Michael Just. Some Timestamping Protocol Failures. In Proceedings of the Symposium on Network and Distributed Security (NDSS 98), San Diego, CA, USA, March 1998. Internet Society.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....[BM99] for the same effect. Timestamping Aspects. There are also some differences in the timestamping aspects of our solution compared to previous time stamping solutions. We provide absolute timestamps, linking the delivery to a particular value of real time. Most previous results, e.g. [HS91,J98], focused on relative timestamps, creating linkage and thereby total or partial ordering among different timestamps. We do not see how to use relative timestamps for non repudiation of delivery or of origin. Absolute timestamping has a simple, folklore solution: send the hash of the document ....

....authority (or delivery authority) Actually, to preserve confidentiality, the timestamp should be on a commitment to the document rather than on its hash; see details in Section 4. We also show, in Section 5, how to extend absolute timestamping to withstand time stamping server failures (cf. [J98]) 2. Model and Requirements We now present our model of the system and define the requirements from a guaranteed delivery service, as well as our assumptions about the underlying mechanisms (communication and clock synchronization) We tried to provide well defined model without making it ....

Mike Just. Some Timestamping Protocol Failures. In Internet Society Symposium on Network and Distributed System Security, 1998. Available at http://citeseer.nj.nec.com/just98some.html.

....is referring to the same, single timeline. If, instead, a dishonest service maintains clandestinely two or more timelines or branches of the same timeline, publishing di#erent timeline authenticators to di#erent subsets of its users, then that service can, in a sense, revise history. Just [12] identified such an attack against early time stamping services. Within a service domain, this attack can be foiled by enforcing that the service periodically commit its timeline on a write once, widely published medium, such as a local newspaper or paper journal. When there is doubt, a cautious ....

Just, M. Some Timestamping Protocol Failures. In Proceedings of the Symposium on Network and Distributed Security (NDSS 98) (San Diego, CA, USA, Mar. 1998), Internet Society.

....Related Work Although time stamping seems to be essential to conduct secure transactions with lasting e ects in the digital world of the Internet, the number of researchers exploring this topic is surprisingly small. In addition to the time stamping work described in Section 2, most notably Just [20] describes the intricacies of relying on the trustworthiness of the time stamper to ensure the immutability of the document time line, and ways in which earlier work fails to make time stampers accountable. This work, although not directly applicable to the core time stamping described in this ....

Just, M. Some Timestamping Protocol Failures. In Proceedings of the Internet Society Symposium on Network and Distributed Security (NDSS '98).

....is referring to the same, single timeline. If, instead, a dishonest service A maintains clandestinely two or more timelines or branches of the same timeline, publishing di erent timeline authenticators to di erent subsets of its users, then that service can, in a sense, revise history. Just [12] identi ed such an attack against early time stamping services. Within a service domain, this attack can be foiled by enforcing that the service periodically commits its timeline on a write once, widely published medium, such as a local newspaper or paper journal. In such a way, when there is ....

Just, M. Some Timestamping Protocol Failures. In Proceedings of the Symposium on Network and Distributed Security (NDSS 98) (San Diego, CA, USA, Mar. 1998), Internet Society.

....A fingerprint is small,but it uniquely represents a large human being. Short hashes can uniquely represent large documents. 2.4 Linking Schemes Linked time stamping systems make use of hashes and relative time. They tie time stamps together into long chains that are difficult to tamper with [5]. In a large time stamping system with many users, it s impossible to predict what documents will be submitted for time stamping. Therefore, the documents themselves are sufficiently random to be used as a basis for relative time stamping . All the documents received by the system are linked into ....

Just, M. Some Timestamping Protocol Failures, In: Proceedings of the Internet Society Symposium on Network and Distributed Security (NDSS `98), p. 5.

....work Although time stamping seems to be essential to conduct secure transactions with lasting e ects in the digital world of the Internet, the number of researchers exploring this topic is surprisingly small. In addition to the time stamping work described in Section 2. 1, most notably Just [Jus98] describes the intricacies of relying on the trustworthiness of the time stamper to ensure the immutability of the document time line, and ways in which earlier work fails to make time stampers accountable. This work, although not directly applicable to the core time stamping described in this ....

Michael Just. Some timestamping protocol failures. In Proceedings of the Symposium on Network and Distributed Security (NDSS 98), San Diego, CA, USA, March 1998. Internet Society.

....time stamps contain information that can only be used to check whether one time stamps was made earlier than another. There s no analogue for the real absolute time. While both schemes can be used to compare the time stamps there are deep di erences between these two methods. It has been shown in [Jus98a] that absolute time can not be used without trusted third parties serving the absolute time. This means that we must trust both the trusted third party itself and its time source. For relative temporal authentication no trusted third party is required because the time stamps can be linked together ....

Michael K. Just, Some Timestamping Protocol Failures, in Proceedings of the Internet Society Symposium on Network and Distributed Security (NDSS '98).

....i6=j y i 0 mod n: The verification phase consists of computing c y j mod n which must be equal to z m . We can remark that we don t verify that the certificate c is a power of z 0 because we have no means for doing that. This can be inconvenient in applications such as timestamping ( BdM94] [Jus97]) 4.6 Security If an attacker wants to find a false certificate for y 0 62 fy i ; i = 1; Delta Delta Delta mg, he has to ffl search z 0 such that z 0 y 0 j z m (mod n) ffl or search Y 0 such that i z y 0 0 j Y 0 j z m (mod n) Solving the first situation is equivalent to ....

M. Just. Some timestamping protocol failures. Technical Report TR-9716, Carleton University, Canada, School of Computer Science, August 1997.

....time stamps contain information that can only be used to check whether one time stamps was made earlier than another. There s no analogue for the real absolute time. While both schemes can be used to compare the time stamps there are deep di erences between these two methods. It has been shown in [Jus98a] that absolute time can not be used without trusted third parties serving the absolute time. This means that we must trust both the trusted third party itself and its time source. For relative temporal authentication no trusted third party is required because the time stamps can be linked together ....

Michael K. Just, Some Timestamping Protocol Failures, in Proceedings of the Internet Society Symposium on Network and Distributed Security (NDSS '98).

....scheme is optimal in that sense. 1 Introduction Time stamps enable an incredulous verifier to ascertain the date a digital document was created, signed or last modified. Most of the time stamping systems proposed to date are based on trusted third parties and are, thereby, more or less vulnerable [6]. The key problem today in time stamping is to reduce the role of trusted third parties. This is necessary for the segregation of duties and liabilities when using time stamping for non repudiation in legally valid digital signature schemes. First steps in this direction were made by Haber and ....

M.Just, "Some time-stamping protocol failures", Internet Society Symposium on Network and Distributed System Security, 1998.

....the initiators of time stamping requests. Our notion of time stamping system differs from the one given in, e.g. BdM91] by several important aspects. Below we motivate the differences. 3. 1 Relative Temporal Authentication The main security objective of time stamping is temporal authentication [Jus98] ability to prove that a certain document has been created at a certain moment of time. Although the creation of a digital data item is an observable event in the physical world, the moment of its creation cannot be ascertained by observing the data itself (moreover, no such thing as the ....

....and therefore do not support the RTA. Sect. 4 shows how to modify the linear linking scheme ( HS91] Sect. 5.1) to fulfill the security objectives (RTA and detection of forgeries) On the other hand, in practice, in this scheme the detection of forgeries would take too many steps. As noted in [Jus98], it is easy to forge time stamps when we can assume that the verifier has limited computational power. This leads us to the question of feasibility. In order to make RTA feasible in the case when time stamps belong to different rounds, it is reasonable to define an additional layer of links ....

Mike Just. Some Timestamping Protocol Failures. In Internet Society Symposium on Network and Distributed System Security, 1998. Available at http://www.scs.carleton.ca/~just/.

No context found.

M. Just, #Some Timestamping Protocol Failures ", Carleton University School of Computer Science TR-97-16, August 1997. #Available from http:##www.scs.carleton.ca#~just#.#

No context found.

Mike Just, #Some Timestamping Protocol Failures", Proceedings of the 1998 Symposium on Network and Distributed System Security, pp. 89-96, March 1998.

....though there, the linking was done for timestamps produced by an individual user, not the result of a round computation. This is essentially the scheme suggested used by Bayer, Haber and Stornetta [5] for linking their rounds. A number theoretic alternative to the hash linking is given by Just [9]. 4 Centralized Timestamping Haber and Stornetta [8] present the following protocol for timestamping a digital document x. It uses a central timestamping service T that requires no record keeping. Here, r denotes the rth round, where 1 document is stamped per round. 1. u sends y r = h(x r ) and ....

M. Just, "Some Timestamping Protocol Failures", Carleton University School of Computer Science TR-97-16, August 1997. (Available from http://www.scs.carleton.ca/~just/.)

No context found.

Michael Just. Some Timestamping Protocol Failures. In Proceedings of the Symposium on Network and Distributed Security (NDSS 98), San Diego, CA, USA, March 1998. Internet Society.

No context found.

Michael Just. Some Timestamping Protocol Failures. In Proceedings of the Symposium on Network and Distributed Security (NDSS 98), San Diego, CA, USA, March 1998. Internet Society.

No context found.

Michael Just. Some Timestamping Protocol Failures. In Proceedings of the Symposium on Network and Distributed Security (NDSS 98), San Diego, CA, USA, March 1998. Internet Society.

No context found.

Just, M.: Some Timestamping Protocol Failures. In Proc. of Internet Society Symposium on Network and Distributed System Security (1998)

No context found.

Michael Just. Some timestamping protocol failures. In Proceedings of the Symposium on Network and Distributed Security (NDSS 98), pages 89--96, San Diego, CA, USA, March 1998.

No context found.

M. Just. Some Time-Stamping Protocol Failures. In Proceedings of Network and Distributed System Security Symposium (NDSS '98), San Diego, California, 1998. Internet Society.

No context found.

M.Just, #Some time-stamping protocol failures", Internet Society Symposium on Network and Distributed System Security, 1998.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC