A Framework for Iterative Signing of Graph Data on the Web
-
Upload
ansgar-scherp -
Category
Data & Analytics
-
view
167 -
download
5
description
Transcript of A Framework for Iterative Signing of Graph Data on the Web
![Page 1: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/1.jpg)
A Framework for Iterative Signing ofGraph Data on the Web
May 27, 2014
Andreas Kasten, [email protected]
Ansgar Scherp, [email protected]
Peter Schauß, [email protected]
1 University of Koblenz-Landau, Koblenz, Germany
2 Kiel University and Leibniz Information Centre for Economics, Kiel, Germany
![Page 2: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/2.jpg)
◦ ◦ ◦ ◦ ◦
Outline
Motivation
Signing and Verification Process
Signing Framework
Configurations
Conclusion
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 2 / 21
![Page 3: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/3.jpg)
• ◦ ◦ ◦ ◦
Outline
Motivation
Signing and Verification Process
Signing Framework
Configurations
Conclusion
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 3 / 21
![Page 4: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/4.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 5: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/5.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 6: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/6.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 7: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/7.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 8: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/8.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 9: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/9.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 10: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/10.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 11: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/11.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 12: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/12.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 13: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/13.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 14: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/14.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 15: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/15.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 16: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/16.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 17: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/17.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 18: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/18.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 19: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/19.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 20: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/20.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 21: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/21.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 22: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/22.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 23: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/23.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 24: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/24.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 25: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/25.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 26: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/26.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 27: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/27.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 28: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/28.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 29: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/29.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 30: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/30.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 31: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/31.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 32: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/32.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 33: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/33.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 34: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/34.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 35: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/35.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 36: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/36.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 37: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/37.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 38: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/38.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 39: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/39.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 40: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/40.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 41: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/41.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 42: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/42.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 43: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/43.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 44: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/44.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 45: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/45.jpg)
• ◦ ◦ ◦ ◦
Use Case: Signing Medical Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 21
![Page 46: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/46.jpg)
◦ • ◦ ◦ ◦
Outline
Motivation
Signing and Verification Process
Signing Framework
Configurations
Conclusion
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 5 / 21
![Page 47: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/47.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Security Requirements
• authenticity
• integrity
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 6 / 21
![Page 48: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/48.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Security Requirements
• authenticity
• integrity
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 6 / 21
![Page 49: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/49.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Security Requirements
• authenticity
• integrity
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 6 / 21
![Page 50: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/50.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Data
input graph + private key
output graph signature
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 7 / 21
![Page 51: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/51.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Process
AssemblyStep 5
CanonicalizationStep 1
SerializationStep 2
HashStep 3
SignatureStep 4
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 8 / 21
![Page 52: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/52.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Process
AssemblyStep 5
CanonicalizationStep 1
SerializationStep 2
HashStep 3
SignatureStep 4
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 8 / 21
![Page 53: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/53.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Process
Graph signing
AssemblyStep 5
CanonicalizationStep 1
SerializationStep 2
HashStep 3
SignatureStep 4
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 8 / 21
![Page 54: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/54.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Process
AssemblyStep 5
CanonicalizationStep 1
SerializationStep 2
HashStep 3
SignatureStep 4
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 9 / 21
![Page 55: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/55.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Process
AssemblyStep 5
SerializationStep 2
HashStep 3
SignatureStep 4
CanonicalizationStep 1
• normalize the graph
• rename blank nodes
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 9 / 21
![Page 56: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/56.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Process
AssemblyStep 5
SerializationStep 2
HashStep 3
SignatureStep 4
CanonicalizationStep 1
_:a ex:hasName "Jay" ._:a ex:hasChild _:b ._:b ex:hasName "Bob" .
_:g1 ex:hasChild _:g2 ._:g2 ex:hasName "Bob" ._:g1 ex:hasName "Jay" .
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 9 / 21
![Page 57: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/57.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Process
AssemblyStep 5
CanonicalizationStep 1
HashStep 3
SignatureStep 4
SerializationStep 2
• transform graph into serial form
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 9 / 21
![Page 58: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/58.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Process
AssemblyStep 5
CanonicalizationStep 1
SerializationStep 2
SignatureStep 4
HashStep 3 • compute hash value of serial form
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 9 / 21
![Page 59: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/59.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Process
AssemblyStep 5
CanonicalizationStep 1
SerializationStep 2
HashStep 3
SignatureStep 4
• sign hash value
• use private key
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 9 / 21
![Page 60: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/60.jpg)
◦ • ◦ ◦ ◦
Signing a Graph: Process
CanonicalizationStep 1
SerializationStep 2
HashStep 3
SignatureStep 4
AssemblyStep 5
• add signature to graph
• add metadata to graph
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 9 / 21
![Page 61: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/61.jpg)
◦ • ◦ ◦ ◦
Verifying a Signature: Data
input signed graph + public key
output yes or no
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 10 / 21
![Page 62: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/62.jpg)
◦ • ◦ ◦ ◦
Verifying a Signature: Process
ExtractionStep 1
CanonicalizationStep 2
SerializationStep 3
HashStep 4
VerificationStep 5
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 11 / 21
![Page 63: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/63.jpg)
◦ • ◦ ◦ ◦
Verifying a Signature: Process
VerificationStep 5
ExtractionStep 1
identical tosigning process
CanonicalizationStep 2
SerializationStep 3
HashStep 4
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 11 / 21
![Page 64: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/64.jpg)
◦ ◦ • ◦ ◦
Outline
Motivation
Signing and Verification Process
Signing Framework
Configurations
Conclusion
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 12 / 21
![Page 65: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/65.jpg)
◦ ◦ • ◦ ◦
Signing Framework: Characteristics
• formally specifies signing process
• supports different configurations
• implementation-independent
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 13 / 21
![Page 66: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/66.jpg)
◦ ◦ • ◦ ◦
Signing Framework: Features
• signing of named graphs
• signing of distributed graphs
• iterative signing
• signature is encoding-independent
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 14 / 21
![Page 67: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/67.jpg)
◦ ◦ • ◦ ◦
Signing Framework: Formalization
• defines input & output of each step
• guideline for new algorithms
canonicalize κ : G→ G, κ(G) := G
serialize ν : G→ 2{0,1}∗, ν(G) := G
hash λ : {0, 1}∗ → {0, 1}d , λ(b) := h
% : 2{0,1}d
→ {0, 1}d , %({h1, . . . , ho}) := h
λG : 2{0,1}∗→ {0, 1}d , λ(G) := %({λ(b1), . . . , λ(bo)})
sign ε : K× {0, 1}d → {0, 1}d′, ε(k, b) := s
assemble ς : K× 2G → G,ς(k, {G1, . . . ,Gm}) := (aS , S , {G1, . . . ,Gm})
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 15 / 21
![Page 68: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/68.jpg)
◦ ◦ ◦ • ◦
Outline
Motivation
Signing and Verification Process
Signing Framework
Configurations
Conclusion
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 16 / 21
![Page 69: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/69.jpg)
◦ ◦ ◦ • ◦
Configurations: Overview
Configuration Approach
Carroll [Car03]
sort all statementsrename blank nodesadd statements for difficult blank nodes
Tummarello et al. [TMPP05]
sign sub-graphs separately
Fisteus et al. [FGFK10]
sort all statements based on hash valuerename blank nodes
Sayers & Karp [SK04]
add statements for all blank nodescompute hash incrementally
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 17 / 21
![Page 70: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/70.jpg)
◦ ◦ ◦ • ◦
Configurations: Overview
Configuration Approach
Carroll [Car03] sort all statementsrename blank nodesadd statements for difficult blank nodes
Tummarello et al. [TMPP05]
sign sub-graphs separately
Fisteus et al. [FGFK10]
sort all statements based on hash valuerename blank nodes
Sayers & Karp [SK04]
add statements for all blank nodescompute hash incrementally
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 17 / 21
![Page 71: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/71.jpg)
◦ ◦ ◦ • ◦
Configurations: Overview
Configuration Approach
Carroll [Car03] sort all statementsrename blank nodesadd statements for difficult blank nodes
Tummarello et al. [TMPP05] sign sub-graphs separately
Fisteus et al. [FGFK10]
sort all statements based on hash valuerename blank nodes
Sayers & Karp [SK04]
add statements for all blank nodescompute hash incrementally
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 17 / 21
![Page 72: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/72.jpg)
◦ ◦ ◦ • ◦
Configurations: Overview
Configuration Approach
Carroll [Car03] sort all statementsrename blank nodesadd statements for difficult blank nodes
Tummarello et al. [TMPP05] sign sub-graphs separately
Fisteus et al. [FGFK10] sort all statements based on hash valuerename blank nodes
Sayers & Karp [SK04]
add statements for all blank nodescompute hash incrementally
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 17 / 21
![Page 73: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/73.jpg)
◦ ◦ ◦ • ◦
Configurations: Overview
Configuration Approach
Carroll [Car03] sort all statementsrename blank nodesadd statements for difficult blank nodes
Tummarello et al. [TMPP05] sign sub-graphs separately
Fisteus et al. [FGFK10] sort all statements based on hash valuerename blank nodes
Sayers & Karp [SK04] add statements for all blank nodescompute hash incrementally
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 17 / 21
![Page 74: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/74.jpg)
◦ ◦ ◦ • ◦
Configurations: Theoretical Analysis
Configuration Runtime Space Signature Overhead
Carroll [Car03] O(n log n) O(n) bh + metadata
Tummarello et al. [TMPP05] O(n log n) O(n) bh + r metadata
Fisteus et al. [FGFK10] O(n log n) O(n) metadata
Sayers & Karp [SK04] O(n) O(n) b + metadata
n number of triples
b number of blank nodes
bh ≤ b number of difficult blank nodes
r ≤ n number of sub-graphs
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 18 / 21
![Page 75: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/75.jpg)
◦ ◦ ◦ ◦ •
Outline
Motivation
Signing and Verification Process
Signing Framework
Configurations
Conclusion
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 19 / 21
![Page 76: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/76.jpg)
◦ ◦ ◦ ◦ •
Best-Practice Guidelines
• use Sayers & Karp for graphs with few blank nodes
• use Carroll for graphs with many blank nodes
• only use Tummarello et al. with fast signing functions
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 20 / 21
![Page 77: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/77.jpg)
Get the Java R© API from
https://github.com/akasten/signingframework
![Page 78: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/78.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Appendix Outline I
Iteratively Signing Graph Data
Reasoning on Signed Data
XML Signature Syntax
Java R© Implementation
Signature Verification
Complete Formalization
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 1 / 80
![Page 79: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/79.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Appendix Outline II
Blank Nodes & Canonicalization Functions
Tummarello et al.
Security
Semantic Web Layer Stack
Provenance Tracking
Evaluation
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 2 / 80
![Page 80: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/80.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Appendix Outline IIIReferences
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 3 / 80
![Page 81: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/81.jpg)
• ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Iteratively Signing Graph Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 4 / 80
![Page 82: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/82.jpg)
• ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Iteratively Signing Graph Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 5 / 80
![Page 83: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/83.jpg)
• ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Iteratively Signing Graph Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 5 / 80
![Page 84: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/84.jpg)
• ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Iteratively Signing Graph Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 5 / 80
![Page 85: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/85.jpg)
• ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Iteratively Signing Graph Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 5 / 80
![Page 86: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/86.jpg)
• ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Iteratively Signing Graph Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 5 / 80
![Page 87: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/87.jpg)
◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Reasoning on Signed Data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 6 / 80
![Page 88: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/88.jpg)
◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Signed Data
• signature covers original data
• any modification will invalidate the signature
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 7 / 80
![Page 89: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/89.jpg)
◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Inferred Data
• inferred data is additional data
• inferred data modifies original data
• inferred data invalidates signature
. . . if stored in the same graph
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 8 / 80
![Page 90: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/90.jpg)
◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Solution
• store signed data separately from inferred data
• sign inferred data again if desired
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 9 / 80
![Page 91: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/91.jpg)
◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
XML Signature Syntax
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 10 / 80
![Page 92: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/92.jpg)
◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
XML Signature Syntax: Goals [BBF+08]
• support signatures for any digital content
• define signing process
• define verification process
• specify signature format
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 11 / 80
![Page 93: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/93.jpg)
◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
XML Signature Syntax: Syntax [BBF+08]
<Signature ID?>
<SignedInfo>
<CanonicalizationMethod/>
<SignatureMethod/>
(<Reference URI? >
(<Transforms>)?
<DigestMethod>
<DigestValue>
</Reference>)+
</SignedInfo>
<SignatureValue>
(<KeyInfo>)?
(<Object ID?>)*
</Signature>
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 12 / 80
![Page 94: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/94.jpg)
◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
XML Signature Syntax: Signing RDF?
• signing RDF is possible
• signature will only cover specific serialization
• signature can only be verified having this serialization
• signature becomes fragile
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 13 / 80
![Page 95: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/95.jpg)
◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
XML Signature Syntax: Signing RDF?
• signing RDF is possible
• signature will only cover specific serialization
• signature can only be verified having this serialization
• signature becomes fragile
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 13 / 80
![Page 96: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/96.jpg)
◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
XML Signature Syntax: Signing RDF?
• signing RDF is possible
• signature will only cover specific serialization
• signature can only be verified having this serialization
• signature becomes fragile
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 13 / 80
![Page 97: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/97.jpg)
◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
XML Signature Syntax: Example
<rdf:RDF ...>
<ex:Person rdf:about="http://www.example.com#Shakespeare">
<ex:diedIn>1616</ex:diedIn>
<ex:wrote rdf:resource="http://www.example.com#Hamlet" />
<ex:hasFriend rdf:nodeID="a" />
</ex:Person>
<rdf:Description rdf:nodeID="a">
<ex:hasAge>42</ex:hasAge>
</rdf:Description>
</rdf:RDF>
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 14 / 80
![Page 98: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/98.jpg)
◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
XML Signature Syntax: Example
<rdf:RDF ...>
<rdf:Description rdf:nodeID="a">
<ex:hasAge>42</ex:hasAge>
</rdf:Description>
<ex:Person rdf:about="http://www.example.com#Shakespeare">
<ex:diedIn>1616</ex:diedIn>
<ex:wrote rdf:resource="http://www.example.com#Hamlet" />
<ex:hasFriend rdf:nodeID="a" />
</ex:Person>
</rdf:RDF>
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 14 / 80
![Page 99: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/99.jpg)
◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
XML Signature Syntax: Example
<rdf:RDF ...>
<rdf:Description rdf:nodeID="a">
<ex:hasAge>42</ex:hasAge>
</rdf:Description>
<ex:Person rdf:about="http://www.example.com#Shakespeare">
<ex:hasFriend rdf:nodeID="a" />
<ex:wrote rdf:resource="http://www.example.com#Hamlet" />
<ex:diedIn>1616</ex:diedIn>
</ex:Person>
</rdf:RDF>
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 14 / 80
![Page 100: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/100.jpg)
◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Java R© Implementation
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 15 / 80
![Page 101: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/101.jpg)
◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Java R© Implementation
• proof-of-concept
• contains 4 configurations
• foundation for evaluation
• usable as API or stand-alone application
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 16 / 80
![Page 102: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/102.jpg)
◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Signature Verification
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 17 / 80
![Page 103: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/103.jpg)
◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Verifying a Signature: Data
input signed graph + public key
output yes or no
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 18 / 80
![Page 104: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/104.jpg)
◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Verifying a Signature: Process
1. extract
2. canonicalize
3. serialize
4. hash
5. verify
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 19 / 80
![Page 105: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/105.jpg)
◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Verifying a Signature: Process
1. extract
2. canonicalize
3. serialize
4. hash
5. verify
• extract signature value
• extract metadata
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 19 / 80
![Page 106: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/106.jpg)
◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Verifying a Signature: Process
1. extract
2. canonicalize
3. serialize
4. hash
5. verify
• re-create signature value
• compare with hash value
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 19 / 80
![Page 107: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/107.jpg)
◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Complete FormalizationGraphs and Named GraphsGraph Signing FunctionCanonicalization FunctionSerialization FunctionHash Function for GraphsSignature FunctionAssembly FunctionSignature Verification FunctionVerification Function
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 20 / 80
![Page 108: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/108.jpg)
◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Graphs and Named Graphs
set of triples T = (R ∪B)×P× (R ∪B ∪ L)
graph G
set of graphs G = 2T
named graph NG = (a,A, {C1,C2, . . . ,Cl})set of named graphs GN = ((R ∪B)×G× 2GN ) ∪ {(ε, ∅,G )}
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 21 / 80
![Page 109: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/109.jpg)
◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦
Graph Signing Function
σN : Ks × 2GN → {0, 1}d ′
σN(ks , {NG1, . . . ,NGm}) := s
σN(ks , {NG1, . . . ,NGm}) := ε(ks , λ(νN(κN(NG1))·. . .·νN(κN(NGm))))
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 22 / 80
![Page 110: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/110.jpg)
◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦
Canonicalization Function
κ : G→ G
κ(G ) := G
κN : GN → GN
κN(NG ) := NG
κN(NG ) :=
{(ε, (∅, ∅), G ) if NG = (ε, (∅, ∅),G ), G ∈ G(a, A, {C1, . . . , Cl}) if NG = (a,A, {C1, . . . ,Cl})
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 23 / 80
![Page 111: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/111.jpg)
◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦
Serialization Function
ν : G→ 2{0,1}∗, ν(G ) := G
νN : GN → 2{0,1}∗
νN(NG ) := NG
νN(NG ) :=
{G if NG = (ε, (∅, ∅),G ), G ∈ G{a} ∪ A ∪ C 1 ∪ . . . ∪ C l if NG = (a,A, {C1, . . . ,Cl})
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 24 / 80
![Page 112: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/112.jpg)
◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦
Hash Function for Graphs
λ : {0, 1}∗ → {0, 1}d
λ(b) := h
% : 2{0,1}d → {0, 1}d
%({h1, h2, . . . , ho}) := hN
λN : 2{0,1}∗ → {0, 1}d
λN(NG ) := hN = %({λ(b1), λ(b2), . . . , λ(bo)})
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 25 / 80
![Page 113: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/113.jpg)
◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦
Signature Function
ε : Ks × {0, 1}d → {0, 1}d′
ε(ks , b) := s
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 26 / 80
![Page 114: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/114.jpg)
◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦
Assembly Function
ςN : Ks × 2GN → GN
ςN(ks , {NG1, . . . ,NGm}) := (aS ,S , {NG1, . . . ,NGm})
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 27 / 80
![Page 115: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/115.jpg)
◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦
Signature Verification Function
δ : Kp × {0, 1}d′ → {0, 1}d
δ(kp, s) := b
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 28 / 80
![Page 116: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/116.jpg)
◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ •
Verification Function
h′ := λN(νN(κN(NG1)) ∪ . . . ∪ νN(κN(NGm)))
γN : Kp × 2GN × {0, 1}∗ → {TRUE ,FALSE}
γN(kp, {NG1, . . . ,NGm}, s) :=
{TRUE if δ(kp, s) = h′
FALSE otherwise
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 29 / 80
![Page 117: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/117.jpg)
◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
Blank Nodes & Canonicalization FunctionsBlank NodesCanonicalization FunctionsExample Canonicalization
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 30 / 80
![Page 118: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/118.jpg)
◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦
Blank Nodes: Problem
• local IDs may change
• local IDs influence graph’s hash value
• local IDs influence graph’s signature
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 31 / 80
![Page 119: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/119.jpg)
◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦
Blank Nodes: Example
_:a foaf:name "A" .
_:a foaf:knows _:b .
_:b foaf:name "B" .
_:d foaf:name "A" .
_:d foaf:knows _:c .
_:c foaf:name "B" .
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 32 / 80
![Page 120: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/120.jpg)
◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦
Blank Nodes: Solution
• deterministically rename blank nodes
• apply canonicalization function
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 33 / 80
![Page 121: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/121.jpg)
◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦
Stability of Canonicalization Functions
• canonicalization normalizes graphs by renaming blank nodes
• canonicalization functions operate deterministically
• sorting statements not necessary for canonicalizationI may be part of serialization function or hash functions
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 34 / 80
![Page 122: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/122.jpg)
◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ •
Example Scenario: Using a Triple Store
1. sign RDF/XML document
2. load RDF/XML document into triple store
3. rename blank nodes in triple store
4. change order of statements in triple store
5. write data in triple store to RDF/XML document
6. verify signature?
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 35 / 80
![Page 123: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/123.jpg)
◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ •
Example Scenario: Signing Process
• signing requires canonicalization
• canonicalization renames blank node IDsI may use sorting the statements
• statement ordering irrelevant for canonicalizationI if relevant for hash value, hash function will cover it
• canonicalization is deterministical
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 36 / 80
![Page 124: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/124.jpg)
◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ •
Example Scenario: Verification Process
• verification performs canonicalization
• result is identical to first canonicalization
• following hash value is also identical
• signature can be verified
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 37 / 80
![Page 125: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/125.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦
Tummarello et al.
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 38 / 80
![Page 126: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/126.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦
Disadvantages
• high signature overhead
• high runtime
• iterative signing (natively) not supported
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 39 / 80
![Page 127: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/127.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦
Signing a Graph: Original Graph
ex:Fred foaf:knows _:a .
_:a foaf:age "42" .
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 40 / 80
![Page 128: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/128.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦
Signing a Graph: 1. Signature Graph
_:b rdf:type rdf:Statement .
_:b rdf:subject ex:Fred .
_:b rdf:predicate foaf:knows .
_:b rdf:predicate _:a .
_:b dbin:PGPCertificate http://public.dbin.org/cont/238785872.asc .
_:b dbin:Base64SigValue "McwOPX...A7xcB5w==" .
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 41 / 80
![Page 129: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/129.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦
Signing a Graph: Attaching the 1. Signature
ex:Fred foaf:knows _:a .
_:a foaf:age "42" .
_:b rdf:type rdf:Statement .
_:b rdf:subject ex:Fred .
_:b rdf:predicate foaf:knows .
_:b rdf:predicate _:a .
_:b dbin:PGPCertificate http://public.dbin.org/cont/238785872.asc .
_:b dbin:Base64SigValue "McwOPX...A7xcB5w==" .
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 42 / 80
![Page 130: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/130.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦
Signing a Graph: 2. Signature Graph
_:c rdf:type rdf:Statement .
_:c rdf:subject ex:Fred .
_:c rdf:predicate foaf:knows .
_:c rdf:predicate _:a .
_:c dbin:PGPCertificate http://public.dbin.org/cont/4565543215.asc .
_:c dbin:Base64SigValue "MAhiuad...HUAash==" .
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 43 / 80
![Page 131: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/131.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦
Signing a Graph: Attaching the 2. Signature
ex:Fred foaf:knows _:a .
_:a foaf:age "42" .
_:b rdf:type rdf:Statement .
_:b rdf:subject ex:Fred .
_:b rdf:predicate foaf:knows .
_:b rdf:predicate _:a .
_:b dbin:PGPCertificate http://public.dbin.org/cont/238785872.asc .
_:b dbin:Base64SigValue "McwOPX...A7xcB5w==" .
_:c rdf:type rdf:Statement .
_:c rdf:subject ex:Fred .
_:c rdf:predicate foaf:knows .
_:c rdf:predicate _:a .
_:c dbin:PGPCertificate http://public.dbin.org/cont/4565543215.asc .
_:c dbin:Base64SigValue "MAhiuad...HUAash==" .
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 44 / 80
![Page 132: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/132.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦
SecuritySecurity RequirementsSecurity AnalysisKey ManagementTrust Model
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 45 / 80
![Page 133: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/133.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ • ◦ ◦ ◦
Security Requirements
• authenticity
• integrity
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 46 / 80
![Page 134: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/134.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ • ◦ ◦ ◦
Security Requirements
• authenticity
• integrity
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 46 / 80
![Page 135: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/135.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ • ◦ ◦ ◦
Security Requirements
• authenticity
• integrity
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 46 / 80
![Page 136: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/136.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ • ◦ ◦
Security Analysis: Attacker Model
• remove existing statements
• insert additional statements
• replace existing statements with different statements
• modify statements in the graph
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 47 / 80
![Page 137: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/137.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ • ◦ ◦
Security Analysis: Basic Idea
• analyze all cryptographic operationsI basic hash function λI combining function %I signature function ε
• analyze all configurationsI break down all steps into atomic operationsI distinguish between cryptographic and non-cryptographic
operations
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 48 / 80
![Page 138: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/138.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ • ◦
Key Management: Goal
• protects a key pair. . .I . . . from being compromisedI . . . from being misused by unauthorized parties
• ensures that. . .I . . . a signature key is only known to its ownerI . . . a verification key can be related to the owner of the key pair
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 49 / 80
![Page 139: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/139.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ • ◦
Key Management: Tasks
• secure creation of keys
• secure storing of keys
• secure destroying of old keys
• revoking compromised keys
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 50 / 80
![Page 140: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/140.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ •
Trust Model: Goal
• defines trustworthy management of public keys
• certificate authorities (CAs) sign public key certificates
• trustworthiness of public keys depend on trustworthiness of CAs
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 51 / 80
![Page 141: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/141.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦ ◦ ◦ ◦ ◦ •
Trust Model: Models
• X.509 [CSF+08]I hierarchical modelI few trusted & pre-configured root CAs
• PGP [Zim95]I decentrally organized (web of trust)I all participants are both end users and CAs
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 52 / 80
![Page 142: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/142.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦
Semantic Web Layer Stack
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 53 / 80
![Page 143: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/143.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦
Semantic Web Layer Stack
User Interface & Applications
Trust
Proof
Cry
pto
Unifying Logic
Ontology: OWL
RDF-S
RDFXML
URI/IRI
Rule:RIF
SPARQL
[Bra07]
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 54 / 80
![Page 144: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/144.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦
Semantic Web Layer Stack
User Interface & Applications
Trust
Proof
Cry
pto
Unifying Logic
Ontology: OWL
RDF-S
RDFXML
URI/IRI
Rule:RIF
SPARQL
[Bra07]
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 54 / 80
![Page 145: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/145.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦ ◦
Semantic Web Layer Stack
User Interface & Applications
Trust
Proof
Cry
pto
Unifying Logic
Ontology: OWL
RDF-S
RDFXML
URI/IRI
Rule:RIF
SPARQL
[Bra07]
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 54 / 80
![Page 146: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/146.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦
Provenance Tracking
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 55 / 80
![Page 147: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/147.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦
Goals of Provenance Tracking
• document creation of (digital) objects
• document modification of (digital) objects
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 56 / 80
![Page 148: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/148.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦
W3C PROV: Goal [GM13]
define a format for provenance tracking covering
• involved agents
• involved documents (entities)
• involved activities
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 57 / 80
![Page 149: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/149.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦
W3C PROV: Types of Provenance [GM13]
agent-centered parties creating and/or modifying the data
object-centered origins of data and its parts
process-centered actions and/or steps producing the data
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 58 / 80
![Page 150: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/150.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦ ◦
W3C PROV: Signatures?
PROV − Signatures
• assertions can be forged
• assertions can bemanipulated
PROV + Signatures
• assertions are authentic
• assertions are integer
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 59 / 80
![Page 151: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/151.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦
Evaluation
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 60 / 80
![Page 152: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/152.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦
Input and Output
Variables
• different configurations
• 10K–250K statements
• 0%–50% blank nodes
Measured Values
• runtime
• memory usage
• signature overhead
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 61 / 80
![Page 153: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/153.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • ◦
Setup
RAM 100 GB
CPU 2.00 GHz Intel R© Xeon R©
OS Debian 7
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 62 / 80
![Page 154: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/154.jpg)
Runtime of Canonicalization Function
105 106 2.5 · 106100
101
102
103
no. of statements
run
tim
e(m
s)
Carroll Tummarello et al. Fisteus et al. Sayers & Karp
![Page 155: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/155.jpg)
Memory Usage of Canonicalization Function
105 106 2.5 · 106
10−3
10−1
101
103
no. of statements
mem
ory
(mb
)
Carroll Tummarello et al. Fisteus et al. Sayers & Karp
![Page 156: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/156.jpg)
Runtime of Hash Function
105 106 2.5 · 106
102
103
no. of statements
run
tim
e(m
s)
Carroll Tummarello et al. Fisteus et al. Sayers & Karp
![Page 157: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/157.jpg)
Memory Usage of Hash Function
105 106 2.5 · 106
102
103
no. of statements
mem
ory
(mb
)
Carroll Tummarello et al. Fisteus et al. Sayers & Karp
![Page 158: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/158.jpg)
Runtime of Carroll
105 106 2.5 · 106101
102
103
104
107
no. of statements
run
tim
e(m
s)
Canonicalization Hash Sign Assembly
![Page 159: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/159.jpg)
Runtime of Tummarello et al.
105 106 2.5 · 106101
102
103
104
107
no. of statements
run
tim
e(m
s)
Canonicalization Split Hash Sign Assembly
![Page 160: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/160.jpg)
Runtime of Fisteus et al.
105 106 2.5 · 106
102
103
104
107
no. of statements
run
tim
e(m
s)
Canonicalization Hash Sign Assembly
![Page 161: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/161.jpg)
Runtime of Sayers & Karp
105 106 2.5 · 106
101102103104
107
no. of statements
run
tim
e(m
s)
Canonicalization Hash Sign Assembly
![Page 162: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/162.jpg)
Overall Runtime (Fixed Blank Node Percentage)
105 106 2.5 · 106
102
103
104
105
106
no. of statements
run
tim
e(m
s)
Carroll Tummarello et al. Fisteus et al. Sayers & Karp
![Page 163: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/163.jpg)
Overall Memory Usage (Fixed Blank Node Percentage)
105 106 2.5 · 106
102
103
104
no. of statements
mem
ory
(mb
)
Carroll Tummarello et al. Fisteus et al. Sayers & Karp
![Page 164: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/164.jpg)
Overall Runtime (Varying Blank Node Percentage)
105 106 2.5 · 106
104
105
106
no. of statements
run
tim
e(m
s)
Carroll Tummarello et al. Fisteus et al. Sayers & Karp
![Page 165: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/165.jpg)
Overall Memory Usage (Varying Blank Node Percentage)
105 106 2.5 · 106
103
104
105
no. of statements
mem
ory
(mb
)
Carroll Tummarello et al. Fisteus et al. Sayers & Karp
![Page 166: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/166.jpg)
Overall Signature Overhead (Varying Blank NodePercentage)
105 106 2.5 · 106
101
103
105
107
% of blank nodes in graph
over
hea
d(t
rip
les)
Carroll Tummarello et al. Fisteus et al. Sayers & Karp
![Page 167: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/167.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ •
References
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 76 / 80
![Page 168: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/168.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ •
References I
Mark Bartel, John Boyer, Barb Fox, Brian LaMacchia, andEd Simon.XML signature syntax and processing.W3C recommendation, W3C, 2008.http://www.w3.org/TR/xmldsig-core/.
Steve Bratt.Semantic web, and other technologies to watch, 2007.www.w3.org/2007/Talks/0130-sb-W3CTechSemWeb/.
Jeremy J. Carroll.Signing RDF graphs.In ISWC 2003, pages 369–384. Springer, 2003.
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 77 / 80
![Page 169: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/169.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ •
References II
David Cooper, Stefan Santesson, Stephen Farrell, Sharon Boeyen,Russell Housley, and Tim Polk.Internet X.509 public key infrastructure.RFC 5280, IETF, 05 2008.
Jesus Arias Fisteus, Norberto Fernandez Garcıa, Luis SanchezFernandez, and Carlos Delgado Kloos.Hashing and canonicalizing Notation 3 graphs.JCSS, 76(7):663–685, 2010.
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 78 / 80
![Page 170: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/170.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ •
References III
Yolanda Gil and Simon Miles.Prov model primer.Working group note, W3C, 04 2013.http:
//www.w3.org/TR/2013/NOTE-prov-primer-20130430/.
Craig Sayers and Alan H. Karp.Computing the digest of an RDF graph.Technical report, HP Laboratories, 2004.
Giovanni Tummarello, Christian Morbidoni, Paolo Puliti, andFrancesco Piazza.Signing individual fragments of an RDF graph.In WWW, pages 1020–1021. ACM, 2005.
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 79 / 80
![Page 171: A Framework for Iterative Signing of Graph Data on the Web](https://reader033.fdocuments.us/reader033/viewer/2022060120/55913a031a28ab01498b47bf/html5/thumbnails/171.jpg)
◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ •
References IV
Philip R Zimmermann.The official PGP user’s guide.MIT press, 1995.
A. Kasten et al. – A Framework for Iterative Signing of Graph Data on the Web 80 / 80