Digital Signature and Evidentiary Value in Record Management

Data Security and Cryptology, XII Digital Signature as a Tool for Digital Record Management. Digital Archieving November 18th, 2015 Valdo Praust mois@mois.ee Lecture Course in Estonian IT College Autumn 2015

Evidentiary Value of a Document Document is a data where two following conditions are satisfied: there s possible to identify the creator of a document (and sometimes also a creation time) there s possible to verify that the document has remained unchanged after its creation (both occasionally and by the deliberate act) These properties together are called evidentiary value of a document (dokumendi t estusv rtus) For a creation and preservetion of documents we can t use any such a method where one or both evidetiary value properties are not satisfied

Evidentiary Value of a Digital Document: a Big Problem A fact: a digital information is usually kept and stored in a way which can t permanently bind data to the data carrier. Multple writable media (hard disks, flash memory etc) are mass-used Conclusion: for a digital documents we can t use the same methods as we use in paper documents handwritten signature doesn t help us because there isn t any media by which the signature is related. Therefore, we must achieve evidentiary value in a different way

Technical and Legal Views to Digital Signature A legal digital signature (digitaalallkiri, digiallkiri) is a legal concept which gives the document evidentary value as handwritten signature gives such a value to paper document A technical digital signature (digitaalsignatuur, sigisignatuur) is a technical or cryptotechnical construction which uses public-key cryptoalgorithm for achieving the integrity Up to present the only known way for giving a legal digital signature is a using of technical digital signature Each legal digital signature is (up to present) a technical digital signature. But each technical digital signature isn t of course a legal digital signature it needs some authorities called public key infrastructure

Essence of (Legal) Digital Signature (A legal) digital signature (digitaalallkiri, digiallkiri) is an additional data set which is added to signable document (signable data set) and which is created by a signer (allkirjastaja) using both the signable document and a private key of a signer and is performed by mathematical operations Digital signature uses the methods offered by a public-key cyrpotialgorihm (its use in digital signature or integrity acheiving mode)

Public-Key Cryptoalgorithm: an Idea of Digital Signing

Creation of a Keypair

Cryptographic Hash or Cryptographic Message Digest Cryptgraphic hash (kr ptor si) or cryptographic message digest (kr ptograafiline s numil hend) is digest with a fixed lenght which is computed from an arbitrary-length message using an one-way function This is a one-way relation ( hesuunaline seos) - for a given digest it s impossible to restore the message Conclusion: if digest corresponds to message we can be always sure that the digest is computed just from the given message

The Role of Hash in Digital Signatures Digital signature is usually given to hash of a document, not to an original (long) document This is necessary, because the public-key algorithm is unsuitable for encryption of long messages (it works thousands times slower than a typical symmetric algorithm) Because it s impossible to (re)construct a message using a hash, then the digital signature, which given to hash, is as good as a digital signature which is given to an original document (in the mean on integrity)

Giving of a Digital Signature

Verifying of a Digital Signature

Private Key as a Chipcard Such a chip/device, where it s impossible to read some internal values (keys) from the device, are called non-reverse-engineerable (p rdkonstrueerimatu) device

Principles of Certification Binding of personal idenfication data (name, personal identification number) to public key is called certification (sertifitseerimine) A result of certification (by the means of digital signature) is a certificate (sertifikaat) which is always a digital document Certificates are usually issued by a special certificartion authorities (CAs, sertifitseerimiskeskus, sertifitseerimisteenuse osutaja)

How Certificate(s) Act

Time-Stamp Principles Time-stamp (ajatempel) is an additional data set which is added to the original data set. There s possibility to provably compare the creation time of different timestaps (data sets) Time-stapms are issued by a certain time-stamp authorities (ajatemplikeskused, ajatempliteenuse osutajad) Time-stamp authority calculates the next time- stamp from the following sources using one-way funtsion (hash): from the data (hash), which is sent to time- stamp authority from the previously issued time-stamp

A Suitable Technique: Validity of Approval Validity of approal (kehtivuskinnitus) is a query to certification authority which has made immediately after giving a digital signature Validity of approval is stored next to the signature and is (with a corresponding certificate and time- stamp) a digital proof that during the signing process the certificate was valid (there s no revocations in force) When digital signature in equipped with such a validity of approval then it s possible to verify signature without any online connections. But a sigining process (taking of time-stamp and validity of approval) always needs online connection

Digital Document with Digital Signature with all Necessary Requisites

Certification Infrastructure Certification infrastructure (sertifitseerimise taristu) or public-key infrastructure (PKI, avaliku v tme taristu) consists of five following mandatory components necessary for secure giving and verifying of digital signatures: non-reverese-engineerably realized hardware- based public-key container certification authority (CA) validity of approval service (at the CA) time-stamping authority organization and coordination of services (usually in national level)

Data Format Data format (andmevorming, vorming) a desciption how different type of information text, picture, voice, video etc is coded into the queue of 0 s and 1 s A pre-agreed (standardised) data format gives to data (to data file) a concrete and unique meaning. If we have data but do not have the data format desciption, then we do not have the information, carried by the data

From Data Format to Meaning Different data formats are supported by a different application software, which usually allow to write the file in certain format, or to made the content of data (information) human- perceptable etc. A typical end-user usually don t know anything about different data formats and interpretation. He/she usually associates the certain format only to the certain software which is able to interpretate these format(s). End user usually receives only an human-perceptable form, prepared by the software, so-calles WYSIWYG (What You See Is What You Get, in Estonian adekvaatkuva)

Demands to the Signable Document Format Digital signature is technically binded to the bitstream, but we sign a documnt with a certain meaning (text, pictures, hypertext etc). Relationship between meaning and bitstream is determined by a used data format (andmevorming) Conclusion: for signing there are suitable onlyu these formats which have a unique meaning and which description is publicly available Recommended formats: PDF, RTF, JPG, GIF... Unrecommended formats: DOC, DOCX, XLS, XLSX, ...

DigiDOC (BDOC) + Estonian ID Card Versus Other Systems? Fact : there are a lot of technical systems in all around the world allowing the giving and verifying the technical digital sgnature Examples: PGP, GnuPG, server certificates etc Their main problems: There are no convenient certificate revocation systems Private key is realised in data (not in hardware) Conclusion: these systems are unsuitable for giving Estonian legal digital signature, only Estonian-based DDOC and international BDOC are valid

Digital Signature Versus Handwritten Signature: Properties False myth: digital signature is much more insecure than a handwritten signature and have big threats Actually it s vice versa: digital signature is much more secure than traditional handwritten signature Digital signature adds some new type of threats but removes a couple of traditional and more dangerous threats, related with handwritten signature

Advantages of Digital Signature, I 1. If we get a digitally signed document and the signature verifies, then we must always be sure that the author of document has signed it using its real name, not a pseudonyme. Cerificates will be issued only to Estonian residents using their real name. For a paper documents we can successfully sign a document using a pseudonyme. This fact will remain usually unnotable by the receiver of document (we usually don t verify handwritten signatures)

Advantages of Digital Signature, II 2. Digitally signed document is certainly signed by the person, which name is included into the signature (certificate). Only exception is the very rare case when the private key hasn t any more kept by the signer For a handwritten signature we can make a fake signatures (handwritten signatures verification probability is no more than 99%). Moreover, for each reading of paper document we do not verify (compare) the handwritten signature we often do not have the necessary comparing material

Advantages of Digital Signature, III 3. When digital signsature verifies successfully, we must always be sure that the document itself hasn t changed after the signing process. It is ensured by the mathematical relationships between document, keys and signature. During the document preparation, we can t think about possible forging methods In the case of paper document we must always think about the possible forging methods when we prepare the document (especially for a tables, empty boxes etc)

Advantages of Digital Signature, IV 4. We can always prove the creating (signing) time of sigitally signed document. It is ensured by a presence of a time-stamp (which also includes the physical time) For a paper document we can generally include there an arbitrary date (and it is not provable by the facts which are not related to the document content)

First Disadvantage of Digital Signature There s a possibility to stole the ability to the giving the signature we must always carefully monitor that the private key remains only to the hand of keypair owner It is more serious disadvantage of digital signature for handwritten signature it is automatically excluded In order to achieve this property we use special means (usually we use a private key only as a non-reverse engineerable device)

Second Disadvantage of Digital Signature We must exclude the digital signing of documents which may have multiple meanings. We must reduce the file formats we sign digitally and must be aware of it. If we use data formats with public descriptions (unique meaning) and reliable software for writing and reading these formats then this disadvantage can be successfully eliminated

Third Disadvantage (?) of Digital Signature Digitally signed document must remain in digital form forever, for all phases of its lifecycle. Any converted or printed version will loss the evidentiary value of a document Actually it s not disadvantage, but a special property - why we must return to the paper? Fact: digitally signed difgital documents and paper documets form two worlds which must be handled separately

Activities Associated with Digital Signatures Four main practical activites: Choosing of software for a digital signature Giving of a signature Verifying of a signature Cancellation of a certificate

Choosing of a Software of a Digital Signature Prefer the software recommended by the independent experts Prefer the software that has been on the market for a long time There s no a serious competitors of container-like DigiDOC and BDOC, but these are actually formats, not an actual software A more spread software is always more reliable software Most-of-spread (most-of-trusted) software is a standard DigiDOC client software

Signing process - Recommendations Keep your computer malware-free ensure that computer is equipped with a properly working anti-virus software Keep ID-card inside the computer as short as possible (only for a signing period) Take time-stamp and validity of approval immediately after signing Do not spread and store digital signatures without time-stamp and validity of approval

Verification Process - Recommendations Keep your computer malware-free (use anti- virus software properly) If the signature verification fails, then report it to the signer and please him/her to send the signed document once more - probably it has changed occasionally (it s quite unlike that it is really faked) Verify the signature certainly before you open and use the signed document Do not accept any digital signatures without time-stamp and/or validity of approval

Certificate Cancellation - Recommendations Keep you ID-card and PIN-code securely and carefully Cancel your certificate always and immediately when you have serious doubts than anyone have stolen both your card and PIN-code Cancellation can be performed by the calling to phone 1777 Please take into account that a certificate canecellation necessity may arise in a very unexpected situations

Digital Record Keeping Security Aspects Digital record keeping is a record keeping where documents are in digital form Essential aspects from the security view: Usage of digital signature Managing of multiple notes (props) in digital form Ensuring the integrity of digital registers Digital document archiving Digital record keeping uses digital signature as an essential tool for achieving the evidentiary value

Digital Document Must Remain Digital Forever If we print out the digitally signed document we always break the relations which give evidentiary value to a document The printout of digitally signed document must always be considered as a copy, not an original Digital representation of a document allows to use wider elements of documents as a paper document (hypertext, mutimedia, hypermedia)

Theres no Alternatives to Digital Signature Ensuring the Evidentiary Value Contemporary information systems are just a client-server systems where there aren t any permanent relationship between data (file) and data carrier Separation of data and data carrier has just been the key factor of information society and different e- services during the last decade

Problems of Original and Copy of a Document For a paper documents we distinguish original and copies. There is always a certain (fixed) number of originals For a digital documents (at first sight) we can t distinguish originals and copies all entities of file (document) can be considered as originals and their number isn t fixed (we can always produce new instances of them)

Problems of Different Props (Notes) If we add additional prop (signature) to paper document, thet the previous version ends its exsistence. When we add an additional prop (with signature) to digital document, then the previous version might be stored and remained Conclusion: for a digital record keeping we always must especially distinguish all different versions (versions with different number of signatures). They all may exist

Digital Archiving: Differencies from Paper Documents IPaper document is usually archived after the end of active use. Digital document is usually archived immediately after the last chaning (last prop/signature) which is added to the document and usually before the active use Archiving of digital document is always performed in original, digital form The evidentiary value of archived digital document is always also ensured by a digital signature

Main Theoretical Problems of Digital Archieving ... which arise differently from paper documents: data carrier preservation problem data format problem evidentiary value (integrity) problem Especsially the last two problems are specific in comparison with paper dokcuments archiving and need new methods for a solving

Data Carrier Preservation Problem, I We must choose such a data carrier type which preserves its physical properties and enables to read the data for a long period of time Additionally, we must ensure that after a couple of years (decades, centuries) there will be available such a device, being able to read this type of data carrier

Data Carrier Preservation Problem, II Additional problem: we don t know the long-term behaviour of new type of data carriers. We can t perform the corresponding laboratory tests and theoretically we can estimate the behaviour only approximately. The best test method is a long- time preservation itself. Negative examples: substrate of CD (DVD) will became intransparent magnetic tape becomes brittle magnetic tape will demagnetize

Solution for a Data Carrier Preservation Problem There s no problems with technical devices (in the world there exist prototypes of all machines that mankind has constucted up to present) The long-time worning ( aging ) of data carrier is really a big problem (especially for a new materials which are not yet tested over a long time) But for a digital data it is actually a pseudoproblem we can successfully overcome: we can alwas copy the data to the new data carrier

To Preserve Data or Data Carrier? One of the main prioperties of digital documents: differently from paper documents it isn t permanently related with data carried and can be infinite times copied Preserving of paper document = preserveing of paper sheet Preserving of digital document = preserving of a file We can copy the preservable file from one carrier to another (usually before worning of aging of data carrier). We can do it even periodically

Data Format Problem Problem: we must ensure that contemporary file formats (RTF, DOC, HTML, MP3, GIF) can be read even after the decades and centuries This problem remains forever solvable, because: Up to present, in the mankind s history, we have been able to read all letters (coding systems) of all ancient civilizations, when the corresponding skill haven t disappeared by some cataclysms Performace of computers will double after each 1,5 years (Moore s rule). Cosequently, a compatibility to old file formats will not be a problem for a future software

Evidentiary Value Problem, I Mein difference between paper documents and digital documents: evidentialy value of paper document is based on physical values which remain intact for a long-term perspective. Evidentiary value of digital document is based on mathematical properties of cryptoalgorithms which became breakable for a long-time perspective It is assumed that Moore s rule applies at least next 30-50 years

Evidentiary Value Problem, II Problem: the security properties of all contemporary cryptohgraphic algorithms has limited time horizon to apply (practical security). After 20-30 years a lot of them will be probably practically breakable It is reasonable, that Estonian (legal) digital siginatures, which are given between 2002 and 2011 and which are based on RSA-1024 and SHA-1, will be practivally breakable (fakeable) after 20- 30 years or even earlier

Solution to Evidentiary Value Problem Solution: we must oversign ( lesigneerimine) long-term preserved document before the previous signature will become practically breakable. Resinging must be performed by a new, stronger algorithms, which lasts again 10- 30 years (before new oversigning) Probably, the oversigning will be a obligation of a digital archiving instance. It will probably arise after 10-20 years.