Implementation of an Extended Notary Record Validation Utility and Security Analysis for Surety’s Absolute ProofAgendaTimestamping:a DefinitionGeneral ClassificationWho is Surety?Surety Notarization ProcessEvidentiary Record Hash Chain LinkingObjectivesUtility DetailsUtility DetailsUtility DetailsOutline of Security AnalysisAttacks ConsideredArbitrated SolutionImproved Arbitrated SolutionDIGISTAMP Inc.’s E-TIMESTAMPSecurity AnalysisAssumptionsAnalysis of the AttacksConclusionQuestions?Implementation of an Extended Notary Record Validation Utility and Security Analysis for Surety’s Absolute ProofProject Group:Michael ThimblinNagaSree Chandu KamisettyPadmanabhan RamanAnupama Paila1Agenda• Overview of Time-Stamping• Surety Digital Notarization Process• Evidentiary Record Validation Utility• Demo of the Utility• Security Analysis• Questions2Timestamping:a Definition• Timestamping a digital document is performed to prove that it existed on a certain date• Why is it important?– Digital Notarization• A timestamping authority (TSA) is an independent third party that issues timestamps3General Classification• Public key infrastructure (PKI) based simple Timestamping scheme1. A who/what authentication system2. Based on secure keys 3. Less processing• Trusted time-date stamping (TTDS)1. A when/what authentication system2. No keys required3. More processing 4Who is Surety?• Private company based in Herndon, VA that was founded in 1993.• Company Vision: – Simple, independent and pervasive proof of electronic record integrity. • Technology Area– Digital Notary; Secure Time-Stamping; Trusted Third Party Time-Stamping• Core Product/Service Offering: – AbsoluteProof Data Integrity Service• Target Applications:– Document and Records Management Systems, Digital Archives, Fixed-Content Storage Systems.• Offer AbsoluteProof Data Integrity Service– From the Surety presentation and web site:” Surety’s AbsoluteProof™ ensures the integrity of all types of electronic records in binary form by establishing that they were created on a specific date and have not been tampered with since. It is offered by Surety as an Internet-based ASP service.”5Surety Notarization ProcessDec. 19, 200514:00:00MD5&SHA-16Surety Data CenterSurety Universal RegistryNotaryRecordEvidentiaryRecordEvidentiary Record Hash Chain LinkingSHVSHV+1SHV+2SHV+3SHV+4SHV+5SHV+6SHV+7AHVThis is the value published in The New York TimesIHVOriginal Electronic FileObjectives• Develop Evidentiary Record Validation Utility– Utility does not currently exist– Determine development complexity– Allow independent third party verification• Perform a security analysis of the Surety service.– Are there any vulnerabilities to the service?– Possible Attacks8Utility Details• Java Applet to verify the Evidentiary Record– No totally independent utility exists to perform this task.– Allows anyone with the Evidentiary Record and a copy of the original document to perform the validation• Proves that the document is the same as that which was originally submitted• Proves that the document existed before the witnessed value was published.9Utility Details<?xml version="1.0" ?><EvidentiaryRecord xmlns="http://www.surety.com/evrec"><NotaryRecord><DigestMethodSequence><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig-more#md5" /><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /></DigestMethodSequence><DigestValue>yzDUoiPrjGVodjYhbv4f3szswBxTuu9HipZ8ux+R4AUx52SC</DigestValue><SureId>01DA3CC-22F51D5-1800030-0000000</SureId><Timestamp>2005-10-14T14:52:47.606Z</Timestamp><Zone>3</Zone></NotaryRecord>Calculate Document Hash values (MD5 and SHA-1)Concatenate and compare with reported value.Dec. 19, 200514:00:00Read in Evidentiary RecordyzDUoiPrjGVodjYhbv4f3szswBxTuu9HipZ8ux+R4AUx52SCyzDUoiPrjGVodjYhbv4f3szswBxTuu9HipZ8ux+R4AUx52SCValues Match!Document integrity is validated. Now creation time needs to be verified.10Utility Details<EvidentiaryPath><DigestMethodSequence><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig-more#md5" /><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /></DigestMethodSequence><Link><DigestValue>6veuB0P9FetWhUsTOMNt39/1GrmSPYpuROj6ujUcLdXqcjRo</DigestValue><Position>right</Position></Link><Link>…</Link><Link><DigestValue>0zbjBzY/+3N7t2dTyHo+fw9LG7YuHG4zI5sjm9y5vSST1j3R</DigestValue><Position>right</Position></Link></EvidentiaryPath><WitnessRecord><DigestValue>26sEIfIpRpyMYyIDwB2qewM15hzEJZK9NgkY01Lrtkok5ZhE</DigestValue><WitnessMethod><Publication><Name>New York Times</Name><Date>2005-10-23</Date></Publication></WitnessMethod></WitnessRecord></EvidentiaryRecord>yzDUoiPrjGVodjYhbv4f3szswBxTuu9HipZ8ux+R4AUx52SC<Link><DigestValue>6veuB0P9FetWhUsTOMNt39/1GrmSPYpuROj6ujUcLdXqcjRo</DigestValue><Position>right</Position></Link>6veuB0P9FetWhUsTOMNt39/1GrmSPYpuROj6ujUcLdXqcjRo + yzDUoiPrjGVodjYhbv4f3szswBxTuu9HipZ8ux+R4AUx52SCvu09eWUTMt91rSYuO6jcdqjozUirGojhvfssBTuHp8xRAx2C<Link><DigestValue>0zbjBzY/+3N7t2dTyHo+fw9LG7YuHG4zI5sjm9y5vSST1j3R</DigestValue><Position>right</Position></Link>vu09eWUTMt91rSYuO6jcdqjozUirGojhvfssBTuHp8xRAx2C + 0zbjBzY/+3N7t2dTyHo+fw9LG7YuHG4zI5sjm9y5vSST1j3R26sEIfIpRpyMYyIDwB2qewM15hzEJZK9NgkY01Lrtkok5ZhE<WitnessRecord><DigestValue>26sEIfIpRpyMYyIDwB2qewM15hzEJZK9NgkY01Lrtkok5ZhE</DigestValue><WitnessMethod>Values Match!Now verify with the value published in The New York Times on 10/23/200511Outline of Security Analysis• Identifying various attacks against time-stamping.• Removal of some attacks with evolution of new schemes.• Issues crop up when new methods to timestamp are born.• Security issues with well known systems.• State assumptions.• Analysis of feasible attack w.r.t Surety.12Attacks Considered1. Collision attack/ pre-image attack2. Attacks on server database3. Man in the middle attack4. Spoofing/masquerading5. Replay attack6. Denial of service attack7. Delay attack8. Fake chain attack9. Dating attack13Arbitrated SolutionAliceTrent (Trusted third Party)DocumentTime-stamp + document• The document along with date and time is stored in Trent’s database• Lack of privacy.• Transmission errors would invalidate the file.• Client has to trust the third Party.• High storage capacity required.14Improved Arbitrated SolutionAliceTrent (TSA)Hash(M)SGNTSA(hash || date & time)•Client has to still trust the TSA since the timestamp is signed by his private key.•Dating attacks
View Full Document