Guarantees of Persistence
The Need for Validation of Article Integrity
One of the key requirements of LiU E-Press is that it is not be possible
for anyone to modify an article after its publication. It must also not be possible for an author to modify his or her work in order to
“improve” the results retroactively. Furthermore, not only shall
LiU E-Press be so organized in a way that articles cannot be changed; the procedures
for guaranteeing the integrity of each published document must also be transparent
and convincing to the rest of the world, and leave no doubt about the integrity
assurance.
Our Current Procedure
LiU E-Press uses a system which consists of a combination of administrative and technical measures. An electronically published document has at least one paper copy archived with the University archive. There are thus possibilities to go to the public archive in order to check a document’s authenticity by comparing the electronically published document with the copy in the archive.
Since this system is fairly inconvenient, it has been complemented with the use of encrypted checksums and PGP-keys.
Checksum
When a document is published electronically a checksum is automatically generated by a system called MD5 (Message-Digest algorithm 5). The checksum is stored encrypted in a file and is made visible by a link from the web page, where the link to the electronic document is. If the document is changed. even the least change, the checksum is also changed. When the checksum is generated an e-mail is sent to the University registrar for register and archiving. It is archived as a paper copy in the Universities archive. A checksum may look like this:
609826d743ac051cabb569d671cbf454
Or like this with the path to the file:
609826d743ac051cabb569d671cbf454 /home/ep/www/ea/iap/2006/004/iap06004.pdf
Read more about MD5 >>>
PGP
When the checksum is generated as a file it is signed by a PGP (Pretty Good Privacy). PGP contains encrypted information stored in a file. See this example. Also the PGP sign is sent by e-mail to the University registrar and archived as a paper copy in the University archive.
Read more about PGP >>>
Procedure for Verifying That a Document Has Not Been Modified
All users have the possibility to check that his/her document has not been modified by following this procedure:
- Acquire the MD5 and PGP software.
- Obtain the checksum of the article and the original version of the document from the homepage where it is published.
- Add our PGP-key
to your keying in order to verify the PGP-signature.
- You should now have a file called <article_year_number>.<format(ps,
pdf)>.md5 in your directory (example: cis01022.ps.md5).
- Run MD5 on the article you want to check and compare the checksum in the
file you got from PGP with the checksum you made yourself. If they match,
this indicates the article has not been altered.
- If you encounter any problems with this procedure, please read the manuals
for the software (MD5, PGP etc.) before you mail us about it. (Unfortunately
are we unable to to offer support for this software).
The described procedure relies, of course, on an assumption that the on-line
posted checksum has not been modified. To verify this and obtain a paper copy of the archived checksum from the University archive, please fill in the form and send it to:
Linköpings universitet
Electronic Press
SE-581 83 Linköping
Sweden
We are also studying other, complementary solutions regarding the archiving of checksums and keys.
Ph.D., Lic. Theses
