If you need to make sure your computer isn’t being messed with, you’ll have a look at the log files. If something seems fishy, that’s grounds for further investigation. If you run a large network of computers, you’ll probably want to look over all of the logs, but you won’t want to run around to each computer individually. Setting up a central server to analyze the logs exposes an additional attack surface: the logs in transit. How do you make sure that the attackers aren’t also intercepting and sanitizing your log file reports?
The answer to this question, and nearly everything else, is blockchain! Or maybe it’s not, but in this short presentation from the 2019 Hackaday Superconference, Shanni Prutchi, Jeff Wood, and six other college students intend to find out. While Shanni “rolls her eyes” at much of blockchain technology along with the rest of us, you have to admit one thing: recursively hashing your log data to make sure they’re not tampered with doesn’t sound like such a bad idea.
The talk covers how the students build up a secure reporting and automated detection system using the Linux Foundation’s Hyperledger Fabric blockchain tech, combining it with containerized logging systems and a centralized reporting and display system based on splunk. Students, like hackers, run on tight budgets both in time and money, so it’s interesting to hear about what didn’t work as well as what did. Writing their own blockchain from scratch was out due to time constraints, and using a bigger framework took too long to get into. Running the Docker containers on Raspberry Pi Zeros was out due to memory constraints.
In the end, they settle on a test platform with a handful of used Linux boxes and Hyperledger Fabric to safeguard the data, and it looks like they learned a lot about all of the tools involved. Future directions include broadening out the log-reporting side of things to include Windows machines and refining report automation. Check out their talk for more detail!