Frederick Penrose and Dr. Gordon Romney, Information Technology
Proposal
With the ever increasing move to electronic documents in every industry and field, digital security is becoming a greater concern for everyone. Various departments within BYU have the concern of distributing images to the public and in-turn persons from the public fraudulently change the images and then claim that their modified image is the original. The mission of our project was to create a method for which the integrity of the image is preserved to produce a unique “Digital Signature” on the object at the time of archival. The objective of the Digital Signature Signing Server (DS3 ) project is to efficiently produce digital signatures (at time T1) for a vast quantity of digital objects and to provide the process to validate, at a later time (T2) as required, the integrity of the digital signature of a specific ObjA. As an example if DigSig(ObjA,T1) = DigSig(ObjA,T2) then the integrity of object ObjA, has been preserved since time T1. If the comparison yields a mismatch, then one can assume that ObjA has been modified. The goal is to allow “owners” of digital assets maintain the integrity of their assets and know when any modification (malicious or not) has occurred.
Project Management
Under the direction of Dr. Romney the project was divided up into six modules each including sub-responsibilities. The six modules included are: 1) Project Management and Client Support 2) Web Interfacing 3) Server Architecture and System Administration 4) Authentication Process 5) Digital Signature and Digital Signature Validation Process and 6) Archiving Method for Secure Data.
As the Project Manager team collaboration was the key responsibility. As it was the first time our team members had taken on a project of this magnitude it was critical organizing and planning the scope of the project from day 1. During the first several meetings requirements were determined for the project and initial assignments were made. After determining initial requirements Microsoft Project was used to setup a timeline of events. After creating a timeline of events our team put together a Statement of Work that established a scope of work and functional specifications.
Presentations were prepared and given throughout the Fall and Winter semesters of 2005/2006 school year. Presentations ranged from small classes of students to the Industrial Advisory Board (IAB) members. During these presentations our team was able to give proof of concept, progress reports, and resolution to audience concerns. Client meetings were also conducted at different times of the year regarding product specifications and user requirements.
Lessons Learned and Experiences
The greatest lesson learned while working on this project was the importance of sticking to the “scope of work.” Due to the fact that most of the team members have never worked on a project of this size, it became very easy to allow “scope creep.” Without documenting or consulting with the team, individual members would take on small extra responsibilities. Some of those small responsibilities became large responsibilities that we were unable to complete by year-end. Despite the fact that we met as a team at least once a week and in small groups, we still had a lack of organization. Ultimately as the Project Manager, the lack of organization was my fault, and in the end it seems as though I lost control of the project and support of some of the team members.
The Sun Center of Excellence has taken over the project along with some of the initial team members. My understanding is that the Sun Center of Excellence is currently trying to load the system for Dr. Parry on a Solaris platform and compete in a Sun Microsystems competition.
Sources
- Schneier, Bruce, Applied Cryptography, John Wiley & Sons, Inc., New York, 1996 ISBN:0-471-12845-7
Smith, Richard E., Authentication, Addison-Wesley, New York, 2002 ISBN:0-201-61599-1
Turner, James, MySQL and JSP Web Applications, SAMS, Indianapolis, Indiana, 2002 ISBN:0-672-32309-5 - 2000 Romney, G.W. and Zubeldia, K., “Method and Apparatus for Establishing the Authenticity of an Electronic Document” U.S. Patent No. 6,085,322
- 1999 Romney, G.W., Zubeldia, K., “Method and Apparatus for Witnessed Authentication of Electronic Documents” U.S. Patent No. 5,872,848