A security analysis of techniques for long-term integrity protection

The amount of security critical information that is only available in digital form is increasing constantly. Some of these data, such as medical or tax data, need to be preserved for long periods of time. Thus, several schemes for long-term integrity protection of long-lived and archived data were developed. However, a comprehensive security analysis is still missing. In this paper we discuss existing security models for long lived systems and show to what extend they allow to prove the security of those schemes. Then, we introduce a new model that overcomes the shortcomings of the state of the art and allows to formally analyze timestamp-based long-term integrity schemes. Finally, we show how the security level of the long-term integrity scheme can be determined for concrete instantiations.

[1]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[2]  Stuart Haber,et al.  A Content Integrity Service For Long-Term Digital Archives , 2006 .

[3]  Stuart Haber,et al.  Improving the Efficiency and Reliability of Digital Time-Stamping , 1993 .

[4]  Jörg Schwenk,et al.  Modelling Time for Authenticated Key Exchange Protocols , 2014, ESORICS.

[5]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[6]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[7]  Carlisle M. Adams,et al.  Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) , 2001, RFC.

[8]  Johannes A. Buchmann,et al.  Assessing trust in the long-term protection of documents , 2013, 2013 IEEE Symposium on Computers and Communications (ISCC).

[9]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[10]  Tobias Gondrom,et al.  Extensible Markup Language Evidence Record Syntax (XMLERS) , 2011, RFC.

[11]  John Ross,et al.  CMS Advanced Electronic Signatures (CAdES) , 2008, RFC.

[12]  Nancy A. Lynch,et al.  Modeling Computational Security in Long-Lived Systems, Version 2 , 2008, IACR Cryptol. ePrint Arch..

[13]  Dimitris Gritzalis,et al.  Cumulative notarization for long-term preservation of digital signatures , 2004, Comput. Secur..

[14]  D. Deutsch Quantum theory, the Church–Turing principle and the universal quantum computer , 1985, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[15]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[16]  Max Mühlhäuser,et al.  LoT: a Reputation-based Trust System for Long-term Archiving , 2016, SECURWARE 2016.

[17]  Denise Demirel,et al.  On the Security of Long-Lived Archiving Systems Based on the Evidence Record Syntax , 2015, C2SI.

[18]  Ralf Brandner,et al.  Evidence Record Syntax (ERS) , 2007, RFC.

[19]  Manindra Agrawal,et al.  PRIMES is in P , 2004 .

[20]  Johannes A. Buchmann,et al.  Introduction to Public Key Infrastructures , 2013, Springer Berlin Heidelberg.