Re: Audit trail security tricks...one approach, in hardware...

From: Jim March <jmarch_at_prodigy_dot_net>
Date: Tue Nov 09 2004 - 19:24:10 CST

charlie strauss wrote:

>In response to Jim March's pointing out that the paper log generation events dont show up in the computer logs. I am wondering what technical means can not only make audit log changes detectable but also make them very difficult.
>
>If the systems were on line one could use a remote, crytographic time-stamped-hash server, but I dont think we want them on-line.
>
>Is it technically feasible for a conventional CD-R in normal CD iso-data format to write short records without buffering them in large batches (that would delay their commitment to the CD)? I've used multi-session CD-Rs but the sessions tend to be large so perhaps the iso format limits the number of these events??
>
>If so one could use serial number stamped CDs for the loggers and not drive up the price with special logger hardware.
>
>Or has OVC already dealt with this another way.
>

The first thing that occurs to me is that the central tabulator box will
have a CD burner on it at a minimum, and a good case can be made for
either standard DVD-burners at 4.7gig or even the new 8.4gig DVD
standard (burner drives on sale at Fry's right now for about $250, so
figure price drops...). 50 to 200gig specifications for "super DVDs"
are in the planning stages and should be shipping inside of a year.
Anything we develop for the current .7, 4.7 or 8.4gig standards could be
re-written for higher capacity drives in a snap.

Then, in software, first thing you do is burn a serial number to the
disk. You then consecutively burn audit log material under software
control.

Needs fleshing out of course...we have to use a write-once unerasable
system so every time we write an audit log item we have to re-write the
whole audit log. Which is why I would make a case for DVD 4.7gig at a
minimum...still, you could easily cover the setup process for an
election and that entire election's audit log under such a process. You
need the drive anyways to do data backups and the drives are cheap
enough, you could have two on the tabulator: one to continuously deal
with audit logs, another to do backups before during and after the
election. But with DVD 4.7 burners at $100 and under retail, that's not
impractical at all...

What else...any standard PC will be able to read the "last audit log
burned". Prior ones could be too, with specialty software already on
the market.

Thoughts?

Jim
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue Nov 30 23:17:22 2004

This archive was generated by hypermail 2.1.8 : Tue Nov 30 2004 - 23:17:44 CST