Re: [Fwd: Re: Secure logging - explained]

From: laird popkin <lairdp_at_gmail_dot_com>
Date: Mon Nov 15 2004 - 08:59:35 CST

One of the real attractions for me about the OVC system is that it
consists of simple, stand-alone voting stations that have very
simple,physically limited interactions with a stand-alone tabulation
station. My concern about a thin client + server architecture is
technically more complex, making it harder to prove correctness and
security.

- LP

On Mon, 15 Nov 2004 06:28:56 -0800, Michael Hay <michael.hay@gmail.com> wrote:
> Question. If the OVC software morphed into an online version of a
> voting system how would we perform secure logging? Would something
> like the Secure Syslog stuff at UCSD be applicable? If not what
> changes would be needed to make Secure Syslog robust enough?
>
> Link: http://security.sdsc.edu/software/sdsc-syslog/
>
> Being in storage and all all the talk of WORM media is rather
> interesting to see. Some interesting background is that most
> companies who are after Sarbanes-Oxley SEC regulatory compliance are
> more interested in the ability to lock things at a file level. The
> big key here is that the content managment systems and the storage
> media are both required to keep logs of what has happened to the data
> since it was locked. The validation comes from checking multiple
> independant sources and comparing them against one another. If the
> audit trails line up then a sense of "truth" is aparent.
>
> Back to the online thing again, is there any chance we could have a
> system that used a single server at a polling place with multiple thin
> clients? This kind of architecture might be a variant of one required
> for on-line voting, thoughts?
>
> Michael
>
>
>
>
> On Thu, 11 Nov 2004 20:55:52 -0800, Fred McLain <mclain@zipcon.net> wrote:
> > Thanks for saying this much more clearly Robert. Well said.
> >
> > Another thought I had this evening was the clearly larger capacity of
> > CD-Rs. A singular failure of a CD-R would certainly wipe out the entire
> > audit log. This isn't a fault of a paper audit log. Since the log just
> > records events during the tally process, not individual votes, it's
> > unlikely we would use even a small fraction of a CD. I'll also bring
> > into question the idea that we'd have to use a lot of register tape to
> > record a tally log. At about 8 entries per inch, a typical 220' roll
> > could record over 21,000 'events' that occurred during the vote count.
> > That sounds like a reasonable number to me.
> >
> > On airplanes we often use wire based recorders for the black box
> > systems. A magnetic recording on wire spools. Although this is
> > changing to hardened digital systems, the wire recorders lasted well
> > into the fly-by-wire control systems and digital "dashboards" for
> > airliners. It even outlasted replacing copper with optical cables in
> > the 747-400. The reason? They are very, very durable. The same can be
> > said for paper trails vs digital ones. At the very least, let's have a
> > paper backup for audit trails, even if we record them on CD.
> >
> > -Fred-
> >
> >
> >
> > On Thu, 2004-11-11 at 08:07, Robert Rapplean wrote:
> > > Now that Fred mentions the archival quality and reliability of CD media,
> > >
> > > I have to agree. Your typical CD has a shelf life of five to ten years,
> > > and this drops to about six months to two years if you put any kind of
> > > adhesive label on them.
> > >
> > > Also, in the experience of myself and my friends, the typical CD has
> > > roughly a 20-50% failure to burn rate. I'm very much in the habit of
> > > throwing away every other CD because they don't burn correctly. This is
> > > partially because of borderline shoddy CD production, and partially
> > > because of the inherent inaccuracy of the typical mass-market $50 CD
> > > burner. The price you quote for DVD burners is for the low-end,
> > > low-quality DVD burner. I haven't purchased an extensive collection of
> > > DVD burners, but if they're anything like CD burners then the low end
> > > will not be a reliable solution. I had to spend four to five times the
> > > base CD burner price in order to purchase a CD burner which didn't waste
> > > every other CD I tried to burn, or need to be replaced after about a
> > > year of occasional use.
> > >
> > > In order to get production quality (and reliably auditable) CD burning,
> > > you would have to spend something like $150 per burner, and purchase
> > > archive quality CD's at roughly $1.60/pop, and even then you'd run into
> > > the issue of a temperature sensitive process. Any CD burner that is
> > > sitting near a door that opens a lot on a cold day WILL fail its burn.
> > >
> > > All things said and done, I think that we should more seriously consider
> > > good old fashioned ink-on-continuous-tape, maybe with a running vertical
> > > barcode if we can manage it. A machine readable paper tape would
> > > significantly reduce wear and tear from human handling.
> > >
> > > -R
> > >
> > > Fred McLain wrote:
> > >
> > > >Hi Jim,
> > > >
> > > >I'd strongly call into question your belief that CDR would be more
> > > >reliable then a register tape. I believe that some (most?) bank
> > > >machines also uses these sorts of tapes for their audit logs. Thermal
> > > >printers should not be used because they are susceptible to erasure
> > > >though heat but ink based printer output can last for decades and even
> > > >longer with the right type of paper.
> > > >
> > > >CDs have recently been shown to have a far shorter shelf life then
> > > >originally imagined due to oxidation of the underling aluminum foil.
> > > >They start pitting after time and can be quickly made entirely
> > > >unreadable. A small scratch on the top side of a CD (where the foil is)
> > > >will kill the entire CD whereas a mark on a strip of paper only obscures
> > > >what is under the mark. Recordable multi session CDs are usually only
> > > >"reliable" on the drive that recorded them, another issue. Also think
> > > >about the number of recordable CDs that turn out to be "spoiled" -
> > > >hardly the medium for a real time log.
> > > >
> > > > -Fred-
> > > >
> > >
> > >
> > >
> >
> >
>
>
> --
> ----------------------------------------------------------------------
> Michael C. Hay
>

-- 
- Laird Popkin, cell: 917/453-0700
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Tue Nov 30 23:17:32 2004

This archive was generated by hypermail 2.1.8 : Tue Nov 30 2004 - 23:17:44 CST