1 / 147

Missouri Secretary of State Robin Carnahan Records Services Division presents:

Missouri Secretary of State Robin Carnahan Records Services Division presents:. Authentic and Trustworthy Electronic Records Workshop 5 in the Missouri Electronic Records Education and Training Initiative July 12 , 2005 Presented by: Charles M. Dollar. Provided under contract with: e Visory.

senwe
Télécharger la présentation

Missouri Secretary of State Robin Carnahan Records Services Division presents:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Missouri Secretary of State Robin CarnahanRecords Services Divisionpresents: Authentic and Trustworthy Electronic Records Workshop 5 in the Missouri Electronic Records Education and Training InitiativeJuly 12, 2005Presented by:Charles M. Dollar Provided under contract with: eVisory

  2. Speaker Who I am Goals and Objectives Awareness Expertise Audience Who are you? Your goals and objectives Introduction Let’s Get Acquainted

  3. Plan for the Day Part 1. The Challenge of Electronic Records Part 2. Electronic Records Terminology Part 3. Capture of Electronic Records Part 4. Transmission of Electronic Records Part 5. Storage of Electronic Records Part 6. Takeaways and wrap up

  4. Part 1: The Challenge of Electronic Records Authenticity and Trustworthiness

  5. Part 1.1 The Challenge Paper Records • Historical basis • Provenance • Physical features • Examples • Donation of Constantine • Mark Hoffman forgeries • Diaries of Adolph Hitler • USS Constellation (Baltimore)

  6. Part 1.2 Vulnerability • Vulnerability of Internet communications • Easy to modify electronic records without visible evidence by manipulating 1s and 0s • Text Good morning. It is a lovely day. Good morning. It is a lonely day. • Images 

  7. Part 1.3

  8. Part 2: Authentic and Trustworthy Electronic Records Terminology 

  9. Record Original v. Copy Legal Admissibility Authentication Authenticity Integrity Archiving Information-Records Life Cycle Part 2 Overview

  10. Part 2.1 Record • IT • A collection of data items arranged for processing by a program • In a database, a record (sometimes called a row) is a group of fields within a table • Records Management/Archives • Made or received in the ordinary course of business • Evidence of a transaction that has been set aside for future reference • Electronic record • Entity created, stored, manipulated, and retrieved by a computer

  11. Original Complete First in time Effective Copy Form of the Original Imitative Copy Simple Copy Part 2.2 Original v. Copy 

  12. Part 2.3 Legal Admissibility • Established by rules and precedents • [T]he foundation for admission of computerized records consists of showing the input procedures used, the tests for accuracy and reliability and the fact that an established business relies on the computerized records in the ordinary course of carrying on its activities. The … opposing party then has the opportunity to cross-examine concerning company practices with respect to the input and as to the accuracy of the computer as a memory bank and retriever of information … [T]he court must “be satisfied with all reasonable certainty that both the machine andthose who supply the informationhave performed their functions with utmost accuracy.”… [The] trustworthiness of the particular records should be ascertained before they are admitted and the burden of presenting an adequate foundation for receiving the evidence should be on the parties seeking to introduce it rather than upon the party opposing its introduction.[1][bold emphasis added] • [1] United States vs. Russo, 480 F.2d 1228, 1239 (6th Cir. 1973) (quoting United States v. De Georgia, 420 F.2d 889, 895 (9th Cir. 1969))

  13. Part 2.4 Authentication • Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be • Examples • Wet signatures • Passwords • Electronic signatures • Digital signatures 

  14. Part 2.5 Authenticity • An authentic record is what it purports to be • Grounds for establishing authenticity • Context of creation – when, who, what, why • Content • Structure • Documentation

  15. Part 2.6 Integrity • Condition of a record not being altered, deleted, or allowed to deteriorate • InterPares – reliability over time • Challenge for electronic records

  16. Part 2.7 Archiving • The process of removing a precise set of infrequently used reference data from an overloaded relational database and keeping it active in an archive where it can be easily and quickly retrieved when needed. • The storing of files, records, and other data for reference and alternative backup in near-line or off-line mode. • Archive as a logical or physical storage repository  independent of the record production environment where records are protected form loss, alteration, and deterioration so that they may be used as trustworthy evidence as far in the future as necessary.

  17. Part 2.8 Information-Records Life Cycle

  18. Part 3: Capture of Authentic and Trustworthy Electronic Records

  19. Part 3 Overview Capture • Ordinary course of business • At or near the time of the event • Complete • Metadata • Recordkeeping system

  20. Part 3.1 Ordinary Course of Business • Authority and capacity for the business activity • Official capacity or standing

  21. Part 3.2 At or Near the Time of the Event • Facts are more likely to be accurate • Unbiased by subsequent events • Unbiased by memory lapses

  22. Part 3.3 Complete • Identity of record • Identity of participant(s) • Authority to execute the transaction • Time/date • Authentication • Means of transmission

  23. Record owner/creator Retention period Classification Concurrence Distribution list, if any Attachment identification Time/date of creation & transmission Part 3.4 Metadata

  24. Part 3.5 Recordkeeping System • Historically an archives • “An electronic system in which records are collected, organized, and categorized to facilitate their preservation, retrieval, use, and disposition.”(Source: 36 CFR 1234.2) • Trusted third party repository with read only privileges

  25. Part 4: Transmission of Authentic and Trustworthy Electronic Records

  26. Part 4 Overview Topics • Terminology • Secure Socket Layer (SSL) • Public Key Infrastructure (PKI) • Records management guidance

  27. Part 4.1 Terminology • Cryptography • Symmetric Cryptography • Asymmetric Cryptography • Hash Digests Technology • Digital signatures and certificates • Public Key Infrastructure (PKI)

  28. Cryptography

  29. Part 4.1.1-1 Cryptology • Science of using mathematics to store/send sensitive information so that only the intended recipient can read it • Substitute cipher • Captain Midnight’s Secret Decoder Ring

  30. Part 4.1.1-2 Taxonomy

  31. Part 4.1.1-3 Substitution Cipher

  32. Part 4.1.1-4 Example Substitution flee at once. we are discovered SIAA ZQ LKBAVA ZOA RFPBLUAOAR

  33. Part 4.1.1-5 Rotor Machine WW II German Enigma

  34. Symmetric Cryptography

  35. Part 4.1.2-1 Encryption/Decryption - Symmetric • Mathematical techniques for transforming an intelligible message to an un-intelligent one and reversing the process 

  36. Part 4.1.2-2 Symmetric Keys • Key length is critical • Each bit doubles the size of the key space • 56 bit (2*56) • 1 billion keys per second, 2 years • 128 bit (2*128) • 340,000,000,000,000,000,000,000,000,000,000,000,000 • 1 billion keys per second • 10*22 years (universe is 10*10 years old) • “Computationally infeasible”

  37. Part 4.1.2-3 Stream v. Block Cipher 

  38. NAS/NIST FIPS 197 (2001) Symmetric Key length 128 bits 192 bits 256 bits NAS Secret – 128 Top Secret – 192/256 Concern about “cracking” AES Theoretical 10 billion units of known text Part 4.1.2-4 Advanced Encryption Standard (AES) 

  39. Part 4.1.2-5 Other Encryption Algorithms • RC4 • RSA • Commercial stream cipher • Variable length (40 to 128 bits) • Faster than DES • Principal use is in SSL

  40. Part 4.1.2-6 “Cracking” Encryption • Computational difficulty • Computationally secure • Unconditionally secure • Attacks • Ciphertext-only • Known-plaintext • Chosen-plaintext

  41. Part 4.1.2-7 Cracking Secret Keys (Estimate, 1997)

  42. Asymmetric Cryptography

  43. Part 4.1.3-1 Asymmetric Key Cryptography 

  44. Part 4.1.3-2 Asymmetric Key (Public Key) History • Diffie-Hellman key exchange concept • Pair of mathematically related keys • Encryption • Decryption • Decryption key called “public key” • Encryption key “cannot” be reconstructed from “public key” • Other public key algorithms

  45. Part 4.1.3-3 Public Key Cryptography Strength

  46. Part 4.1.3-4 Public Key Technology Assessment • Cryptographically secure • 760 bits? • 1024 bits • Processing time • 100 to 1,000 times slower than a 128 bit encryption key • Impractical for all but very brief messages • Alternative

  47. Hash Digest Technology

  48. Part 4.1.4-1 Adding a New Element to Public Key Cryptography- Hash Digests • A digital fingerprint of any size or type of digital object • Non-reversible and sensitive to change of a single bit • 483,820/4 = 120,955 • 483,820/1000 = 483.82 • 483,820/10,000 = 4.8382 

  49. Part 4.1.4-2 Features • Computationally infeasible to extract a document from its digest • Computationally infeasible to find an arbitrary message that has a particular digest • Computationally infeasible for two messages to have the same digest

  50. Part 4.1.4-3 One Way Hash Digests One-way hash values are unidirectional. Nothing can be learned about the original file data from its hash value. N4C14VDR15WXuvaa6qb+pEnlgtaI8KbMXh0uHC/PEdzK8wf/N9OfYqpoJyh5mkvRvaybfzz2PMnWgaWV1QjxpdC8dj1H9NdH

More Related