Decentralized Trusted Timestamping Whitepaper (Proof of Origination)

[scs-ab]

We, Supercomputing Systems AG, would like to announce our whitepaper describing a way to provide trusted timestamping based on blockchain technology.

Blog (english)
https://www.scs.ch/blog/en/2017/01/blockchain-technology-for-industry-4-0-applications/
Blog (german):
https://www.scs.ch/blog/2017/01/blockchain-technologie-in-industrie-4-0-anwendungen/

Whitepaper (english):
https://www.scs.ch/blog/wp-content/uploads/2017/01/trusted-sensor-whitepaper.pdf

Abstract
This whitepaper describes a concept to add trusted timestamps to sensor data based on a
public blockchain. This allows to prove that (sensor) data has been captured at a specific point
in time. Such a proof includes existence at certain time as well as prior inexistence, with a time
precision of minutes. While it has previously been possible to prove that data existed before a
certain point in time [3], this paper contributes a way to also prove that data only existed after
a certain point in time. Such a proof of inexistence requires a trusted hardware platform.

Introduction
Trusting the timestamps and the integrity of sensor data can be a crucial requirement, i.e. for
using surveillance camera footage as evidence in court. Thanks to Trusted Platform Modules
[7], it is possible to provide trusted origin and immutability of sensor data as long as one can
be sure that the hardware is not physically accessible to the adversary. However, timestamps
remain difficult to verify as common time sources like GPS, GLONASS, Galileo and NTP can
be spoofed. Blockchain technology such as Bitcoin [8] can be used to provide a "proof-of-existence”
[3]: A document’s hash can be stored in the blockchain as a payload to a transaction.
This way one can later prove the existence of the hashed document before the corresponding
transaction was included in a block on the blockchain. This proof relies on the immutability of a
public blockchain and on the fact that it is very unlikely to know the hash of a document without
knowing the document itself.

In the following section, a method will be introduced to complement proof-of-existence with a
proof of prior inexistence.

Proof of Origination
Proving the time of origination requires the proof of prior inexistence. While it is impossible to
generally prove inexistence of something, we will assume the following in the case of sensors
measuring physical quantities:

* the sensor is trusted hardware
* the software and and firmware are open source and can be verified by means of reproducible
builds [1]
* the adversary has no physical access to the sensor hardware and has no possibility to
influence the physical quantities being measured.

Assuming the above, we can take advantage of the fact that the hash of the highest block in a
public blockchain can’t be known prior to that block having been mined. But the hash is publicly
known and trusted ever after (or for as long as the blockchain is trusted). If we now enrich our
sensor data frame with that hash before signing it using the Trusted Platform Module (TPM) [7],
we have proven prior inexistence. If we then add the hash of our signed frame to a transaction
on the same blockchain, we get a proof of origination (PoO). The combination of the two proofs
results in a trusted time range of origination. Figure 1 (please see pdf) shows a block diagram for
such a platform.

The precision of this time range depends on the block time of the chosen blockchain. In the
best case, the precision is the time between two blocks. This would be around 10 min in the
case of Bitcoin or 1min in the case of Ethereum [4] but could be as low as 10s [6][5].

In order to be sure that the sensor data has really been handeled as described (and has not
i.e. been buffered to delay the timestamp), it is necessary to open source both software and
firmware and to have reproducible builds [1] running on the data acquisition hardware. This
might need to be extended by using Trusted Execution Environments [2]. The security concept
for the data acquisition platform is beyond the scope of this document however.

About supercomputing Systems AG
Supercomputing Systems AG is an engineering company in the fields of high performance
computing systems, communication systems, algorithm development and big data solutions.
Engineering expertise ranges from software design and development (enterprise solutions as
well as embedded software), electronics development, design of distributed systems, to highend
measurement technology. SCS AG has 24 years of experience as an engineering company
in different markets such as high performance computing, energy, public transportation, industrial
application, automotive. The company has over 95 engineers in the fields of electrical
engineering, software engineering, physics and data analysis.
Based on its experience Supercomputing Systems AG offers engineering services in this fastgrowing
field of blockchain technology.

References
[1] Reproducible builds. https://reproducible-builds.org/.
[2] Trusted execution environment specification.
http://globalplatform.org/specificationsdevice.asp.
[3] M. Araoz and E. Ordano. http://www.proofofexistence.com, 2013.
[4] V. Buterin. Ethereum whitepaper,
https://github.com/ethereum/wiki/wiki/White-Paper, 2013.
[5] V. Buterin. Toward 12s block times. https://blog.ethereum.org/2014/07/11/
toward-a-12-second-block-time/, 2014.
[6] V. Buterin. On slow and fast block times.
https://blog.ethereum.org/2015/09/14/on-slow-and-fast-block-times/ , 2015.
[7] T. C. Group. https://trustedcomputinggroup.org/tpm-main-specification/ , 2011.
[8] S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system.
https://bitcoin.org/bitcoin.pdf, 2008.

[franky1]

not fool proof.

say i wanted to break into a place with security surveillance tonight.

i prepare the event by recording footage from months prior of no events/break ins at the location that will get hit. and then on the night. i swap the tapes.
now the footage of months ago(no hit) gets timestamped with tonights timestamp and everyone now trusts the footage they are watching tomorrow after the break in, was from tonight.

now you have no proof i was there.. as the timestamped and blockchain hash immutability shows i wasnt at the scene of the crime at the time.

i then do the same for my alibi by months prior going somewhere miles away from the intended location. do normal things to get recorded(say a restaurant or streetcam) and then take the tape, hold onto it.. then get someone to swap it out tonight so it too gets timestamped with tonights lock

now i also have timestamped and blockchain locked proof i was somewhere else at the time of the crime

[scs-ab]

not fool proof.

say i wanted to break into a place with security surveillance tonight.

i prepare the event by recording footage from months prior of no events/break ins at the location that will get hit. and then on the night. i swap the tapes.
now the footage of months ago(no hit) gets timestamped with tonights timestamp and everyone now trusts the footage they are watching tomorrow after the break in, was from tonight.

[...]

In our proposal, the entire camera is a trusted platform (sketched in Figure 1). There are no tapes to be switched between the camera sensor and the trusted timestamping.

If you would like to "switch tapes", you would have to

• fool the camera by holding some monitor in front of the lens that plays your prerecorded tape. There are ways to at least make such a spoof very hard to do (like sensor fusion).
• or you could open up the trusted hardware and patch it so you can replay your spoof footage. Also in this case there are ways to make this very difficult. (like integrating the main blocks in a single-die CMOS image sensor

In the paper we assume

* the adversary has no physical access to the sensor hardware and has no possibility to
influence the physical quantities being measured.

We can of course discuss whether this is a sound assumption. However, those attacks are declared to be beyond the scope of this paper.

[franky1]

though there are many ways to fool something. using time stamps to prove something of the past, there is actual limit to its effectiveness.

your scenario has to be more reliant of an entity having no access to the source material. meaning the requirement of needing a timestamp becomes less required anyway, and more of just a secondary gesture of assurance, rather then a primary proof of origin.

i think your security system scenario needs to be replaced with other creative scenario, because i can already think of several methods to get around the security system scenario.

think up a new scenario that concentrates on, 'when all else fails' and nothing can be trusted. that your 'proof of origination' can be the proof without trust, without other requirements to be needed.. and be the sole safety feature that still makes the evidence valid. (in short remove the if's and but's)

[scs-ab]

though there are many ways to fool something. using time stamps to prove something of the past, there is actual limit to its effectiveness.

Not sure what you mean. We prove more than timestamps. The TPM also proves the origin of the data and makes it immutable by signing the data with its hardware-locked private key.

your scenario has to be more reliant of an entity having no access to the source material. meaning the requirement of needing a timestamp becomes less required anyway, and more of just a secondary gesture of assurance, rather then a primary proof of origin.

I don't get what you mean.

i think your security system scenario needs to be replaced with other creative scenario, because i can already think of several methods to get around the security system scenario.

I'm interested. Please elaborate on those attacks!

think up a new scenario that concentrates on, 'when all else fails' and nothing can be trusted. that your 'proof of origination' can be the proof without trust, without other requirements to be needed.. and be the sole safety feature that still makes the evidence valid. (in short remove the if's and but's)

I doubt there is a solution to the security problem that doesn't come with if's or but's. All one can do is make an attack more expensive.

[franky1]

think up a new scenario that concentrates on, 'when all else fails' and nothing can be trusted. that your 'proof of origination' can be the proof without trust, without other requirements to be needed.. and be the sole safety feature that still makes the evidence valid. (in short remove the if's and but's)

I doubt there is a solution to the security problem that doesn't come with if's or but's. All one can do is make an attack more expensive.

how can you have a proof of origination.. if it is not 100% proof, because it requires X/Y/Z if's and buts to be met before you can treat it as proof.

its only proof when there is no way to 'if or but' the evidence.

take the security video scenario.
instead of ifs or buts of needing the video to be securely stored in a vault that even staff cant access..

imagine it like it doesnt matter if there are 5000 different copies of a video. or if 100 members of staff can get to the video.. a proof of origin would be the way to know exactly which copy is the original no matter how the original was handled, physically stored, etc

[scs-ab]

how can you have a proof of origination.. if it is not 100% proof, because it requires X/Y/Z if's and buts to be met before you can treat it as proof.

its only proof when there is no way to 'if or but' the evidence.

Point taken. I agree that our proof can't be 100% rock solid under any condition. But I want to state that something like 100% only exists in theory (like math). Even cryptography by itself can't reach a security of 100%. Its all probabilistic. But I agree that it might be easier to spoof our concept than it is to spoof a bitcoin transaction.

Maybe we should call it "evidence of origination"?

Still: I think our contribution has the potential to increase the level of trust in sensor data (origin and origination time) with respect to prior technology.

imagine it like it doesnt matter if there are 5000 different copies of a video. or if 100 members of staff can get to the video.. a proof of origin would be the way to know exactly which copy is the original no matter how the original was handled, physically stored, etc

To know which one is the original is not the point and I don't think "proof of origin" would be the right wording for this. That would be some kind of copy protection. You would need to prove uniqueness.

[franky1]

how can you have a proof of origination.. if it is not 100% proof, because it requires X/Y/Z if's and buts to be met before you can treat it as proof.

its only proof when there is no way to 'if or but' the evidence.

Point taken. I agree that our proof can't be 100% rock solid under any condition. But I want to state that something like 100% only exists in theory (like math). Even cryptography by itself can't reach a security of 100%. Its all probabilistic. But I agree that it might be easier to spoof our concept than it is to spoof a bitcoin transaction.

Maybe we should call it "evidence of origination"?

Still: I think our contribution has the potential to increase the level of trust in sensor data (origin and origination time) with respect to prior technology.

imagine it like it doesnt matter if there are 5000 different copies of a video. or if 100 members of staff can get to the video.. a proof of origin would be the way to know exactly which copy is the original no matter how the original was handled, physically stored, etc

To know which one is the original is not the point and I don't think "proof of origin" would be the right wording for this. That would be some kind of copy protection. You would need to prove uniqueness.

all im saying is just envision a different scenario than the security video.. say one which doesnt involve as much if's or maybe's then you will show your evidence of origin may have some real utility

take julian assange's use of the blockchain as proof of life, as a for instance

[digaran]

I think you watched "Person of interest" and took it serious I have some ideas about something but I can't file a patent or register my invention it's rather in a theory phase anyways but I wanted to know if I could somehow use the blockchain to timestamp an encrypted version of my idea and in the future I could provide a private key to extract the data and decrypt it to prove I'm right, but who will accept such data? legally I mean.

[franky1]

I think you watched "Person of interest" and took it serious I have some ideas about something but I can't file a patent or register my invention it's rather in a theory phase anyways but I wanted to know if I could somehow use the blockchain to timestamp an encrypted version of my idea and in the future I could provide a private key to extract the data and decrypt it to prove I'm right, but who will accept such data? legally I mean.

putting the whole document on the blockchain is alot of bloat. not advised
because you are limited to how many bytes per output. so it ends up as having lots of outputs to get the whole document encluded..

but even satoshi in 2009 converted a short message to hash that he then put into an 'OP_return' output.
https://blockchain.info/tx/4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b?show_adv=true
"��
EThe Times 03/Jan/2009 Chancellor on brink of second bailout for banks "

as you can see by this website that translates the hash back to ascii
http://coinsecrets.org/

other examples are
https://blockchain.info/tx/819b7e8999e101db63f0e68fca91afcabf53ea7a74872bbd0d020df18ad2178b?show_adv=true
'j<hellow Idid send you ,adn are you fine,I love you fromJapan'

people either write a short message or add a url or a files hash (metadata)

this has been possible since day one, but not advised to get everyone to use bitcoin as a message store.
and especially not advised to do multiple outputs to store whole documents

though this is what people have termed 'proof of existence' years ago, to show that data/idea/concept existed at a certain date by adding a reference to the data into bitcoins blockchain.

[scs-ab]

I think you watched "Person of interest" and took it serious

No, but thanks for the hint ;-)

I have some ideas about something but I can't file a patent or register my invention it's rather in a theory phase anyways but I wanted to know if I could somehow use the blockchain to timestamp an encrypted version of my idea and in the future I could provide a private key to extract the data and decrypt it to prove I'm right [...]

You're Spot-on. With the exception that we indeed could've attempted a patent. But that wouldn't suit our buisness case very well. All we need is "freedom to operate".

but who will accept such data? legally I mean.

Let's wait and see.

[Xester]

Technology is made by man and man can also break the technology he made. This simply means that there are no fool proof technology. The only way that the community can reach the state of fool proof rule is if all person becomes honest. But nevertheless your technology is good and I hope it will be successful and useful in the future. But always keep in mind that the system has always its flaw so you just need to upgrade always so invaders may not enter the system.