Authentic Time-Stamps for Archival Storage

We study the problem of authenticating the content and creation time of documents generated by an organization and retained in archival storage. Recent regulations (e.g., the Sarbanes-Oxley act and the Securities and Exchange Commission rule) mandate secure retention of important business records for several years. We provide a mechanism to authenticate bulk repositories of archived documents. In our approach, a space efficient local data structure encapsulates a full document repository in a short (e.g., 32-byte) digest. Periodically registered with a trusted party, these commitments enable compact proofs of both document creation time and content integrity. The data structure, an append-only persistent authenticated dictionary, allows for efficient proofs of existence and non-existence, improving on state-of-the-art techniques. We confirm through an experimental evaluation with the Enron email corpus its feasibility in practice.

[1]  Michael T. Goodrich,et al.  On the Cost of Persistence and Authentication in Skip Lists , 2007, WEA.

[2]  Radu Sion,et al.  Strong WORM , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[3]  Windsor W. Hsu,et al.  Fossilized index: the linchpin of trustworthy non-alterable electronic records , 2005, SIGMOD '05.

[4]  Marianne Winslett,et al.  Deleting index entries from compliance storage , 2008, EDBT '08.

[5]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[6]  Donald E. Knuth,et al.  The art of computer programming: sorting and searching (volume 3) , 1973 .

[7]  M. Goodrich,et al.  Efficient Authenticated Dictionaries with Skip Lists and Commutative Hashing , 2000 .

[8]  Jan Willemson,et al.  Time-Stamping with Binary Linking Schemes , 1998, CRYPTO.

[9]  Sven Laur,et al.  Do Broken Hash Functions Affect the Security of Time-Stamping Schemes? , 2006, ACNS.

[10]  Ahto Buldas,et al.  On Provably Secure Time-Stamping Schemes , 2004, ASIACRYPT.

[11]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[12]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[13]  Mary Baker,et al.  Enabling the Archival Storage of Signed Documents , 2002, FAST.

[14]  Michael T. Goodrich,et al.  An Efficient Dynamic and Distributed Cryptographic Accumulator , 2002, ISC.

[15]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[16]  Sven Laur,et al.  Knowledge-Binding Commitments with Applications in Time-Stamping , 2007, Public Key Cryptography.

[17]  Jan Willemson,et al.  Universally Composable Time-Stamping Schemes with Audit , 2005, ISC.

[18]  Peeter Laud,et al.  Accountable certificate management using undeniable attestations , 2000, CCS.

[19]  Robert E. Tarjan,et al.  Making Data Structures Persistent , 1989, J. Comput. Syst. Sci..

[20]  Ahto Buldas,et al.  Optimally Efficient Accountable Time-Stamping , 2000, Public Key Cryptography.

[21]  Nikita Borisov,et al.  Restricted Queries over an Encrypted Index with Applications to Regulatory Compliance , 2008, ACNS.

[22]  Michael T. Goodrich,et al.  Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[23]  Michael T. Goodrich,et al.  Athos: Efficient Authentication of Outsourced File Systems , 2008, ISC.

[24]  R. Lukose,et al.  DataBank: An Economics Based Privacy Preserving System for Distributing Relevant Advertising and Content , 2006 .

[25]  Alban Gabillon,et al.  A New Timestamping Scheme Based on Skip Lists , 2006, ICCSA.

[26]  Amnon Ta-Shma,et al.  Non-interactive Timestamping in the Bounded Storage Model , 2004, CRYPTO.

[27]  Jeffrey S. Chase,et al.  Strong accountability for network storage , 2007, TOS.

[28]  Silvio Micali,et al.  Zero-knowledge sets , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[29]  Stuart Haber,et al.  Improving the Efficiency and Reliability of Digital Time-Stamping , 1993 .

[30]  Alban Gabillon,et al.  CHRONOS: an authenticated dictionary based on skip lists for timestamping systems , 2005, SWS '05.

[31]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[32]  Dan S. Wallach,et al.  Efficient Data Structures For Tamper-Evident Logging , 2009, USENIX Security Symposium.

[33]  Josh Benaloh,et al.  Efficient Broadcast Time-Stamping , 1991 .

[34]  Mary Baker,et al.  Secure History Preservation Through Timeline Entanglement , 2002, USENIX Security Symposium.

[35]  Donald E. Knuth,et al.  The Art of Computer Programming, Vol. 3: Sorting and Searching , 1974 .

[36]  Michael T. Goodrich,et al.  Persistent Authenticated Dictionaries and Their Applications , 2001, ISC.

[37]  Marianne Winslett,et al.  Trustworthy keyword search for regulatory-compliant records retention , 2006, VLDB.

[38]  Paul C. Kocher On Certificate Revocation and Validation , 1998, Financial Cryptography.

[39]  Peeter Laud,et al.  New linking schemes for digital time-stamping , 1998, ICISC.

[40]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .