Presentation is loading. Please wait.

Presentation is loading. Please wait.

Archive Time-Stamps-Syntax Dr. Ulrich Pordesch

Published byCecilia Brooks Modified over 8 years ago

Similar presentations

Presentation on theme: "Archive Time-Stamps-Syntax Dr. Ulrich Pordesch"— Presentation transcript:

1 Archive Time-Stamps-Syntax Dr. Ulrich Pordesch pordesch@sit.fhg.de

2 Archiving Signed Documents Long-term Problems –algorithms get weak, certificates expire –verification data no longer available –changes of formats and media ArchiSig-Project 2001 - 2003 –requirements, concepts, implementation, evaluation –ATS one of the results Archive Time Stamping

3 Long-term non-repudiation Signatures: Proof of integrity and authenticity Need to archive documents for 30 or more years Signature and hash algorithms / parameters can get weak, certificates expire or revoked Long-term non repudiation prove of existence of signed documents and verification data needed also very useful for unsigned documents

4 Requirements practical, effective, privacy protecting and law conformant: timestamps with digital signatures needed take weakness of pk- and hash-algorithms into account minimalize quantity of time-stamps avoid access to archived data as far as possible independency of formats of documents or signatures time-stamp groups of data objects together no side effects of deletion of documents optional encryption must preserve evidence value use existing qualified time-stamp-services and protocols no new trusted third parties

5 Electronic Signature Formats (RFC 3126) Approach –adding (archive) time-stamps as unsigned attributes for each signature Problems: –a great many time-stamps –need to access data and signatures (document format dependent) –not applicable to encrypted data, non standard signature formats, seperatly stored verification data, unsigned documents –not conformant to german signature law: new signature does not include all previous signatures Alternative (second) solution is needed

6 Approach client Select data objects (document,..) Optional: Encrypt data objects service / archive system Initial Archive Time-Stamp Renewal: Time-Stamp Renewal, Hashtree Renewal Reduce hashtrees, generate Archive Timestamps Element client Optional: Decrypt data objects Optional: Integrate as an attribute if wanted Verify Archive Time-Stamps Element and document

7 Archive Time Stamp Syntax Syntax and Processing (particularly verification) of an Archive Time Stamp Element –to verify existance of any data objects over an undetermined period of time, useable for signature renewal –optimized (but not restricted to) centralized Archive Time Stamping by Archive Systems or Services –including optional encryption –addendum: integration into signed documents Not specified here: –Service protocol: possible but not necessary for internal use –Architectures of archive systems

8 Archive Time-Stamp Archive Time Stamp –hash-tree (Merkle) –qualif. time-stamp containing digital signature –single time-stamp for many data objects Initial Stamp –event: after document is archived –collect hash values and build tree, request time-stamp –store archive time-stamp –renew if necesary Reduction to Enhanced Time-Stamp –necessary hash values for verification + time-stamp –{SEQUENCE of SEQUENCE of OCTET STRING time-stamp}

9 Time-Stamp-Renewal Event: Any algorithm in time-stamp gets weak (or time-stamp-certificate expires) Method –hash time-stamp with old hash algorithm –and include it in new archive time-stamp Properties –no access to data objects –only few (at minimum 1) time-stamp for an whole archive Reduction: ArchiveTimeStampChain –SEQUENCE of Enhanced Time Stamp

10 Hashtree-Renewal Event: Hash-Algorithm of chain gets weak Method (for each data object) –build Archive Time-Stamp chain –include hash of (hash of chain + hash of data object) in new Archive Time-Stamp Properties –need to access data objects –but: avoidable by easy to implement redundancy Reduction: ArchiveTimeStampSequence –SEQUENCE of ArchiveTimeStampChain

11 Optional Encryption Caution: Encryption must be unambigious! Method: –encrypt data object before archiving using CMS- Encryption (Algorithms: RSA, DES-CBC) –normal archive time-stamping –decrypt encrypted data object when got bak –add CMS-cover to Archive-Time-Stamp-Element store content seperately –verification: reconstruct of archive time-stamped data object by decryption of content-encryption key, reencrypt content, insert content

12 Appendices Optional Integration –CMS: signed data –Archive Time-Stamps-Element as an unsigned signature attribute for signature Optional use of Enhanced Time-Stamp –CMS: signed data –Attribute for multiple signature verification

13 Implementation and Evaluation Implementation Patient documentation system Archivesystem + Archive Time Stamping Verification tool Evaluation Test within hospital simulation study with lawyers, judges, technical experts

14 Summary Syntax + Processing of Archive Time-Stamp Element optimized for centralized time-stamping effective for large document volumes applicable for any data objects and groups of data objects normally no need to access data redundancy easy to realize on base of existing services

Download ppt "Archive Time-Stamps-Syntax Dr. Ulrich Pordesch"

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Chapter 8 Web Security.

Chapter 8 Web Security.
Trusted Archive Protocol (TAP) Carl Wallace

Trusted Archive Protocol (TAP) Carl Wallace
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
Web services security I

Web services security I
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

Similar presentations

Ads by Google