[EROS-Arch] Error logging
Ben Laurie
ben@algroup.co.uk
Tue, 25 Sep 2001 22:48:37 +0100
Bill Frantz wrote:
>
> At 6:00 PM -0700 9/24/01, Jonathan S. Shapiro wrote:
> >This seems incorrect to me. My trust in the space bank is predicated on an
> >assumption that no offline disk forensics will transpire. This is not the
> >same as sweet-talking the administrator. One can imagine cryptographic
> >shared-key mechanisms for logging in which the administrator couldn't
> >retrieve the log in plain text form at all without the developer's consent.
>
> I think that this issue is the key to my queaziness with the guarantees we
> are discussing here. I think that read-only examination of disk images is
> quite safe, and well within the capabilities (standard English meaning) of
> the hacker community. Lets try to guard against this attack.
>
> The first thought is that public key encryption could encrypt the log
> entries while the developer holds the secret key. However, a pure public
> key system will probably be too expensive for logging at any reasonable
> rate. (It would cost something on the order of a modular exponention for
> each 1024 bits of data in the log.)
I don't see how it helps, anyway. The mechanism is easily subverted by
modifying the application slightly (e.g. change the key).
> The next approach involves encrypting the log entries with a symmetric
> cypher and using a public key system to encrypt the symmetric cypher key.
> If the symmetric key is selected by a good random process (a hard problem
> in itself, but the random source in the Pentium chip set offers a
> reasonable approach on that hardware), and the key is never written to the
> disk, then we are requiring our hacker to run an ICE or VMWare level
> debugger to grab the key from main memory. We at least have cut down the
> population of people who can mount the attack.
>
> (It occurs to me that it might be possible to pre-define the random numbers
> that VMWare passes to systems running under it. That might make the attack
> much easier. There may be a similar approach at the hardware level.)
>
> I think I remain queazy.
Me, too. All the cut in population did was reduce it from loads to lots.
But even if it cut it to one, its hopeless - its broken (in the crypto
sense)!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff