The OpenEvidence Project Peter Sylvester, EdelWeb IETF - N° 57, Wien 2003-07-17 PKIX working group.

Slides:

Advertisements

Similar presentations

Universal Electronic Signatures Tarvi Martens ESTONIA.

Advertisements

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

Web Services Security Requirements Stephen T. Whitlock Security Architect Boeing.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Trusted Digital Archives. Experiences from the Landesarchiv Baden-Württemberg, nestor and DIN Dr. Christian Keitel Johannesburg, 27/2/2013.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Dematerialization of Organisations’ Key Business Processes Security and e-Invoicing ATHENEE PALACE HILTON, Bucuresti September 21 st 2004 Genovel Iovu.

S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.

PROJECT ON DIGITAL SIGNATURE Submitted by: Submitted to: NAME: Roll no: Reg.no. :

Lecture 23 Internet Authentication Applications

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

1 Bridge/Gateway CA Project Status Gzim OCAKOGLU European Commission – DG ENTR / IDABC Reykjavik – 27 May 2005.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Chapter 1 – Introduction

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.

Brokering Mathematical Services Through a Web Registry.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Archive Time-Stamps-Syntax Dr. Ulrich Pordesch

CDC Confiance Electronique Européenne Presentation of FAST project CDC Confiance Electronique Européenne Bertrand AIT-TOUATI – Architecture & new services.

UN Economic Commission for Europe 23rd UN/CEFACT FORUM 7-11 April rd UN/CEFACT FORUM – Geneva Tahseen A. Khan Project Proposal : Trusted Third Party.

“Health Insurance Providers - Improving Customer Service through Access of Information & How to Take Advantage of each Platform” Alain Grijseels (INAMI-RIZIV,

Exchange of digitally signed SPSCertificate messages Overview of prototype of digital signature applied to SPSCertificate message between national systems.

Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.

8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

management “A Gen-i Perspective” Paul McTaggart - ECM Practice Manager.

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

HEPKI-TAG UPDATE Jim Jokl University of Virginia

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Configuring Directory Certificate Services Lesson 13.

Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Communications-Electronics Security Group. PKI interoperability issues for UK Government Richard Lampard

HEPKI-PAG Policy Activities Group David L. Wasley University of California.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Introduction The following slides were prepared as a result of analysis and discussion.

OpenEvidence and ESS Peter Sylvester, EdelWeb IETF - N° 57, Wien S/MIME working group.

Evaluating trusted electronic documents Petr Švéda Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March Electronic Signature infrastructure for Europe Riccardo Genghini Cen/Isss.

CLARIN work packages. Conference Place yyyy-mm-dd

Integrating security services with the automatic processing of content TERENA 2001 Antalya, May 2001 Francesco Gennai, Marina Buzzi Istituto.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Electronic PostMark (EPM) Project Overview May, 2003 Copyright Postal Technology Centre.

EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.

DIGITAL SIGNATURE.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

26/05/2005 Research Infrastructures - 'eInfrastructure: Grid initiatives‘ FP INFRASTRUCTURES-71 DIMMI Project a DI gital M ulti M edia I nfrastructure.

Long-term Archive and Notary Services (LTANS) Working Group Charter Review.

OASIS Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales eSecurity OASIS Digital Signature Services and ETSI standards Juan Carlos.

© Software602 a.s. SOFTWARE Zdenek Metodej Zalis Martin Vondrous Ondrej Malek.

Frank Schipplick Work Package Coordinator WP1 - eSignatures.

OASIS Digital Signature Services and ETSI standards Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales.

Public Key Infrastructure (PKI)

Presentation transcript:

The OpenEvidence Project Peter Sylvester, EdelWeb IETF - N° 57, Wien PKIX working group

OpenEvidence project EU IST 5th framework Accompanying measures special action open source duration april Jan 2004 budget 0.9 M€

Domain and goals Paperless organisations Legal value of dematerialized documents Provide effectively enabling required techno In addition to electronic signatures and certificates Pragmatic approach Implementable models Open Source Approach

OpenEvidence Context Emerging legal environments for Recognition of electronic signatures Long-term validity of electronic documents Model : Third parties services for evidence creation and validation Techniques Time stamping, notarization, archiving, signature validation, … Problems Proprietary solutions, competition, secret agendas,.. Thus, slow standardization (many years) Even: competing technologies

State of the art Much work in different areas IETF, OASIS, ISO, ETSI, CEN, … Vendors vs committees vs implementers competition via technology differences Need to distinguish facts from fiction Language confusion e.g. time stamping use cases

Babylonian Problems Electronic signature timestamping EU Directive of Electronic Signatures

OpenEvidence Approach Combine existing prototype solutions into open source Only chance to avoid (brain-damaged?) costly proprietary solutions Only way to foster actual deployment of dematerailization No technology wars no. XML vs ASN1 No archiving vs time stamping No signature vs hash linking Use knowledge from real implementers

OpenEvidence Partners EdelWeb - Groupe ON-X - France techno provider and coordination Cybernetica - Estonia techno provider C & A - Italy techno provider EADS Telecom user and testbed

Deliverables Actual Open Source Client software Access to servers, document handling Server software TSAs, DVCS, normalized journal formats Creation and validation of evidences Documentation Open-Source Community Support Experiments in test bed Long term service, User management cessation of activity

Materialised document world Users need to proove they possess a document at one particular time Notary : confirm that at one time, two persons have agreed on the content of a document (witness) At any time in the future, parties need to proove their agreement Document content may be confidential Document content can be controlled (by a governemental representative)

Consequences for dematerialisation A tamper resistant proof of possession must be delivered by a trusted third party, Trusted time stamp associated to the document Validation service required Long term archiving of documents and proof Content protection in archive Access possible by a content auditor

Technical deliverables A reference implementation of Notarisation services(RFC 3029), A minimal Notarisation client tool, A enhanced GUI Notarisation client tool, Test programs for all pieces of software, Test bed application

Complementary deliverables Trusted Time Stamping daemon (RFC 3161), Hash Linking Time Stamping daemon, journal and archiving of data modelled in XML.

Out of scope services PKI and PMI, Back end archival server with physical protection, HTTP Front end, Database Management System, Redundant storage system,

OpenEvidence Summary Integration of technology for evidence creation and validation Context : dematerialised documents Long-term validity Complementary technologies RFC 3029, RFC 3161 Hash Linking Schemes for timestamping Tests in application contexts Demonstrator service, archive server

Timestamping Different application contexts short term high volume data stock exchange order synchronisation long term stability od documents Complementary techno RFC 3161, RFC 3029, Hash linking signatures short term authentication hash linking, publishing, and phys. Protection for long term

Long term protection Digital signatures insufficient Protect in space but not in time Need redundant methods like in real life so far, only physical archiving but: not enough experience An attesttation from an archive = electronic signature

OpenEvidence Security Model Based on ISO or BS 7799

Secure journal and archive Useful for common criteria User hierarchies Cessation of activity (partial and total) Limited duration of storage (but not fixed) certified transfer,archival with assertion No deletion Secure by hash linking and physical prot. Auditable by random validation

Example Architecture (DVCS) TSAs Client A Documents & DataCerts Client B Documents & DataCerts DVCS interface OpenEvidence Broker External interfaces:, CRL, OCSP, TSP, archivage, … AC externesArchiveur Client A Client B CAs TSAs Archival service Other TTPs Internal CA Internal TSA DataCerts

WP6 – Pilot Experimentation 2 official test beds have been defined : Certified Mail (EADS-T) File seals (EdelWeb) Together with C&A for 3161 time stamp.

OpenEvidence and PKIX Data Validation is on agenda RFC 3161, RFC 3029 Need updates ntegration of hash linking profiling for data validation … Certification and signature validation semantic validation