Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,

Slides:

Advertisements

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Advertisements

Operating System Security

Digital Signatures and Hash Functions. Digital Signatures.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Database Management System

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Web services security I

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Key Management in Cryptography

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

Chapter 10: Authentication Guide to Computer Network Security.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

Electronic Mail Security

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)

Implementation Yaodong Bi. Introduction to Implementation Purposes of Implementation – Plan the system integrations required in each iteration – Distribute.

General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Cryptography, Authentication and Digital Signatures

Review of basic cryptographically algorithm Asymmetric encoding (Private and Public Keys), Hash Function, Digital Signatures and Certification.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

Web Services Standards. Introduction A web service is a type of component that is available on the web and can be incorporated in applications or used.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

1 Integrating digital signatures with relational database: Issues and organizational implications By Randal Reid, Gurpreet Dhillon. Journal of Database.

XML Meta Documents Security Based on Extended Provisional Authorization.

Csci5233 computer security & integrity 1 Cryptography: an overview.

Decentralized authorization and data security in web content delivery * Danfeng Yao (Brown University, USA) Yunhua Koglin (Purdue University, USA) Elisa.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Intro to Cryptography Lesson Introduction

Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.

1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.

Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.

Network Security Celia Li Computer Science and Engineering York University.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Cryptography: an overview

Cryptography: an overview

VNF Package Integrity and Authenticity – Public key based

Authentication, Authorisation and Security

e-Health Platform End 2 End encryption

ELECTRONIC MAIL SECURITY

ELECTRONIC MAIL SECURITY

Cryptography: an overview

Instructor Materials Chapter 5: Ensuring Integrity

BPSec: AD Review Comments and Responses

Presentation transcript:

Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville, NS, Canada Gregory Leighton, Department of Computer Science, University of Calgary, Calgary, Canada Krzysztof Miziołek, Centre for Studies on the Classical Tradition in Poland and East-Central Europe, Warsaw University, Warsaw, Poland The Extreme Markup Languages Conference, Montreal, August 7-11, 2006

2 The Extreme Markup Languages Conference, Montreal, August 10, 2006 GOAL Share XML documents within decentralized and distributed computing environments. We need mechanisms to facilitate controlled and secure access to these documents.

3 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TERMINOLOGY Access Control : Different users have different access rights Access right are defined using permission policies Permission policies may be  Static  Dynamic Permission policies may define accessors, using  Roles, such as auditor  Credentials, such as defined by an XPath

4 The Extreme Markup Languages Conference, Montreal, August 10, 2006 GOAL Share XML documents within decentralized and distributed computing environments. We need mechanisms to facilitate controlled and secure access to these documents. the ability to make selective (parts of) documents available to users in multiple, possibly overlapping roles

5 The Extreme Markup Languages Conference, Montreal, August 10, 2006 INTRODUCTION I will make my parts of the document available to some users Multiple users access the same document

6 The Extreme Markup Languages Conference, Montreal, August 10, 2006 INTRODUCTION Multiple views Select nodes which can be accessed –use them to create an XML document (a view) Problems: A view may be invalid. overhead

7 The Extreme Markup Languages Conference, Montreal, August 10, 2006 INTRODUCTION Publish a single view

8 The Extreme Markup Languages Conference, Montreal, August 10, 2006 SUMMARY We consider: XML documents accessed by multiple users in P2P environments  using static permission policies  using role-based policies permissions are represented by meta-information which is visible only to authorized users We describe permission policies implemented using cryptographic tools:  a key encryption function, which generates internal keys needed to provide controlled access  use of multi-encryption to provide access specified by the permission policy

9 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TERMINOLOGY Super-encryption Multiple-encryption Partial encryption Encrypted with more than one key Various elements are encrypted with different keys

10 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

11 The Extreme Markup Languages Conference, Montreal, August 10, 2006 SECURITY: ISSUES Confidentiality Integrity Authentication

12 The Extreme Markup Languages Conference, Montreal, August 10, 2006 CONFIDENTIALITY Plain textCyphertext

13 The Extreme Markup Languages Conference, Montreal, August 10, 2006 SYMMETRIC ENCRYPTION Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document

14 The Extreme Markup Languages Conference, Montreal, August 10, 2006 ASYMMETRIC ENCRYPTION Public keyPrivate key

15 The Extreme Markup Languages Conference, Montreal, August 10, 2006 ASYMMETRIC ENCRYPTION Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document

16 The Extreme Markup Languages Conference, Montreal, August 10, 2006 INTEGRITY Your new salary will be $5,000 Your new salary will be $1,000

17 The Extreme Markup Languages Conference, Montreal, August 10, 2006 CRYPTOGRAPHIC HASH THIS IS MY TEXT Encrypted DIGEST hash

18 The Extreme Markup Languages Conference, Montreal, August 10, 2006 DIGITAL SIGNATURE THIS IS MY TEXT SIGNED TEXT: THIS IS MY TEXT DIGEST

19 The Extreme Markup Languages Conference, Montreal, August 10, 2006 CERTIFICATE

20 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

21 The Extreme Markup Languages Conference, Montreal, August 10, 2006 CONTROLLING ACCESS: BASIC CONCEPTS Roles identify subjects. Fixed s et of roles Ψ = { R 1, R 2,..., R t } Views are parts of the document Permission policy associates roles with the specific type of permissions (read/write access) for one or more views Creator of the document defines a permission policy that specifies the access for selected roles

22 The Extreme Markup Languages Conference, Montreal, August 10, 2006 CONTROLLING ACCESS: USE OF KEYS (Asymmetric) Key κ is a pair (public part, private part) For each role R, there is an external key κ R associated with this role Users who enter the system are assigned one or more roles The private part of the external key κ R is available only to users who are currently in role R. This key will give access to internal keys.

23 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

24 The Extreme Markup Languages Conference, Montreal, August 10, 2006 CONTROLLING ACCESS: VIEWS Definition 1. For an XML document D, a view V D = (D, e), where e is an extended Xpath for D. Here, an extended Xpath is of the form: p ¬ p where p is a correct Xpath expression. Intuition: A view represents a tree fragment for which we define an access. Student Instructor

25 The Extreme Markup Languages Conference, Montreal, August 10, 2006 VIEWS To define permissions for the document D, we define (in any order):  a number of views (let V be the union of all these views)  a special view: V read / write Let V 0 = D-(V  V read / write ) be the of all elements which have not been defined in the above procedure. These elements will be hidden, i.e. encrypted and inaccessible to any user

26 The Extreme Markup Languages Conference, Montreal, August 10, 2006 VIEWS and ROLES The next step in defining permissions involve associating roles and views. Definition 2a. Given an XML document D, a role R j  Ψ, V D i - views of D for i = 1,...,k A single permission is: p j = [R j, read, V D i 1,V D i 2,...,V D i m, write, V D h 1,V D h 2,...,V D h n ] (m,n≤k). Here, a write permission does not automatically give a read permission Conventions; e.g. skip the write part if there are no views in this part.

27 The Extreme Markup Languages Conference, Montreal, August 10, 2006 PERMISSION POLICY Definition 2b. Given an XML document D, V D i - views of D for i = 1,...,k a permission policy Π (D) = {p 1,p 2,...,p t, V read / write } Protection requirement: the user in role R can access precisely the set of nodes defined by the union of all views associated with R (by the permission for R) as well as nodes from the set V read / write

28 The Extreme Markup Languages Conference, Montreal, August 10, 2006 MULTI-VIEW DOCUMENT Definition 3. Given  an XML document D  a permission policy Π(D) a multi-view document D Π = [D, V D 0,V D 1,...,V D k ], where  V D 1,...,V D k are all the views in Π(D)  V D 0 contains all nodes which don’t belong to any view V D i, i = 1,2,...,k

29 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Example Example. Roles: Auditor (access to employees in Marketing) Checker (access to H-R and Marketing, level < 9) Permission policy Π (D) [Auditor, read, [Checker, read,

30 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

31 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Various parts of the document will be encrypted with different internal keys. However, these keys can not be assigned per-view: ASSIGNING KEYS V1V1 V2V2 d1d1 d2d2 d3d3 D κ1κ1 κ2κ2

32 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Key Assignment assigns keys to nodes in a document, based on how the set of nodes is partitioned by views. Let’s now fix an XML document D, a permission policy Π(D), and the corresponding multi-view document D Π = [D, V D 0,V D 1,...,V D k ], and consider a set of keys Κ. KEY ASSIGNMENT The protection requirement for the view V D i is satisfied iff Available ξ (Needed ξ (V D i ))= V D i. The key assignment function ξ:D->K will be used as follows: the node s  D will be encrypted with  (s) to encrypt nodes in V D i we will need the set of keys Needed ξ (V D i )=  V D i ) the set of nodes in D that can be decrypted with keys from the set of keys K 0 is defined as Available ξ (K 0 ) =   (K 0 )

33 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Available ξ (Needed ξ (V D i ))= V D i. True for any one-to-one function ξ:D->K, however such functions may unnecessarily assign too many keys. “Weaker” functions may be sufficient: KEY ASSIGNMENT Needed ξ (V 1 ) = { κ 1 }, Available ξ ({ κ 1 }) = V 1 Needed ξ (V 2 ) = { κ 1, κ 2 }, Available ξ ({ κ 1, κ 2 }) = V 2 κ1κ1 κ2κ2 V1V1 V2V2 d1d1 d2d2 d3d3 D ξ K

34 The Extreme Markup Languages Conference, Montreal, August 10, 2006 We define a characteristic vector χ:D  {0,1} n where n is the total number of views, as follows: χ(s) = { [c 1,c 2,...c n ]: for i=1,2,…,n, c i = 1 if s  V D i and 0 otherwise} KEY ASSIGNMENT χ V1V1 V2V2 d1d1 d2d2 d3d3 D

35 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Definition 4. A key assignment ξ :D->K is said to be correct if it satisfies the following condition: ξ (s) = ξ (t) iff χ(s) = χ(t) for any two elements s,t  D ( weaker than one-to-one ) KEY ASSIGNMENT χ The above key assignment is correct d1d1 d2d2 d3d3 D K ξ κ1κ1 κ2κ2 Note: The set of all elements that belong to a single view is assigned the same key

36 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Lemma 1. If the key assignment ξ is correct then the protection requirement is satisfied, i.e. Available ξ (Needed ξ (V D i )) = V D i, for i = 1,2,...,n. KEY ASSIGNMENT

37 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Key Assignment Algorithm 1. Input: D Π = [D, V D 0,V D 1,...,V D k ], Output: correct key assignment ξ :D  K. KEY ASSIGNMENT χ d1d1 d2d2 d3d3 D K ξ κ1κ1 κ2κ2

38 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Theorem 1. The key assignment algorithm produces a correct key assignment, its time complexity is O(m), where m is the number of elements in D, and it produces the minimum number of keys. ▄ KEY ASSIGNMENT

39 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

40 The Extreme Markup Languages Conference, Montreal, August 10, 2006 SUBTREES IDENTIFICATION Fixed XML document D, and permission policy Π(D). A subtree rooted at d  D is called complete if it consists of all descendents of d and is of height at least two. Subtrees Identification Algorithm 2. Input: multi-view XML document D Π = [D, V D 0,V D 1,...,V D k ], Output: set Θ D = {largest complete subtrees θ (d), d  D, which are rooted at d, and whose nodes have all the same characteristic vector; i.e. belong to the same set of views in D Π }.

41 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Creating a multi-encrypted document. Step 1: Encryption  Step 2: Meta-information  Access  Future work

42 The Extreme Markup Languages Conference, Montreal, August 10, 2006 MULTI-ENCRYPTION: INTRODUCTION The creator (owner) of the document D wants to define for various users access permissions to this document through the permission polic y Π. Based on specifications in Π, the system will create the multi-encrypted document Enc Π (D). The document Enc Π (D) will be made available to other users, who will access the allowed parts of D for a role R as long as they are in this role.

43 The Extreme Markup Languages Conference, Montreal, August 10, 2006 MULTI-ENCRYPTION: INTRODUCTION There are two steps: 1. Generate internal keys and use them to encrypt largest subtrees 2. Add meta-information that specifies user ’ s permissions

44 The Extreme Markup Languages Conference, Montreal, August 10, 2006 STEP 1: ENCRYPTION Consider a multi-view document based on the permission policy Π D Π = [D, V D 0,V D 1,...,V D k ], Let ξ be the key mapping generated by the Algorithm 1 and Θ D be the set of trees generated by the Algorithm 2. Elements d  V read/write are not encrypted; the remaining elements are encrypted using the private part of the internal key ξ(d):  for d  D which are roots of trees from Θ D, encrypt the entire tree θ(d) using the W3C XML encryption standard  for remaining d  D, use a single-element encryption The structure of the encrypted document is partly visible.

45 The Extreme Markup Languages Conference, Montreal, August 10, 2006 STEP 1: EXAMPLESUBTREES IDENTIFICATION Fixed XML document D, and permission policy Π(D). A subtree rooted at d  D is called complete if it consists of all descendents of d and is of height at least two. Subtrees Identification Algorithm 2. Input: multi-view XML document D Π = [D, V D 0,V D 1,...,V D k ], Output: set Θ D = {largest complete subtrees θ (d), d  D, which are rooted at d, and whose nodes have all the same characteristic vector; i.e. belong to the same set of views in D Π }. Encrypted Enc.Encrypted Enc.

46 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

47 The Extreme Markup Languages Conference, Montreal, August 10, 2006 STEP 2: ADDING META INFORMATION To the encrypted document from Step 1, we add additional meta-nodes. For each role, one meta-node is added to as child of the root D ACL D signed using the creator’s private part of the key κ C

48 The Extreme Markup Languages Conference, Montreal, August 10, 2006 META INFORMATION A meta-node contains a element, which defines read or write permission for one or more nodes, corresponding to the views associated with this role. … This design supports pseudo-anonymity requirement: meta-information specifying what parts of the document are available in role R is visible only to the user in role R Encrypted with the public part of the external key associated with the corresponding role

49 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

50 The Extreme Markup Languages Conference, Montreal, August 10, 2006 MULTI-ENCRYPTION Definition 7. Consider an XML document D and a permission policy Π(D). Multi-encrypted document Enc Π (D) = [Encrypted(D), Cert D ] certificate Cert D (signed by the certificate authority) contains the identification of the owner, the digital signature of the ACL D, and the public part of the creator’s key κ C

51 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access and Extensions  Future work

52 The Extreme Markup Languages Conference, Montreal, August 10, 2006 ACCESS Consider a multi-encrypted document Enc Π (D). Assume that Q is currently in role R (it has the key κ R.) Q determines its permissions on D as follows: Q retrieves the certificate Cert D and uses it to determine the owner P of D (Q may verify this certificate by accessing the certificate authority). Once this certificate is verified, Q can trust that the public key κ P stored in this certificate belongs to P. Q accesses D’s ACL (it can verify the ACL’s signature using P’s public key), specifically it accesses the element with the role R; if such an element does not exist then Q does not have any permissions for D. Q tries to decrypt the role element for R with the private part of κ R. If Q fails, the ACL has been tampered with; if it is successful, then the nested permission element specifies Q’s permissions on parts of D.

53 The Extreme Markup Languages Conference, Montreal, August 10, 2006 EXTENSIONS a partial acyclic order in the set of roles: role R1 is stronger than role R2 if all permissions associated with R2 are also available in R1. dynamic roles: the creator of a document may specify a new role R, and use it to define the permission policy. If a peer Q should be able to access parts of the document, then Q will have to be provided with the private key of the external key pair associated with R a priori via a secure channel.

54 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access Future work

55 The Extreme Markup Languages Conference, Montreal, August 10, 2006 FUTURE WORK Ensuring data integrity of a document (i.e. to detect when its contents have been tempered with). This problem may be attacked using Merkle hash functions Our approach assumes that the protection policy is known at encryption time, and we intend to investigate strategies for allowing subsequent changes to the protection policy after the document has been initially published We consider only read/write operations, more work is required for updates