Analysis of Client-Side Security for Long-Term Time-Stamping Services

Time-stamping services produce time-stamp tokens as evidences to prove that digital data existed at given points in time. Time-stamp tokens contain verifiable cryptographic bindings between data and time, which are produced using cryptographic algorithms. In the ANSI, ISO/IEC and IETF standards for time-stamping services, cryptographic algorithms are addressed in two aspects: (i) Client-side hash functions used to hash data into digests for nondisclosure. (ii) Server-side algorithms used to bind the time and digests of data. These algorithms are associated with limited lifespans due to their operational life cycles and increasing computational powers of attackers. After the algorithms are compromised, time-stamp tokens using the algorithms are no longer trusted. The ANSI and ISO/IEC standards provide renewal mechanisms for time-stamp tokens. However, the renewal mechanisms for client-side hash functions are specified ambiguously, that may lead to the failure of implementations. Besides, in existing papers, the security analyses of long-term time-stamping schemes only cover the server-side renewal, and the client-side renewal is missing. In this paper, we analyse the necessity of client-side renewal, and propose a comprehensive long-term time-stamping scheme that addresses both client-side renewal and server-side renewal mechanisms. After that, we formally analyse and evaluate the client-side security of our proposed scheme.

[1]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[2]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[3]  Yehuda Lindell,et al.  Introduction to Modern Cryptography, Second Edition , 2014 .

[4]  Sven Laur,et al.  Do Broken Hash Functions Affect the Security of Time-Stamping Schemes? , 2006, ACNS.

[5]  Peter W. Shor Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1999 .

[6]  Dimitris Gritzalis,et al.  Cumulative notarization for long-term preservation of digital signatures , 2004, Comput. Secur..

[7]  Tobias Gondrom,et al.  Extensible Markup Language Evidence Record Syntax (XMLERS) , 2011, RFC.

[8]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[9]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[10]  Matthias Geihs Long-Term Protection of Integrity and Confidentiality - Security Foundations and System Constructions , 2018 .

[11]  John Ross,et al.  CMS Advanced Electronic Signatures (CAdES) , 2008, RFC.

[12]  Jörg Schwenk,et al.  Modelling Time for Authenticated Key Exchange Protocols , 2014, ESORICS.

[13]  Ahto Buldas,et al.  Can We Construct Unbounded Time-Stamping Schemes from Collision-Free Hash Functions? , 2008, ProvSec.

[14]  Stuart Haber,et al.  A Content Integrity Service For Long-Term Digital Archives , 2006 .

[15]  A. K. Lenstra,et al.  Key Lengths Contribution to The Handbook of Information Security , 2010 .

[16]  Ahto Buldas,et al.  Long-Term Secure Time-Stamping Using Preimage-Aware Hash Functions - (Short Version) , 2017, ProvSec.

[17]  Ahto Buldas,et al.  Does Secure Time-Stamping Imply Collision-Free Hash Functions? , 2007, ProvSec.

[18]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[19]  Johannes A. Buchmann,et al.  Assessing trust in the long-term protection of documents , 2013, 2013 IEEE Symposium on Computers and Communications (ISCC).

[20]  Sven Laur,et al.  Knowledge-Binding Commitments with Applications in Time-Stamping , 2007, Public Key Cryptography.

[21]  Nancy A. Lynch,et al.  Modeling Computational Security in Long-Lived Systems, Version 2 , 2008, IACR Cryptol. ePrint Arch..

[22]  Denise Demirel,et al.  A security analysis of techniques for long-term integrity protection , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[23]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[24]  Stuart Haber,et al.  Improving the Efficiency and Reliability of Digital Time-Stamping , 1993 .

[25]  M Ohlin,et al.  Iso/iec Jtc 1/sc 27 Information Technology -security Techniques Secretariat: Din, Germany Title: Text for Iso/iec Wd 18014-3: Information Technology – Security Techniques – Time Stamping Services – Part 3: Mechanisms Producing Linked Tokens , 2000 .

[26]  Ralf Brandner,et al.  Evidence Record Syntax (ERS) , 2007, RFC.

[27]  Ahto Buldas,et al.  On Provably Secure Time-Stamping Schemes , 2004, ASIACRYPT.

[28]  Stuart Haber,et al.  How to Time-Stamp a Digital Document , 1990, CRYPTO.

[29]  Yevgeniy Dodis,et al.  Salvaging Merkle-Damgard for Practical Applications , 2009, IACR Cryptol. ePrint Arch..