Digitally Signed Records – Friend or Foe?
Boris HercegHrvoje Brzica
Financial Agency – [email protected] [email protected]
Hrvoje StančićDepartment of Information and
Communication SciencesFaculty of Humanities and Social Sciences
Herceg, Brzica, Stančić, Digitally Signed Records – Friend or Foe?, INFuture2015, 11-13 November 2015 2
Contents1. Introduction2. The problem3. Research4. Expected results5. Conclusions
Herceg, Brzica, Stančić, Digitally Signed Records – Friend or Foe?, INFuture2015, 11-13 November 2015 3
1. Introduction• “The preservation of digital objects involves a vari ety of
challenges, including policy questions, institutional roles and relation ships, legal issues, intellectual property rights, and metadata.” Thibodeau (2002)
Thibodeau, K. (2002). Overview of Technological Approaches to Digital Preservation and Challenges in Coming Years. In The State of Digital Preservation: An International Perspective (pp. 4-31). Washington, D.C.: Council on Library and Information Resources (CLIR)
Herceg, Brzica, Stančić, Digitally Signed Records – Friend or Foe?, INFuture2015, 11-13 November 2015 4
1. Introduction• Changes of information-communication technology
require digital documents and records to be– converted– migrated– emulated– virtualised
in order to be accessible and usable
• Im pact on the trustworthiness of digital records
Herceg, Brzica, Stančić, Digitally Signed Records – Friend or Foe?, INFuture2015, 11-13 November 2015 5
1. Introduction• “Irrespective of the long-term solution for the
preservation of authentic electronic records, it is quite clear that there will not be much worth preserving for the future if serious measures are not taken by records creators to guarantee the trustworthiness of electronic records (in both meanings – trustworthiness of content and trustworthiness of the record as a record) since the moment of creation.” Duranti (1999)
Duranti, L. (1999). Concepts and principles for the management of electronic records, or records management theory is archival diplomatics. Records Management Journal, 9(3), 149-171
Herceg, Brzica, Stančić, Digitally Signed Records – Friend or Foe?, INFuture2015, 11-13 November 2015 6
1. Introduction• This could be a complex task if the records being
preserved are – digitally born records – signed with (ad vanced) digital signatures which depend on the
(qualified) digital certificates and (trusted) timestamping process– entrusted to the cloud
• Focus on digitally signed records– PDF file format
2. The problem• Digitally signed records could lose their legal validity if
digital signature – cannot be validated– loses its characteristic of non-repudiation
• Adobe confirms– “the mere exist ence of a digital signature is not an adequate
assurance that a document is what it appears to be”
• Validity check of a digital signature – no proof of existence– record’s trustworthiness may be compromised
2. The problem• Digital signatures – valid only for a certain period– vali dation requires a connection with the certification authority
relying on PKI– if any of the
elements in this chain fails, the validity check will fail too
2. The problem …• Digital certificates expire, but they also may be revoked– Should the historic information on the revocation lists be
preserved along with the digitally signed records?– Is that technically possible?
• Address the problem before it appears!
• Preliminary research using digitally signed PDF records – provide some insight– help prepare a later stage of the research
10
3. Research• Electronic forms of the public administration services • Created between 2006 and 2009
• Working hypothesis– the technologi cal progress has no effect on the long-term
preservation of the content and the key elements of electronic records, and that both the content and the key ele ments of electronic records are fully preserved
Herceg, Brzica, Stančić, Digitally Signed Records – Friend or Foe?, INFuture2015, 11-13 November 2015
Herceg, Brzica, Stančić, Digitally Signed Records – Friend or Foe?, INFuture2015, 11-13 November 2015 11
3. Research …• Methodology– collection, sampling, parametrisation, testing, comparison,
analysis, synthetisation, abstraction
• Research in 8 phases1. Definition of the research parameters and the testing
environment2. Collection of samples of electronic records (.PDF files)3. Organisation of all samples in the testing environment4. Duplication – so that the testing has no impact on the original
sample
Herceg, Brzica, Stančić, Digitally Signed Records – Friend or Foe?, INFuture2015, 11-13 November 2015 12
3. Research …• Research in 8 phases …
5. Testing• opening the sample PDFs in the version of the reader from the time of
record creation• opening the same sample in the consecutive, newer versions of the
reader• the characteristics of the records will be investigated
6. Data analysis7. Synthetisation of the findings8. Final report and recommendations
Herceg, Brzica, Stančić, Digitally Signed Records – Friend or Foe?, INFuture2015, 11-13 November 2015 13
3. Research …• Characteristics of the archived electronic records to be
investigated1. Readability of the content2. Validity of digital signatures3. Functionality of digital signatures’ visualization4. Display of digital signatures’ elements5. Size of digital signatures6. Size of electronic records7. Legal usability of the electronic records
• Other characteristics may prove to be relevant as well
Herceg, Brzica, Stančić, Digitally Signed Records – Friend or Foe?, INFuture2015, 11-13 November 2015 14
4. Expected results• Hope to prove the hypothesis– the techno logical progress has no effect on the long-term
preservation of the digitally signed PDFs, and that both the content and the key elements relevant to the concept of trustworthiness of electronic records are fully preserved
• Why?– Investigated records are stored in the stable and widely
accepted file format– Vendor takes into the consid eration the backward compatibility
of their products• But ... it still remains to be proved!
Herceg, Brzica, Stančić, Digitally Signed Records – Friend or Foe?, INFuture2015, 11-13 November 2015 15
5. Conclusion• Results of this research will be used in the next stage –
preservation of– historic information on the revocation lists– digitally signed records– application of timestamps to the records with the expiring
certificates
THANK YOU!
Boris HercegHrvoje Brzica
Financial Agency – [email protected] [email protected]
Hrvoje StančićDepartment of Information and
Communication SciencesFaculty of Humanities and Social Sciences
Digitally Signed Records – Friend or Foe