You are on page 1of 5

Introduction of the SECurity and Trust concepts in the EO exploitation chain INSECT Executive Summary Version 1.

0 15/09/2009

A project funded by contract: project: reference: issue: revision: status: date of issue: document type: authors: approved: ESRIN/Contract No. 21768/08/I-EC INSECT INSECT-HTC.TN-FR 1.0 0 Released 15/09/2009 Executive Summary W. Croi / LuxSpace (croi@luxspace.lu) F. Foeteler / LuxTrust (frederic.foeteler@luxtrust.lu) H. Linke / HITEC Luxembourg (Harold.Linke@hitec.lu) H. Linke, INSECT Project Manager

All rights reserved.

.0.Issue 1.TN-RBD 3.0 INSECT Executive Summary Doc N°: Issue: Page INSECT-HTC-FR 1. 2. Architecture Technical Note.TN-AR [RD03] INSECT Project. April 2008 (Doc ref GSTPRTDA-EOPG-SW-08-00019.6. Technical Implementation Note.2 REFERENCE DOCUMENTS [RD01] INSECT Project. 21768/08/I-EC). Requirements baseline.0 2 Date: of 15/09/2009 5 1.1 SCOPE OF THIS DOCUMENT SCOPE OF THE DOCUMENT The present Executive Summary is the summary of the ESA project INSECT (reference ESRIN/Contract No.TNTIN [RD04] INSECT Project. 2.TN-RB [RD02] INSECT Project. . version 1. Ref INSECT-LXS. 1.5. Ref INSECT-LXS. version 1. Ref INSECT-LXS. Ref INSECT-LXS. Frascati 2. version 1.1 APPLICABLE AND REFERENCE DOCUMENTS APPLICABLE DOCUMENTS [AD01] European Space Agency (2008): Statement of Work “INtroduction of SECurity and Trust in the EO exploitation chain”. version 2. revision 0. DEFINITIONS AND ACRONYMS Directorate General Agriculture Directorate General Environment European Commission European Environment Agency Earth Observation European Space Agency Global Monitoring for Environment and Security INtroduction of SECurity and Trust in the EO exploitation chain Joint Research Centre – Institute for Security and Protection of the Citizens Trusted Third Party Trusted TimeStamps Table 1: List of Acronyms DG AGRI DG ENV EC EEA EO ESA GMES INSECT JRC-ISPC TTP TTS All rights reserved.4. Requirements Baseline for Demonstrator.

0 INSECT Executive Summary Doc N°: Issue: Page INSECT-HTC-FR 1. JRC-ISPC) as well as private institutions (e. The study was executed by HITEC Luxembourg S. A synthesis of the EO data exploitation chain shows the potential steps in which the method of signing and timestamping EO data and the derived products increases security. namely DG ENV. LuxSpace S.0 3 Date: of 15/09/2009 5 4. . Several international organizations like the United Nations. Figure 1: All rights reserved. After an analysis and definition of the requirements for digitally signing and timestamping EO products and their derived information the study showed how these mechanisms and concepts can be introduced into relevant data flows as well as infrastructures and processes The Development of a demonstrator showing an example of how digital signatures and timestamping could be integrated into the existing EO ground segment environment. and LuxTrust S.r.A. For the introduction of the signing technologies two criteria are vital and essential in order to guarantee an acceptance by all concerned EO business actors: • • Neither the original image data nor its corresponding metadata may ever be diminished by adding the signature and timestamp. With the TTS.à. Securing documents and transactions transmitted over the Internet is a must in applications like Internet banking and electronic commerce. The objectives of the INSECT study were to show how security and trust concepts could be introduced into the EO exploitation chain. EXECUTIVE SUMMARY Security and Trust are the most important and the most discussed topics in today’s Internet based communication. insurance companies) and others start to use EO data to monitor enforcement of policies. a Trusted Third Party (TTP) certifies the existence of a given document at the indicated date and time. It must be possible to verify the integrity of the original data and the results produced in each processing step. (the three parties are also referred to as “the Consortium”). DG AGRI. to manage funds and subsidies and to respond to emergencies. EEA.g.A. But whenever EO data is intended to be used in courts or for policy and regulation enforcement. to ensure that the data has not been changed.l. the integrity of the EO data and the integrity of the entire data processing chain must be ensured which results in the following key requirements: • • • It must be possible to reproduce the results based on the original data at all times. The Requirements Analysis showed that a big interest in this topic already exists. no firm concepts for securely dealing with valuable data over the Internet exist yet. It must at all times be possible to interpret the original image data for third parties that are not in possession of specific signature or timestamping skills and tools. the European Union (EC Directorates General and Agencies. But when it comes to Earth Observation. In analogy to these Internet transactions the best way to ensure the integrity of EO data is to add a legally recognized digital signature and a Trusted Time Stamp (TTS) onto the document in order to prove the original date of the document. (coordinator). A common timestamp that is based on a central trusted service for all EO-data would be very interesting.

illustrating the various modes of creating digital signatures (manual vs automated).Validates the integrity of a digital signature. All rights reserved. BB5 Timestamp Validation .Requests online a digital timestamp.Verifies the certificate validity. BB6 Certificate Validation .0 INSECT Executive Summary Doc N°: Issue: Page INSECT-HTC-FR 1.Creation of a digital signature by a digital certificate connected to the operator’s computer. BB7 Author Identification . based on the outcomes of the Requirements Analysis. a general architecture and process for the introduction of timestamping and digital signatures mechanisms into the EO data chain was defined. . The business interaction between a single EO data user and multiple EO data providers have also been highlighted such as the coordinated handling of EO data by means of a trusted party when it comes to a GMES repository. This architecture is based on seven building blocks: • • • • • • • BB1 Manual Signature .Allows identification of the certificate owner. timestamps and their respective validation offerings. Figure 1: EO exploitation chain introducing Digital Signatures / Time Stamps Five use cases have been identified footing on and reflecting the above mentioned requirements. In the Architecture and Process Definition task. BB3 Timestamp Creation . BB4 Signature Validation .0 4 Date: of 15/09/2009 5 EO exploitation chain introducing Digital Signatures / Time Stamps provides a quick overview on these different milestones where the introduction of an advanced security mechanism is recommended.Validates the integrity of a digital timestamp. BB2 Automated Signature .digital signing based on the automated Mass Signature service.

. All rights reserved. The user can download a simple JAVA application that allows him to validate the signatures and timestamps and identify the author of the signature. To validate and evaluate the architecture a Demonstrator application implementing all building blocks for timestamping and signing processes was developed. To avoid interference with the existing processes of the EO data & service provider the signing and timestamping of the EO products was done when the products were ready for transmission to the customer (see star 4 of Error! Reference source not found. The INSECT study demonstrated that using digital signatures and timestamping are useful for EO data & service providers and for the ESA. All new products stored in this “output” directory were automatically digitally signed and timestamped by the Demonstrator. As the overall costs for implementing this service are relatively low the barrier is not very high.).0 INSECT Executive Summary Doc N°: Issue: Page INSECT-HTC-FR 1. . This was achieved by monitoring a special “output” directory of the transmission FTP server.0 5 Date: of 15/09/2009 5 The implementation of the seven building blocks is based on the existing services of the study partner LuxTrust S. Further analyse the legal framework and propose actions to make the usage of digital signatures a pre-requisite for EO data handling at a large scale (even in space). This demonstrator was tested together with and approved by an EO data & service provider. the Luxembourg based certification authority delivering electronic certificates for people authentication and secure electronic signatures with legal value. No manual interaction was necessary. Start studies or further analysis how to implement an Audit trail using digital signature and timestamping. The performance was good and the user friendliness of the automatic signing solution was accepted.A. As next steps are proposed: • • • Implement the concept of digital signatures and timestamps into the ESA GMES coordinated data access system. The Demonstrator showed that the concept can be realised with existing (and future) solutions provided by LuxTrust.