Archive Time-Stamps-Syntax Dr. Ulrich Pordesch

Slides:



Advertisements
Similar presentations
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Advertisements

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Chapter 8 Web Security.
Trusted Archive Protocol (TAP) Carl Wallace
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
Web services security I
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
UN Economic Commission for Europe 23rd UN/CEFACT FORUM 7-11 April rd UN/CEFACT FORUM – Geneva Tahseen A. Khan Project Proposal : Trusted Third Party.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Digital Signature Technologies & Applications Ed Jensen Fall 2013.
Chapter 13 Digital Signature
Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.
Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.
Bob can sign a message using a digital signature generation algorithm
Exchange of digitally signed SPSCertificate messages Overview of prototype of digital signature applied to SPSCertificate message between national systems.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Cryptography Chapter 14. Learning Objectives Understand the basics of algorithms and how they are used in modern cryptography Identify the differences.
Symmetric Encryption Mom’sSecretApplePieRecipe Mom’sSecretApplePieRecipe The same key is used to encrypt and decrypt the data. DES is one example. Pie.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Introduction The following slides were prepared as a result of analysis and discussion.
Slide 1 © 2004 Reactivity The Gap Between Reliability and Security Eric Gravengaard Reactivity.
Chapter 4 Using Encryption in Cryptographic Protocols & Practices (Part B)
Evidence Record Syntax <draft-ietf-ltans-ers-00.txt>
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
1 Integrating digital signatures with relational database: Issues and organizational implications By Randal Reid, Gurpreet Dhillon. Journal of Database.
Meganet Corporation VME Sign Meganet Corporation Meganet Corporation is a leading worldwide provider of data security to Governments, Military,
Digital Signatures, Message Digest and Authentication Week-9.
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
XML Evidence Record Syntax
DIGITAL SIGNATURE.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.
©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.
Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
OASIS Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales eSecurity OASIS Digital Signature Services and ETSI standards Juan Carlos.
TAG Presentation 18th May 2004 Paul Butler
The Secure Sockets Layer (SSL) Protocol
Key management issues in PGP
ERS to XML Introduction to ERS syntax in XML format
Cryptography and Network Security
TAG Presentation 18th May 2004 Paul Butler
S/MIME T ANANDHAN.
The Secure Sockets Layer (SSL) Protocol
X-Road as a Platform to Exchange MyData
Meganet Corporation VME Sign 2004
National Trust Platform
Presentation transcript:

Archive Time-Stamps-Syntax Dr. Ulrich Pordesch

Archiving Signed Documents Long-term Problems –algorithms get weak, certificates expire –verification data no longer available –changes of formats and media ArchiSig-Project –requirements, concepts, implementation, evaluation –ATS one of the results Archive Time Stamping

Long-term non-repudiation Signatures: Proof of integrity and authenticity Need to archive documents for 30 or more years Signature and hash algorithms / parameters can get weak, certificates expire or revoked Long-term non repudiation prove of existence of signed documents and verification data needed also very useful for unsigned documents

Requirements practical, effective, privacy protecting and law conformant: timestamps with digital signatures needed take weakness of pk- and hash-algorithms into account minimalize quantity of time-stamps avoid access to archived data as far as possible independency of formats of documents or signatures time-stamp groups of data objects together no side effects of deletion of documents optional encryption must preserve evidence value use existing qualified time-stamp-services and protocols no new trusted third parties

Electronic Signature Formats (RFC 3126) Approach –adding (archive) time-stamps as unsigned attributes for each signature Problems: –a great many time-stamps –need to access data and signatures (document format dependent) –not applicable to encrypted data, non standard signature formats, seperatly stored verification data, unsigned documents –not conformant to german signature law: new signature does not include all previous signatures Alternative (second) solution is needed

Approach client Select data objects (document,..) Optional: Encrypt data objects service / archive system Initial Archive Time-Stamp Renewal: Time-Stamp Renewal, Hashtree Renewal Reduce hashtrees, generate Archive Timestamps Element client Optional: Decrypt data objects Optional: Integrate as an attribute if wanted Verify Archive Time-Stamps Element and document

Archive Time Stamp Syntax Syntax and Processing (particularly verification) of an Archive Time Stamp Element –to verify existance of any data objects over an undetermined period of time, useable for signature renewal –optimized (but not restricted to) centralized Archive Time Stamping by Archive Systems or Services –including optional encryption –addendum: integration into signed documents Not specified here: –Service protocol: possible but not necessary for internal use –Architectures of archive systems

Archive Time-Stamp Archive Time Stamp –hash-tree (Merkle) –qualif. time-stamp containing digital signature –single time-stamp for many data objects Initial Stamp –event: after document is archived –collect hash values and build tree, request time-stamp –store archive time-stamp –renew if necesary Reduction to Enhanced Time-Stamp –necessary hash values for verification + time-stamp –{SEQUENCE of SEQUENCE of OCTET STRING time-stamp}

Time-Stamp-Renewal Event: Any algorithm in time-stamp gets weak (or time-stamp-certificate expires) Method –hash time-stamp with old hash algorithm –and include it in new archive time-stamp Properties –no access to data objects –only few (at minimum 1) time-stamp for an whole archive Reduction: ArchiveTimeStampChain –SEQUENCE of Enhanced Time Stamp

Hashtree-Renewal Event: Hash-Algorithm of chain gets weak Method (for each data object) –build Archive Time-Stamp chain –include hash of (hash of chain + hash of data object) in new Archive Time-Stamp Properties –need to access data objects –but: avoidable by easy to implement redundancy Reduction: ArchiveTimeStampSequence –SEQUENCE of ArchiveTimeStampChain

Optional Encryption Caution: Encryption must be unambigious! Method: –encrypt data object before archiving using CMS- Encryption (Algorithms: RSA, DES-CBC) –normal archive time-stamping –decrypt encrypted data object when got bak –add CMS-cover to Archive-Time-Stamp-Element store content seperately –verification: reconstruct of archive time-stamped data object by decryption of content-encryption key, reencrypt content, insert content

Appendices Optional Integration –CMS: signed data –Archive Time-Stamps-Element as an unsigned signature attribute for signature Optional use of Enhanced Time-Stamp –CMS: signed data –Attribute for multiple signature verification

Implementation and Evaluation Implementation Patient documentation system Archivesystem + Archive Time Stamping Verification tool Evaluation Test within hospital simulation study with lawyers, judges, technical experts

Summary Syntax + Processing of Archive Time-Stamp Element optimized for centralized time-stamping effective for large document volumes applicable for any data objects and groups of data objects normally no need to access data redundancy easy to realize on base of existing services

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.