对存档数据进行数字签名

发布于 2024-08-08 14:13:58 字数 338 浏览 8 评论 0原文

我有一个应用程序,可以定期记录制造过程中的数据(各种采样率,最短 1 秒,通常最长为 10 分钟或更长)。客户想知道数据是否已被更改(就地更改、添加记录或删除记录)。

数据被记录为二进制记录。可以有多个数据流,每个数据流都进入自己的文件,并且每个数据流都有自己的数据格式。数据一次写入一条记录,如果监控计算机或进程出现故障,制造不一定会停止,因此我不能保证存档进程会保持正常状态。显然,我只能验证我实际录制的内容,但录制可能会开始和停止。

可以使用哪些方法来验证该数据?我更喜欢使用单独的“日志记录”文件来验证数据以保持向后兼容性,但我不确定这是否可行。除了直接答案之外,是否有搜索词的建议来找到一些建议?

谢谢!

I have an application that records data from a manufacturing process on a periodic basis (various sample rates, minimum of 1 sec, the usual max is 10 min or more). The customer would like to know if the data has been altered (changed in place, records added to, or records deleted from).

The data is recorded as a binary record. There can be multiple streams of data, each going to its own file, and each with its own data format. The data is written a record at a time, and if the monitoring PC or process goes down, manufacturing does not necessarily stop, so I can't guarantee the archiving process will stay up. Obviously, I can only authenticate what I actually record, but the recording might start and stop.

What methods can be used to authenticate that data? I'd prefer to use a separate 'logging' file to validate the data to maintain backwards compatibility, but I'm not sure that's possible. Barring direct answers, are there suggestions for search terms to find some suggestions?

Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

混吃等死 2024-08-15 14:13:58

我认为您不一定需要数字签名,安全哈希(例如 SHA-256)应该足够了。

写入每条记录时,计算其安全哈希值,并将哈希值存储在日志文件中。如果有某种记录 ID,也将其存储起来。您需要某种方法将哈希值与相应的记录进行匹配。

现在,只要没有人篡改日志文件,任何记录的更改都将被检测到。为了使篡改变得困难,请定期对日志文件进行哈希处理,并将该哈希值和日志文件中的记录数发送到安全的地方。理想情况下,将其发送到多个地方,每个地方由不同的人控制。

稍微复杂一点的方法是使用 Merkle 树,本质上是哈希二叉树,而不仅仅是日志文件的单个哈希。然后存储整个树(不是很大)并将“根”哈希发送到各个地方。根哈希允许您验证树的完整性,树允许您验证日志文件的完整性 - 如果完整性检查失败,它还使您能够确定哪些记录被修改。

I don't think you necessarily need digital signatures, secure hashes (say, SHA-256) should be sufficient.

As each record is written, compute a secure hash of it, and store the hash value in your logging file. If there's some sort of record ID, store that as well. You need some way to match up the hash with the corresponding record.

Now, as long as no one tampers with the logging file, any alteration of the records will be detectable. To make tampering difficult, periodically hash your log file and send that hash and the number of records in the log file somewhere secure. Ideally, send it multiple places, each under the control of a different person.

A slightly more sophisticated approach is to use a Merkle tree, essentially a binary tree of hashes, rather than just a single hash of the log file. Then store the whole tree (which isn't very large) and send the "root" hash to various places. The root hash allows you to verify the integrity of the tree and the tree allows you to verify the integrity of the log file -- and if the integrity check fails, it also enables you to determine which records were modified.

美人骨 2024-08-15 14:13:58

您可以改为查看数字时间戳。 GuardTime 拥有支持大规模可扩展的 1 秒精度时间戳的技术,可保证信息完整性。

You could look at digital timestamping instead. GuardTime has the technology to support massively scalable 1sec precision timestamping which guarantees information integrity.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文