M
M
MishaBrazhnikov2020-04-21 13:40:39
Burglary protection
MishaBrazhnikov, 2020-04-21 13:40:39

Local log with deletion protection. How to do?

Hello!

There is a software and hardware complex based on a regular PC under windows/linux, which is supplied to the client. A log with protection from changes should be written on it. The question arose - how to do it?
I don't see any point in writing on the main screw - the user can delete it.
So far, there is only one thought - a sealed box with an HDD and a single-board PC. Of course, it will be possible to connect to the interface and add logs, but it will not be possible to delete existing ones.

Can you suggest a good solution to this problem?
Thank you!

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Alex, 2021-12-05
@asilonos

You can use a hardware key like FIDO U2F or a PC with a built-in TPM + add a digital signature and something like a blockchain to the log data structure, so that you can check the integrity and consistency of all signatures. To crack this, you will need to reverse and write a complex code.
To create the first block in such a log, it will be necessary for the PC operator to create a PIN code or press the U2F button of the key with a finger to generate the first signature (which cannot be faked purely programmatically).
Or You can simplify all of the above - you can write a log to an external source, but for each block of records, write down the previous hash (which is stored on the PC) and also the new hash. As a result, the data cannot be changed. since the previous hash will always be stored on the PC itself, which must match the one on the log storage.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question