Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
©2020 Equinix.com
Decentralized Contextual Tamper
Proof Logging Anand Ozarkar (Senior Engineering Manager, Edge Security)
Ankur Sharma (Senior Engineer, Systems Software)
©2020 Equinix.com
Agenda
2
Logging 01
Practical Need 02
Current Trends in Logging 03
Role of BlockChains 04
Use-Case 05
Invitation to Participate 06
©2020 Equinix.com
Logs are Everywhere
3
©2020 Equinix.com
Purpose of Logging
Security incidents, events, information
Identify 01
Trace, deeper insights,
compliance
Auditing 06 Usage, policy violations
Monitor 02
Behavior, predict capacity
Analyze 05 Functional requirements,
performance requirements
Perform 03
Provide application specific information
Incident investigation 04
4
©2020 Equinix.com
Log records
5
Error Code
Geolocation
Application ID Source IP
Username/ Password
Authentication Status
Input/ Output Validation
Operation Type
0
0.5
1
1.5
2
2.5
3
3.5
4
4.5
5
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5
Amount of log records
Risk
Level
©2020 Equinix.com
Threats to Logging
6
Actor Threat Classification
System administrator (SaaS
provider)
Has direct and at times physical access to
the log information, storage. Can steal,
modify or destroy logs without any evidence
for any or all tenants.
Insider attack
Customer (User) May have unrestricted access to logs which
may contain sensitive information.
Hacker (Outsider) Hijack logging, falsify behavior or pretend as
a logger.
Man in the middle
Auditor (Outsider too?) Can access information not relevant to
auditing.
©2020 Equinix.com
Today: Logging Systems
7
Challenges w/ Various
Logging Systems File System Logging Database Logging Centralized Logging
Identity Spoofing Low Low High
Decentralization No No No
Access Restriction Limited Limited Low
Spying, Stealing, Sabotage Easy Medium Medium
Traceability Easy Depends on Schema design Very Hard
Performance Fast with small log file size
Slow with huge log file size
Slow with small data
Fast with huge data Slow
©2020 Equinix.com 8
Tampering with
data integrity
Unauthorized
data
modifications
Identity
Spoofing
Spying
Stealing
Sabotage Decentralization Traceability
Goals
©2020 Equinix.com
Antenna
Time
Server
Grand-
master
Boundary
Clock
Switch
ECX
Fabric
9
Equinix IT using
Equinix Timing Service Equinix
Internal IT Equinix Time
Service External Auditor
MiFID II and FINRA Compliance
Metrological traceability requires an unbroken chain of calibrations
that relate to a reference, with each calibration having a documented
measurement uncertainty. In the field of time and frequency metrology,
the desired reference is usually Coordinated Universal Time (UTC), or
one or more of its official realizations, termed UTC(k), and traceability to
UTC is a legal requirement for many entities.
Motivation
©2020 Equinix.com
Structure
peer-to-peer network, no
central point of failure,
massive replication
Decentralization
Self auditable,
Blockchains can be open
Immutable
Blocks hold batches of valid
transactions that are hashed
and encoded, blocks linked to
form a chain
Blocks
10
©2020 Equinix.com
Equinix TPL
Service Customer
Auditor
11
Tamper Proof Logging Hyperledger Indy
• Decentralized identity management
• Globally Unique DIDs
• 1:1 Identity
• Wallet
• Public Permissioned Blockchain
Equinix
TPL
Service
Equinix
TPL
Service
Auditor Auditor
Customer
Customer
©2020 Equinix.com 12
Tamper Proof Logging Hyperledger Indy
• Zero Knowledge Proofs
• Immutable
• Ledger: Merkle Tree Design
• Scalable
• Highly Available
©2020 Equinix.com
• issuers_info
• signature_type
• tag
• revocation
13
• timing_device_id
• timestamp
• cust_id
• service_plan
• sync_protocol
• host_IP
• subscription_id
• offset
• service_usage
• payment_type
• timestamp
• cust_id
• sync_protocol
• host_IP
• offset
Credential Definition
offered to Customers
Audit Schema
Complete Logs Schema
Stores Credential
into their wallet
Customer Onboarding
©2020 Equinix.com 14
Onboarding (secure connection established)
Proof Request
Proof
Retrieve
credentials
from wallet and
create proof
Creates proof
request
showing what
items are
required
Verify from
proof whether
the items
required are
fulfilled
Timestamp = ‘2020-01-
19 03:14:07' UTC
cust_id = “X001”
Offset <= 30 micro-
seconds from UTC
Proof Requested
Audit Process (Proof Verification)
©2020 Equinix.com 15
Timing Service Provider uses
TPL service to maintain Time
traceability information, etc. Equinix IT uses Equinix
TPL Service to store the
timestamps information
for their network levels.
Equinix IT using
Equinix Timing Service
Auditor uses Equinix
TPL Service to audit
traceability to UTC
Auditor Creates Audit
Credentials with Equinix IT
Auditor Creates Audit
Credentials with Equinix
Time Service
Timing Use Case: Summary
Equinix
Internal IT Equinix Time
Service
Auditor
©2020 Equinix.com
Invitation to Participate
Open source project, purpose
built Hyperledger for logging.
Hyperledger Logging
Blockchain and Ledger
Technology Forum
Meetup
Third party verification.
Partner
16
©2020 Equinix.com 17
References
https://owasp.org/www-project-cheat-sheets/cheatsheets/Logging_Cheat_Sheet.html
https://web.stanford.edu/~ouster/cgi-bin/papers/lfs.pdf
https://en.wikipedia.org/wiki/List_of_log-structured_file_systems
https://www.hyperledger.org/projects/hyperledger-indy
https://tf.nist.gov/general/pdf/2941.pdf
©2020 Equinix.com