Historic integrity in distributed systems

Quantified Score

Visualization

Abstract

In an all-digital, all-online setting, long-term secure record keeping is a difficult task. The record-keeping problem comes up with increasing frequency, as we migrate to exclusively digital ways of transacting business. Accountability requires information about the content and the timing of business transactions. In the digital world, ideally, we should be able to tell with conviction when a “digital event” occurred with respect to other events—such as storing a purchase receipt on a hard drive or signing a contract digitally—and we should be able to avert tampering with events that have been committed to history. Unfortunately, data on memory, on disk or on tape can change without leaving a trace of when and how they were written. Especially in a complex loosely coupled distributed system that involves many interacting individuals, computers and organizations over the Internet, the task of maintaining the history of events as they happen for later perusal can be a management, security and storage nightmare. In this thesis, we address the issue of historic integrity in large, loosely coupled distributed systems, and ways to ensure this integrity in a secure, yet efficient manner. We describe Timeweave, a framework that allows the different participants in a distributed system to maintain their own recorded histories, while contributing to the maintenance and protection against tampering of collective history for the entire system. Timeweave requires minimal trust among individual components of the system and can survive the temporary or permanent departure of components from the system. Finally, Timeweave can operate efficiently in distributed systems numbering a few thousand participating components for up to a few decades' worth of history, at overheads affordable to even medium-grade consumer systems available today.