A Digital Signature Signing Engine to Protect the Integrity of Digital Assets Gordon W. Romney, Senior Member, IEEE, and DonaldW. Parry Information Technology Based Higher Education and Training, 2006. ITHET '06. 7th International Conference on 報告者:鍾蕙蓮 Outline I. INTRODUCTION II. BACKGROUND III. RESEARCH AND IMPLEMENTATION OBJECTIVES IV. RESEARCH AND IMPLEMENTATION V. FUTURE RESEARCH VI. CONCLUSION I. INTRODUCTION The Digital Signature Signing Process (DSP) system handles batches of digital image files, one file at a time and produces a unique digital signature of each file. The significance of the DSP is that it provides a process for the owner, or archivist, of a digital asset to preserve the exact content of the asset at a given instant in date and time ( t 0 ) by generating a digital signature of the digital file. I. INTRODUCTION A. Sample Digital Signature of an Image and Digital Signature Verification: The DSP generated a digital signature, d 0 made at time t 0 . The digital signature, d 0 , appears to be simply a string of characters and is normally stored as a digital file. The DSV process, next, was used to validate the previous digital signature, d 0 , at a later time, t1 . Fig. 3 shows the successful outcome from the verification comparison against a newly computed digital signature, d 1 at time t 1 , of an unaltered image of Fig.1. The two digital signatures are proved to be identical as d 1 = d 0 I. INTRODUCTION B. Collaborating Researchers and Sponsor The fundamental technology used by DSP is illustrated by 1) a Dead Sea Scrolls text image from Isaiah b found in Cave 1 at Qumran, contributed by Parry, the Ancient Biblical Manuscript Center and the Israel Antiquities Authority [2]; and 2) a satellite image of the earth previously shown in Fig.1. In each instance, a need was identified to digitally sign 10 46 original images in order to facilitate detecting altered images that are illegally represented as originals. II. BACKGROUND A. Public Key Cryptography: Asymmetric cryptography uses a pair of cryptographic keys, a public and a private key, and is the technology used in the DSP project. Key-pairs are securely issued and managed by a TrustedThird-Party Certificate Authority In its simplest form, a digital signature is a hash of a digital item that is encrypted by a client 's private key of an asymmetric key pair. II. BACKGROUND B. Products Are Not Available in the Marketplace: Current technology markets have focused on digitally signing documents Other digital assets such as photo images, audio and video have received little attention. Also, a batch processor for large quantities of digital assets, such as multi-megabyte images, has not been available. II. BACKGROUND C. Open Source Solutions Not Available to Academia: Academic institutions, notably libraries, have not had an open source digitally-signing-time-stamp solution for either documents or images. DSP was designed to be an opensource solution for all forms of digital assets, but to specifically meet the needs of volume processing of largesized digital files. III. RESEARCH AND IMPLEMENTATION OBJECTIVES A. Provide IT Students with a Real-World Application: Integrates skills learned in course instruction. Stretches their creativity to a higher level. Introduces the challenges of interacting with a client. Teaches them teamwork. Uses project management and documentation tools. Can be accomplished in two semesters of instruction. III. RESEARCH AND IMPLEMENTATION OBJECTIVES B. Confront Technologically Challenging Issues: Major research areas and components that were integrated for DSP are the following: An operating Certificate Authority (CA). The security Best Practices for a CA. An operating Trusted-Third-Party Time-Date-Service. An autonomous Digital Signature Signing Server for multiple clients. A relational database that tracks asset provenance and modification history. III. RESEARCH AND IMPLEMENTATION OBJECTIVES C. Provide Clients with a Turnkey Solution: When a client, such as the Digital Signing of the Dead Sea Scrolls Images (DSDSSI) project, needs digital signing services, an operational DSP node can be established under its autonomous control. Placing the DSP node under a client’s supervision ensures the preservation of the original images under the optimum security and archival Best Practices. III. RESEARCH AND IMPLEMENTATION OBJECTIVES D. Provide a Centrally Operational CA and TDS: The entire integrity of a DPS service depends upon the security of its key-pair, system clock and digital signature history logs and change files. The sponsor for DSP is the BYU Sun Center of Excellence that is focused on information privacy issues. In this role it sponsors the central operation for both CA and TDS Trusted-Third-Party functions. III. RESEARCH AND IMPLEMENTATION OBJECTIVES E. Provide an Auditable History of Digital Signatures: As a Trusted-Third-Party, the TDS provides a legally, auditable history of all changes to a given DSP node clock. Additionally, all historical records of clock adjustments and digital signature history logs are linked and digitally signed by the TDS server every twelve hours. Linked digital signature logs make it virtually impossible for an image file to be deleted or an alternate substituted. IV. RESEARCH AND IMPLEMENTATION A. Design B. Supporting Processes Essential to DSP C. Project Management D. Project Specification E. System Users F. Database Schema G.Time-Date Service Database Schema H. Major Component List for the DSP Prototype System I. Any Change Produces a ‘Failed’ DSV V. FUTURE RESEARCH The team determined that a number of areas require additional research, testing, benchmarking and refinement such as: Compare several different RDBMSs to MySQL, the current choice. Evaluate the speed of different signing algorithms. Get Elliptic Curve Cryptography fully operational. Initial benchmarks show that it is much faster than anticipated and faster than the RSA implementation in OpenSSL. Evaluate other mass file upload technologies. Develop an improved batch scheduler for the volume of smaller jobs required by signing. VI. CONCLUSION A. Provide IT Students with a Real-World Application B. Confront Technologically Challenging Issues C. Provide Clients with a Turnkey Solution D. Provide a Centrally Functional CA and TDS E. Provide an Auditable History of Digital Signatures The research reported in this paper for the Digital Signature Signing Engine project has not come to a conclusion, but rather, is expanding with future research and the installation of other potential DSP nodes. The end.