National Cyber Security
Estonian Succession Registry long-term non-repudiation for electronic archives, without the need to manage cryptographic keys.
In Estonia, one can vote in elections from the comfort of their living room. Taxes can be filed in just five minutes. One can sign a legally-binding contract over the Internet, from anywhere in the world, via the mobile phone. Entrepreneurs can register businesses in as little 18 minutes, check vital company, property and legal records online, and even integrate their own secure services with the ones offered by the state.
Interaction among government agencies, and between the government and citizens, has been completely transformed in e-Estonia, quickly making bureaucracy a thing of the past and making the running of all levels of government more efficient than ever before. The digital society means massive data production and exchange, which becomes the biggest vulnerability in cyber world. With all the benefits a digital society brings along, there’s an inevitable question of the Big Brother. Who can see all the data about me and my life? Is the data safe? Can anybody delete or alter my data? How will I ever know?
While the average time of the data breach until its detection takes 205 days (Source: Mandiant) it is terrifying what could be done in that amount of time without having mathematically and independently provable solutions. Luckily in Estonia the integrity of the digital society and its components is protected with a Keyless Signature infrastructure, developed by the scientists after the 2007 cyber attacks specificly to tackle the problem of the state system integrity.
Keyless Signature Infrastructure (KSI) – a technology that allows any type of electronic activity to be independently verified using only formal mathematical methods, without the need for trusted administrators or cryptographic keys. It is used to protect Estonian state systems with gateways placed in Information Systems Authority.
Data in Estonian Succession Registry and Chamber of Notaries is also secured with KSI. Estonian Succession Registry is an official electronic database containing millions of inheritance related documents and records concerning Estonian citizens.
The questions of data integrity and privacy are especially relevant for documents and data that are being stored in digital form for long periods of time, affecting people for generations to come, like in the case with Estonian Succession Registry, managed by the Ministry of Justice. To conclusively answer integrity questions, all the data stored in the Succession registry is signed using the KSI technology and then re-verified every 5 minutes, continuously, providing the Active Integrity component for the stored data.
The deployment of the system was performed in cooperation with Estonian Center of Registers. KSI service was connected to Succession Registry’s existing NAS system using the API to manage the data signing and verification processes. Everything with KSI-enabled storage works transparently; files are just deposited from the applications to the storage platform and are retrieved normally. Inside the KSI-enabled storage, every time a data object is inserted into the storage, a signature is generated and that signature is stored separately in a key-value pair database. When the object is manually retrieved from the database users may also query the validity of the signature and the signature can be retrieved as part of the object meta-data.
The benefits of using the technology are:
- Provable Record Integrity means that the State to hold themselves harmless against accusations of database tampering or deletion by presenting KSI based independent proof of record integrity – regulatory compliance
- Citizen Empowerment. Each person has an ability to verify the integrity of their records at State databases at will, independently of the State or any other third party – resulting in the trust increase.
- Cost effectiveness. Long-term non-repudiation is achieved without the need to periodically re-sign the documents and there are no cryptographic keys to manage or secrets to protect – much more resistant and cheap solution without expire date.