Synchronizing Time Distribution

With the wide span of internet brought great progress in different parts of human life


Introduction
The huge expansion in using internet has brought great progress in transactions between related parties that processed and recorded electronically as a digital documents.The documents have been used as a media for transferring, co-operation and storing instead of paper-based documents.However, the alteration in digital documents is difficult to detect rather than paper-based documents.Preserve document security over a long time period as paper-based documents an integrity technique is indeed required.The digital documents includes digital signature have the same problem also.Since, Verify the digital signature is necessary thing that conducted with a public key certificate signed by corresponding private key to sign.The digital signature is impossible to confirm if it is generated during the validation period of the certificate during the certificate expires or revoked (Ansper, 2001), (Stuartr, Kaliski and Stornetta,1995), (Surety, 2001).This is because there is no insurance of private key validation when the certificate expire.Since, the certificate validity period is ranged from (1-2) years in general.Therefore, to keep the digital data and It's corresponding digital signature secure for a long decade a time-stamp techniques.time-stamp is used to prove the validity of a generated digital signature for a long time through validation process.A timestamp optimizes for certain data to exist before a specific time.Although, deals with the drawbacks of digital documents (Ansper, 2001), (Stuart, and W, 1991) .Timestamp technology is a set of procedures that provide to the digital documents a long authentication in the time they were sent.The timestamp is an integral part of the legitimate infrastructure for digital documents, it enables proof of the document's existence at a particular time.It also helps to decrease the level of trust currently required for a public key by allowing proof to the document that was signed before the revocation procedure of the corresponding signing key is sealed.All of these facilities rely on timestamps to handle the documents and their signing keys validity status, to motivate the need a clear understanding of the security and efficiency requirements of timestamps (Stuart, and W, 1991), (International Organization for Standardization, 2000), (International Organization for Standardization-part1, 2000).This research concerned with the time signature distributed scheme as a one of the time-stamp schemes.

Distributed Time Signature Scheme
The issuer of distributed time signature scheme deals with two types of servers: a reception server and multiple sign servers as depict in Fig ( 1).The scheme proposed by Takura et al. (1999).

The issuing procedure:
Requester sends an issuer (H, t), S, [H: is a hash value of data, t: is the valid period of data, and S: is a digital signature of (H, t).The receiving server receives the data to verify the signature and to ensure the period validity does not expire at the verification time.the receiving server sends it to the signature servers (H, T), each one contains partial data of a private key to construct digital signature.The server partially generates the signature on [H, T] during the current time process T and returns this signature to the receiving server.If the number of the received signatures is more than a threshold, then receiving server can generate a digital signature S and receive the requestor TS (H, T, S) [TS: is a timestamp] from the receiving server.Using the partial digital signature with a threshold be a big hindrance to the issuer to fraudulently tamper with the processes that create a timestamp (International Organization for Standardization-part1, 2000), (Une, Masashi, and Matsumoto, 2001), (Karel, 1995).

The verification procedure:
The validator verifies that the digital signature done by the issuer.Thus, the verification process is the verification of the digital signature by the issuer which corresponds to a process b (the Une and Matsumoto verification processes).The validator confirms between the data to be verified and the hash value in the timestamp, the process is implicitly included in the verification procedure.As a result, the validation procedure is corresponded ab process (Une and Matsumoto validations).Figure 1 shows that type ab belongs to class 2 (relationship of the Une and Matsumoto classes).
A sufficient condition conforming to category 2 is a technique to create an InfoINT (information integrity) that does not become vulnerable and the attacker does not collude with the issuer (International Organization for Standardization-part1, 2000), (Une, Masashi, and Matsumoto, 2001), (Karel, 1995).

Proposed Synchronizing Time Signature Distribution Scheme
To overcome the gaps of the distributed time signature system, he proposed a new configuration called "synchronization process".With this process and multiple signal servers that provide a partial signature, the process that sends its signature is periodically synchronized to one of the signature servers at random to obtain a timestamp (TS) for the signature.This connection between servers makes it difficult for each server to cheat in the TS.This makes the synchronization process work as a supported base for the distributed system to be more trustworthy as shown in Fig. 2.

Fig. 2-Synchronizing Time Signature Distributed Scheme
The issuance procedure is the same as the previous one except for the last step when the receiving server sends a timestamp to the requester, the timestamp contains H, T, Ln is a data set of (partial signature: -1, n + 1, Tn -1, Hn-1, and hash value Ln-1), and S.
In the synchronization process, the receiving server requests the binding information stamp (Ln+k) from one of the recording servers to obtain the TS (Ln+k).

Verification procedure
The verifier compares the hash values of the data to be verified with Hn and performs the verification of the digital signature S.These operations correspond to operations a and b, respectively.Then, the validator obtains a string of timestamp [TSn+1, TSn+2, ..., TSn+k-1], and regenerates a string of link information [Ln+1, Ln+2, ..., Ln +k]. to confirm between them.[TSn + 1, +2, ..., TSn + k-1] dataset (data used to ensure consistency between the timestamp data and the corresponding data in the issuer database).One of time stamp entities is ETSI, the "TSI" of ETSI is the Issuer Time Stamp that keepet by the issuer), the d operation is the corresponding operation (Une and Matsumoto verification operations).Finally, the verifier obtains TS(Ln+k) from reception server and compares between Ln+k and the regenerated one.The corresponding operation is e (Une and Matsumoto verification operations) because TS(Ln+k) and reception server correspond to EAMP (Evidence Amplifier) .the EAMP is a data used to confirm the integrity of ETSI and send to an evidence amplifier by an issuer.The "AMP" of EAMP means "AMPlifier", the evidence amplifier keeps EAMP to be verified during the verification phase and amplifier, respectively.Thus, the scheme correspond to abde type and class 6 (Une and Matsumoto groups of time stamp schemes).

The Effect of Synchronization Process
The following points resulted from the first distributed time signature scheme in security evaluating: -Firstly, checking whether it is infeasible or not to the attacker to forge digital signature without using the sign servers partial private keys.-Secondly, checking the receiving server and signing servers if they are trustworthy enough to ensure that synchronize the partial digital signature and threshold configure a difficulty for the issuer to fraudulent the operations involved in creating a timestamp.A sufficient condition for the security of a trust to be achieved is the combination of the following three conditions: -first: InfoINT generation is not vulnerable, and the attacker cannot collude with the issuer.
-Second: The attacker does not conspire with the issuer and does not impersonate him.
-Third: The attacker does not conspire with a amplifier and does not impersonate him.

Conclusion
Implementing the proposed synchronizing the partial digital signature with a specific threshold configure a big difficult to the issuer to defraud the operations involved in timestamp creation.Although adding two operations to the verification process makes forging the digital signature used in the new scheme impossible for an attacker and makes the receiving server and signaling servers trustworthy enough to perform fraudulent manipulation of any operations related to the scheme.