XML data integrity based on concatenated hash function

Data integrity is the fundamental for data authentication. A major problem for XML data authentication is that signed XML data can be copied to another document but still keep signature valid. This is caused by XML data integrity protecting. Through investigation, the paper discovered that besides data content integrity, XML data integrity should also protect element location information, and context referential integrity under fine-grained security situation. The aim of this paper is to propose a model for XML data integrity considering XML data features. The paper presents an XML data integrity model named as CSR (content integrity, structure integrity, context referential integrity) based on a concatenated hash function. XML data content integrity is ensured using an iterative hash process, structure integrity is protected by hashing an absolute path string from root node, and context referential integrity is ensured by protecting context-related elements. Presented XML data integrity model can satisfy integrity requirements under situation of fine-grained security, and compatible with XML signature. Through evaluation, the integrity model presented has a higher efficiency on digest value-generation than the Merkle hash tree-based integrity model for XML data

Towards a Flexible Intra-Trustcenter Management Protocol

This paper proposes the Intra Trustcenter Protocol (ITP), a flexible and secure management protocol for communication between arbitrary trustcenter components. Unlike other existing protocols (like PKCS#7, CMP or XKMS) ITP focuses on the communication within a trustcenter. It is powerful enough for transferring complex messages which are machine and human readable and easy to understand. In addition it includes an extension mechanism to be prepared for future developments.Comment: 12 pages, 0 figures; in The Third International Workshop for Applied PKI (IWAP2004

Developing a Framework to Implement Public Key Infrastructure Enabled Security in XML Documents

This paper concentrates on proposing a framework to implement the PKI enables security in XML documents, by defining a common framework and processing rules that can be shared across applications using common tools, avoiding the need for extensive customization of applications to add security. The Framework reuses the concepts, algorithms and core technologies of legacy security systems while introducing changes necessary to support extensible integration with XML. This allows interoperability with a wide range of existing infrastructures and across deployments. Currently no strict security models and mechanisms are available that can provide specification and enforcement of security policies for XML documents. Such models are crucial in order to facilitate a secure dissemination of XML documents, containing information of different sensitivity levels, among (possibly large) user communities

Authorised Translations of Electronic Documents

A concept is proposed to extend authorised translations of documents to electronically signed, digital documents. Central element of the solution is an electronic seal, embodied as an XML data structure, which attests to the correctness of the translation and the authorisation of the translator. The seal contains a digital signature binding together original and translated document, thus enabling forensic inspection and therefore legal security in the appropriation of the translation. Organisational aspects of possible implementation variants of electronic authorised translations are discussed and a realisation as a stand-alone web-service is presented.Comment: In: Peer-reviewed Proceedings of the Information Security South Africa (ISSA) 2006 From Insight to Foresight Conference, 5 to 7 July 2006, Sandton, South Afric

Curating E-Mails; A life-cycle approach to the management and preservation of e-mail messages

E-mail forms the backbone of communications in many modern institutions and organisations and is a valuable type of organisational, cultural, and historical record. Successful management and preservation of valuable e-mail messages and collections is therefore vital if organisational accountability is to be achieved and historical or cultural memory retained for the future. This requires attention by all stakeholders across the entire life-cycle of the e-mail records. This instalment of the Digital Curation Manual reports on the several issues involved in managing and curating e-mail messages for both current and future use. Although there is no 'one-size-fits-all' solution, this instalment outlines a generic framework for e-mail curation and preservation, provides a summary of current approaches, and addresses the technical, organisational and cultural challenges to successful e-mail management and longer-term curation.

Open document format as a new structured format standard in long-term archivation

Pro požadavky dlouhodobé archivace je nezbytné aby uchovávané elektronicky podepsané dokumenty byly ve strukturálním formátu. Protože se jedná o archivaci po dobu několika desítek (až stovek) let každý musí být explicitně dokumentován a musí se jednat o dlouhodobý standard. Extensible Markup Language (XML) jako jeden z nástrojů jednoznačně definované struktury a syntaxe vytvoření takového standardu umožňuje, avšak pouze za předpokladu, že tyto podmínky budou striktně dodrženy. Touto cestou se snaží jít OpenDokument formát (ODF) a stává se tak důležitým nástrojem nejen pro složky veřejné správy, ale také pro podnikatelské subjekty.For Long-Term Archivation requirements it is necessary to preserve electronically signed documents in structural format. Every one has to be explicit documented because we act with archivation for tens (even hundreds) of years and it has to be long-term standard. Extensible Markup Language (XML) as one of the tools of exact structure and syntax defined tools allows us to make such standard, nevertheless providing that conditions will be met. OpenDocument format (ODF) tries to go this way and it becomes important tool not only for public administration authority, but for business subjects as well