Lifecycle Metadata for Digital Objects October 9, 2002 Transfer / Authenticity Metadata.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure and Applications
Web Service Security CS409 Application Services Even Semester 2007.
Digital Signatures. Anononymity and the Internet.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Web services security I
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Cryptography, Authentication and Digital Signatures
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Chapter 21 Distributed System Security Copyright © 2008.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
 A Web service is a method of communication between two electronic devices over World Wide Web.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.
What is Digital Signature Building confidentiality and trust into networked transactions. Kishankant Yadav
Csci5233 computer security & integrity 1 Cryptography: an overview.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
Cryptography: Digital Signatures Message Digests Authentication
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
DIGITAL SIGNATURE.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Web Services Security INFOSYS 290, Section 3 Web Services: Concepts, Design and Implementation Adam Blum
Copyright 2004 MayneStay Consulting Group Ltd. - All Rights Reserved Jan-041 Security using Encryption Security Features Message Origin Authentication.
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Fundamentals of Network Security Ravi Mukkamala SCI 101 October 6, 2003.
Cryptography: an overview
Cryptography: an overview
Unit 3 Section 6.4: Internet Security
Computer Communication & Networks
e-Health Platform End 2 End encryption
NET 311 Information Security
Cryptography: an overview
Electronic Payment Security Technologies
National Trust Platform
Presentation transcript:

Lifecycle Metadata for Digital Objects October 9, 2002 Transfer / Authenticity Metadata

Transferring paper records Records Center Storage Approval Form –Agency approval signature –Description of materials Approval Number received for transmission Pack and label correctly (agreed standard) –Use proper boxes –Label with identifiers –Pack in original order and approved arrangement –Number boxes in batch –Stack correctly Transmittal Form for batch –“Digest” of contents Access Codes received for boxes

The central problem: Security guaranteeing Authenticity Guarding the object (authenticity, integrity) Proving the identities of the people responsible for transferring the object (authentication, non-repudiation) Transferring the object in a secure way

“Cutoff” for the digital object: The moment of “recordness” Assertion that the object is complete (cf. UBC) Assertion that it is an archivable object Assertion that the asserter has the authority to enact cutoff All these assertions may be system-supplied in the digital environment: –user logins –user role ID –identity of the workstation on the network

What is transfer about? What is a digital copy? What qualifies? –Data compression issues –Data segmentation issues –Creating application vs file-management application How can a digital copy be guaranteed? –Digital object as string of bits –Message digest of object as math on the bits –Ship the message digest with the object –Recalculate and compare at the other end

Moving from user to repository Using the public network securely Sending from user to repository –VPN –SSL “Secure drop-box” technology –Separate “hardened” server (between “DMZ”s) –Only A can deposit, only B can withdraw Repository harvests objects from user’s drop- box

Proving the identity of the sender (Authentication I) Assymetrical encryption –Private/public keys: reverse purposes Private = one (only) Public = many (every) Digital signature –Calculate message digest –Use one of asymmetric key pair to transform If recipient’s public key, only recipient can decode If sender’s private key, only sender can have sent –Use second of assymetric key pair to decrypt –Check message digest against message

Proving the identity of the sender (Authentication II: Non- repudiation) Certification (PKI, “XKI”) –Connecting keys with individual –External or internal –Endurance System permissions and activity –Data collected from system/network operations logs –Necessity for collecting as archival!

Guaranteeing the authenticity of the object (Integrity) Object as open or secret –Must we disguise the object? –Can we move it around in clear? Message digest –Creates single number: “one-way hash” –Number will change with the slightest change in the object on which it was calculated Encryption (Confidentiality) –Asymmetric –Symmetric

Proving the identity of the receiver Digital signature System permissions Recorded as part of repository operations records

Documenting the transfer Time-stamps System logs

Verifying the transfer Quality control Verifying the message digest Checking the object against the wrapper

XML and partial signing XML wrapper for a set of objects permits individual or multiple objects to be signed Objects can potentially be signed by different people in workflow This means that a born-digital XML-wrapped object may already contain several digital signatures from different sources May require verification and resigning as single object by record-asserting entity before transfer

XML Signature (CanonicalizationMethod) (SignatureMethod) ( (Transforms)? (DigestMethod) (DigestValue) (SignatureValue) (KeyInfo)? (Object)*