[ckan-discuss] On securely tracking transformations through workflows/processes

John Erickson olyerickson at gmail.com
Tue May 3 17:57:09 BST 2011


Related to today's Edinburgh discussion on tracking the "publishing
path" for datasets, see this related 2008 paper by Stuart Haber
(HPLabs). This should be considered in combination with esp.
provenance languages, esp. PML

A content integrity service for digital repositories
Haber, Stuart; Kamat, Pandurang; Kamineni, Kiran
HP Laboratories
http://www.hpl.hp.com/techreports/2008/HPL-2008-177.html

Abstract: We present a "content integrity service" for long- lived
digital documents, especially for objects stored in digital
repositories. The goal of the service is to demonstrate that
information in the repository is authentic and has not been
unintentionally or maliciously altered, even after its bit
representation in the repository has undergone one or more
transformations. We describe our design for an efficient, secure
service that achieves this, and our implementations of two prototypes
of such a service that we developed, most recently for DSpace. Our
solution relies on one-way hashing and digital time- stamping
procedures. Our service applies not only to transformations to
archival content such as format changes, but also to the introduction
of new cryptographic primitives, such as the new one-way hash function
family that will be chosen by NIST in the competition that was
recently announced [10]. In the face of recent attacks on hash
functions, this feature is absolutely necessary to the design of an
integrity- preserving system that is meant to endure for decades.

-- 
John S. Erickson, Ph.D.
http://bitwacker.com
olyerickson at gmail.com
Twitter: @olyerickson
Skype: @olyerickson



More information about the ckan-discuss mailing list