Why Tractis LTA performs frequent re-stamping of electronic evidences?

As the number of companies and developers running their services on Tractis Webservices increases, we see some doubts cropping up again and again. One of these FAQs is: “Why does Tractis re-stamp electronic evidences every 3 months, instead of waiting until the last minute?“. This post addresses this question.

In Public Key Infrastructure, we use a component called Time Stamping Authority (“TSA”) to perform time stamps. The TSA uses a time stamp electronic certificate to generate the time stamps. This certificate has a validity period, set by the Certification Authority that issued it, and this can be of 1 year or more.

Typical re-stamping: “Only when necessary”

In a typical re-stamping process, each stored evidence receives a time stamp at the time of insertion into the “Long Term Archive” (“LTA”). Before the expiry of the certificate used for the first time stamp, the LTA applies a new time stamp both on the evidence and on the previous stamps. This process of periodic and automatic “re-stamping” continues indefinitely until the evidence is withdrawn from the LTA. Thus, each evidence is preserved through a chain of time stamps to ensure that such evidence has not been altered since its inception in the LTA.

Tractis LTA Re-stamping: “Frequent (quarterly)”

However, the Tractis LTA goes one step further and does not wait until the electronic certificate used for the preceding time stamp is about to expire (“re-stamp only when necessary”), but performs automatic massive re-stamping periodically and more frequently (“frequent re-stamping”). Specifically, the Tractis LTA re-stamps every 3 months by default, or even over shorter periods, at the customer request. This frequent re-stamping provides greater protection in case the Tractis TSA key was compromised.

Re-stamping only when necessary vs. Frequent re-stamping

Let’s take an example to better understand the benefits of “frequent re-stamping” versus “re-stamp only when necessary.” Imagine that you have the following infrastructure:

• a TSA to put time stamps. Your TSA time stamp electronic certificate has a validity period from January 1^st to December 31^th, so every year you change it for a new one;
• a LTA to do periodic re-stamping.

Now imagine you have some electronic evidence X that you want to preserve using your TSA and LTA. You decide to add a time stamp each month: January, February, March, April and May. Think of this process as a Russian doll set, with each new doll containing all the previous ones.

Suppose your TSA is compromised on April 15^th (e.g.: someone steals the TSA key, or penetrates your infrastructure and changes the code). You know you can trust the time stamps generated until April 14^th, but not those generated from April 15^th onwards. So you revoke your TSA certificate to date April 1^st and, as a result, the April and May re-stamps are no longer valid. Fortunately, since you re-stamped every month, you know and can prove to others that your electronic evidence X is valid until March. If you had conversely re-stamped only when necessary, you would just be able to show that your electronic evidence X was valid only until December 31^th of the previous year, when you last changed the TSA certificate that has been compromised.

Conclusions

It is not that the “re-stamping only when necessary” is not valid or worse than the “frequent re-stamping.” It depends on your use case and type of electronic evidence. For some clients, the former may suffice, while others may need greater granularity. In any case, frequent re-stamping never hurts and, in certain situations, it can be very useful.

To conclude, frequent re-stamping of evidences is not mandatory, but is recommended for even greater protection when using times tamps.

By David Blanco
Saved in: Tractis Webservices | No comments » | 4 February 2014