A comprehensive system design that addresses authenticity and integrity has many pieces and a great many design and operational details. This chapter first describes basic tools and principles for digital record assurance and then offers some basic detailed approaches. Those approaches are presented as examples of the level of care that must be applied; it is not claimed that they are the only possible approaches.

DIGITAL ASSURANCE TOOLS AND PRINCIPLES

Digital assurances for records are based fundamentally on maintaining multiple, geographically and administratively separated copies and on using cryptographic techniques to provide integrity checking and secure transmission of records to and from the archive. These techniques and their appropriate application to a long-term archive are discussed below.

Geographical Replication

Multiple, geographically and administratively separated replication provides an essential technique for protecting integrity. There are various ways to meet this requirement, involving complete replicas or multiple partial replicas. A detailed design starts with reasonable goals for the acceptable bit loss rates and desired availability for each local site. Given these reliability metrics for the local sites, one can compute the reliability of an N-way replicated archive, and the total archive can be designed to achieve a specified level of reliability.

At any given point in time, the engineering and design question will be how to achieve these goals in a cost-effective manner with currently available storage technologies. Storage technologies and their relative prices are evolving rapidly, so the National Archives and Records Administration (NARA) needs a flexible design that can evolve along with them.

Cryptographic Techniques

As described below, cryptographic techniques provide basic tools for ensuring authenticity and integrity.1 Both qualities depend on cryptographic algorithms for which forgery is computationally infeasible: that is, defeating the system (e.g., by altering the original record without altering the digest or its signature) would require so many samples of records or so much computing power that no attacker has the resources to succeed.

Integrity Check Using Hash Digests

The technique of computing a hash digest or checksum of a record is used to check its integrity. A secure hash algorithm computes a compact hash digest from the digital bits that comprise a record. There are several algorithms in common use; Federal Information Processing Standards (FIPS) Publication 180-22 specifies four standard algorithms. The standard explains that a secure hash algorithm is one for which “it is computationally infeasible (1) to find

1  

More details on these and other assurance techniques can be found in the following reports from the National Research Council’s Computer Science and Telecommunications Board: Cryptography’s Role in Securing the Information Society (1996), Computers at Risk: Safe Computing in the Information Age (1991), and Trust in Cyberspace (1999), all published by National Academy Press, Washington, D.C.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement