Thread: [Jsdsi-users] Re: Opnion
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
jsdsi-users
|
From: Sameer A. <aj...@gm...> - 2004-06-28 16:13:34
|
Luis, This is an interesting idea. You're essentially proposing that each user sign a statement that says that they did some task (such as create a document, in your example). This serves as a signed audit trail that can later be used to check whether people are doing their jobs and (possibly) track down security problems. But it's not clear whether signed logs really help, since if someone breaks into my account and gains access to my private key, they can sign logs saying whatever they want. But let's assume for now that we want signed logs... One way to model this in SPKI/SDSI is with a cert whose subject is an ObjectHash of the object that was created / modified (e.g., the document). But it doesn't make much sense for this to be an AuthCert (you're not authorizing the document) or a NameCert (you're not naming the document), so you need some other way to make the statement (e.g., a LogCert). I can see why you used a "tag" here---tags provide a generic way to make any statement---but I don't think they're really approprate (what does a SetTag or PrefixTag mean for a LogCert?) So it seems like we need some other way to express what happened. Perhaps a Cert is the wrong model altogether. You're not really certifying anything. But what you might want is for each log entry to include a hash of the log entries that preceded it. This would be cryptographic evidence of causal order, i.e., if my log entry "sold some stock" includes the hash of your entry "discovered fundamental flaw in business model," then people might question whether I had just engaged in soem insider trading :) Of course, you would need a system that forced me to include the hash of the most recent log entry for this to work. I can't say more on this right now, but it's an inetresting topic. I'm CC'ing jsdsi-users. Sameer On Mon, 28 Jun 2004 16:54:04 +0100, Luis Pedro <lp...@ne...> wrote: > > Sameer, > > With all the work and the latest errors on jsdsi :), i forgot to ask you > your opnion about one thing. > > Some guys here, proposed that after the certificates had been proved and the > operation performed some register should be keeped of that operation and > stored with the information of who done it, to prevent repudiation. > > Of every ideias that they gave i personally didn't like none and i had the > ideia of making a LogCertificate basead on s-exps. The LogCertificate serves > only to keep information of the user that performed the operation, it's not > to be used on an kind o proving. The result was a certificate like this(just > with issuer, tag, date and signed): > > (sequence > (cert > (issuer > (public-key > (rsa > (e #010001#) > (n > > |AL7JF0DGsaHbXU3q1Ev1cTvc47E0AzFmvQq61B2hOO8QBMux7ePfW5ilF63ZDgxUKnQLOuY1uUP > Y0Ix1laylkbEmgO/ > > m4/MikVxvd7xUVKQHSe0AhlkdaBmttLoc7vTcab13Bs8OBWHNSFgAeKqBSB7FKTQto8fLqZ/yHPd > 5gBuj|)))) > (tag "criar documento") > (date "2004-06-27_15:05:32")) > (signature > (hash md5 |T09AkMhiysUE6HHxKEMbcQ==|) > (public-key > (rsa > (e #010001#) > (n > > |AL7JF0DGsaHbXU3q1Ev1cTvc47E0AzFmvQq61B2hOO8QBMux7ePfW5ilF63ZDgxUKnQLOuY1uUP > Y0Ix1laylkbEmgO/m4/ > > MikVxvd7xUVKQHSe0AhlkdaBmttLoc7vTcab13Bs8OBWHNSFgAeKqBSB7FKTQto8fLqZ/yHPd5gB > uj|))) > (MD5withRSA > > |AdlEIhnXmQMpzonnQsL4Htp9ACzQtAYTNoS0y1XfA3qLTd7qJ2CYJ0b8YsFpY31pkSNYpS8iYWP > BNrfn68yKCu5Xs2aQR > > CQTGplUPeWGtk627XdFZJN2N6NgD5e423tn0OwxIZ1sLR0rpIkcNTh9z/J9VXoJoyfgcGGXa5wZZ > v4=|))) > > What i want to ask u is if exist another way or even better way of storing > this kind of information about the operation performed by a user? > > Thanks, > > -- Luis Pedro > > |
|
From: Sean R. <sra...@ae...> - 2004-06-28 16:42:59
|
Here's how I have implemented a solution to this problem (I'll illustrate with a user creating a document): 1. A user creates a document. 2. The document is signed (jsdsi.Signature) using the user's private key and the signature stored with the document. 3. A log entry is then created with the following details: - the user - the date - the document signature value calculated in 2 - the id of a reference log entry - the hash of the data values in the reference log entry 4. The log entry is then signed and the signature stored with it. In this way you can verify the integrity of the document by examining its signature and then tracking back through the signatures of the log entries (as far back as deemed appropriate). Hope that gives you some food for thought. Sean On Mon, 2004-06-28 at 17:13, Sameer Ajmani wrote: > Luis, > > This is an interesting idea. You're essentially proposing that each > user sign a statement that says that they did some task (such as > create a document, in your example). This serves as a signed audit > trail that can later be used to check whether people are doing their > jobs and (possibly) track down security problems. But it's not clear > whether signed logs really help, since if someone breaks into my > account and gains access to my private key, they can sign logs saying > whatever they want. But let's assume for now that we want signed > logs... > > One way to model this in SPKI/SDSI is with a cert whose subject is an > ObjectHash of the object that was created / modified (e.g., the > document). But it doesn't make much sense for this to be an AuthCert > (you're not authorizing the document) or a NameCert (you're not naming > the document), so you need some other way to make the statement (e.g., > a LogCert). I can see why you used a "tag" here---tags provide a > generic way to make any statement---but I don't think they're really > approprate (what does a SetTag or PrefixTag mean for a LogCert?) So > it seems like we need some other way to express what happened. > > Perhaps a Cert is the wrong model altogether. You're not really > certifying anything. But what you might want is for each log entry to > include a hash of the log entries that preceded it. This would be > cryptographic evidence of causal order, i.e., if my log entry "sold > some stock" includes the hash of your entry "discovered fundamental > flaw in business model," then people might question whether I had just > engaged in soem insider trading :) Of course, you would need a system > that forced me to include the hash of the most recent log entry for > this to work. > > I can't say more on this right now, but it's an inetresting topic. > I'm CC'ing jsdsi-users. > > Sameer > > > On Mon, 28 Jun 2004 16:54:04 +0100, Luis Pedro <lp...@ne...> wrote: > > > > Sameer, > > > > With all the work and the latest errors on jsdsi :), i forgot to ask you > > your opnion about one thing. > > > > Some guys here, proposed that after the certificates had been proved and the > > operation performed some register should be keeped of that operation and > > stored with the information of who done it, to prevent repudiation. > > > > Of every ideias that they gave i personally didn't like none and i had the > > ideia of making a LogCertificate basead on s-exps. The LogCertificate serves > > only to keep information of the user that performed the operation, it's not > > to be used on an kind o proving. The result was a certificate like this(just > > with issuer, tag, date and signed): > > > > (sequence > > (cert > > (issuer > > (public-key > > (rsa > > (e #010001#) > > (n > > > > |AL7JF0DGsaHbXU3q1Ev1cTvc47E0AzFmvQq61B2hOO8QBMux7ePfW5ilF63ZDgxUKnQLOuY1uUP > > Y0Ix1laylkbEmgO/ > > > > m4/MikVxvd7xUVKQHSe0AhlkdaBmttLoc7vTcab13Bs8OBWHNSFgAeKqBSB7FKTQto8fLqZ/yHPd > > 5gBuj|)))) > > (tag "criar documento") > > (date "2004-06-27_15:05:32")) > > (signature > > (hash md5 |T09AkMhiysUE6HHxKEMbcQ==|) > > (public-key > > (rsa > > (e #010001#) > > (n > > > > |AL7JF0DGsaHbXU3q1Ev1cTvc47E0AzFmvQq61B2hOO8QBMux7ePfW5ilF63ZDgxUKnQLOuY1uUP > > Y0Ix1laylkbEmgO/m4/ > > > > MikVxvd7xUVKQHSe0AhlkdaBmttLoc7vTcab13Bs8OBWHNSFgAeKqBSB7FKTQto8fLqZ/yHPd5gB > > uj|))) > > (MD5withRSA > > > > |AdlEIhnXmQMpzonnQsL4Htp9ACzQtAYTNoS0y1XfA3qLTd7qJ2CYJ0b8YsFpY31pkSNYpS8iYWP > > BNrfn68yKCu5Xs2aQR > > > > CQTGplUPeWGtk627XdFZJN2N6NgD5e423tn0OwxIZ1sLR0rpIkcNTh9z/J9VXoJoyfgcGGXa5wZZ > > v4=|))) > > > > What i want to ask u is if exist another way or even better way of storing > > this kind of information about the operation performed by a user? > > > > Thanks, > > > > -- Luis Pedro > > > > > > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > digital self defense, top technical experts, no vendor pitches, > unmatched networking opportunities. Visit www.blackhat.com > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X