New Technologies applicable to Document Management Blockchain Hrvoje
New Technologies applicable to Document Management: Blockchain Hrvoje Stancic, Ph. D. , assoc. prof. Faculty of Humanities and Social Sciences University of Zagreb, Croatia hstancic@ffzg. hr
Contents 1. 2. 3. 4. 5. 6. 7. Introduction e. IDAS Regulation Hash function Hash (Merkle) tree Distributed network Blockchain Conclusion 2
1. Introduction • Electronic Document Management – motivation • business productivity • organizational effectiveness • The need for • version tracking • tracing steps (where/when the document was/is) in the business process • verification of changes, document structure, contents • trusted exchange of document (trusted third party) 3
1. Introduction … • Electronic Document Management • stand alone solutions • cloud solutions • Challenges • dealing with digital signatures, seals, time stamps • preservation of documents' • • authenticity integrity reliability usability • non-repudiation • security • confidentiality 4
2. e. IDAS Regulation • Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC http: //eur-lex. europa. eu/legal-content/EN/TXT/PDF/? uri=CELEX: 32014 R 0910&from=EN • defines • • advanced electronic signatures qualified certificates electronic seals qualified electronic time stamps 5
2. e. IDAS Regulation. . . • Advanced electronic signature – an electronic signature that (a) it is uniquely linked to the signatory (b) it is capable of identifying the signatory (c) it is created using means that the signatory can maintain under his sole control, and (d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable Firstly defined in: Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures 6
2. e. IDAS Regulation. . . • Advanced e-signatures rely on qualified certificates • guarantee the authenticity and the identity of the signatory • are issued for the period of 2 to 5 years • expire • can be revoked (CRL – Certification Revocation List) 7
2. e. IDAS Regulation. . . • Advanced electronic seals • similar requirements as for the advanced e-signature with the difference that it relates to the creator instead of the signatory • also relay on the qualified certificates 8
2. e. IDAS Regulation. . . • Qualified electronic time stamps (a) binds the date and time to data in such a manner as to reasonably preclude the possibility of the data being changed undetectably (b) is based on an accurate time source linked to Coordinated Universal Time, and (c) is signed using an advanced electronic signature or sealed with an advanced electronic seal of the qualified trust service provider, or by some equivalent method Qualified trust service providers provide qualified validation service (granted the qualified status by the supervisory body). 9
2. e. IDAS Regulation. . . • Qualified electronic time stamps • use advanced electronic signatures and electronic seals • Advanced electronic signatures and electronic seals • rely on qualified certificates • authenticity • identity of the signatory 10
2. e. IDAS – example of electronic signature • Advanced electronic signature 11
2. e. IDAS – example of electronic signature 12
2. e. IDAS Regulation. . . • Challenges • short expiration period • possibilities of certificate revocation • the need for resigning • dependence on the certification authority(-ies), i. e. qualified trust service providers ("trusted third party") 13
2. e. IDAS Regulation. . . • Relies on ETSI standards • ETSI EN 319 102 -1 Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of Ad. ES Digital Signatures • Archival Timestamps Signature providing Long Term Availability and Integrity of Validation Material (B-LTA) Basic Signature (B-B) e-signature Signer's document Signed attributes Signature with Time (B-T) Time stamp Signature with Long Term Validation Material (B-LT) Certificate and revocation data Archival time stamp(s) 14
2. e. IDAS – example of electronic signature 15
3. Hash function • Hash or message digest • one-way function that calculates the unique fix-length string out of any document of any size • it is not possible to recreate the original document by knowing its hash • (theoretically) extremely difficult and nearly impossible to create "collisions" i. e. meaningful records with the same hash value (produced by a given hash function) 16
3. Hash function … • Different hash functions (e. g. Adler 32, Haval, MD, Ripe. MD 160, SHA, Tiger, Whirlpool etc. ) result with hash values of different lengths • Secure Hash Algorithm (SHA): e. g. SHA-256, SHA-512 • Example: • hash of a document (. docx) • MD 5: 614 e 8 bb 4 b 90 a 998 a 5 faea 456 f 7249741 • SHA-256: 7 d 8 c 5 b 62 dcb 440233 f 7 eaac 1 ec 49 e 4 c 386 b 8089 c 37 d 69 a b 51 bc 674 b 8877 cb 032 17
3. Hash function – example • Online MD 5, http: //onlinemd 5. com/ Received file Calculated hash Received hash 18
3. Hash function … • Hash in combination with electronic signatures can be used to check • record's integrity • authenticity of electronic signature 19
3. Hash function … 1. Hash function 2. Hash 7 d 8 c 5 b. . . Application of private key Application of public key e-sign. 7 d 8 c 5 b. . . Hash = e-sign. integrity check Hash 7 d 8 c 5 b. . . electronic signature authenticity check 20
4. Hash (Merkle) tree • Several (or many) hash values may be hashed together thus forming a Merkle or hash tree Merkle, R. C. (1982). Patent No. US 19790072363 19790905. USA H(D 1 -D 20) – "root/top hash" H – hash D – document H(D 1 -D 10) H(D 11 -D 20) […] H(D 10) H(D 11) H(D 20) 21
4. Hash (Merkle) tree – example • Online MD 5, http: //onlinemd 5. com/ Hash of the File 1. docx Hash of the File 2. docx Hash of the File 3. txt Calculated root/top hash 22
4. Hash (Merkle) tree … • Merkle (hash) tree • used by Satoshi Nakamoto for creating virtual/crypto currency Bitcoin • resulted with the evolvement of the blockchain technology • blockchain is the underlying technology enabling Bitcoin and many other applications • blockchain relies upon a distributed network and decentralized consensus ≠ 23
5. Distributed network • Distributed (peer-to-peer) network • vs. centralised network – one central server • vs. decentralised network – several centres • all nodes (servers) are equal – no centre(s) • no single point of control or attack Image source: http: //bluenetworks. weebly. com/syngeneia-in-the-history-of-pergamon. html 24
5. Distributed network … • Enables the concept of decentralized consensus • every participant (node/server) records every event in its ledger ("main book"/database) • consensus is used in order to • ensure that all ledgers are the exact copies (i. e. are synchronised) • to determine truth • event (e. g. transaction or document) is valid only if qualified majority (50%+1 node) agrees upon it 25
6. Blockchain • A linked scheme based on hash (Merkle) tree 1. Hashes of individual events or files are created and timestamped 2. The group of hashes are hashed (a block is created), timestamped and made public (over the distributed network) in regular intervals (e. g. every second, every minute, every 10 or 15 minutes etc. ) 3. Hash of the previous block is included in the next block (thus creating a chain of blocks) 26
6. Blockchain … • Blockchain formation […] […] […] 27
6. Blockchain … Blocks' creation direction Block n Hash of the previous block Top hash […] Block n+1 Block hash […] Block documents Hash of the previous block Top hash […] Block documents 28
6. Blockchain – example • An example from the Enigio Time's time: beat solution (https: //timebeat. com/) 29
6. Blockchain – example … • Confirm that a particular document existed at a particular time (proof of contents, copyright etc. ) + a secure time stamp is created 30
6. Blockchain – example … 31
6. Blockchain – example … • President of the Association of Catalan Archivists and Vice-president of the Croatian Archival Society get blockchained (this morning) 32
6. Blockchain … • The chain is formed of the linked blocks • Each additional block reinforces the preceding ones • Any attempt to modify a block will invalidate subsequent blocks and will be detected • Even authorized changes are virtually impossible X X […] 33
6. Blockchain … • Document verification • the distributed ledger can be updated with a document only if qualified majority of participating nodes agree it can be verified as a document • the chain contains proof that a document was part of original set of documents the chain was built upon […] […] 34
6. Blockchain … Public blockchain Private blockchain Anyone can freely write data without permission granted by any authority Only known and trusted (authorized by an authority) participants can freely write data No point of control (except initial authorization) (Relative) anonymity Examples: Bitcoin, Ethereum No anonymity Example: a group of partnering archives 35
6. Blockchain – implementation possibility • Connecting a document management system with the blockchain via a blockchain aggregator Shared ledger (Trust. Chain©) timestamped verification block time sealed Blockchain block aggregator Clock document hash Document creators Publication channels receipt (chain of proof) DMS Document users 36
6. Blockchain – research • On-going research as part of the Inter. PARES Trust (http: //interparestrust. org) project: Model for Preservation of Trustworthiness of the Digitally Signed, Timestamped and/or Sealed Digital Records (TRUSTER Preservation Model) • investigating the possibilities of using linking based timestamping and blockchain technology for long-term preservation of digitally signed records • developing a Trust. Chain© model 37
7. Conclusion • Blockchain can be used in document management to • confirm integrity of a document • confirm that a document was existing or created at a certain point in time (i. e. not after it was timestamped and registered in the blockchain) • confirm sequence of documents thus strengthening document versioning • support/enhance non-repudiation of a document • improve the validation possibilities of digitally signed documents/records during the long-term preservation 38
7. Conclusion … • ISO/TC 307 – Blockchain and electronic distributed ledger technologies • new standard being developed • Document management, recordkeeping and archiving in the digital age • archivists need to understand new technologies in order to be able to evaluate their impact, and include them in archival processes • Act proactively and be able to offer professional opinions! 39
INFuture 2017: Integrating ICT in Society Zagreb, 8 -10 November 2017 The Westin Zagreb Hotel http: //infoz. ffzg. hr/INFuture/
Sources A gentle introduction to blockchain technology. (2015). https: //bitsonblocks. net/2015/09/09/a-gentle-introduction-to-blockchain-technology/ [8/8/2016] A gentle introduction to digital tokens. (2015). https: //bitsonblocks. net/2015/09/28/a-gentle-introduction-to-digital-tokens/ [8/8/2016] A gentle introduction to smart contracts. (2016). https: //bitsonblocks. net/2016/02/01/a-gentle-introduction-to-smart-contracts/ [8/8/2016] Almgren, H. and Stengård, M. (2016). How to maintain Authenticity and Integrity of Electronic Information without Utilizing Electronic Certificates. In: Anderson, K. et al. e-Institutions - Openness, Accessibility, and Preservation (pp. 441 -442). Department of Information and Communication Sciences, Faculty of Humanities and Social Sciences, University of Zagreb, Croatia, https: //doi. org/10. 17234/INFUTURE. 2015. 45 Bisht, K. (2016). The Blockchain and Decentralized Consensus. http: //www. oodlestechnologies. com/blogs/The-Blockchain-and-Decentralized-Consensus [8/8/2016] Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. http: //eurlex. europa. eu/legal-content/EN/ALL/? uri=celex%3 A 31999 L 0093 [8/8/2016] Duranti, L. , & Blanchette, J. -F. (2004). The Authenticity of Electronic Records: The Inter. PARES Approach. Archiving Conference, Archiving 2004 Final Program and Proceedings (pp. 215 -220). Society for Imaging Science and Technology. Guess, M. (2016). IBM wants to move blockchain tech beyond Bitcoin and money transfer. http: //arstechnica. com/business/2016/02/ibm-wants-to-moveblockchain-tech-beyond-bitcoin-and-money-transfer/ [8/8/2016] Hallam, S. (2016). The Blockchain vs Bitcoin. http: //www. stevenhallam. com/blog/the-blockchain-vs-bitcoin/ [8/8/2016] IBM Blockchain. http: //www. ibm. com/blockchain/ [8/8/2016] In a nutshell: Multi. Chain. (2016). https: //bitsonblocks. net/2016/03/07/in-a-nutshell-multichain-epicenter-bitcoin-interview-nov-2015/ [8/8/2016] Merkle, R. C. (1982). Patent No. US 19790072363 19790905. USA. Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System. Stančić, Hrvoje. Long-term Preservation of Digital Signatures // Technical and field related problems of traditional and electronic archiving / Gostenčnik, Nina (ur. ). Maribor : Pokrajinski arhiv, 2016. 481 -491, http: //bib. irb. hr/datoteka/810269. Stancic_H. _Long-term_Preservation_of_Digital_Signatures_481 -491. pdf Brzica, Hrvoje; Herceg, Boris; Stančić, Hrvoje. Long-term Preservation of Validity of Electronically Signed Records // Information Governance / Gilliland, Anne ; Mc. Kemmish, Sue ; Stančić, Hrvoje ; Seljan, Sanja ; Lasić-Lazić, Jadranka (ur. ). Zagreb : Department of Information and Communication Sciences, Faculty of Humanities and Social Sciences, University of Zagreb, 2013. 147 -158, http: //infoz. ffzg. hr/INFuture/2013/papers/403%20 Brzica, %20 Herceg, %20 Stancic, %20 LTP%20 of%20 Validity%20 of%20 Electronically%20 Signed%20 Records. pdf time: beat by Enigio. https: //timebeat. com/ [8/8/2016] What is the Hyperledger Project? . https: //www. hyperledger. org/ [8/8/2016] Yaqub, J. (2015). Blockchain As A Database. https: //www. linkedin. com/pulse/blockchain-database-jawad-yaqub [8/8/2016] 41
THANK YOU! New Technologies applicable to Document Management: Blockchain Hrvoje Stancic, Ph. D. , assoc. prof. Faculty of Humanities and Social Sciences University of Zagreb, Croatia hstancic@ffzg. hr
- Slides: 42