Xml evidence record syntax
Download
1 / 15

XML Evidence Record Syntax - PowerPoint PPT Presentation


  • 88 Views
  • Uploaded on

XML Evidence Record Syntax. XMLERS v06 update and further steps 78 th IETF Meeting, Maastricht. Agenda. Overview Current status and specs Further steps and wrapup. Overview. XMLERS

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' XML Evidence Record Syntax' - ethel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Xml evidence record syntax

XML Evidence RecordSyntax

XMLERS v06 update and further steps

78th IETF Meeting, Maastricht


Agenda
Agenda

  • Overview

  • Current status and specs

  • Further steps and wrapup


Overview
Overview

  • XMLERS

    • Evidence Record Syntax representation in XML format  long term demonstration of data integrity based on time stamping

    • Structure and processing instructions distinction from ASN.1 ERS representation (!)

      • Hash values calculation require XML normalization (canonicalization)

      • Repeating XML sibling elements have no natural order  need for order indicating attributes

      • Embedded binary data must be encoded into XML compliant characters (base64)


Overview1
Overview

  • XMLERS

    • Hash treeing

      • Based on Merkle hash treeing

      • Optimization of time-sptaming infrastructure/process

      • Part of archive time stamp element

      • No general rule for hash tree composition except for archive data object group  has values of archive data object present the initial list of hash values

      • Might be used for time stamp renewal  hash tree input values presented by time stamp tokens of several ERSs


Hash treeing
Hashtreeing


Structure
Structure

  • General structure

    • Sequence of chains of archive time-stamps

Archive Time Stamp Chain 1

ATS1

ATS2

ATS3

ATSn

same digest

algorithm

...

Archive Time Stamp Chain 2

protecting previous chain

ATS1

ATS2

ATSm

...

...

Archive Time Stamp Chain 1

ATS1

ATS2

ATSk

...


Structure1
Structure

  • Archive time-stamp structure

    • Time-Stamp

      • Time-Stamp Token

        • RFC 3161 – base64 encoded

        • XMLEntrust

      • CryptographicInformationList (optional)

        • CERT, CRL, OCSP – base 64 encoded

    • Hash-Tree (optional)

      • Unambiguous relationship between time-stamped value and protected data, created as reduced tree from (Merkle) hash tree

    • Attributes (optional)


Structure2
Structure

  • XML structure

    <EvidenceRecord Version>

    <EncryptionInformation /> ?

    <ArchiveTimeStampSequence>

    <ArchiveTimeStampChain Order>

    <DigestMethod />

    <CanonicalizationMethod />

    <ArchiveTimeStamp Order>

    <HashTree /> ?

    <TimeStamp>

    <TimeStampToken Type />

    <CryptographicInformationList /> ?

    </TimeStamp >

    <Attributes />

    </ArchiveTimeStamp> +

    </ArchiveTimeStampChain> +

    </ArchiveTimeStampSequence>

    </EvidenceRecord>


Processes
Processes

  • ERS Generation

    • Compute hash value for archive data object

      • When consisted of more data chunks /or/ a group process is performed, create a (Merkle) hash-tree and calculate the root hash

    • Obtain time-stamp for (root) hash value

    • Create <ArchiveTimeStamp> element composed of:

  • <ArchiveTimeStamp Order=1>

  • <HashTree>

  • <Sequence Order=1>

  • <DigestValue>qZk+NkcGgWq6PiVxeFDCbJzQ2J0=</DigestValue>

  • <DigestValue>AZkBNkcGgW...</DigestValue>

  • </Sequence>

  • </ HashTree>

  • <TimeStamp><TimeStampToken Type="RFC3161"> MIAGCSqGSI...</ TimeStampToken >

  • </TimeStamp>

    <ArchiveTimeStamp>


Processes1
Processes

  • ERS Renewal

    • Simple (using same hash algorithms)

      • Collect cryptografic information for the last time-stamp token

      • Calculate hash value for that time-stamp element

      • Optionally (group process)

        • create hash values for all time-stamps to be renewed and generate (Merkle) hash tree

      • Obtain time-stamp for (root) hash value

      • Create an archive-time stamp within the current chain


Processes2
Processes

  • ERS Renewal

    • Complex (using new hash algorithms)

      • Collect cryptografic information for the current time-stamp

      • Calculate hash value for the complete sequence and archive data objects with the new algorithm

      • Optionally (group process)

        • create hash values for all time-stamps to be renewed and generate a (Merkle) hash tree

      • Obtain time-stamp for the (root) hash value

      • Create a new chain and the initial archive-time stamp within that chain (with a reduced hash-tree)


Status
Status

  • Current (stable)version 06

    • Optimization of elements use and structuring

    • Renewal processes supported

    • Initial and ERS grouping supported

    • Time stamp format independency

    • Cryptographic information = validation data (CRLs, OCSPs, X.509…)

    • At least two independent implementations and several (at least 5) end user implementations


Further work
Further work

  • Needs to be done

    • Canonicalization methods!

      • Some (important) typos

      • Supported methods (some problems with namespaces might arise when using XML interpretation of time stamp tokens)

    • General structure change

      • Redefine time stamp element structure

        • Add time stamp token (e.g. RFC3161 or XML-TS)

        • Move crypto information into time stamp element resolve the issue with re-timestamping of the whole tree structure


Further work1
Further work

  • Further steps

    • New version 07 due

      • Mid August

    • Last call

      • End of August


Questions
Questions

SETCCE

Tehnološki park 21

Ljubljana

Slovenia

+386 1 6204500

[email protected]

www.setcce.si


ad