Download presentation
Presentation is loading. Please wait.
1
Archive Time-Stamps-Syntax Dr. Ulrich Pordesch pordesch@sit.fhg.de
2
Archiving Signed Documents Long-term Problems –algorithms get weak, certificates expire –verification data no longer available –changes of formats and media ArchiSig-Project 2001 - 2003 –requirements, concepts, implementation, evaluation –ATS one of the results Archive Time Stamping
3
Long-term non-repudiation Signatures: Proof of integrity and authenticity Need to archive documents for 30 or more years Signature and hash algorithms / parameters can get weak, certificates expire or revoked Long-term non repudiation prove of existence of signed documents and verification data needed also very useful for unsigned documents
4
Requirements practical, effective, privacy protecting and law conformant: timestamps with digital signatures needed take weakness of pk- and hash-algorithms into account minimalize quantity of time-stamps avoid access to archived data as far as possible independency of formats of documents or signatures time-stamp groups of data objects together no side effects of deletion of documents optional encryption must preserve evidence value use existing qualified time-stamp-services and protocols no new trusted third parties
5
Electronic Signature Formats (RFC 3126) Approach –adding (archive) time-stamps as unsigned attributes for each signature Problems: –a great many time-stamps –need to access data and signatures (document format dependent) –not applicable to encrypted data, non standard signature formats, seperatly stored verification data, unsigned documents –not conformant to german signature law: new signature does not include all previous signatures Alternative (second) solution is needed
6
Approach client Select data objects (document,..) Optional: Encrypt data objects service / archive system Initial Archive Time-Stamp Renewal: Time-Stamp Renewal, Hashtree Renewal Reduce hashtrees, generate Archive Timestamps Element client Optional: Decrypt data objects Optional: Integrate as an attribute if wanted Verify Archive Time-Stamps Element and document
7
Archive Time Stamp Syntax Syntax and Processing (particularly verification) of an Archive Time Stamp Element –to verify existance of any data objects over an undetermined period of time, useable for signature renewal –optimized (but not restricted to) centralized Archive Time Stamping by Archive Systems or Services –including optional encryption –addendum: integration into signed documents Not specified here: –Service protocol: possible but not necessary for internal use –Architectures of archive systems
8
Archive Time-Stamp Archive Time Stamp –hash-tree (Merkle) –qualif. time-stamp containing digital signature –single time-stamp for many data objects Initial Stamp –event: after document is archived –collect hash values and build tree, request time-stamp –store archive time-stamp –renew if necesary Reduction to Enhanced Time-Stamp –necessary hash values for verification + time-stamp –{SEQUENCE of SEQUENCE of OCTET STRING time-stamp}
9
Time-Stamp-Renewal Event: Any algorithm in time-stamp gets weak (or time-stamp-certificate expires) Method –hash time-stamp with old hash algorithm –and include it in new archive time-stamp Properties –no access to data objects –only few (at minimum 1) time-stamp for an whole archive Reduction: ArchiveTimeStampChain –SEQUENCE of Enhanced Time Stamp
10
Hashtree-Renewal Event: Hash-Algorithm of chain gets weak Method (for each data object) –build Archive Time-Stamp chain –include hash of (hash of chain + hash of data object) in new Archive Time-Stamp Properties –need to access data objects –but: avoidable by easy to implement redundancy Reduction: ArchiveTimeStampSequence –SEQUENCE of ArchiveTimeStampChain
11
Optional Encryption Caution: Encryption must be unambigious! Method: –encrypt data object before archiving using CMS- Encryption (Algorithms: RSA, DES-CBC) –normal archive time-stamping –decrypt encrypted data object when got bak –add CMS-cover to Archive-Time-Stamp-Element store content seperately –verification: reconstruct of archive time-stamped data object by decryption of content-encryption key, reencrypt content, insert content
12
Appendices Optional Integration –CMS: signed data –Archive Time-Stamps-Element as an unsigned signature attribute for signature Optional use of Enhanced Time-Stamp –CMS: signed data –Attribute for multiple signature verification
13
Implementation and Evaluation Implementation Patient documentation system Archivesystem + Archive Time Stamping Verification tool Evaluation Test within hospital simulation study with lawyers, judges, technical experts
14
Summary Syntax + Processing of Archive Time-Stamp Element optimized for centralized time-stamping effective for large document volumes applicable for any data objects and groups of data objects normally no need to access data redundancy easy to realize on base of existing services
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.