©2020 Equinix.com

Decentralized Contextual Tamper

Proof Logging Anand Ozarkar (Senior Engineering Manager, Edge Security)

Ankur Sharma (Senior Engineer, Systems Software)

©2020 Equinix.com

Agenda

2

Logging 01

Practical Need 02

Current Trends in Logging 03

Role of BlockChains 04

Use-Case 05

Invitation to Participate 06

©2020 Equinix.com

Logs are Everywhere

3

©2020 Equinix.com

Purpose of Logging

Security incidents, events, information

Identify 01

Trace, deeper insights,

compliance

Auditing 06 Usage, policy violations

Monitor 02

Behavior, predict capacity

Analyze 05 Functional requirements,

performance requirements

Perform 03

Provide application specific information

Incident investigation 04

4

©2020 Equinix.com

Log records

5

Error Code

Geolocation

Application ID Source IP

Username/ Password

Authentication Status

Input/ Output Validation

Operation Type

0

0.5

1

1.5

2

2.5

3

3.5

4

4.5

5

0 0.5 1 1.5 2 2.5 3 3.5 4 4.5

Amount of log records

Risk

Level

©2020 Equinix.com

Threats to Logging

6

Actor Threat Classification

System administrator (SaaS

provider)

Has direct and at times physical access to

the log information, storage. Can steal,

modify or destroy logs without any evidence

for any or all tenants.

Insider attack

Customer (User) May have unrestricted access to logs which

may contain sensitive information.

Hacker (Outsider) Hijack logging, falsify behavior or pretend as

a logger.

Man in the middle

Auditor (Outsider too?) Can access information not relevant to

auditing.

©2020 Equinix.com

Today: Logging Systems

7

Challenges w/ Various

Logging Systems File System Logging Database Logging Centralized Logging

Identity Spoofing Low Low High

Decentralization No No No

Access Restriction Limited Limited Low

Spying, Stealing, Sabotage Easy Medium Medium

Traceability Easy Depends on Schema design Very Hard

Performance Fast with small log file size

Slow with huge log file size

Slow with small data

Fast with huge data Slow

©2020 Equinix.com 8

Tampering with

data integrity

Unauthorized

data

modifications

Identity

Spoofing

Spying

Stealing

Sabotage Decentralization Traceability

Goals

©2020 Equinix.com

Antenna

Time

Server

Grand-

master

Boundary

Clock

Switch

ECX

Fabric

9

Equinix IT using

Equinix Timing Service Equinix

Internal IT Equinix Time

Service External Auditor

MiFID II and FINRA Compliance

Metrological traceability requires an unbroken chain of calibrations

that relate to a reference, with each calibration having a documented

measurement uncertainty. In the field of time and frequency metrology,

the desired reference is usually Coordinated Universal Time (UTC), or

one or more of its official realizations, termed UTC(k), and traceability to

UTC is a legal requirement for many entities.

Motivation

©2020 Equinix.com

Structure

peer-to-peer network, no

central point of failure,

massive replication

Decentralization

Self auditable,

Blockchains can be open

Immutable

Blocks hold batches of valid

transactions that are hashed

and encoded, blocks linked to

form a chain

Blocks

10

©2020 Equinix.com

Equinix TPL

Service Customer

Auditor

11

Tamper Proof Logging Hyperledger Indy

• Decentralized identity management

• Globally Unique DIDs

• 1:1 Identity

• Wallet

• Public Permissioned Blockchain

Equinix

TPL

Service

Equinix

TPL

Service

Auditor Auditor

Customer

Customer

©2020 Equinix.com 12

Tamper Proof Logging Hyperledger Indy

• Zero Knowledge Proofs

• Immutable

• Ledger: Merkle Tree Design

• Scalable

• Highly Available

©2020 Equinix.com

• issuers_info

• signature_type

• tag

• revocation

13

• timing_device_id

• timestamp

• cust_id

• service_plan

• sync_protocol

• host_IP

• subscription_id

• offset

• service_usage

• payment_type

• timestamp

• cust_id

• sync_protocol

• host_IP

• offset

Credential Definition

offered to Customers

Audit Schema

Complete Logs Schema

Stores Credential

into their wallet

Customer Onboarding

©2020 Equinix.com 14

Onboarding (secure connection established)

Proof Request

Proof

Retrieve

credentials

from wallet and

create proof

Creates proof

request

showing what

items are

required

Verify from

proof whether

the items

required are

fulfilled

Timestamp = ‘2020-01-

19 03:14:07' UTC

cust_id = “X001”

Offset <= 30 micro-

seconds from UTC

Proof Requested

Audit Process (Proof Verification)

©2020 Equinix.com 15

Timing Service Provider uses

TPL service to maintain Time

traceability information, etc. Equinix IT uses Equinix

TPL Service to store the

timestamps information

for their network levels.

Equinix IT using

Equinix Timing Service

Auditor uses Equinix

TPL Service to audit

traceability to UTC

Auditor Creates Audit

Credentials with Equinix IT

Auditor Creates Audit

Credentials with Equinix

Time Service

Timing Use Case: Summary

Equinix

Internal IT Equinix Time

Service

Auditor

©2020 Equinix.com

Invitation to Participate

Open source project, purpose

built Hyperledger for logging.

Hyperledger Logging

Blockchain and Ledger

Technology Forum

Meetup

Third party verification.

Partner

16

©2020 Equinix.com 17

References

https://owasp.org/www-project-cheat-sheets/cheatsheets/Logging_Cheat_Sheet.html

https://web.stanford.edu/~ouster/cgi-bin/papers/lfs.pdf

https://en.wikipedia.org/wiki/List_of_log-structured_file_systems

https://www.hyperledger.org/projects/hyperledger-indy

https://tf.nist.gov/general/pdf/2941.pdf

©2020 Equinix.com