Bringing The Blockchain To Network Monitoring

If you need to make sure your computer isn’t being messed with, you’ll have a look at the log files. If something seems fishy, that’s grounds for further investigation. If you run a large network of computers, you’ll probably want to look over all of the logs, but you won’t want to run around to each computer individually. Setting up a central server to analyze the logs exposes an additional attack surface: the logs in transit. How do you make sure that the attackers aren’t also intercepting and sanitizing your log file reports?

The answer to this question, and nearly everything else, is blockchain! Or maybe it’s not, but in this short presentation from the 2019 Hackaday Superconference, Shanni Prutchi, Jeff Wood, and six other college students intend to find out. While Shanni “rolls her eyes” at much of blockchain technology along with the rest of us, you have to admit one thing: recursively hashing your log data to make sure they’re not tampered with doesn’t sound like such a bad idea.

The talk covers how the students build up a secure reporting and automated detection system using the Linux Foundation’s Hyperledger Fabric blockchain tech, combining it with containerized logging systems and a centralized reporting and display system based on splunk. Students, like hackers, run on tight budgets both in time and money, so it’s interesting to hear about what didn’t work as well as what did. Writing their own blockchain from scratch was out due to time constraints, and using a bigger framework took too long to get into. Running the Docker containers on Raspberry Pi Zeros was out due to memory constraints.

In the end, they settle on a test platform with a handful of used Linux boxes and Hyperledger Fabric to safeguard the data, and it looks like they learned a lot about all of the tools involved. Future directions include broadening out the log-reporting side of things to include Windows machines and refining report automation. Check out their talk for more detail!

14 thoughts on “Bringing The Blockchain To Network Monitoring

  1. This kinda sounds like they’re using blockchain as VPN. Can’t watch the video currently, though, so maybe it details something that makes this method different from a VPN tunnel between log server and logging device.

    1. A VPN could secure the data from point A to point B, but it does not do anything to validate the integrity of the data. Most businesses are moving to a centralized log storage and applying anomaly detection to those logs to look for malicious activity. An attacker could mask their activity by going to the log storage and removing log events that were generated during an attack that could trip an anomaly detector. Applying block chain could alert an admin that the logs have been manipulated

    1. So much this. The chance that these guys started from the problem and looked for a solution is exactly zero. They wanted to build a ‘blockchain something’ and they looked for any opportunity to ram a blockchain somewhere it was never needed in the first place. Buzzwords oriented design.

        1. Precisely, Zane! It’s also this immutability that differentiates block chain and their design for central logging purposes from a “VPN”, as suggested above.

          Encrypted communication between two points is vastly different from proof of work encryption of data on a shared ledger.

          Why so much hate for block chain? Is it because it’s original use case was virtual currency/transactions? Decentralized computing offers a lot of benefits for privacy and control over an individuals data. Great technology, at least until quantum computing completely invalidates modern cryptography…

          1. It is hated because it is deeply inelegant, wasteful and blunt. For the few features it promises (with caveats), it sure is one ugly implementation of a solution looking for a problem.

            I loath the concept and the laziness in the industry it exemplifies. IF the features promised by block-chain technology are really needed, then why not build an implementation of those features into a technology that actually scales, does not need patches and a nuclear powerplant as soon as it catches on and does not have a fundamental breaking point where the trust it promised is rendered moot.

      1. Pierre, if you had watched the talk, you would in fact see that we did not start from the problem and look for a solution. Within the first few minutes, we do state that this project was student research with the specific prompt of executing an idea explicitly combining blockchain and ADANA. If you have legitimate technical questions after watching the presentation, I’d be happy to discuss.

    2. I must admit that I am a fan of xkcd and a like-minded blockchain skeptic, however we don’t claim to be fixing anything. There are much better ways to secure communication and logging than this. This was just a “build this thing based on an idea someone proposed” and us reflecting on our experience.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.