Skip to content

GSoC 2018 Proposal: Crypto Parser (masonlieu)

Jump to bottom
Mason Lieu edited this page Mar 25, 2018 · 3 revisions

Introduction

The Crypto Parser project is the design and implementation of a module that allows for the encryption and decryption of log messages. With its current options, syslog-ng can hash a part of the log message to hide confidential information. However, the one-way properties of hash functions make it inconvenient for users who have access rights view the data. An encryption and decryption module will let users debug, manage, and view data based on their access privileges with the added security benefits of encryption over hashing.

Why the project is useful for syslog-ng

Syslog-ng provides many options for manipulating and storing log messages, but even so, the options are limited when it comes to sensitive and confidential information. The Crypto Parser will provide users of syslog-ng the added security benefits of encryption and a means of access control for log messages, greatly enhancing the utility and security features of syslog-ng. There are many use cases for the Crypto Parser which include the following:

  • A user must debug an applicaton, however the user does not have access rights to view the log contents because it contains sensitive information (credit card/bank information, IP addresses, patient data, etc.). By encrypting the log message, the encrypted information is reversible through decryption as opposed to with hashing.

  • For cases in which two or more users have different access privileges to the log data, the Crypto Parser can allow for data to be encrypted and thus hidden from some users (for debugging, data analysis and statistics, etc.), and decrypted then available to more privileged users (those who find it useful or necessary to view the log data).

  • Syslog-ng provides hashing options, but they may not always be sufficient for security reasons. For example, IP addresses may provide a small search domain from which the preimage of a hash can be found. Encrypting the IP address can mitigate this vulnerability.

  • Say a user is no longer allowed permission to view a log message, then the functions of the Crypto Parser can interface with a system that allows users to authenticate themselves; offering the ability to transfer/revoke permissions log messages.

  • Lastly, in the case of the log files being compromised, having encrypted the logs will mean none of the log data is compromised and the logs are still usable by those who can decrypt the information.

Why the project is interesting for me

I have a strong passion for information security and the Crypto Parser will involve all of my interests and motivations as a student in computer science. The information security concentration has allowed me to explore subjects such as cryptography, cryptanalysis, and principles of security and the Crypto Parser is the perfect project for me to apply my knowledge and the work that I have done.

Furthermore, my experience as a student has mostly been comprised of course projects, learning libraries and packages for various languages and architectures, and theory and implementation of principles and concepts. The Crypto Parser project with syslog-ng will give me the invaluable experience of learning and working with a large, open-source codebase with the guidance of a mentor.

Goal of the project

The goal of the Crypto Parser project is to enable the encryption and decryption of log messages. The project will implement the industry standard Advanced Encryption Standard (AES) and is considered done when it can successfully encrypt and decrypt log messages. After the project's completion, stretch goals include the ability to support multiple encryption/decryption standards and options (3DES, different modes of operation).

Requirements for a successful project

Knowledge areas required for the success of the project are:

  • Bison and Flex - No experience
  • C - Familiar
  • Cryptography - Proficient
  • Github - Familiar (worked on many small projects, no experience with open source development)
  • Linux - Proficient
  • Syslog-ng - Beginner

Timeline

March-April 2018

  • Familiarize with syslog-ng
  • Familiarize with the codebase
  • Set up development environment
  • Research other syslog-ng configuration modules (xml or json parser, TLS configuration, etc.)

April 23, 2018

  • Continue familiarizing with syslog-ng, log messages, and client uses
  • Continue familiarizing with the codebase (by attempting bug fixes)
  • Plan the implementation with the mentor, get feedback
  • Reach out to and bond with the syslog-ng community
  • Review current security standards (NIST security standards, discuss with professors and colleagues)

May 14, 2018

  • Start the Crypto Parser
    • Primary focus: Successful encryption/decryption of log messages, familiarize with the codebase
    • Secondary focus: Attempt fixing bugs with the codebase

June 11, 2018

  • Mentor/student evaluations
  • Work on Crypto Parser
    • Primary focus: Configuration options (changing encryption/decryption method, recovery options, options to encrypt the whole file, parts of the message, etc.), authentication and interfacing with the user
    • Secondary focus: Integration with syslog-ng, testing, improvements
  • Evaluation and feedback from mentor

July 9, 2018

  • Mentor/student evaluations
  • Work on Crypto Parser
    • Primary focus: Syslog-ng integration
    • Secondary focus: Stretch goals, testing, improvements
  • Evaluation and feedback from mentor

July 23, 2018

  • Work on Crypto Parser
    • Primary focus: Syslog-ng integration, testing, improvements
    • Secondary focus: Submit to mentor for pre-evaluation, code review

July 30, 2018

  • Crypto Parser
    • Final fixes, testing
    • Finalize documentation, user guide
  • Feedback and discussion with mentor

August 6, 2018

  • Crypto Parser submission and final evaluation

August 14, 2018

  • Mentor submit final evaluation

August 22, 2018

  • Results

Future Work

  • After the completion of Google Summer of Code 2018, I would want to continue to be involved with the Crypto Parser. I would like to continue making bug fixes, changes, and optimizations as needed to the project. After the opportunity to work with a mentor on this module, I would like to try my hand at contributing to existing or new projects with syslog-ng and continue to stay involved with open source development.

Comments, questions, and feedback can be directed to my email: Lieu.h.m@gmail.com

Clone this wiki locally