>From: "Travis H." <[EMAIL PROTECTED]> >Sent: Jul 14, 2006 11:22 PM >To: David Mercer <[EMAIL PROTECTED]> >Cc: cryptography@metzdowd.com >Subject: Re: Interesting bit of a quote
... >The problem with this is determining if the media has been replaced. >Absent other protections, one could simply write a new WORM media with >falsified information. > >I can see two ways of dealing with this: > >1) Some kind of physical authenticity, such as signing one's name on >the media as they are produced (this assumes the signer is not >corruptible), or applying a frangible difficult-to-duplicate seal of >some kind (this assumes access controls on the seals). I think this is going to resolve to chain-of-custody rules of some kind. One problem is that so long as the company making the records is storing them onsite, it's hard for an outside auditor to be sure they aren't being tampered with. (Can the CEO really not work out a way to get one of his guys access to the tape storage vault?) >2) Some kind of hash chain covering the contents, combined with >publication of the hashes somewhere where they cannot be altered (e.g. >publish hash periodically in a classified ad in a newspaper). You could do the whole digital timestamping thing here. You could also just submit hashes of this week's backup tape to your auditor and the SEC or something. Another solution is to use cryptographic audit logs. Bruce Schneier and I did some work on this several years ago, using a MAC to authenticate the current record as it's written, and a one-way function to derive the next key. (This idea was apparently developed by at least two other people independently.) Jason Holt has extended this idea to use digital signatures, which makes them far more practical. One caveat is that cryptographic audit logs only work if the logging machine is honest when the logs are written. --John --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]