Presentation is loading. Please wait.

Presentation is loading. Please wait.

May 23, 2007 Archiving 2007 1 ACE: A Novel Software Platform to Ensure the Integrity of Digital Archives Sangchul Song and Joseph JaJa Institute for Advanced.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "May 23, 2007 Archiving 2007 1 ACE: A Novel Software Platform to Ensure the Integrity of Digital Archives Sangchul Song and Joseph JaJa Institute for Advanced."— Presentation transcript:

1 May 23, 2007 Archiving 2007 1 ACE: A Novel Software Platform to Ensure the Integrity of Digital Archives Sangchul Song and Joseph JaJa Institute for Advanced Computer Science Studies Department of Electrical and Computer Engineering University of Maryland, College Park Sponsored by Library of Congress and NSF

2 May 23, 2007 Archiving 2007 2 Main Threats to Integrity of Digital Archives Hardware/media degradation Hardware/software malfunction Operational errors Technology evolution Object transformation (format obsolescence) Infrequent access to most data Evolution of cryptographic schemes Security breaches, malicious alterations

3 May 23, 2007 Archiving 2007 3 Existing Methodologies Core Techniques –Replication: mirroring –Coding techniques: parity checking (RAID), erasure codes –Cryptographic one-way hashing: checksum Techniques for Digital Archives –Hashing only –Replication + voting scheme –Hashing + replication –Digital Signatures –Time Stamping (PKI vs. hash-linking)

4 May 23, 2007 Archiving 2007 4 ACE - Assumptions Basic Assumption on the archive –Each object has a persistent identifier –In the presence of multiple copies, one is designated as master. No other assumptions – architecture can be centralized, distributed, or peer-to-peer; policies can be centralized, distributed, or federated.

5 May 23, 2007 Archiving 2007 5 ACE – Base Methodology Three-tiered Cryptographic Information. Each tier is periodically audited separately according to policies set by managers. Integrity Token Witness Cryptographic Summary Information 1 IT/object ~1KB 1 CSI/time window Or 1 CSI / (n) objects ~100MB/year 1 Witness/week ~2-3KB/year k:1l:1

6 May 23, 20076 Three-Tiered Cryptographic Information

7 May 23, 20077 ACE – System Architecture

8 May 23, 2007 Archiving 2007 8 ACE – Overview Integrity Token Hash (obj) ACE-AM 3 rd Party Auditor Client ACE-IMS object

9 May 23, 2007 Archiving 2007 9 ACE – Registration 1. A request containing the hash of the object is made to ACE. 2. When the aggregation round closes, the Aggregator builds an authentication tree. 3. A receipt is returned. 4~5. A new cryptographic summary is computed and the integrity token for each request is constructed. 6~8. Each object retrieves its integrity token.

10 May 23, 2007 Archiving 2007 10 ACE Witness Publication Cryptographic Summary Information Witness … Once a week, a witness is computed from the cryptographic summaries generated during the week. The witness of the week is widely published on the Internet – currently, gets posted to the newsgroups at Google, Yahoo and MSN. The witness is also stored on a CD- ROM

11 May 23, 2007 Archiving 2007 11 ACE – Demo Modify

12 May 23, 2007 Archiving 2007 12 ACE Audit Integrity Token Witness Cryptographic Summary Information Object 1. Each digital object is audited locally using the integrity token, according to the policy set by the local manager. 2. The integrity management system periodically audits the integrity tokens according to its policies. 3. Cryptographic summaries are audited as necessary using the published witness values.

13 May 23, 2007 Archiving 2007 13 Auditing Cryptographic Summaries Witness … Cryptographic Summary Information The system collects all the summaries that share the same Time Frame ID, and builds a validation witness. The system retrieves the published witness of the Time Frame ID from the newsgroups. The published witness is then compared to the validation witness

14 May 23, 2007 Archiving 2007 14 ACE Update– Obsolete Hash Functions Objects are registered again with the information on the old integrity token (IT). The new IT token is constructed using this information. The object integrity from the previous registration to the new registration can still be verified with the old IT, whereas the new IT will be responsible from the new registration.

15 May 23, 2007 Archiving 2007 15 ACE Update – Object Transformation The new object is registered again. However, the registration request contains information on the old integrity token. The new integrity token is constructed using this information. With this information, a future audit can track current version back to the previous version.

16 May 23, 2007 Archiving 2007 16 ACE Performance Preliminary performance evaluation –Setup : Audits on the NARA EAP Image Collection consisting over 1.1TB of 126,548 files. –Results: All files were audited in about 15 hours. –Note 1: Most of the time was spent in moving the data between the separate machines. –Note 2: Registration on the same collection took almost the same time.

17 May 23, 2007 Archiving 2007 17 ACE Summary Third-party auditable Cryptographically rigorous yet cost-effective Update-aware Highly interoperable Scalable High Performance

Download ppt "May 23, 2007 Archiving 2007 1 ACE: A Novel Software Platform to Ensure the Integrity of Digital Archives Sangchul Song and Joseph JaJa Institute for Advanced."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar(96608205043) C.Karthik(96608205022) H.Sheik mohideen(96608205046) S.Lakshmi rajan(96608205023)

Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
Creating Proposal and Managing Grants Maria Whalen (508)856-6510.

Creating Proposal and Managing Grants Maria Whalen (508)
Audit Control Environment Mike Smorul UMIACS. Issues surrounding asserting integrity Threats to Integrity of Digital Archives –Hardware/media degradation.

Audit Control Environment Mike Smorul UMIACS. Issues surrounding asserting integrity Threats to Integrity of Digital Archives –Hardware/media degradation.
The Zebra Striped Network File System Presentation by Joseph Thompson.

The Zebra Striped Network File System Presentation by Joseph Thompson.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chronopolis: Preserving Our Digital Heritage David Minor UC San Diego San Diego Supercomputer Center.

Chronopolis: Preserving Our Digital Heritage David Minor UC San Diego San Diego Supercomputer Center.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
ADAPT An Approach to Digital Archiving and Preservation Technology Principal Investigator: Joseph JaJa Lead Programmers: Mike Smorul and Mike McGann Graduate.

ADAPT An Approach to Digital Archiving and Preservation Technology Principal Investigator: Joseph JaJa Lead Programmers: Mike Smorul and Mike McGann Graduate.
May 23 2007 Archiving 2007 1 PAWN: A Policy-Driven Software Environment for Implementing Producer- Archive Interactions in Support of Long Term Digital.

May Archiving PAWN: A Policy-Driven Software Environment for Implementing Producer- Archive Interactions in Support of Long Term Digital.
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.

Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
ACE: A Software Tool to Ensure the Integrity of Digital Archives Principal Investigator: Joseph JaJa Graduate Student: Sangchul Song Lead Programmer: Michael.

ACE: A Software Tool to Ensure the Integrity of Digital Archives Principal Investigator: Joseph JaJa Graduate Student: Sangchul Song Lead Programmer: Michael.
1 Using Scalable and Secure Web Technologies to Design Global Format Registry Muluwork Geremew, Sangchul Song and Joseph JaJa Institute for Advanced Computer.

1 Using Scalable and Secure Web Technologies to Design Global Format Registry Muluwork Geremew, Sangchul Song and Joseph JaJa Institute for Advanced Computer.
July 20 2007 NAGARA 1 Producer-Archive Workflow Network Mike Smorul, Mike McGann, Joseph JaJa Institute for Advanced Computer Science Studies University.

July NAGARA 1 Producer-Archive Workflow Network Mike Smorul, Mike McGann, Joseph JaJa Institute for Advanced Computer Science Studies University.
Robust Tools for Archiving and Preserving Digital Data Joseph JaJa, Mike Smorul, and Mike McGann Institute for Advanced Computer Studies Department of.

Robust Tools for Archiving and Preserving Digital Data Joseph JaJa, Mike Smorul, and Mike McGann Institute for Advanced Computer Studies Department of.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation

PAWN: A Novel Ingestion Workflow Technology for Digital Preservation

Similar presentations

Ads by Google