ACE: A Novel Software Platform to Ensure the Integrity of Long Term Archives

We develop a new methodology to address the integrity of long term archives using rigorous cryptographic techniques. A prototype system called ACE (Auditing Control Environment) was designed and developed based on this methodology. ACE creates a small-size integrity token for each digital object and some cryptographic summary information based on all the objects handled within a dynamic time period. ACE continuously audits the contents of the various objects according to the policy set by the archive, and provides mechanisms for an independent third-party auditor to certify the integrity of any object. In fact, our approach will allow an independent auditor to verify the integrity of every version of an archived digital object as well as link the current version to the original form of the object when it was ingested into the archive. We show that ACE is very cost effective and scalable while making no assumptions about the archive architecture. We include in this paper some preliminary results on the validation and performance of ACE on a large image collection.

[1]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[2]  Johannes A. Buchmann,et al.  Perspectives for cryptographic long-term security , 2006, CACM.

[3]  Randy H. Katz,et al.  A case for redundant arrays of inexpensive disks (RAID) , 1988, SIGMOD '88.

[4]  John Kubiatowicz,et al.  Erasure Coding Vs. Replication: A Quantitative Comparison , 2002, IPTPS.

[5]  Mary Baker,et al.  The LOCKSS peer-to-peer digital preservation system , 2005, TOCS.

[6]  Yi-Min Wang,et al.  ONE-IP: Techniques for Hosting a Service on a Cluster of Machines , 1997, Comput. Networks.

[7]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[8]  Michael J. Giarlo,et al.  Digital Preservation: Architecture and Technology for Trusted Digital Repositories , 2005, D Lib Mag..

[9]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[10]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[11]  Erez Zadok,et al.  Ensuring data integrity in storage: techniques and applications , 2005, StorageSS '05.

[12]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[13]  John Kubiatowicz,et al.  Naming and Integrity: Self-verifying Data in Peer-to-Peer Systems , 2003, Future Directions in Distributed Computing.

[14]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[15]  M. GladneyH.,et al.  Trustworthy 100-year digital objects , 2005 .

[16]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[17]  Stuart Haber,et al.  A Content Integrity Service For Long-Term Digital Archives , 2006 .

[18]  Mary Baker,et al.  Enabling the Long-Term Archival of Signed Documents through Time Stamping , 2001, ArXiv.

[19]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[20]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[21]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[22]  Michael J. Giarlo,et al.  Digital Preservation: Architecture and Technology for Trusted Digital Repositories , 2005, D Lib Mag..

[23]  Daniel A. Reed,et al.  NCSA's World Wide Web Server: Design and Performance , 1995, Computer.

[24]  James S. Plank,et al.  A tutorial on Reed–Solomon coding for fault‐tolerance in RAID‐like systems , 1997, Softw. Pract. Exp..

[25]  Oscar H. Ibarra,et al.  SWEB: towards a scalable World Wide Web server on multicomputers , 1996, Proceedings of International Conference on Parallel Processing.