[503] in Intrusion Detection Systems
Re: Timestamping
daemon@ATHENA.MIT.EDU (Dave Bailey)
Sat Jan 27 14:33:45 1996
Date: Thu, 25 Jan 1996 15:12:21 -0700 (MST)
From: Dave Bailey <daveb@gcsi.com>
To: ids@uow.edu.au
In-Reply-To: <doug-9600221441.AA000627754@netman.eng.auburn.edu>
Reply-To: ids@uow.edu.au
On Mon, 22 Jan 1996, Doug Hughes wrote:
> The best way to do this is with digital signatures. If you include the time
> in the body of the message, and then sign the body of the message, there ca
> be no doubt about the time (unless you have a weak key-length, or your key
> has been compromised). PGP/PEM will do this.
> There can be no doubt. Use the largest key you can.
The original question and the response both beg the question of what you
mean by "secure timestamp."
If you mean that "the timestamp is an accurate reflection of the system
clock at the time it was written," then this response is a potential
solution. Unfortunately, the system clock is probably still vulnerable
and you won't have gained much by implementing this.
If you mean that "the system clock is an accurate reflection of the
external world and the timestamp accurately reflects the system clock,"
you have taken on a much harder problem.
If, perhaps, you mean only that the timestamps should accurately indicate
the order in which the messages were received, then the solutions to both
of the problems posed above are overkill. Before the original question
can be answered satisfactorily, the questioner needs to decide what he
means by secure and why he wants that.
---D
