Mechanisms That can be Circumvented by Application Developers, Administrators, or Vendor Personnel are Unlikely to be Viewed as Compelling Evidence of Data Integrity

Surety timestamps enable applications to deliver a level of data integrity protection and litigation readiness beyond that provided by a simple secure hash over stored content.

Cryptographic hash algorithms (e.g., SHA-256, RIPEMD-160) provide an effective means of detecting whether digital data have been altered. If you hash the data and retain the hash, it is possible to use that hash at a future time to detect whether the data have changed. Detecting a change is a simple matter of recomputing the hash – running the current state of the data through the same hash algorithm – and comparing the resulting hash to the hash that was retained from an earlier time. If the two hash values match, you have demonstrated with a very high level of assurance that the data have not changed.

Applications that use hashing are based on an implicit (or explicit) assumption that the retained hash value cannot be altered or that the risk of alteration is low enough to be acceptable. If the hash value can be altered along with the protected data, then the assurance provided by validating that hash value is reduced in relation to how easy it is to alter the hash value.

Time is another important concept in applications that employ hash algorithms to detect modification. If you are provided with a document and a hash, it proves nothing. The document could have been modified many times and the hash computed the instant before you were given the document and the hash. To make meaningful statements about data integrity, the application must somehow bind a valid time to the hash. This allows statements like "this data item has not been modified since 8:36 AM EST January 23, 2004".

The security of this binding is as important as the security of the underlying hash algorithm. If the binding can be altered or forged, then the assurance provided by validating that hash value is reduced in relation to how easy it is to alter the binding. Furthermore, for a time to be valid, it must come from a trusted source (e.g., NIST or USNO) and must be auditable. Binding a time that comes from a clock that can be manipulated provides little proof of integrity.

A final important consideration is the level of assurance required by the application. At a business level, data integrity involves proving the integrity of data to a third party, most likely in an adversarial environment when the stakes are high. For example, before an expert witness brought in by opposing counsel in a patent litigation case. Referring back to what was discussed earlier, this argues that in order to survive an integrity challenge, an application requires a very high level of assurance in the mechanisms that protect its data integrity hashes, the binding of those hashes to time values, and its time source. Mechanisms that can be circumvented by application developers, administrators, or vendor personnel are unlikely to be viewed as compelling evidence of data integrity.

The challenges described above are the reason trusted digital timestamps were invented. Trusted digital timestamps cryptographically bind a hash value to a reliable time value using a standard mechanism. The binding process is such that neither the hash value or the time value in the timestamp can be altered without detection. The protected data and the timestamp can be provided to a third party who can validate the timestamp to gain a very high level of assurance that the data has not been modified since the indicated time.

Digital timestamps are created as follows: (See demo)

• The document is hashed by the application and only the hash sent to the time-stamp authority (TSA);
• The TSA reads the current time from an audited clock and cryptographically binds the hash to the time value resulting in a timestamp token;
• The timestamp token is returned to the application where it is stored with the document as meta data.

Digital timestamps are verified as follows: (See demo)

• The verifier rehashes the document and compares the hash to the hash value contained in the time stamp token.
• If the hash values don't match, then the document has been altered.
• If the hash values match, then the verifier sends the timestamp token to the TSA to check the cryptographic binding of the time value and hash value.
• If the binding is valid, then the verifier has a high level of assurance that the document has not been altered since the indicated time.

Surety timestamps use a technique called "hash chain linking" to bind the time value to the hash value. A unique aspect of this approach is that the trust anchor for the entire process is a widely published (Widely-Witnessed) weekly hash value. All Surety timestamps are cryptographically linked to a published value which anchors the integrity of the timestamp's binding and the integrity of the time-value. The primary advantage of this approach that the process is completely auditable and not subject to forgery or compromise. Another advantage of Surety timestamps is that they can be "renewed" with new hash algorithms as old hash algorithms become weak. This renewal process maintains the original timestamp date. The result is that Surety timestamps can provide integrity protection for the entire life of the protected data.

Secure or simple hash algorithms are a valuable primitive for data integrity protection; however, an application integrity mechanism implemented using secure hash algorithms alone must address the issues of hash value protection, time value protection, binding, portability, hash algorithm lifetime, and the use of a time source that is auditable and traceable to national standards. The mechanisms used must not be circumventable by application developers, administrators, or vendor personnel. If they are, the underlying integrity mechanisms are unlikely to be viewed as compelling evidence of data integrity. Surety's AbsoluteProof Service solves these problems for the application developer through the use of digital timestamps that provide portable, long-lasting, and independently-verifiable proof of data integrity.

Secure Hashing page: Compare Digital Signatures or PKI Timestamps to AbsoluteProof.