1. Keyless Signature Infrastructure
- Complexities and cost of management for PKI Keys.
Service Provided by KSI:
- Data Integrity
- Time of Signature
- Verification of the origin.
Summary of the KSI:
Cloud Storage Alice Transfer her data
Guardtime Service An hash value is generated
GT per second and transferred to
Calender Database GT sign the has value and
publish it in the calender db.
Publication in public A summary of hash values in
newspaper the calender is published per
month month duration.
Fig: KSI workflow.
2. To check the integrity of data, Alice need to:
i. Keep track of last hash value. & before next update of the data, she will check if stored
hash value matches with the current hash value.
1. Simultaneous update Attack:
Alice can detect corruption if made at time t3 but not at time t4 which
happened simultaneously with her own update.
h3 h4 Hash values over Time
Data over Time
Attempt to Change by attacker
Alice changes her own data
This data alteration can be changed by analyzing tamper-proof log data. In this case, only KSI
cannot provide data integrity. The risk becomes high when data is changed very frequently.
KSI can potentially detect integrity violation, when Alice hardly changes her own data.
2. Known Signature Attack:
The adversary can change the data & generate corresponding root hash value and
attack/persuade the print media to print the forged publication value.
o Thus, besides trusting Cloud provider and Guardtime, Alice also needs to trust the print
Why do we need keyless Signature?
- If PKI is costly to manage key, can we make PKI key management more efficient?
3. Week Points of PSI:
- High computational cost for generating Hash value per second from large volume of Data (GB