Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Background
Integritycatalog Overview
Design Details
Limitations
Planning for the Future
Related Work
Conclusion
References

A distributed Integrity Catalog for digital repositories

Profile image of Mema RoussopoulosMema RoussopoulosProfile image of Nikos ChondrosNikos Chondros

2014

Abstract

Digital repositories, either digital preservation systems or archival systems, periodically check the integrity of stored objects to assure users of their correctness. To do so, prior solutions calculate integrity metadata and require the repository to store it alongside the actual data objects. This integrity metadata is essential for regularly verifying the correctness of the stored data objects. To safeguard and detect damage to this metadata, prior solutions rely on widely visible media, that is unaffiliated third parties, to store and provide back digests of the metadata to verify it is intact. However, they do not address recovery of the integrity metadata in case of damage or attack by an adversary. In essence, they do not preserve this metadata. We introduce IntegrityCatalog, a system that collects all integrity related metadata in a single component, and treats them as first class objects, managing both their integrity and their preservation. We introduce a treap-based persistent authenticated dictionary managing arbitrary length key/value pairs, which we use to store all integrity metadata, accessible simply by object name. Additionally, IntegrityCatalog is a distributed system that includes a network protocol that manages both corruption detection and preservation of this metadata, using administrator-selected network peers with two possible roles. Verifiers store and offer attestations on digests and have minimal storage requirements, while preservers efficiently synchronize a complete copy of the catalog to assist in recovery in case of a detected catalog compromise on the local system. We describe our prototype implementation of IntegrityCatalog, measure its performance empirically, and demonstrate its effectiveness in real-world situations, with worst measured throughput of approximately 1K insertions per second, and 2K verified search operations per second.

Related papers

A Foundation for Trust in Digital Preservation
Kenneth Thibodeau

2019

Over any time frame that spans multiple generations of information technology, there is uncertainty whether digital objects or outputs from digital objects can be verified as the same things they were originally. The Preservation as a Service for Trust (PaaST)Project of the InterPARES Trust collaboration addressed this challenge with the objective of enabling determination of wether preserved digital information objects remain authentic. This paper, first presented at the InterPARES International Symposium in San Jose, Costa Rica on 19 February 2020, sets out the conceptualization of authenticity that guided the articulation of functional and data 1 requirements to support verifiable preservation and, thus provide a foundation of trust. It then summarizes the services that comprise the requirements and discusses the variety of ways the services can be implemented.

View PDFchevron_right
Authentic Time-Stamps for Archival Storage
Alina Oprea

2009

We study the problem of authenticating the content and creation time of documents generated by an organization and retained in archival storage. Recent regulations (e.g., the Sarbanes-Oxley act and the Securities and Exchange Commission rule) mandate secure retention of important business records for several years. We provide a mechanism to authenticate bulk repositories of archived documents. In our approach, a space efficient local data structure encapsulates a full document repository in a short (e.g., 32-byte) digest. Periodically registered with a trusted party, these commitments enable compact proofs of both document creation time and content integrity. The data structure, an append-only persistent authenticated dictionary, allows for efficient proofs of existence and non-existence, improving on state-of-the-art techniques. We confirm through an experimental evaluation with the Enron email corpus its feasibility in practice.

View PDFchevron_right
Authenticity and provenance in long term digital preservation: modeling and implementation in preservation aware storage
Shahar Ronen, Petra Reshef

First workshop on on …, 2009

A growing amount of digital objects is designated for long term preservation -a time scale during which technologies, formats and communities are very likely to change. Specialized approaches, models and technologies are needed to guarantee the long-term understandability of the preserved data. Maintaining the authenticity (trustworthiness) and provenance (history of creation, ownership, accesses and changes) of the preserved objects for the long term is of great importance, since users must be confident that the objects in the changed environment are authentic. We present a novel model for managing authenticity in long term digital preservation systems and a supporting archival storage component. The model and archival storage build on OAIS, the leading standard in the area of long-term digital preservation. The preservation aware storage layer handles provenance data, and documents the relevant events. It collocates provenance data (and other metadata) together with the preserved data in a secure environment, thus enhancing the chances of their co-survival. Handling authenticity and provenance at the storage layer reduces both threats to authenticity and computation times. This work addresses core issues in long-term digital preservation in a novel and practical manner. We present an example of managing authenticity of data objects during data transformation at the storage component. 1

View PDFchevron_right
Trusty URIs: Verifiable, Immutable, and Permanent Digital Artifacts for Linked Data
Tobias Kuhn

To make digital resources on the web verifiable, immutable, and permanent, we propose a technique to include cryptographic hash values in URIs. We call them trusty URIs and we show how they can be used for approaches like nanopublications to make not only specific resources but their entire reference trees verifiable. Digital artifacts can be identified not only on the byte level but on more abstract levels such as RDF graphs, which means that resources keep their hash values even when presented in a different format. Our approach sticks to the core principles of the web, namely openness and decentralized architecture, is fully compatible with existing standards and protocols, and can therefore be used right away. Evaluation of our reference implementations shows that these desired properties are indeed accomplished by our approach, and that it remains practical even for very large files.

View PDFchevron_right
Trustworthy History and Provenance for Files and Databases
Ragib Hasan

2009

In today's world, information is increasingly created, processed, transmitted, and stored digitally. While the digital nature of information has brought enormous benefits, it has also created new vulnerabilities and attacks against data. Unlike physical documents, digitally stored information can be rapidly copied, erased, or modified. The distributed nature of today's computing systems also implies that digital data may be stored in or transmitted via untrusted systems. In many cases, even insiders can have financial or strategic motives to tamper with data. Thus, throughout its lifecycle, data may be exposed to many modifications, and be processed by many principals, some of whom may not be trustworthy. In order to trust data, it is therefore useful to know its history, and to protect data history from illicit modifications. Widespread use of electronic records in high-stakes applications such as business and health-care means that the need to ensure trustworthiness of data retention is crucial. Society as a whole will benefit significantly from the development and adoption of techniques for ensuring the integrity of data history, as such assurances will increase public trust in electronic records.

View PDFchevron_right
Data provenance collection and security in a distributed environment: a survey
selasi ocansey

International Journal of Computers and Applications, 2018

Keeping track of lifecycle history and information origins are important because that is the only key issue to confirm information probative value and integrity. Provenance information management (Data Provenance) has recently been gained significant interest in computer security specifically in the domain of distributed environment. This is due partly to the increased in digital facts (complexity and size) and it widely spread usage in other fields of study, such as medicine, government, commerce, and science. Although its applications and use bring numerous benefit to scholars and practitioners, challenges still exist in its lifecycle history and information management. In this paper, we present a comprehensive survey of potentially influential components on provenance collection and its security, which enables us to investigate and summarize the current trends, methods and techniques addressing the aforementioned elements. This review provides more insight for researchers, system developers and engineers working on data, data mining and information security. More than 90 research publications on provenance collection and security have been examined, classified and listed for reference.

View PDFchevron_right
Can bits and bytes be authentic? preserving the authenticity of digital objects
Hans Hofman

2002

View PDFchevron_right
Authenticity and Provenance in Long-Term Digital Preservation: Analysis of the Scope of Content
Jurate Kupriene

Informacijos mokslai, 2018

A growing amount of digital objects is designated for long term preservation-a time scale during which technologies, formats and communities are very likely to change. Specialized approaches, models and technologies are needed to guarantee the long-term understandability of the preserved data. Maintaining the authenticity (trustworthiness) and provenance (history of creation, ownership, accesses and changes) of the preserved objects for the long term is of great importance, since users must be confident that the objects in the changed environment are authentic. We present a novel model for managing authenticity in long term digital preservation systems and a supporting archival storage component. The model and archival storage build on OAIS, the leading standard in the area of long-term digital preservation. The preservation aware storage layer handles provenance data, and documents the relevant events. It collocates provenance data (and other metadata) together with the preserved data in a secure environment, thus enhancing the chances of their co-survival. Handling authenticity and provenance at the storage layer reduces both threats to authenticity and computation times. This work addresses core issues in long-term digital preservation in a novel and practical manner. We present an example of managing authenticity of data objects during data transformation at the storage component. 1

View PDFchevron_right
A hash based system for enforcing the integrity of digital assets
Ayei Ibor

25th National Conference of the Nigeria Computer Society , 2016

The integrity of digital assets has become increasingly important owing to the high rate of cybercrimes and cyber-related offences in recent times. The pervasive nature of the Internet and the concomitant migration of most business functions to the cloud make it pertinent to deploy more veritable means of enforcing the integrity of data, information, databases, disk volumes and data warehouses. One of such veritable means of affirming the authenticity of the contents rendered both offline and online is the use of hashing. In this paper, the processes involved in creating a database of hash codes, which will contain hash values that are unique for some datasets was discussed. Emphasis was laid on the use of the hash codes to verify the non-alteration or otherwise of stored contents in a bid to enforce data integrity. It is assumed that the paper will help various categories of users to protect their digital assets without having to resort to computationally expensive mechanisms.

View PDFchevron_right
The road (and the roadmap) for building Trusted Digital Repositories within an Interuniversity Consortium
Claudio Cortese, Matteo Boschini

Since 1998 CILEA (now merged into CINECA) has been archiving, managing and disseminating digital cultural resources within academic libraries, historical archives and museums. Over the years several solutions have been developed, due to the peculiarities of the resources to be managed and to the continuous evolution of digital preservation paradigms and technologies. From 2008 CILEA provides a Digital Preservation and Curation Service compliant with the major requirements of the OAIS model and, in the last months, started a process of self-audit, following the recommendations of the ISO/DIS 16363 "Audit and certification of trustworthy digital repositories" (the so called "Magenta Book"). In particular two different platforms, including also digital preservation features, were developed for cultural resources. One for Electronic Journals management (NERA) is built upon the open source software Fedora Commons, the other (CodeX [ml]) is aimed at the preservation of digital cultural heritage (mainly ancient books and manuscripts) and was completely in-house developed. The decision of implementing two different platforms is closely related to the different nature of the documents to be preserved. Moreover CILEA has developed also the DigA (Digital Archiving) platform, built upon Fedora Commons, to be considered a Platform as a Service for Digital Preservation. All the Digital Preservation Services, currently managing nearly nine million objects, are continuously improved in order to fulfill the requirements of the Magenta Book. The proposed contribution is aimed at explaining the latest implementations carried out in order to bring CILEA's (and now CINECA's) digital preservation services to the rank of Trusted Digital Repositories (automatic check of data integrity through checksum, implementation of the PREMIS standard, etc.).

View PDFchevron_right

References (44)

  1. Clueweb12 dataset. http://www.lemurproject.org/clueweb12 .
  2. ADYA, A., BOLOSKY, W. J., CASTRO, M., CERMAK, G., CHAIKEN, R., DOUCEUR, J. R., HOWELL, J., LORCH, J. R., THEIMER, M., AND WATTENHOFER, R. FARSITE: Federated, available, and reliable storage for an incompletely trusted en- vironment. In Proc. 5th Symposium on Operating System De- sign and Implementation (5th OSDI'02) (Boston, Massachusetts, USA, Dec. 2002), D. E. Culler and P. Druschel, Eds., USENIX Association.
  3. ANAGNOSTOPOULOS, A., GOODRICH, M. T., AND TAMAS- SIA, R. Persistent authenticated dictionaries and their applica- tions. Lecture Notes in Computer Science 2200 (2001), 379-393.
  4. BITTON, D., AND GRAY, J. Disk shadowing. In vldb (Aug. 1988), pp. 331-338.
  5. CHEN, LEE, GIBSON, KATZ, AND PATTERSON. RAID: High- performance, reliable secondary storage. CSURV: Computing Surveys 26 (1994).
  6. CLARKE, I., SANDBERG, O., WILEY, B., AND HONG, T. W. Freenet: a distributed anonymous information storage and re- trieval system. In International Workshop on Design Issues in Anonymity and Unobservability (2000), pp. 311-320.
  7. COX, L. P., MURRAY, C. D., AND NOBLE, B. Pastiche: Making backup cheap and easy. In Proceedings of the 5th ACM Sympo- sium on Operating System Design and Implementation (OSDI- 02) (New York, Dec. 9-11 2002), Operating Systems Review, ACM Press, pp. 285-298.
  8. COX, L. P., AND NOBLE, B. D. Samsara: honor among thieves in peer-to-peer storage. In Proceedings of the nineteenth ACM symposium on Operating systems principles (New York, Oct. 19- 22 2003), vol. 37, 5 of Operating Systems Review, ACM Press, pp. 120-132.
  9. CROSBY, S. A. Efficient Tamper-Evident Data Structures for Untrusted Servers. Ph.d., RICE UNIVERSITY, Dec. 2009.
  10. CROSBY, S. A., AND WALLACH, D. S. Super-efficient aggre- gating history-independent persistent authenticated dictionaries. In ESORICS (2009), M. Backes and P. Ning, Eds., vol. 5789 of Lecture Notes in Computer Science, Springer, pp. 671-688.
  11. DABEK, F., KAASHOEK, M. F., KARGER, D. R., MORRIS, R., AND STOICA, I. Wide-area cooperative storage with CFS. In SOSP (2001), pp. 202-215.
  12. DRISCOLL, J. R., SARNAK, N., SLEATOR, D. D., AND TAR- JAN, R. E. Making data structures persistent. In ACM Sympo- sium on Theory of Computing (STOC '86) (Baltimore, USA, May 1986), ACM Press, pp. 109-121.
  13. ETSI. Etsi ts 101 903: Xml advanced electronic signatures (xades), 2009.
  14. GONDROM, T., BRANDNER, R., AND PORDESCH, U. Evidence Record Syntax (ERS). RFC 4998 (Proposed Standard), Aug. 2007.
  15. GOODSON, G. R., WYLIE, J. J., GANGER, G. R., AND RE- ITER, M. K. Efficient byzantine-tolerant erasure-coded storage. In DSN (2004), IEEE Computer Society, pp. 135-144.
  16. HABER, S., AND KAMAT, P. A content integrity service for long- term digital archives. Tech. Rep. HPL-2006-54, Hewlett Packard Laboratories, May 18 2006.
  17. HAEBERLEN, A., MISLOVE, A., AND DRUSCHEL, P. Glacier: Highly durable, decentralized storage despite massive correlated failures. In NSDI (2005), USENIX.
  18. HAMMING, R. W. Error detecting and error correcting codes. Bell System Technical J. 29 (Apr. 1950), 147.
  19. HARRISON. Implementation of the substring test by hashing. CACM: Communications of the ACM 14 (1971).
  20. HASAN, R., SION, R., AND WINSLETT, M. The case of the fake picasso: Preventing history forgery with secure provenance. In FAST (2009), vol. 9, pp. 1-14.
  21. KARP, AND RABIN. Efficient randomized pattern-matching al- gorithms. IBMJRD: IBM Journal of Research and Development 31 (1987).
  22. KOOPMAN, P. 32-bit cyclic redundancy codes for internet appli- cations. In DSN (2002), IEEE Computer Society, pp. 459-472.
  23. KUBIATOWICZ, J., BINDEL, D., CHEN, Y., CZERWINSKI, S. E., EATON, P. R., GEELS, D., GUMMADI, R., RHEA, S. C., WEATHERSPOON, H., WEIMER, W., WELLS, C., AND ZHAO, B. Y. Oceanstore: An architecture for global-scale persistent storage. In ASPLOS (2000), L. Rudolph and A. Gupta, Eds., ACM Press, pp. 190-201.
  24. LILLIBRIDGE, M., ELNIKETY, S., BIRRELL, A., BURROWS, M., AND ISARD, M. A cooperative internet backup scheme. In USENIX Annual Technical Conference, General Track (2003), USENIX, pp. 29-41.
  25. MANIATIS, P., AND BAKER, M. Secure history preserva- tion through timeline entanglement. In Proceedings of the 11th USENIX Security Symposium (SECURITY-02) (Berkeley, CA, USA, Aug. 5-9 2002), USENIX Association, pp. 297-314.
  26. MANIATIS, P., ROSENTHAL, D. S. H., ROUSSOPOULOS, M., BAKER, M., GIULI, T., AND MULIADI, Y. Preserving peer replicas by rate-limited sampled voting. In Proceedings of the nineteenth ACM symposium on Operating systems principles (New York, Oct. 19-22 2003), vol. 37, 5 of Operating Systems Review, ACM Press, pp. 44-59.
  27. MENEZES, A. J., VAN OORSCHOT, P. C., AND VANSTON, S. A., Eds. Handbook of Applied Cryptography. CRC Press, 1996.
  28. MERKLE, R. A digital signature based on a conventional encryp- tion function. In CRYPTO (1987).
  29. MUNISWAMY-REDDY, K.-K., MACKO, P., AND SELTZER, M. I. Provenance for the cloud. In FAST (2010), vol. 10, pp. 15- 14.
  30. NAOR, M., AND YUNG, M. Universal one-way hash functions and their cryptographic applications. In Proceedings of the 21st Annual Symposium on Theory of Computing (STOC '89) (New York, May 1989), ACM Association for Computing Machinery, pp. 33-43.
  31. PARK, A., AND BALASUBRAMANIAN, K. Providing fault toler- ance in parallel secondary storage systems. Tech. Rep. CS-TR- 057-86, Department of Computer Science, Princeton University, Nov. 1986.
  32. PATTERSON, D. A., GIBSON, G., AND KATZ, R. H. A case for redundant arrays of inexpensive disks (RAID). In Proceed- ings of the 1988 ACM SIGMOD International Conference on Management of Data (Washington, DC, USA, May 26-28 1988), pp. 109-116.
  33. PETERSON, W. W., AND WELDON, E. J. Error-Correcting Codes. MIT Press, 1972.
  34. QUINLAN, S., AND DORWARD, S. Venti: A new approach to archival data storage. In Proceedings of the FAST '02 Conference on File and Storage Technologies (FAST-02) (Berkeley, CA, Jan. 28-30 2002), USENIX Association, pp. 89-102.
  35. RABIN, M. O. Fingerprinting by Random Polynomials. Cen- ter for Research in Computing Technology, Harvard University, 1981.
  36. SCHWARZ, T. S. J., AND MILLER, E. L. Store, forget, and check: Using algebraic signatures to check remotely adminis- tered storage. In 26th IEEE International Conference on Dis- tributed Computing Systems (26th ICDCS'06) (Lisboa, Portugal, July 2006), IEEE Computer Society, p. 12.
  37. SEIDEL, AND ARAGON. Randomized search trees. ALGRTH- MICA: Algorithmica 16 (1996).
  38. SHAH, M. A., SWAMINATHAN, R., AND BAKER, M. Privacy- preserving audit and extraction of digital contents. IACR Cryp- tology ePrint Archive 2008 (2008), 186.
  39. SONG, S., AND J ÁJ Á, J. New techniques for ensuring the long term integrity of digital archives. In DG.O (2007), J. B. Cushing and T. A. Pardo, Eds., vol. 228 of ACM International Conference Proceeding Series, Digital Government Research Center, pp. 57- 65.
  40. SUBBIAH, A., AND BLOUGH, D. M. An approach for fault tol- erant and secure data storage in collaborative work environments. In StorageSS (2005), V. Atluri, P. Samarati, W. Yurcik, L. Brum- baugh, and Y. Zhou, Eds., ACM, pp. 84-93.
  41. WALDMAN, M., RUBIN, A. D., AND CRANOR, L. F. Pub- lius: a robust, tamper-evident, censorship-resistant Web publish- ing system. In Proceedings of the Ninth USENIX Security Sympo- sium, August 14-17, 2000, Denver, Colorado (pub-USENIX:adr, 2000), USENIX, Ed., USENIX.
  42. ZHANG, Y., RAJIMWALE, A., ARPACI-DUSSEAU, A. C., AND ARPACI-DUSSEAU, R. H. End-to-end data integrity for file sys- tems: A ZFS case study. In FAST (2010), R. C. Burns and K. Kee- ton, Eds., USENIX, pp. 29-42.
  43. ZLOTNICK, F. ZFS: The last word in file systems. In The Con- ference on High Speed Computing (Salishan Lodge, Gleneden Beach, Oregon, Apr. 2006), LANL/LLNL/SNL, p. 25.
  44. ZOBEL, J., MOFFAT, A., AND SACKS-DAVIS, R. Storage man- agement for files of dynamic records. In Australian Database Conference (1993), pp. 26-38.

Related papers

4 A distributed Integrity Catalog for digital repositories
Nikos Chondros

2016

Digital repositories, either digital preservation systems or archival systems, periodically check the integrity of stored objects to assure users of their correctness. To do so, prior solutions calculate integrity metadata and require the repository to store it alongside the actual data objects. This integrity metadata is essential for regularly verifying the correctness of the stored data objects. To safeguard and detect damage to this metadata, prior solutions rely on widely visible media, that is unaffiliated third parties, to store and provide back digests of the metadata to verify it is intact. However, they do not address recovery of the integrity metadata in case of damage or attack by an adversary. In essence, they do not preserve this metadata. We introduce IntegrityCatalog, a system that collects all integrity related metadata in a single component, and treats them as first class objects, managing both their integrity and their preservation. We introduce a treapbased persistent authenticated dictionary managing arbitrary length key/value pairs, which we use to store all integrity metadata, accessible simply by object name. Additionally, IntegrityCatalog is a distributed system that includes a network protocol that manages both corruption detection and preservation of this metadata, using administrator-selected network peers with two possible roles. Verifiers store and offer attestations on digests and have minimal storage requirements, while preservers efficiently synchronize a complete copy of the catalog to assist in recovery in case of a detected catalog compromise on the local system. We describe our prototype implementation of IntegrityCatalog, measure its performance empirically, and demonstrate its effectiveness in real-world situations, with worst measured throughput of approximately 1K insertions per second, and 2K verified search operations per second.

View PDFchevron_right
Implementing a Reliable Digital Object Archive
Arturo Crespo

Lecture Notes in Computer Science, 2000

An Archival Repository reliably stores digital objects for long periods of time decades or centuries. The archival nature of the system requires new techniques for storing, indexing, and replicating digital objects. In this paper we discuss the specialized indexing needs of a write-once archive. We also present a reliability algorithm for e ectively replicating sets of related objects. We describe a data import utility for archival repositories. Finally, w e discuss and evaluate a prototype repository we h a ve built, the Stanford Archival Vault SAV.

View PDFchevron_right
Implementing Trusted Digital Repositories
Reagan Moore

2000

Trusted digital repositories manage the integrity and authenticity of records through multiple generations of technology. They provide mechanisms to validate assertions about trustworthiness and provide the preservation processes that implement the required control and management capabilities. Today there are multiple technologies that can be used to build a digital repository that is capable of maintaining the authenticity and integrity of

View PDFchevron_right
RODA: a service-oriented repository to preserve authentic digital objects
Luis Corujo

2009

In mid 2006, the Portuguese National Archives (Directorate-General of the Portuguese Archives) launched a project called RODA (Repository of Authentic Digital Objects) aiming at identifying and bringing together all the necessary technology, human resources and political support to carry out long-term preservation of digital materials being produced by the Portuguese public administration.

View PDFchevron_right
A service-oriented repository to preserve authentic digital objects
Rui Castro, José Carlos Ramalho, Luis Corujo

In mid 2006, the Portuguese National Archives (Directorate-General of the Portuguese Archives) launched a project called RODA (Repository of Authentic Digital Objects) aiming at identifying and bringing together all the necessary technology, human resources and political support to carry out long-term preservation of digital materials being produced by the Portuguese public administration.

View PDFchevron_right
580 California St., Suite 400
San Francisco, CA, 94104
© 2025 Academia. All rights reserved