Guarantees of Persistence

The Need for Validation of Article Integrity

One of the key requirements of LiU E-Press is that it is not be possible for anyone to modify an article after its publication. It must also not be possible for an author to modify his or her work in order to “improve” the results retroactively. Furthermore, not only shall LiU E-Press be so organized in a way that articles cannot be changed; the procedures for guaranteeing the integrity of each published document must also be transparent and convincing to the rest of the world, and leave no doubt about the integrity assurance.

Our Current Procedure

LiU E-Press uses a system which consists of a combination of administrative and technical measures. An electronically published document has at least one paper copy archived with the University archive. There are thus possibilities to go to the public archive in order to check a document’s authenticity by comparing the electronically published document with the copy in the archive.
   Since this system is fairly inconvenient, it has been complemented with the use of encrypted checksums and PGP-keys.

Checksum

When a document is published electronically a checksum is automatically generated by a system called MD5 (Message-Digest algorithm 5). The checksum is stored encrypted in a file and is made visible by a link from the web page, where the link to the electronic document is. If the document is changed. even the least change, the checksum is also changed. When the checksum is generated an e-mail is sent to the University registrar for register and archiving. It is archived as a paper copy in the Universities archive. A checksum may look like this:

609826d743ac051cabb569d671cbf454

Or like this with the path to the file:

609826d743ac051cabb569d671cbf454 /home/ep/www/ea/iap/2006/004/iap06004.pdf

Read more about MD5 >>>

PGP

When the checksum is generated as a file it is signed by a PGP (Pretty Good Privacy). PGP contains encrypted information stored in a file. See this example. Also the PGP sign is sent by e-mail to the University registrar and archived as a paper copy in the University archive.

Read more about PGP >>>

Go to the top of the page

Procedure for Verifying That a Document Has Not Been Modified

All users have the possibility to check that his/her document has not been modified by following this procedure:

The described procedure relies, of course, on an assumption that the on-line posted checksum has not been modified. To verify this and obtain a paper copy of the archived checksum from the University archive, please fill in the form and send it to:

Linköpings universitet
Electronic Press
SE-581 83 Linköping
Sweden

We are also studying other, complementary solutions regarding the archiving of checksums and keys.