Morph Digital Signature A New Signature Framework for e ... - CiteSeerX

3 downloads 282306 Views 417KB Size Report
Morph Digital Signature. A New Signature Framework for e-Documents in. Pervasive Environments. Rachid Saadi∗, Jean Marc Pierson† and Lionel Brunie∗.
Morph Digital Signature A New Signature Framework for e-Documents in Pervasive Environments Rachid Saadi∗ , Jean Marc Pierson† and Lionel Brunie∗ ∗ LIRIS



lab, INSA de Lyon, France. Email: {rachid.saadi, lionel.brunie}@liris.cnrs.fr IRIT lab, University Paul Sabatier Toulouse, France. Email: [email protected]

Abstract— Nowadays the exchange of documents, information and data is fulfilled through an electronic format. This arises security problems (i.e. Authentication, non repudiation and privacy). In order to tackle some security issues, the digital signature allows to strongly identify the signatory and prevents against any signed content violation. However with the evolution of distributed systems, context adaptation appears as a very important constraint in ubiquitous environment especially in pervasive and mobile environments. Indeed the most of electronic documents (e.g. book, journal, certificate etc.) should be adapted to contextual situation. In this paper we propose a new signature mechanism (Morph Digital Signature). It enables any trusted entity to blind or to disclose only authorized parts from document according to user and environment constraints. We have also adapted the morph signature to certificate issues by providing a trust entity the ability to morph their certificates format according to pervasive context.

the Distributor like ”Springer”, ”ACM” or ”IEEE” deals to provide the document to the community with respect to the author signature. The Distributor wants to provide several versions of the original document by adapting them according to the contextual transaction (e.g. price) without modifying the original author signature. Consequently the Consumer or the reader is able to select (buy) some document parts which she needs and to check the author signature even if the document is not complete. Contrarily of standard digital signature methods, we define a new morph digital signature providing a contextual adaptation. It enables authorized entity (Distributor) to blind or to disclose only authorized parts that are defined by the Producer according to a predefined contract.

I. I NTRODUCTION The user interaction with her environment becomes increasingly pervasive. Indeed commercial transaction and publication issues (e.g. banking transfers, bills, books, journals etc.) based on paper documents use more and more an electronic version mainly for economic and ecologic reasons. Digital signature is especially important for electronic commerce to establish a trust interaction through a virtual community as Internet. In fact the signature enables the authentication and the non repudiation of the document provider. It is used to authenticate the identity of the document authors and to ensure that the original content is intact. The digital signature mechanism as it is actually defined is not appropriate to be adapted to context. We use the Producer, Distributor and Consumer (PDC) model (see figure 1) to illustrate the inflexibility and the weakness of the standard signature mechanism. In this example the producer is the writer of the document. The Distributor represents the editor of the document, it is mandated by the producer to edit and to distribute her document or manuscript. The Consumer is the last actor of the chain, it represents the lecturer who acquires and reads the final distribution of the document. In this model the Producer signs her manuscript to prove that she is the author. Then

Fig. 1. Morph document: In this figure the editor provides some versions of the original document. According to a given price some chapters are disclose e.g: For 20 EUR you can read only the first chapter.

This paper is organized as follows. Section 2 presents the related works. Then, we describe the Morph digital signature

in Section 3. In Section 4 we show an implementation of our approach for certification issue. Finally we conclude this paper and we suggest future directions. II. R ELATED W ORKS We define the morph mechanism to perform a signature contextual adaptation. It represents the ability to hide some attributes on a signed message according to context. Steinfeld and al [1] define this property as CES (Content Extraction Signature): ”A Content Extraction Signature should allow anyone, given a signed document, to extract a publicly verifiable extracted signature for a specified subdocument of a signed document, without interaction with the signer of the original document”. The most used approach divides the messages into fragments, then signs each one separately. Micaly and Rivest [2] is the first work which introduces the concept of transitive signature. In their algorithm, giving a signature on two graph edges Sig(x,y) and Sig(y,z) (where x, y and z represent subdocuments), a valid signature Sig(x,z) can be computed to hide ”y” without access the secrete key. Johanson and al [3] have introduced some improvements by enabling a homomorphic signature. Let a signature Sig(x). Anyone can compute a signature Sig(w) on any subpart w of x obtained by rubbing out some position of x. [4] is the first work which uses homomorphic function property to define a new signature algorithm for morphing certificates. All the previous approaches have a drawback; they define a new algorithm to perform the certificate adaptability, instead of using the existing standard. [1] exposes a modification of the RSA computing algorithm. Their approach is based on the homomorphic property of RSA, i.e. hd1 hd2 modN = (h1 h2 )d modN . This algorithm multiplies the RSA sub-messagesi signatures (hdi modN ), and checks whether the result is the signature of the hash values products. Their approaches are very useful. However, they are based on mathematical proprieties that address only a specific class of signature algorithm. This constraint reduces the usability scope. The World Wide Web Consortium ”W3C” standard: ”XML Digital signature”(XMLDSig) [5] offers the capability to sign different parts of documents. [6] add some elements to the XMLSignature standard to perform the certificate adaptability. These last methods are very attractive, but it is not appropriate to our needed. They treat document as composition of subdocument. Consequently, the Distributor is free to put or hide any part without respect the document classification. This constraint becomes crucial if we deal with certificate. Thus the document structure is not comprised of distinct parts, but composed of a single bloc where two different fields are defined: Static field (e.g. authors identity, publication date...) and Dynamic field (e.g. chapter, section...) III. M ORPH D IGITAL S IGNATURE Our contribution has an objective to define a very flexible model of digital signature. It is inspirited by the W3C stan-

dards: ”XML Digital signature”(XMLDSig). This signature is designed for a distributed usability. All signature standards use a hash algorithm to obtain a residual value from the document data. This value is signed by a private key of the document producer. Consequently if the content is modified, the residual result will be erroneous. In this case, the Distributor can’t adapt her documents by masking or blinding any authorized information inside. We define in this model a specific signature method using specific tags. The Distributor can manage and morph any document according to the specific transaction (e.g price cost) (see figure 1). So some authorized parts can be freely masked or blinded by the distributor without soliciting any producer intervention. In this manner, the consumer will own a sub-document from the original one, which only contains corresponding part for her transaction. Thus, the challenge is: How each distributor can customize her static document according to a contextual transaction? To solve this problem, we must distinguish The Dynamic Part from the Static Part. • The Static Parts: is composed of mandatory and non removable information (ex: the the title of document, the authors...). These data set up the identity of the document. • The Dynamic Part:(DP) represents the removable part such as: document chapters, section etc... To perform the morph digital signature algorithm, all dynamic parts in the document must be defined. A. Morph Template Definition The morph template is defined to facilitate and to standardize the creation of the morph document. Indeed almost of the multimedia supports are formatted to express a regular structure and semantic contents. Some standards have been emerged such as: XML, HTML OpenDocument, OOXML, Mpeg7 etc. All these standards are conceived to organize document parts in a well-formatted manner. In the same way, we define the morph template to perform the morph signature process through a large scope of document formats. The morph template is composed of two sections: The document type and the The dynamic section. • The Document type: The morph signature should be computed through any type of documents (XML or any formats). This section tells about the type of the signed document. This information is crucial as it defines how the document will be parsed. • The Dynamic attributes: This section defines the dynamic parts in the signed document. For instance, in the latex format, ”subsection” and ”subsubsection” are considered to be as dynamic parts; For the XML documents, the dynamic parts consists of all the < DP > tags. The morph signature has as inputs the document and the corresponding template. The morph signature parses the template to recognize the dynamic parts.

Then according to the type of the document, the morph signature algorithm retrieves all defined dynamic parts and replace them by their corresponding hash values. Finally, the morph document is generated and the signature can be computed. B. Morph Template Scenario: We have defined a new method of signature enabling a contextual adaptation within a signing document. According to the PDC model, the morph signature based on a defined template is computed as follows:

1) Transform the source Body B to a Morph Body MB, by replacing all dynamic parts defined in the template with the corresponding digests values (DPDigest). 2) Apply a hash function to the Morph Body MB to obtain a Digest D. 3) The digest D is encrypted (using the private key of signatory) to obtain the signature of the document S. 4) Finally, according to a context, the dynamic parts can be disclosed or blinded (replaced by their corresponding digest value) then moved to the signature float part.

1) Producer Signature. 2) Distributor Adaptation. 3) Consumer Checking. •





Producer Signature When a paper is submitted to a conference, its structure must be formatted according to the conference template. Similarly, a template can be defined by the Producer or by the Distributor to format the document. This template defines the section type or the expression type to be hashed. It selects automatically the DP part before generating the morph signature. The Producer recovers the template of their Distributor. Thus the manuscript is able to be signed just once with the public key of the producer according to the Distributor requirements. Distributor Adaptation The Distributor is able to provide different versions of the Producer’s manuscript. According to the defined template, she is able to deliver some document versions without systematically soliciting the Producer to sign each of these versions. Consumer Checking The consumer is able to check the validity of any version of the delivered document. In fact, the signature is the same for all versions except some residual parts that must be added in the right positions of the document before checking the morph signature.

C. Morph Signature Algorithm: To compute the morph signature two signature tags must be defined: •



DPDigest tag: confines the corresponding digest value of the Dynamic Parts that have been defined in the template. FloatPart tag: contains all DPDigest parts and their positions in the original document. The position field is mandatory to rebuild the morph body for checking the signature.

We apply a new algorithm to generate the morphable document as follows(see figure 2):

Fig. 2.

Morph Signature

The morph signature provides two kinds of documents: • The Source document Doc(B,S): It is generated by the producer, and is composed of the source body and the signature. • The Sub-documents SubDoc: The distributor is able to create some versions of her document. She merely discloses the corresponding information related to a specific context (C) and blinds all other ones by computing the corresponding DPDigest value. For the sake of clarity, these computed parts are moved to the float part in the signature.(see figure 2 step 4) To verify the authenticity of each document or subdocument, the remaining dynamic parts are replaced by their

corresponding hash values before checking the signature. Moreover, each DP can contain some other DP. In this manner, the Distributor has the possibility to blind all the DP parts or a set of sub-parts inside the DP part. Consequently before computing the global DP part, the digest of the whole sub DP parts must be computed recursively. IV. C ONCLUSION & F UTURE

WORK

The digital signature is the basis of the authentication in distributed environment. In this paper we define a new signature model allowing to adapt any document e.g. book, document, certificate according to context (Buying, Selling...). The morph signature presents a number of advantages. In fact the new computing signature algorithm and the morph characteristic gives to the document and to the certificate the ability to be adapted to pervasive context with respect to authentication, non repudiation and privacy. The presented signature method is more efficient than other approach. The delimitation of removable parts is fulfilled easily allowing to discern static fields from removable ones. Currently we make to develop the X316 certificate [11] issue more specifically the X316 context. Indeed one of the new system generation challenges is the fluency of the interaction between the environment and the user. Indeed when the user wants to access a target site, her device should perform the following actions autonomously: •



Select the corresponding certificate which helps user to gain a maximum access in the target site. Select the corresponding certificate subparts which are essential for this access according to the context, and hide others.

Thus, we will integrate our team works on ontologies and context description [12] to the X316 framework, giving the user device the capacity to manage and adapt the certificate dynamically with respect to surrounding context without soliciting any user intervention. In prospect, we will work on increasing the compatibility of the morph signature. Indeed, we aim to broad the morph signature scope to various types of multimedia documents. The dynamic attributes will be generalized to index picture, audio, and video supports. R EFERENCES [1] R. Steinfeld, L. Bull and Y. Zheng; Content Extraction Signatures. In Proceedings of 4th International Conference of Information Security and Cryptology. pages 285-2004. Dec 2001. [2] S. Micali,and R. Rivest L. 2002. Transitive Signature Schemes. In Proceedings of the the Cryptographer’s Track At the RSA Conference on Topics in Cryptology, Computer Science, vol. 2271. pp 236-243, Feb 2003. [3] R. Johnson, D. Molnar, D. Song and D. Wagner, Homomorphic signature schemes, Proceeding in Cryptology - CT-RSA 2002, ed. B. Preneel, LNCS 2271, pp. 244-262, 2002. [4] Stefan Brands. A technical Overview of Digital Credentials. Research Report, Feb 2002. [5] T. Imamura, B. Dillaway and E. Simon. XML-signature syntax and processing. In W3C Recommendation. Dec 2002. http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/

[6] L. Bull,P. Stanski, and D. M. Squire. Content extraction signatures using XML digital signatures and custom transforms on-demand. In Proceedings of the 12th international Conference on World Wide Web pages 170-177. May 2003. [7] R. Saadi, J.M. Pierson, L.Brunie. Authentication and Access Control Using Trust Collaboration in Pervasive Grid Environments. In Proceedings of the International Conference in Grid and Pervasive Computing(to appear), May 2007. [8] P. R. Zimmermann. The Official PGP User’s Guide. MIT Press, Cambridge, MA, USA, 1995. [9] ITU-T Simple public key infrastructure (SPKI) charter, http://www.ietf.org/html.charters/OLD/spki-charter.html. [10] ITU-T Rec. X.509 (2000). ISO/IEC 9594-8 The Directory: Authentication Framework [11] R.Saadi, J. M. Pierson and L. Brunie.X316: Morph Access Pass certificate. Technical Report, INSA de Lyon France. 2006. [12] D. Ejigu, M. Scuturici, and L. Brunie, CoCA: A Collaborative ContextAware Service Platform for Pervasive Computing. In the proceedings of the IEEE/CS International Conference on Information Technology: New Generations(to appear). April 2007.