A Digital Signature Signing Engine to Protect

advertisement
A Digital Signature Signing Engine to Protect
the Integrity of Digital Assets
Gordon W. Romney, Senior Member, IEEE, and DonaldW. Parry
Information Technology Based Higher Education and Training, 2006.
ITHET '06. 7th International Conference on
報告者:鍾蕙蓮
Outline
 I. INTRODUCTION
 II. BACKGROUND
 III. RESEARCH AND IMPLEMENTATION OBJECTIVES
 IV. RESEARCH AND IMPLEMENTATION
 V. FUTURE RESEARCH
 VI. CONCLUSION
I. INTRODUCTION
 The Digital Signature Signing Process (DSP) system handles
batches of digital image files, one file at a time and produces
a unique digital signature of each file.
 The significance of the DSP is that it provides a process for
the owner, or archivist, of a digital asset to preserve the exact
content of the asset at a given instant in date and time ( t 0 )
by generating a digital signature of the digital file.
I. INTRODUCTION
A. Sample Digital Signature of an Image and Digital Signature
Verification:
 The DSP generated a digital signature, d 0 made at time t 0 .
The digital signature, d 0 , appears to be simply a string of
characters and is normally stored as a digital file.
 The DSV process, next, was used to validate the previous
digital signature, d 0 , at a later time, t1 . Fig. 3 shows the
successful outcome from the verification comparison against
a newly computed digital signature, d 1 at time t 1 , of an
unaltered image of Fig.1. The two digital signatures are
proved to be identical as d 1 = d 0
I. INTRODUCTION
B. Collaborating Researchers and Sponsor
 The fundamental technology used by DSP is illustrated by 1)
a Dead Sea Scrolls text image from Isaiah b found in Cave 1
at Qumran, contributed by Parry, the Ancient Biblical
Manuscript Center and the Israel Antiquities Authority [2];
and 2) a satellite image of the earth previously shown in Fig.1.
 In each instance, a need was identified to digitally sign 10 46 original images in order to facilitate detecting altered
images that are illegally represented as originals.
II. BACKGROUND
A. Public Key Cryptography:
 Asymmetric cryptography uses a pair of cryptographic keys,
a public and a private key, and is the technology used in the
DSP project.
 Key-pairs are securely issued and managed by a TrustedThird-Party Certificate Authority
 In its simplest form, a digital signature is a hash of a digital
item that is encrypted by a client 's private key of an
asymmetric key pair.
II. BACKGROUND
B. Products Are Not Available in the Marketplace:
 Current technology markets have focused on digitally signing
documents
 Other digital assets such as photo images, audio and video
have received little attention. Also, a batch processor for
large quantities of digital assets, such as multi-megabyte
images, has not been available.
II. BACKGROUND
C. Open Source Solutions Not Available to Academia:
 Academic institutions, notably libraries, have not had an open
source digitally-signing-time-stamp solution for either
documents or images. DSP was designed to be an opensource solution for all forms of digital assets, but to
specifically meet the needs of volume processing of largesized digital files.
III. RESEARCH AND IMPLEMENTATION
OBJECTIVES
A. Provide IT Students with a Real-World Application:
 Integrates skills learned in course instruction.
 Stretches their creativity to a higher level.
 Introduces the challenges of interacting with a client.
 Teaches them teamwork.
 Uses project management and documentation tools.
 Can be accomplished in two semesters of instruction.
III. RESEARCH AND IMPLEMENTATION
OBJECTIVES
B. Confront Technologically Challenging Issues:
Major research areas and components that were integrated for
DSP are the following:
 An operating Certificate Authority (CA).
 The security Best Practices for a CA.
 An operating Trusted-Third-Party Time-Date-Service.
 An autonomous Digital Signature Signing Server for multiple
clients.
 A relational database that tracks asset provenance and
modification history.
III. RESEARCH AND IMPLEMENTATION
OBJECTIVES
C. Provide Clients with a Turnkey Solution:
 When a client, such as the Digital Signing of the Dead Sea
Scrolls Images (DSDSSI) project, needs digital signing
services, an operational DSP node can be established under
its autonomous control. Placing the DSP node under a
client’s supervision ensures the preservation of the original
images under the optimum security and archival Best
Practices.
III. RESEARCH AND IMPLEMENTATION
OBJECTIVES
D. Provide a Centrally Operational CA and TDS:
 The entire integrity of a DPS service depends upon the
security of its key-pair, system clock and digital signature
history logs and change files.
 The sponsor for DSP is the BYU Sun Center of Excellence
that is focused on information privacy issues.
 In this role it sponsors the central operation for both CA and
TDS Trusted-Third-Party functions.
III. RESEARCH AND IMPLEMENTATION
OBJECTIVES
E. Provide an Auditable History of Digital Signatures:
 As a Trusted-Third-Party, the TDS provides a legally,
auditable history of all changes to a given DSP node clock.
 Additionally, all historical records of clock adjustments and
digital signature history logs are linked and digitally signed by
the TDS server every twelve hours.
 Linked digital signature logs make it virtually impossible for
an image file to be deleted or an alternate substituted.
IV. RESEARCH AND IMPLEMENTATION
 A. Design
 B. Supporting Processes Essential to DSP
 C. Project Management
 D. Project Specification
 E. System Users
 F. Database Schema
 G.Time-Date Service Database Schema
 H. Major Component List for the DSP Prototype System
 I. Any Change Produces a ‘Failed’ DSV
V. FUTURE RESEARCH
The team determined that a number of areas require additional
research, testing, benchmarking and refinement such as:
 Compare several different RDBMSs to MySQL, the current





choice.
Evaluate the speed of different signing algorithms.
Get Elliptic Curve Cryptography fully operational. Initial
benchmarks show that it is much faster than anticipated and
faster than the RSA implementation in OpenSSL.
Evaluate other mass file upload technologies.
Develop an improved batch scheduler for the volume of
smaller jobs required by signing.
VI. CONCLUSION
 A. Provide IT Students with a Real-World Application
 B. Confront Technologically Challenging Issues
 C. Provide Clients with a Turnkey Solution
 D. Provide a Centrally Functional CA and TDS
 E. Provide an Auditable History of Digital Signatures
 The research reported in this paper for the Digital Signature
Signing Engine project has not come to a conclusion, but
rather, is expanding with future research and the installation
of other potential DSP nodes.
The end.
Related documents
Download