions). We should simply permit that Lui , for all i, uses the signature method that u supports (which may be “none”). Then, we can sign L itself using some other method. This can be the one from the Counterpane paper, but also any other method that is considered sufficiently secure for the required task (there may even be different legal requirements in different countries). So we effectively have two layers, where different methods could be used for each layer. Of course, using different methods is not really desirable. Howerver, it may be the only solution in order to get something adopted and used in practice fast (I think the support for multiple CLS encodings and multiple CLT has the very same reasons). To make the two-layer approach work, we just need to define a proper con- tainer for original log records, and some rules to ensure that the original content is not modified. Then, any message signature method could be used with any file-signature method. References [1] B. Schneier and J. Kelsey. Secure audit logs to support computer foren- sics. ACM Transactions on Information and System Security (TISSEC), 2(2):159–176, 1999. 4