Forward Secure Evidence Container (FSEC)
Guardtime’s KSI technology uses the hash-and-publish mechanism for integrity protection. We introduce the concept of a Forward Secure Evidence Container (FSEC) wherein the digital asset is combined with an identity token and signed using KSI to provide assurance of authorship assigned to the digital asset and the content of the asset.
At the time the identity token is created, a KSI signature is also created marking the time and establishing the content of the identity token. Both the identity token and the KSI signature must be available for later verification and stored in a secure location. The identity token and corresponding KSI signature are included in the evidence container with the digital asset and its KSI signature. This inclusion ties the signature of the identity token to the signature of the digital asset.
The evidence package is presented for verification with the corresponding KSI signature and if verification passes, the integrity of the digital asset, identity token and the linkage between the two are known and correct. A malicious entity is prevented from substituting a compromised digital asset from an improper source using a seemingly valid substitute identity token.
The Implications of FSEC
If the OPM systems had been instrumented with KSI, the event of the background information database being tampered with or manipulated would have resulted in a KSI verification failure. Further information could have been used from the evidence container to rapidly retrieve the chain of custody and pinpoint the point of failure.
With Forward Secure Evidence Containers, once established, the contents of the evidence container can be verified despite future compromises to the incorporated identity certificates.
Using KSI to seal all the evidence (PKI signatures, certificates, CRLs, OCSP responses) provides immunity against backdating as KSI signatures do not expire or rely on secrecy of keys. In the case of significant advances in technology that threaten the security of PKI cryptographic constructs, KSI signatures can also be used to prove that the evidence was intact before the construct was deemed questionable thus improving and extending the reliability of PKI signatures.
Although in the case of the OPM breach, data was purportedly stolen, the data could have been corrupted or tampered with, making it suspect, untrustworthy and unusable. Truth builds trust and trust is based on integrity. Where human motivation and behavior must be verified in conjunction with effective security controls - think KSI.