“Big data”, cloud, and the Internet of Things (IoT) are examples of the rapidly expanding area of distributed data networks and acquisition of distributed data. Data generated at a plurality of source nodes is collected for processing and/or analysis. An example of the source nodes includes sensor networks that perform measurements and provide measurement data, e.g., in home automation data networks or industrial processing data networks. A further example includes servers in a data center generating event log records, e.g. for operational security.
The operation of data networks, such as above examples, relies upon the integrity of the data received from the distributed data sources and the control processes. This means that as data is collected, it has to be possible to verify that the data has not been tampered with since the data left the source node. Furthermore, the data source has to be authentic. This means that an indicated source, e.g., a source node indicated by the received data or a data packet including the data, is the actual originator of the data.
Depending on operational security requirements, it is not sufficient that only the intended recipient collecting the data can verify aspects of integrity and authenticity. Rather, it is required that third parties can audit the data exchange between the source nodes and the collecting node. Conventional techniques for authenticating the data source implement public-key cryptography, e.g., using a Public Key Infrastructure (PKI) with signatures on all data exchanged between the nodes.
However, generating signatures is resource consuming in minimalistic source nodes (also referred to as “low-end devices”) such as sensors. Furthermore, the impact of signatures on bandwidth and/or storage is disproportionally large compared to the data to be exchanged (e.g., since the nodes have to be prepared for an audit, a large number of signatures have to be stored for relatively long time periods in the nodes). Moreover, signatures verifiable by a PKI are known to be cumbersome to establish and maintain over time, especially if many sources of data have to be distinguished, i.e., identified by means of different certificates.
Other conventional techniques, e.g. below referred to as QI-KSI, implement Merkle trees. Aggregating hash values of the exchanged data in a Merkle tree is efficient, since the “root” of the Merkle tree provides a compressed digest of all individual hash values, so that the Merkle tree reduces storage requirements. However considerable effort is needed to arrange for the keys in each leaf of the tree to be used for authentication.
Ahto Buldas, Andres Kroonmaa and Risto Laanoja have disclosed some principles in “Keyless Signatures' Infrastructure: How to Build Global Distributed Hash-Trees”, below referred to as [1], in “Efficient Quantum-Immune Keyless Signatures with Identity”, below referred to as [2], in “Efficient Implementation of Keyless Signatures with Hash Sequence Authentication”, below referred to as [3], and in “Security Proofs for the BLT Signature Scheme”, below referred to as [4]. Ahto Buldas and Sven Laur have disclosed some principles in “Knowledge-Binding Commitments with Applications in Time-Stamping”, below referred to as [5].
It is a desire to provide a practical implementation for providing time-stamping which still provides a fair degree of certainty.