xml evidence record syntax n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
XML Evidence Record Syntax PowerPoint Presentation
Download Presentation
XML Evidence Record Syntax

Loading in 2 Seconds...

play fullscreen
1 / 15

XML Evidence Record Syntax - PowerPoint PPT Presentation


  • 204 Views
  • Uploaded on

XML Evidence Record Syntax. XMLERS v06 update and further steps 78 th IETF Meeting, Maastricht. Agenda. Overview Current status and specs Further steps and wrapup. Overview. XMLERS

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'XML Evidence Record Syntax' - malha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
xml evidence record syntax

XML Evidence RecordSyntax

XMLERS v06 update and further steps

78th IETF Meeting, Maastricht

agenda
Agenda
  • Overview
  • Current status and specs
  • Further steps and wrapup
overview
Overview
  • XMLERS
    • Evidence Record Syntax representation in XML format  long term demonstration of data integrity based on time stamping
    • Structure and processing instructions distinction from ASN.1 ERS representation (!)
      • Hash values calculation require XML normalization (canonicalization)
      • Repeating XML sibling elements have no natural order  need for order indicating attributes
      • Embedded binary data must be encoded into XML compliant characters (base64)
overview1
Overview
  • XMLERS
    • Hash treeing
      • Based on Merkle hash treeing
      • Optimization of time-sptaming infrastructure/process
      • Part of archive time stamp element
      • No general rule for hash tree composition except for archive data object group  has values of archive data object present the initial list of hash values
      • Might be used for time stamp renewal  hash tree input values presented by time stamp tokens of several ERSs
structure
Structure
  • General structure
    • Sequence of chains of archive time-stamps

Archive Time Stamp Chain 1

ATS1

ATS2

ATS3

ATSn

same digest

algorithm

...

Archive Time Stamp Chain 2

protecting previous chain

ATS1

ATS2

ATSm

...

...

Archive Time Stamp Chain 1

ATS1

ATS2

ATSk

...

structure1
Structure
  • Archive time-stamp structure
    • Time-Stamp
      • Time-Stamp Token
        • RFC 3161 – base64 encoded
        • XMLEntrust
      • CryptographicInformationList (optional)
        • CERT, CRL, OCSP – base 64 encoded
    • Hash-Tree (optional)
      • Unambiguous relationship between time-stamped value and protected data, created as reduced tree from (Merkle) hash tree
    • Attributes (optional)
structure2
Structure
  • XML structure

<EvidenceRecord Version>

<EncryptionInformation /> ?

<ArchiveTimeStampSequence>

<ArchiveTimeStampChain Order>

<DigestMethod />

<CanonicalizationMethod />

<ArchiveTimeStamp Order>

<HashTree /> ?

<TimeStamp>

<TimeStampToken Type />

<CryptographicInformationList /> ?

</TimeStamp >

<Attributes />

</ArchiveTimeStamp> +

</ArchiveTimeStampChain> +

</ArchiveTimeStampSequence>

</EvidenceRecord>

processes
Processes
  • ERS Generation
      • Compute hash value for archive data object
        • When consisted of more data chunks /or/ a group process is performed, create a (Merkle) hash-tree and calculate the root hash
      • Obtain time-stamp for (root) hash value
      • Create <ArchiveTimeStamp> element composed of:
  • <ArchiveTimeStamp Order=1>
  • <HashTree>
  • <Sequence Order=1>
  • <DigestValue>qZk+NkcGgWq6PiVxeFDCbJzQ2J0=</DigestValue>
  • <DigestValue>AZkBNkcGgW...</DigestValue>
  • </Sequence>
  • </ HashTree>
  • <TimeStamp><TimeStampToken Type="RFC3161"> MIAGCSqGSI...</ TimeStampToken >
  • </TimeStamp>

<ArchiveTimeStamp>

processes1
Processes
  • ERS Renewal
    • Simple (using same hash algorithms)
      • Collect cryptografic information for the last time-stamp token
      • Calculate hash value for that time-stamp element
      • Optionally (group process)
        • create hash values for all time-stamps to be renewed and generate (Merkle) hash tree
      • Obtain time-stamp for (root) hash value
      • Create an archive-time stamp within the current chain
processes2
Processes
  • ERS Renewal
    • Complex (using new hash algorithms)
      • Collect cryptografic information for the current time-stamp
      • Calculate hash value for the complete sequence and archive data objects with the new algorithm
      • Optionally (group process)
        • create hash values for all time-stamps to be renewed and generate a (Merkle) hash tree
      • Obtain time-stamp for the (root) hash value
      • Create a new chain and the initial archive-time stamp within that chain (with a reduced hash-tree)
status
Status
  • Current (stable) version 06
    • Optimization of elements use and structuring
    • Renewal processes supported
    • Initial and ERS grouping supported
    • Time stamp format independency
    • Cryptographic information = validation data (CRLs, OCSPs, X.509…)
    • At least two independent implementations and several (at least 5) end user implementations
further work
Further work
  • Needs to be done
    • Canonicalization methods!
      • Some (important) typos
      • Supported methods (some problems with namespaces might arise when using XML interpretation of time stamp tokens)
    • General structure change
      • Redefine time stamp element structure
        • Add time stamp token (e.g. RFC3161 or XML-TS)
        • Move crypto information into time stamp element resolve the issue with re-timestamping of the whole tree structure
further work1
Further work
  • Further steps
    • New version 07 due
      • Mid August
    • Last call
      • End of August
questions
Questions

SETCCE

Tehnološki park 21

Ljubljana

Slovenia

+386 1 6204500

info@setcce.si

www.setcce.si