- Email: [email protected]
Protecting the UK's written treasures
CASE STUDY References 1
2
3
Unisys. 2006. “Consumers Worldwide Overwhelmingly Support Biometrics for Identity Verification, Says Unisys Study”, Press release, 26 April 2006. http://www.unisys. com/about__unisys/news_a_ events/04268651.htm (accessed 9 December 2006).
4
Valencia, V.S. and Horn, C. 2003. “Biometric Liveness Testing”, in J.D.Woodward, N.M.Orlans and P.T.Higgins (Eds), Biometrics – Identity Assurance in the Information Age. McGraw-Hill/Osborne.
Figure 9 : Confidence that biometric information will only be used for authentication purposes (209 respondents)
About the author Prof. Steven Furnell is the head of the Network Research Group at the University of Plymouth, UK, and an Adjunct Associate Professor with Edith Cowan University, Western Australia. His research has included several projects in the biometrics area, particularly in relation to keystroke analysis on PCs and mobile devices. Related papers
can be obtained from www.plymouth. ac.uk/nrg. Konstantinos Evangelatos recently completed the MSc Network Systems Engineering programme at the University of Plymouth, graduating with Distinction, and the survey upon which this paper is based was conducted as part of his project work.
Protecting the UK’s written treasures The British Library is tasked with amassing a 300 Terabyte archive. It has opted for the latest document signing technology to protect the nation’s digital archive Legislation passed in 1911 requires that any item published in the UK has a copy deposited by the publisher in the British Library. As the national library of the United Kingdom, the British Library not only receives a copy of every printed publication produced in the UK, it also purchases materials extensively from around the world – contributing to a collection of 150 million items. The British Library also provides world class information services to the academic, business and scientific communities in the UK and January 2007
worldwide and offers unparalleled access to the world’s largest and most comprehensive research collection.
13 million books
The British Library’s vast collections include 13 million books, 7 million manuscripts, 4.5 million maps, 56 million patents, 3.5 million sound recordings and 58 million other items including newspaper issues, serial parts, and microfilms. Storage of the legal deposit and the purchased collections currently requires over 650 kilometres of shelving
ICAO. 2004. Biometric Deployment of Machine Readable Travel Documents. International Civil Aviation Authority. “What biometrics will you be using?”, Identity and Passport Service, http://www.identitycards.gov. uk/faqs-other-biometrics-using.asp
Author contact: Steve Furnell – email: [email protected]
and this is growing by approximately 12 kilometres a year.
Digital library Legislation passed in 2003 will extend the legal deposit requirement to include digital items such as electronic journals, Web archives, and digitally published books and newspapers. The Library is required to retain all of this material in perpetuity, and also needs to be able to provide assurance that every digital item is authentic. Because of this, the British Library is now setting up a digital library for the UK as an integral part of its more traditional services. Materials covered will include ‘born-digital’ items such as electronic versions of research journals, books published on CD-ROM or DVD, published or specially recorded sound items and archived UK websites. Computer Fraud & Security
13
CASE STUDY
Figure 1: Integrity and authenticity – digital objects. The three phases in providing assurance for the British Library
They will also include digitised versions of centuries-old books and manuscripts, ranging from the 15th Century Gutenberg Bible to 19th Century newspapers, as well as more contemporary items. The aim is to preserve and store these indefinitely and to offer a range of services to make best use of them. “We see our job as storing and giving access to these items beyond the lifetime of anyone now living and into the unforeseeable future,” says Roderic Parker, a Communications Officer in the British Library.
Digital Object Management
Establishing a digital library for the UK will require the redevelopment of all of the processes that evolved over many centuries for the traditional library: including taking in many different types of material, recording data about it for later use, storing it securely, preserving it, offering facilities to different types of user for discovery, and ensuring that the rights of producers and users are respected. The Digital Object 14
Computer Fraud & Security
Management (DOM) programme was established to develop the infrastructure required to support the digital library services and the redesign of these processes.
“
The British Library has 650 km of
”
shelving
The conventional approach to archiving publications starts with date stamping the content as it is received. This date stamping has in the past proved successful in legal cases where the date of translations or patent approvals for example, has needed to be proved. The chemical compositions of the physical items were then examined to establish authenticity through whether the paper, ink and binding were contemporary. They were also checked for signs of tampering. Clearly when it comes to the digital items a total rethink of the normal library archiving process was required.
It is not possible to examine the chemical composition to prove integrity and authenticity. A method to prove when the digital item was received, to detect tampering and to provide assurance that the item is authentic was required. It had to be a solution that did not rely on one generation of technology and which could withstand being passed through many generations of administrators. The DOM Programme first concentrated on secure storage, which was a problem that could be immediately addressed. Without the ability to keep the digitised items in guaranteed safety for the long term any other effort in other areas would be a waste of time. “The Library wanted a secure storage solution that would ensure that no material is lost or altered,” Roderic Parker explains. “Throughout history, traditional library materials have decayed and have been destroyed or damaged. But while this will inevitably continue, we now have a new weapon enabling us to make sure that our electronic material remains unchanged and authentic.”
Centuries of storage
A library has to consider centuries of storage rather than decades or years, so technology obsolescence is a big problem. Software and hardware is always changing but the British Library needs to ensure that what it has stored needs to be accessible in decades to come. In addition, there is a lack of publishing standards with a wide variety of formats being used including Word, Excel, PDF and HTML; and who can say now which of these will be readable in 100 years? This is a problem that is still being addressed with a number of solutions being considered, such as the recentlyproposed Office Open XML standard for word-processing documents, presentations, and spreadsheets. Data storage is not a write once and forget activity so access is a huge issue. In addition, how to copy new materials from an uncontrolled range January 2007
CASE STUDY perform all cryptographic functions therefore avoiding the security weaknesses often associated with appliance-based security products that are vulnerable to software attacks. In addition to performing all signing operations, the internal HSM protects and manages the system’s time source.
300 Terabytes
Figure 2: Cryptographic time stamping
of media onto one selected medium, the periodic copying of data selected by various criteria onto new media, and how to guarantee the copies are faithful ones down to the last bit are all considerations. Because of these issues, the main principle underlying the initial secure storage design and development work was that the retrieval of digital objects had to be independent of the technical properties and characteristics of the physical storage itself. A multi-site architecture was designed where each site provides a software layer for independent storage services. A key function of the secure storage layer is to guarantee the authenticity and integrity of each object stored in it. Authenticity is the basis for assurance that the represented object is identical to the original, and integrity is the basis for detecting corruption in the store.
Digital document signing
For this, the British Library is using an algorithm-based digital document signing solution from nCipher that provides secure and auditable time signing and an individual signature for every item stored in the Library. It provides a sealed January 2007
package that is stored four times in multiple modes to ensure that the chance of losing anything is negligible. nCipher’s Time Stamp Server (formerly the DSE 200) is a networked unit that uses a combination of precision timing and Public Key Infrastructure technology to provide a layer of security that is bound to the document during the publishing process. It also ensures the production of tamper-evident, trustworthy digital originals that can maintain their evidentiary value over long periods of time. By calculating an abstract numerical value based on the information stored, the nCipher system notifies the British Library every time an alteration is detected, enabling it to find and reinstate the unaltered earlier version of the document in each instance. The solution also uses an external link to an official timing authority so when the value calculated matches the one originally entered, the Library can say categorically that the item is the genuine article and that it is exactly as it was when it was put into the system - whether that was five minutes, five years, or even 500 years ago. The Time Stamp Server incorporates an independently validated (FIPS 140-2) hardware security module (HSM) to
The British Library is currently sourcing digitised materials from publishers and Web archiving, as well as from its own collections. The volume of material and the need to keep it very secure will increase significantly as the Legal Deposit Libraries Act 2003 comes into effect. The Library anticipates that it will amass up to 300 terabytes of digital material over the next four years. Digitisation of existing physical stock is also taking place, which will provide access to rare books and other materials to people from all over the world. Even this is not straightforward, and it is a huge task with an estimated five billion pages that could be covered. The Library is currently working with Microsoft in a joint project to digitise 10,000 19th century books: this will significantly cut the cost and time of the digital conversion as well as provide search facilities through Library services and the MSN Book Search service. Because the British Library’s approach has been to take account of the lower durability of digital materials and all the problems of technological obsolescence, it also needs a scalable and resilient system that allows longterm use that would be suitable for different types of material. Although the British Library’s approach is in part driven by a need for cost-effectiveness, using the right technology is critical. So, while traditional items on the shelves at the British Library may deteriorate, electronic material will remain unchanged and authentic for generations to come.
More information: www.ncipher.com www.bl.uk Computer Fraud & Security
15
2
3
Unisys. 2006. “Consumers Worldwide Overwhelmingly Support Biometrics for Identity Verification, Says Unisys Study”, Press release, 26 April 2006. http://www.unisys. com/about__unisys/news_a_ events/04268651.htm (accessed 9 December 2006).
4
Valencia, V.S. and Horn, C. 2003. “Biometric Liveness Testing”, in J.D.Woodward, N.M.Orlans and P.T.Higgins (Eds), Biometrics – Identity Assurance in the Information Age. McGraw-Hill/Osborne.
Figure 9 : Confidence that biometric information will only be used for authentication purposes (209 respondents)
About the author Prof. Steven Furnell is the head of the Network Research Group at the University of Plymouth, UK, and an Adjunct Associate Professor with Edith Cowan University, Western Australia. His research has included several projects in the biometrics area, particularly in relation to keystroke analysis on PCs and mobile devices. Related papers
can be obtained from www.plymouth. ac.uk/nrg. Konstantinos Evangelatos recently completed the MSc Network Systems Engineering programme at the University of Plymouth, graduating with Distinction, and the survey upon which this paper is based was conducted as part of his project work.
Protecting the UK’s written treasures The British Library is tasked with amassing a 300 Terabyte archive. It has opted for the latest document signing technology to protect the nation’s digital archive Legislation passed in 1911 requires that any item published in the UK has a copy deposited by the publisher in the British Library. As the national library of the United Kingdom, the British Library not only receives a copy of every printed publication produced in the UK, it also purchases materials extensively from around the world – contributing to a collection of 150 million items. The British Library also provides world class information services to the academic, business and scientific communities in the UK and January 2007
worldwide and offers unparalleled access to the world’s largest and most comprehensive research collection.
13 million books
The British Library’s vast collections include 13 million books, 7 million manuscripts, 4.5 million maps, 56 million patents, 3.5 million sound recordings and 58 million other items including newspaper issues, serial parts, and microfilms. Storage of the legal deposit and the purchased collections currently requires over 650 kilometres of shelving
ICAO. 2004. Biometric Deployment of Machine Readable Travel Documents. International Civil Aviation Authority. “What biometrics will you be using?”, Identity and Passport Service, http://www.identitycards.gov. uk/faqs-other-biometrics-using.asp
Author contact: Steve Furnell – email: [email protected]
and this is growing by approximately 12 kilometres a year.
Digital library Legislation passed in 2003 will extend the legal deposit requirement to include digital items such as electronic journals, Web archives, and digitally published books and newspapers. The Library is required to retain all of this material in perpetuity, and also needs to be able to provide assurance that every digital item is authentic. Because of this, the British Library is now setting up a digital library for the UK as an integral part of its more traditional services. Materials covered will include ‘born-digital’ items such as electronic versions of research journals, books published on CD-ROM or DVD, published or specially recorded sound items and archived UK websites. Computer Fraud & Security
13
CASE STUDY
Figure 1: Integrity and authenticity – digital objects. The three phases in providing assurance for the British Library
They will also include digitised versions of centuries-old books and manuscripts, ranging from the 15th Century Gutenberg Bible to 19th Century newspapers, as well as more contemporary items. The aim is to preserve and store these indefinitely and to offer a range of services to make best use of them. “We see our job as storing and giving access to these items beyond the lifetime of anyone now living and into the unforeseeable future,” says Roderic Parker, a Communications Officer in the British Library.
Digital Object Management
Establishing a digital library for the UK will require the redevelopment of all of the processes that evolved over many centuries for the traditional library: including taking in many different types of material, recording data about it for later use, storing it securely, preserving it, offering facilities to different types of user for discovery, and ensuring that the rights of producers and users are respected. The Digital Object 14
Computer Fraud & Security
Management (DOM) programme was established to develop the infrastructure required to support the digital library services and the redesign of these processes.
“
The British Library has 650 km of
”
shelving
The conventional approach to archiving publications starts with date stamping the content as it is received. This date stamping has in the past proved successful in legal cases where the date of translations or patent approvals for example, has needed to be proved. The chemical compositions of the physical items were then examined to establish authenticity through whether the paper, ink and binding were contemporary. They were also checked for signs of tampering. Clearly when it comes to the digital items a total rethink of the normal library archiving process was required.
It is not possible to examine the chemical composition to prove integrity and authenticity. A method to prove when the digital item was received, to detect tampering and to provide assurance that the item is authentic was required. It had to be a solution that did not rely on one generation of technology and which could withstand being passed through many generations of administrators. The DOM Programme first concentrated on secure storage, which was a problem that could be immediately addressed. Without the ability to keep the digitised items in guaranteed safety for the long term any other effort in other areas would be a waste of time. “The Library wanted a secure storage solution that would ensure that no material is lost or altered,” Roderic Parker explains. “Throughout history, traditional library materials have decayed and have been destroyed or damaged. But while this will inevitably continue, we now have a new weapon enabling us to make sure that our electronic material remains unchanged and authentic.”
Centuries of storage
A library has to consider centuries of storage rather than decades or years, so technology obsolescence is a big problem. Software and hardware is always changing but the British Library needs to ensure that what it has stored needs to be accessible in decades to come. In addition, there is a lack of publishing standards with a wide variety of formats being used including Word, Excel, PDF and HTML; and who can say now which of these will be readable in 100 years? This is a problem that is still being addressed with a number of solutions being considered, such as the recentlyproposed Office Open XML standard for word-processing documents, presentations, and spreadsheets. Data storage is not a write once and forget activity so access is a huge issue. In addition, how to copy new materials from an uncontrolled range January 2007
CASE STUDY perform all cryptographic functions therefore avoiding the security weaknesses often associated with appliance-based security products that are vulnerable to software attacks. In addition to performing all signing operations, the internal HSM protects and manages the system’s time source.
300 Terabytes
Figure 2: Cryptographic time stamping
of media onto one selected medium, the periodic copying of data selected by various criteria onto new media, and how to guarantee the copies are faithful ones down to the last bit are all considerations. Because of these issues, the main principle underlying the initial secure storage design and development work was that the retrieval of digital objects had to be independent of the technical properties and characteristics of the physical storage itself. A multi-site architecture was designed where each site provides a software layer for independent storage services. A key function of the secure storage layer is to guarantee the authenticity and integrity of each object stored in it. Authenticity is the basis for assurance that the represented object is identical to the original, and integrity is the basis for detecting corruption in the store.
Digital document signing
For this, the British Library is using an algorithm-based digital document signing solution from nCipher that provides secure and auditable time signing and an individual signature for every item stored in the Library. It provides a sealed January 2007
package that is stored four times in multiple modes to ensure that the chance of losing anything is negligible. nCipher’s Time Stamp Server (formerly the DSE 200) is a networked unit that uses a combination of precision timing and Public Key Infrastructure technology to provide a layer of security that is bound to the document during the publishing process. It also ensures the production of tamper-evident, trustworthy digital originals that can maintain their evidentiary value over long periods of time. By calculating an abstract numerical value based on the information stored, the nCipher system notifies the British Library every time an alteration is detected, enabling it to find and reinstate the unaltered earlier version of the document in each instance. The solution also uses an external link to an official timing authority so when the value calculated matches the one originally entered, the Library can say categorically that the item is the genuine article and that it is exactly as it was when it was put into the system - whether that was five minutes, five years, or even 500 years ago. The Time Stamp Server incorporates an independently validated (FIPS 140-2) hardware security module (HSM) to
The British Library is currently sourcing digitised materials from publishers and Web archiving, as well as from its own collections. The volume of material and the need to keep it very secure will increase significantly as the Legal Deposit Libraries Act 2003 comes into effect. The Library anticipates that it will amass up to 300 terabytes of digital material over the next four years. Digitisation of existing physical stock is also taking place, which will provide access to rare books and other materials to people from all over the world. Even this is not straightforward, and it is a huge task with an estimated five billion pages that could be covered. The Library is currently working with Microsoft in a joint project to digitise 10,000 19th century books: this will significantly cut the cost and time of the digital conversion as well as provide search facilities through Library services and the MSN Book Search service. Because the British Library’s approach has been to take account of the lower durability of digital materials and all the problems of technological obsolescence, it also needs a scalable and resilient system that allows longterm use that would be suitable for different types of material. Although the British Library’s approach is in part driven by a need for cost-effectiveness, using the right technology is critical. So, while traditional items on the shelves at the British Library may deteriorate, electronic material will remain unchanged and authentic for generations to come.
More information: www.ncipher.com www.bl.uk Computer Fraud & Security
15