Security Analysis of Forward Secure Log Sealing in Journald

This paper presents a security analysis of forward-secure log sealing in the journald logging system, which is installed by default in almost all modern Linux distributions. Forward-secure log sealing is a cryptographic technique used to ensure the integrity of past log entries even in the event of a full system compromise. We identify multiple security vulnerabilities in journald resulting from a gap between the model of the cryptographic primitives and their usage in a larger context. Our
contribution is both theoretical and practical: As a practical contribution, we discovered attacks on the log sealing in journald and provide descriptions as well as implementations of the attacks. In particular one vulnerability allows to forge arbitrary logs for past entries without the validation tool noticing any problem. This finding completely breaks the security guarantee of log sealing. For all described vulnerabilities we provide patches, the two more serious ones are merged in systemd version 255. As a theoretical contribution, we provide formal definitions that capture the expected security properties of log sealing. We demonstrate our attacks on the vulnerable version of journald by showing how an attacker can defeat this security definition. ... mehrFurthermore, we provide a modified version of the logging scheme which underlies the one in journald and prove that it satisfies our security definition. Since our patches have been merged, our logging scheme is the basis for the log sealing in journald. This work narrows the gap between theory and practice. It provides a practical example of the problems that can occur when applying cryptographic primitives to a complex real world system. It makes the logging implementation used in many Linux distributions more secure and demonstrates the importance of rigorous security analysis of cryptographic systems.