Gordon W. Romney, Senior Member, IEEE, and Donald W. Parry Information Technology Based Higher...

Gordon W. Romney, Senior Member, IEEE, and Donald W. Parry

Information Technology Based Higher Education and Training, 2006. ITHET '06. 7th International

Conference on

A Digital Signature Signing Engine to Protect

the Integrity of Digital Assets

報告者：鍾蕙蓮

Outline

I. INTRODUCTIONII. BACKGROUNDIII. RESEARCH AND IMPLEMENTATION

OBJECTIVESIV. RESEARCH AND IMPLEMENTATIONV. FUTURE RESEARCHVI. CONCLUSION

I. INTRODUCTION

The Digital Signature Signing Process (DSP) system handles batches of digital image files, one file at a time and produces a unique digital signature of each file.

The significance of the DSP is that it provides a process for the owner, or archivist, of a digital asset to preserve the exact content of the asset at a given instant in date and time ( t 0 ) by generating a digital signature of the digital file.

I. INTRODUCTIONA. Sample Digital Signature of an Image and Digital

Signature Verification:

The DSP generated a digital signature, d 0 made at time t 0 . The digital signature, d 0 , appears to be simply a string of characters and is normally stored as a digital file.

The DSV process, next, was used to validate the previous digital signature, d 0 , at a later time, t1 . Fig. 3 shows the successful outcome from the verification comparison against a newly computed digital signature, d 1 at time t 1 , of an unaltered image of Fig.1. The two digital signatures are proved to be identical as d 1 = d 0 

I. INTRODUCTIONB. Collaborating Researchers and Sponsor

The fundamental technology used by DSP is illustrated by 1) a Dead Sea Scrolls text image from Isaiah b found in Cave 1 at Qumran, contributed by Parry, the Ancient Biblical Manuscript Center and the Israel Antiquities Authority [2]; and 2) a satellite image of the earth previously shown in Fig.1.

In each instance, a need was identified to digitally sign 10 4-6 original images in order to facilitate detecting altered images that are illegally represented as originals.

II. BACKGROUNDA. Public Key Cryptography:

Asymmetric cryptography uses a pair of cryptographic keys, a public and a private key, and is the technology used in the DSP project.

Key-pairs are securely issued and managed by a Trusted- Third-Party Certificate Authority

In its simplest form, a digital signature is a hash of a digital item that is encrypted by a client 's private key of an asymmetric key pair.

II. BACKGROUNDB. Products Are Not Available in the

Marketplace:

Current technology markets have focused on digitally signing documents

Other digital assets such as photo images, audio and video have received little attention. Also, a batch processor for large quantities of digital assets, such as multi-megabyte images, has not been available.

II. BACKGROUNDC. Open Source Solutions Not Available to

Academia:

Academic institutions, notably libraries, have not had an open source digitally-signing-time-stamp solution for either documents or images. DSP was designed to be an open-source solution for all forms of digital assets, but to specifically meet the needs of volume processing of large-sized digital files.

III. RESEARCH AND IMPLEMENTATION OBJECTIVESA. Provide IT Students with a Real-World

Application:

Integrates skills learned in course instruction.Stretches their creativity to a higher level.Introduces the challenges of interacting with a

client.Teaches them teamwork.Uses project management and documentation

tools.Can be accomplished in two semesters of

instruction.

III. RESEARCH AND IMPLEMENTATION OBJECTIVESB. Confront Technologically Challenging Issues:

Major research areas and components that were integrated for DSP are the following:

An operating Certificate Authority (CA).The security Best Practices for a CA.An operating Trusted-Third-Party Time-Date-

Service.An autonomous Digital Signature Signing

Server for multiple clients.A relational database that tracks asset

provenance and modification history.

III. RESEARCH AND IMPLEMENTATION OBJECTIVESC. Provide Clients with a Turnkey Solution:

When a client, such as the Digital Signing of the Dead Sea Scrolls Images (DSDSSI) project, needs digital signing services, an operational DSP node can be established under its autonomous control. Placing the DSP node under a client’s supervision ensures the preservation of the original images under the optimum security and archival Best Practices.

III. RESEARCH AND IMPLEMENTATION OBJECTIVESD. Provide a Centrally Operational CA and TDS:

The entire integrity of a DPS service depends upon the security of its key-pair, system clock and digital signature history logs and change files.

The sponsor for DSP is the BYU Sun Center of Excellence that is focused on information privacy issues.

In this role it sponsors the central operation for both CA and TDS Trusted-Third-Party functions.

III. RESEARCH AND IMPLEMENTATION OBJECTIVESE. Provide an Auditable History of Digital Signatures:

As a Trusted-Third-Party, the TDS provides a legally, auditable history of all changes to a given DSP node clock.

Additionally, all historical records of clock adjustments and digital signature history logs are linked and digitally signed by the TDS server every twelve hours.

Linked digital signature logs make it virtually impossible for an image file to be deleted or an alternate substituted.

IV. RESEARCH AND IMPLEMENTATION

A. DesignB. Supporting Processes Essential to DSPC. Project ManagementD. Project SpecificationE. System UsersF. Database SchemaG. Time-Date Service Database SchemaH. Major Component List for the DSP

Prototype SystemI. Any Change Produces a ‘Failed’ DSV

V. FUTURE RESEARCHThe team determined that a number of areas

require additional research, testing, benchmarking and refinement such as:

Compare several different RDBMSs to MySQL, the current choice.

Evaluate the speed of different signing algorithms.Get Elliptic Curve Cryptography fully operational.

Initial benchmarks show that it is much faster than anticipated and faster than the RSA implementation in OpenSSL.

Evaluate other mass file upload technologies.Develop an improved batch scheduler for the

volume ofsmaller jobs required by signing.

VI. CONCLUSION

A. Provide IT Students with a Real-World ApplicationB. Confront Technologically Challenging IssuesC. Provide Clients with a Turnkey SolutionD. Provide a Centrally Functional CA and TDSE. Provide an Auditable History of Digital Signatures

The research reported in this paper for the Digital Signature Signing Engine project has not come to a conclusion, but rather, is expanding with future research and the installation of other potential DSP nodes.

The end.