|
|
|
|
|||||||||
|
VERS STORY | STANDARD | ASSESSMENT | PROJECTS | DIGITAL ARCHIVE | TRAINING | TOOLKIT | PUBLICATIONS | |
|
|||||||||
|
|||||
|
2.3 Integrity In many applications, the archived information is useless, or loses value, unless it can be demonstrated that there have been no unauthorised modifications to the record since it was created. Two common techniques used to demonstrate integrity are the use of digital signatures and protecting the record using a vault which logs accesses. A digital signature is a cryptographic technique used to generate a unique signature that depends on the entity signing the object and the contents of the object. Multiple signatures can be used to protect a record from forgery. For example, a record could be signed separately by the registrar of the record and by the system itself. These two signatures protect the record from forgery by any one party acting alone; the registrar's signature ensures that a forgery cannot be perpetrated by a system administrator or by a third party, while the system's signature ensures that the creator cannot forge the record after the event. It should be noted that in verifying a digital signature it is necessary to be able to show that the keys used to generate the signature were actually owned by the purported signer at the time that the signature was applied. For this reason it is necessary for the record or the system to hold information about the keys. This point is discussed further in section 5.2. One of the problems that arises in the use of digital signatures is that the technique will not allow any modifications at all to a record, even authorised modifications. For these reasons, VERS supports the concept of onioning (Version 1) and Modified VEOs (Version 2). These two concepts are equivalent and allow a new, modified version of a record to be created while retaining the original record intact with its digital signatures. These concepts are described more fully in section 3.5. The more common alternative to protecting integrity by digital signature is to protect integrity by the use of a vault. With this approach, records are protected by the recordkeeping system itself. Records can only be modified using functions provided by the recordkeeping system and all use of these functions is recorded in an audit log. The audit log consequently provides proof that a record retains integrity. In order to do so, it is necessary to show that records may only be modified through the authorised functions and that the audit log itself cannot be modified. Both requirements are difficult to completely fulfil. Both electronic records and audit logs are normally held as files in the computer's file system and these can often be directly manipulated by anyone with sufficient privileges (e.g. a system administrator). This can be controlled by a checksum held by the recordkeeping system, but the question then becomes whether someone with sufficient privileges (e.g. a records manager) can directly manipulate the internal tables to change the checksum. It is quite possible to show integrity by means of hybrid approaches. For example, one way of complying with VERS is to hold the records in the native form within the recordkeeping system and only express the objects as VERS Encapsulated Objects when they are exported. In this situation the records would be protected using a vault before export and a digital signature afterwards. To demonstrate integrity, the audit log must be extracted and included in the history of the record. In the VERS metadata, the history of the record is documented in M66 Management History and M76 Preservation History (see PROS 99/007 Specification 2: VERS Metadata Scheme). In summary, ensuring integrity can be shown passively by digital signatures, actively by a vault, or by using a combination of both. When it is necessary to be able to modify a record, a digital signature involves complexity and trouble. On the other hand, it can be difficult to absolutely ensure the security of a vault. | |||||
 |
 |
|