Re: [Fwd: Re: Secure logging - explained]

From: Michael Hay <michael_dot_hay_at_gmail_dot_com>
Date: Mon Nov 15 2004 - 08:28:56 CST

Question. If the OVC software morphed into an online version of a
voting system how would we perform secure logging? Would something
like the Secure Syslog stuff at UCSD be applicable? If not what
changes would be needed to make Secure Syslog robust enough?


Being in storage and all all the talk of WORM media is rather
interesting to see. Some interesting background is that most
companies who are after Sarbanes-Oxley SEC regulatory compliance are
more interested in the ability to lock things at a file level. The
big key here is that the content managment systems and the storage
media are both required to keep logs of what has happened to the data
since it was locked. The validation comes from checking multiple
independant sources and comparing them against one another. If the
audit trails line up then a sense of "truth" is aparent.

Back to the online thing again, is there any chance we could have a
system that used a single server at a polling place with multiple thin
clients? This kind of architecture might be a variant of one required
for on-line voting, thoughts?


On Thu, 11 Nov 2004 20:55:52 -0800, Fred McLain <> wrote:
> Thanks for saying this much more clearly Robert. Well said.
> Another thought I had this evening was the clearly larger capacity of
> CD-Rs. A singular failure of a CD-R would certainly wipe out the entire
> audit log. This isn't a fault of a paper audit log. Since the log just
> records events during the tally process, not individual votes, it's
> unlikely we would use even a small fraction of a CD. I'll also bring
> into question the idea that we'd have to use a lot of register tape to
> record a tally log. At about 8 entries per inch, a typical 220' roll
> could record over 21,000 'events' that occurred during the vote count.
> That sounds like a reasonable number to me.
> On airplanes we often use wire based recorders for the black box
> systems. A magnetic recording on wire spools. Although this is
> changing to hardened digital systems, the wire recorders lasted well
> into the fly-by-wire control systems and digital "dashboards" for
> airliners. It even outlasted replacing copper with optical cables in
> the 747-400. The reason? They are very, very durable. The same can be
> said for paper trails vs digital ones. At the very least, let's have a
> paper backup for audit trails, even if we record them on CD.
> -Fred-
> On Thu, 2004-11-11 at 08:07, Robert Rapplean wrote:
> > Now that Fred mentions the archival quality and reliability of CD media,
> >
> > I have to agree. Your typical CD has a shelf life of five to ten years,
> > and this drops to about six months to two years if you put any kind of
> > adhesive label on them.
> >
> > Also, in the experience of myself and my friends, the typical CD has
> > roughly a 20-50% failure to burn rate. I'm very much in the habit of
> > throwing away every other CD because they don't burn correctly. This is
> > partially because of borderline shoddy CD production, and partially
> > because of the inherent inaccuracy of the typical mass-market $50 CD
> > burner. The price you quote for DVD burners is for the low-end,
> > low-quality DVD burner. I haven't purchased an extensive collection of
> > DVD burners, but if they're anything like CD burners then the low end
> > will not be a reliable solution. I had to spend four to five times the
> > base CD burner price in order to purchase a CD burner which didn't waste
> > every other CD I tried to burn, or need to be replaced after about a
> > year of occasional use.
> >
> > In order to get production quality (and reliably auditable) CD burning,
> > you would have to spend something like $150 per burner, and purchase
> > archive quality CD's at roughly $1.60/pop, and even then you'd run into
> > the issue of a temperature sensitive process. Any CD burner that is
> > sitting near a door that opens a lot on a cold day WILL fail its burn.
> >
> > All things said and done, I think that we should more seriously consider
> > good old fashioned ink-on-continuous-tape, maybe with a running vertical
> > barcode if we can manage it. A machine readable paper tape would
> > significantly reduce wear and tear from human handling.
> >
> > -R
> >
> > Fred McLain wrote:
> >
> > >Hi Jim,
> > >
> > >I'd strongly call into question your belief that CDR would be more
> > >reliable then a register tape. I believe that some (most?) bank
> > >machines also uses these sorts of tapes for their audit logs. Thermal
> > >printers should not be used because they are susceptible to erasure
> > >though heat but ink based printer output can last for decades and even
> > >longer with the right type of paper.
> > >
> > >CDs have recently been shown to have a far shorter shelf life then
> > >originally imagined due to oxidation of the underling aluminum foil.
> > >They start pitting after time and can be quickly made entirely
> > >unreadable. A small scratch on the top side of a CD (where the foil is)
> > >will kill the entire CD whereas a mark on a strip of paper only obscures
> > >what is under the mark. Recordable multi session CDs are usually only
> > >"reliable" on the drive that recorded them, another issue. Also think
> > >about the number of recordable CDs that turn out to be "spoiled" -
> > >hardly the medium for a real time log.
> > >
> > > -Fred-
> > >
> >
> >
> >

Michael C. Hay
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Tue Nov 30 23:17:32 2004

This archive was generated by hypermail 2.1.8 : Tue Nov 30 2004 - 23:17:44 CST