Permanent login/logout evidence

Hi guys.
I don’t know if any of you noticed some old printer sound when you operate on some ATMs. I guess they are printing logs inside the machine. So unless a criminal crack open the machine, they cannot destroy the evidence.
I have some thought for personal device security, inspired from that. How about we deploy some mechanism that record important activity on a central server, that cannot be removed or modified? So unless a hacker compromise the main server, they will at least leave a trace.
I really want to do that on my personal devices, are there any existing solutions?
Thank you.

remote syslog server with signed log entries.

1 Like

Thank you, but that have some problems:

  1. It can be modified if the hacker know the remote password.
  2. It will be easy to bypass just by turn off internet.

What I want is, the system will not allow sensitive operations without first send the log. Also, the remote log should never be able to be modified, that is, it should be read and add only, even with password.

Block chain technology could be used for this purpose. A whole incentive and payment system would need to be created for this purpose. But the per-user cost and maintenance could be made to be extremely low.

As impractical as this may sound, it wasn’t long ago that today’s cell phones were only a fantasy. When you remove all of the math and encryption algorithms, the concept is similar to making an announcement of your intentions in the town square full of witnesses who know and recognize you, before being allowed to do whatever a password alone would do. The only difference is that everything is recorded and no one looks at the record unless a need arises later. The block chain of transactions is the permanent record that can’t be modified because it is a part of the encryption algotithm that is needed for future transactions to unlock.

I think that a whole eco-system will eventually evolve around block chain technology. When there are sufficient programming libraries that allow a few lines of code to implement these types of authentication methods, then this technology will become common place.

1 Like
  1. Use WORM (Write Once Read Many) storage media.
    Alternatively have the syslog server be write only and use MFA for the encryption and local accounts so that even if a hacker got the creds they would also need your physical security token.

  2. Any remote log can be blocked by removing the connectivity to the remote location (including blockchains). I’m not familiar with a way to prevent local access when a network logging location isn’t available, but I would say to configure MFA as that is likely a more practical preventative measure than logging. You could also cache the logs and have it send them to the syslog server once the syslog server is again available.

If you use different credentials and different MFA solutions between the systems the chances of all credentials required being compromised is extremely low.

1 Like

These are surprisingly hard to find nowadays. Multi-session CDR/DVD-R? I’m definitely not aware of anything that allows writing log-message granularity. You wouldn’t want the hacker to have a potentially large time window to flush the cache before it writes to disk.

If physical tamper proofness is not a problem you could build a little computer (say, based on a Raspberry Pi) that has only a serial connection and logs everything it receives on that to a SD card or internal flash. Your actual computer could send syslog to that. This mitigates any network-based attacks.

1 Like

Use an append-only interface.

Use a local server; or make the computer inoperable unless the network is working (however at some cost in convenience to you in some scenarios).

Yes, indeed. What is the actual threat model here? @Jenny

Local attacker?
Remote attacker?

What type of target device? Portable? Not?

It is always worth considering the flipside of this.

You are creating an attractive cache of information that may be used against you. Which is the greater risk?

If the last decade has taught us anything it is: don’t allow the collection of information without a cost/benefit analysis.

1 Like

Thank you everyone, the thread model is basically local attackers(physical tamper), that’s why I want a remote location for logging through internet.
The devices are basically personal portable ones, such as laptops and smartphones.
The log do not need to be very detailed, just critical ones, such as power on/off, log in/out, port plug in/pull out, root request, etc.
This maybe the only forum that can accept these thoughts and giving good advices, without being called “mad”. That’s why I love here.

These thoughts are more widespread than you think. I’m pretty sure windows remotely logs everything you just mentioned.