Presentation is loading. Please wait.

Presentation is loading. Please wait.

1/4722 January 2003Secure XML XML Security Donald E. Eastlake, III

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1/4722 January 2003Secure XML XML Security Donald E. Eastlake, III"— Presentation transcript:

1 1/4722 January 2003Secure XML XML Security Donald E. Eastlake, III Donald.Eastlake@Motorola.com

2 2/4722 January 2003Secure XML Introduction How did I get involved? Who is specifying the basic standards? Who is specifying the higher level standards? Who is implementing the standards? What is XML?

3 3/4722 January 2003Secure XML How did I get involved? Started working on eCommerce protocols with CyberCash in 1996 (RFC 1898). This led to working on the Internet Open Trading Protocol (IOTP) at CyberCash and then IBM. IOTP was transferred to the IETF when the TRADE working group was formed which I chair. IOTP used XML and needed signatures (RFCs 2801, 2802, 2803, 2935, 2936). This led to working on Secure XML at IBM and Motorola. (RFCs are at http://www.rfc-editor.org)

4 4/4722 January 2003Secure XML Who is specifying the standards? Joint IETF/W3C XML Digital Signature working group –I am co-chair of this group and co-editor of the main specification. W3C XML Encryption working group –I am co-editor of this specification. W3C XML Key Management working group –I am a member of this working group.

5 5/4722 January 2003Secure XML Who is specifying the higher level standards? Many application efforts –P3P, SOAP, IOTP,... European Telecommunications Standards Institute –“Advanced” Digital Signatures Organization for the Advancement of Structured Information Standards (OASIS) –Security Assertion Markup Language (SAML)

6 6/4722 January 2003Secure XML Who is implementing the standards? See interoperability matrixes at the working group web pages Includes: –Microsoft, NEC, Fujitsu, RSA, IBM, Entrust, HP, DSTC, IAIK, Baltimore, Apache

7 7/4722 January 2003Secure XML What is XML? Yet another profile of SGML (Standard General Markup Language) as was HTML. HTML is presentation oriented and in practice has been mucked up by the browser wars. XML is structure oriented, extensible, and intended to have a much more rigorously enforced syntax.

8 8/4722 January 2003Secure XML What is XML (cont.)? text content of the element...

9 9/4722 January 2003Secure XML What is XML Security? XML Digital Signatures (XMLDSIG) –XMLDSIG means that the “signature” structure is in XML. The signed data could be anything. XML Encryption –XML Encryption means that the encryption information is in XML. The data which was encrypted could be anything. XML Canonicalization XML Key Management Trust Extensions

10 10/4722 January 2003Secure XML Digital “Signatures” “Sign” by calculating a “signature” based on the message(s) and a signing key. Verify by a calculation based on the message(s), signature, and a verification key. By itself, it only binds data to a key. –For “symmetric” secret key systems, the signing & verification keys are the same. Efficient but any verifier can forge signatures. –For asymmetric “public” key systems, the signing & verification keys are different. Less efficient but more secure.

11 11/4722 January 2003Secure XML Digital “Signatures” (cont.) Pass/Fail Sign Verify Secret Key Signature Message

12 12/4722 January 2003Secure XML Digital “Signatures” (cont.) SignVerify Private Key Public Key Asymmetric Key Pair Message Digest Signature Pass/Fail Message

13 13/4722 January 2003Secure XML XML Digital Signatures First digests are calculated for each piece of data to be signed and a element created. (Transforms)? (DigestMethod) (DigestValue)

14 14/4722 January 2003Secure XML XML Digital Signatures (cont.) Then a element is created from the s, keying information, signature algorithm & value. The signature is actually calculated over the SignedInfo subset of this information. NOTE: This means that the actual signature algorithm is ALWAYS applied to XML.

15 15/4722 January 2003Secure XML XML Digital Signatures (cont.) (CanonicalizationMethod) (SignatureMethod) (Reference)+ (SignatureValue) (KeyInfo)? (Object)*

16 16/4722 January 2003Secure XML Algorithms There is no standard syntax for expressing an algorithm invocation in XML. –We used a “role” element, identifying the algorithm with an attribute and any needed explicit parameters as element content. – value …

17 17/4722 January 2003Secure XML XML Digital Signatures (cont.) The data being signed can be inside the, within an element (enveloping), or external to the in the same document or elsewhere (detached), or surrounding the (enveloped), or any combination of these.

18 18/4722 January 2003Secure XML Enveloping Signature Signature SignedInfo Reference Object Signed Data

19 19/4722 January 2003Secure XML Detached Signatures XML Document Signature SignedInfo Reference Signed Data

20 20/4722 January 2003Secure XML Enveloped Signature Signed Document Signature SignedInfo Reference

21 21/4722 January 2003Secure XML XML Digital Signatures (cont.) To verify an XML digital signature you need to –verify the digests in each Reference, and –verify the signature value over the SignedInfo with the appropriate key and given signature algorithm.

22 22/4722 January 2003Secure XML What about ? A way to specify a sequence of algorithmic processing steps to apply –to the results retrieved from a URI to –produce the data to be signed, verified, or decrypted. Can include compression, encoding, subset extraction, etc. Not needed in simple cases but essential in complex cases

23 23/4722 January 2003Secure XML What is XML Security? XML Digital Signatures (XMLDSIG) –XMLDSIG means that the “signature” structure is in XML. The signed data could be anything. XML Encryption –XML Encryption means that the encryption information is in XML. The data which was encrypted could be anything. XML Canonicalization XML Key Management Trust Extensions

24 24/4722 January 2003Secure XML Encryption To encrypt, perform a calculation on the original “plaintext” and the encryption key to produce “ciphertext”. Ciphertext, by definition, does not reveal the original information. To decrypt, perform a calculation on the “ciphertext” and the decryption key to recover the “plaintext”. Symmetric secret key and asymmetric public key encryption available.

25 25/4722 January 2003Secure XML Encryption (cont.) EncryptDecrypt Public Encryption Key Private Decryption Key Asymmetric Key Pair

26 26/4722 January 2003Secure XML XML Encryption Provides two similar elements: and. Such elements provide the encryption algorithm, keying information, and either the ciphertext or a URL to the ciphertext.

27 27/4722 January 2003Secure XML XML Encryption (EncryptionMethod)? (ds:KeyInfo)? ? (CipherReference URI='' '' )?

28 28/4722 January 2003Secure XML Why Encryption is Easier than Signature Ways they are the same: –You must communicate the needed keying / algorithm / protocol information. –You must communicate some “random” binary information: the encrypted data the “signature” data –These are not too hard. In particular, it is known from the start that the binary info has no human meaning and must be communicated bit-for-bit correctly.

29 29/4722 January 2003Secure XML Why Encryption is Easier than Signature (cont.) The way they are different: –For signature only, you must communicate the original data that was signed. This data is usually changed as it is stored, transmitted, parsed, and processed, in ways such as Character set and encoding Numeric / date / time representation Line endings XML Namespace prefixes etc.

30 30/4722 January 2003Secure XML What is XML Security? XML Digital Signatures (XMLDSIG) –XMLDSIG means that the “signature” structure is in XML. The signed data could be anything. XML Encryption –XML Encryption means that the encryption information is in XML. The data which was encrypted could be anything. XML Canonicalization XML Key Management Trust Extensions

31 31/4722 January 2003Secure XML Why XML Canonicalization is Hard EXACTLY the same sequence of data bytes must be used for signing as for verifying. Thus insignificant aspects that can change in transmission must be discarded. This is very hard with due to: –The problem of DTDs & Schemas –The problem of white space –The curse of namespaces –Plus the usual: Encodings & character sets ( UTF-8, UTF-16, … ) Multiple representations (, )

32 32/4722 January 2003Secure XML XML Canonicalization: DTDs and Schemas XML (like SGML) provides for Document Type Descriptions (DTDs) which can define abbreviations (“entities”), insert default attribute values, and change the normalization of attributes. XML has Schemas which can do similar things. DTDs and Schemas can be internal or external and the same DTD/Schema processing must be done at both signing and verification.

33 33/4722 January 2003Secure XML XML Canonicalization: White Space The indenting of XML with spaces and tabs makes it look free form. With secure XML, this is an illusion. You can never tell if white space in element content is significant, so it must be rigidly preserved. – stuff and nonsense – foo White space in start and end tags is not significant. – foo

34 34/4722 January 2003Secure XML XML Canonicalization: Namespaces So that XML from different sources can be combined without conflicts, element and attribute names can be qualified with a “namespace” prefix which represents a URI. For brevity and because namespace prefixes are separated by a colon and URIs always contain a colon, URIs are bound to arbitrary prefix names and this binding effects all nested XML until overridden.

35 35/4722 January 2003Secure XML XML Canonicalization: Namespaces (cont.) asdfghjkl mnbvcxz qwertyuiop...

36 36/4722 January 2003Secure XML XML Canonicalization: Namespaces (cont.) Problems: –Early definitions of XML canonicalization/serialization used generated prefixes but later XML standards (XSLT) have namespace prefixes in attribute values, etc. So they are significant. –The only one of the many different XML data models that preserves prefixes is XPATH so canonicalization uses it. –XPATH destroys the information as to where actual namespace declaration were in the input! It maps the declaration over all descendant nodes until overridden. –If XML is moved from one ancestor context to another, as is common for protocols, it can be invaded by different ancestor namespace declarations!

37 37/4722 January 2003Secure XML XML Canonicalization: Namespaces (cont.) The Canonical XML specification imports ancestor namespace declaration. This protects against moving XML to a different context and having the signature still verify but mean something else due to changes in namespace bindings. Exclusive XML Canonicalization excludes, as much as practical, ancestor namespace declarations. It permits XML to be encapsulated and de-capsulated without breaking signatures.

38 38/4722 January 2003Secure XML What is XML (take 2)? An internal abstract data structure with a defined family of external representations in various character sets (DOM). A family of UNICODE strings with external representations in various character sets (XSLT). Something in between?

39 39/4722 January 2003Secure XML XML Canonicalization Canonicalization must specify a myriad of other serialization aspects: –UTF-8 encoding, CDATA expanded, etc. –Deterministic attribute ordering –Handling of comments and processing instructions including those before/after the document –etc.

40 40/4722 January 2003Secure XML XML URI Format Amazingly enough, before XML Security, there was no standard way of serializing URIs with miscellaneous UNICODE in them! The %xx hex escape only escapes bytes, not characters. So Canonicalization must specify a particular encoding (UTF-8) and exactly how to handle every special character on serializing and parsing URIs.

41 41/4722 January 2003Secure XML What is XML Security? XML Digital Signatures (XMLDSIG) –XMLDSIG means that the “signature” structure is in XML. The signed data could be anything. XML Encryption –XML Encryption means that the encryption information is in XML. The data which was encrypted could be anything. XML Canonicalization XML Key Management Trust Extensions

42 42/4722 January 2003Secure XML XML Key Management (XKMS) Originally from –VeriSign, Microsoft, webMethods Key Information Service –retrieval of information about keys Key Registration Service –store of information about keys Uses the SOAP protocol for communication

43 43/4722 January 2003Secure XML What is XML Security? XML Digital Signatures (XMLDSIG) –XMLDSIG means that the “signature” structure is in XML. The signed data could be anything. XML Encryption –XML Encryption means that the encryption information is in XML. The data which was encrypted could be anything. XML Canonicalization XML Key Management Trust Extensions

44 44/4722 January 2003Secure XML ETSI “Advanced” Signature ETSI TS 101 903 draft v1.1.1 (February 2002) Designed to comply with European Directive Define assorted Policy and Time Stamp extensions Add and element in an Assumes public key certificates and CRLs Defines series of extended signatures, each a superset of the previous –minimum: add policy/semantic and time stamp –maximum: full certificate chain and CRL set

45 45/4722 January 2003Secure XML SAML Security Assertion Markup Language –An XML-based security standard for exchanging authentication and authorization information. –Being produced by OASIS

46 46/4722 January 2003Secure XML Bonus Slide: Book Comparison

47 47/4722 January 2003Secure XML END W3C documents are at

Download ppt "1/4722 January 2003Secure XML XML Security Donald E. Eastlake, III"

Similar presentations

What is XML? a meta language that allows you to create and format your own document markups a method for putting structured data into a text file; these.

What is XML? a meta language that allows you to create and format your own document markups a method for putting structured data into a text file; these.
XML: Extensible Markup Language

XML: Extensible Markup Language
SOAP.

SOAP.
Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
XML Encryption Prabath Siriwardena Director, Security Architecture.

XML Encryption Prabath Siriwardena Director, Security Architecture.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Introduction to XLink Transparency No. 1 XML Information Set W3C Recommendation 24 October 2001 (1stEdition) 4 February 2004 (2ndEdition) Cheng-Chia Chen.

Introduction to XLink Transparency No. 1 XML Information Set W3C Recommendation 24 October 2001 (1stEdition) 4 February 2004 (2ndEdition) Cheng-Chia Chen.
Grid Computing, B. Wilkinson, 20043a.1 WEB SERVICES Introduction.

Grid Computing, B. Wilkinson, 20043a.1 WEB SERVICES Introduction.
XML Introduction What is XML –XML is the eXtensible Markup Language –Became a W3C Recommendation in 1998 –Tag-based syntax, like HTML –You get to make.

XML Introduction What is XML –XML is the eXtensible Markup Language –Became a W3C Recommendation in 1998 –Tag-based syntax, like HTML –You get to make.
XML Security in IODEF INCH WG, IETF56 March 19, 2003 Yuri Demchenko.

XML Security in IODEF INCH WG, IETF56 March 19, 2003 Yuri Demchenko.
Sistemi basati su conoscenza XML Prof. M.T. PAZIENZA a.a. 2002-2003.

Sistemi basati su conoscenza XML Prof. M.T. PAZIENZA a.a
Introduction to XML Extensible Markup Language

Introduction to XML Extensible Markup Language
Web services security I

Web services security I
Manohar – Why XML is Required Problem: We want to save the data and retrieve it further or to transfer over the network. This.

Manohar – Why XML is Required Problem: We want to save the data and retrieve it further or to transfer over the network. This.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
1 Web Services Security XML Encryption, XML Signature and WS-Security.

1 Web Services Security XML Encryption, XML Signature and WS-Security.
ECA 228 Internet/Intranet Design I Intro to XML. ECA 228 Internet/Intranet Design I HTML markup language very loose standards browsers adjust for non-standard.

ECA 228 Internet/Intranet Design I Intro to XML. ECA 228 Internet/Intranet Design I HTML markup language very loose standards browsers adjust for non-standard.
Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.

Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.

Similar presentations

Ads by Google