Presentation is loading. Please wait.

Presentation is loading. Please wait.

XML Encryption Prabath Siriwardena Director, Security Architecture.

Published byAshlynn Perret Modified over 9 years ago

Similar presentations

Presentation on theme: "XML Encryption Prabath Siriwardena Director, Security Architecture."— Presentation transcript:

1 XML Encryption Prabath Siriwardena Director, Security Architecture

2 XML Security Integrity and non-repudiation XML Signature by W3C http://www.w3.org/TR/xmldsig-core/ Confidentiality of XML documents XML Encryption by W3C http://www.w3.org/TR/xmlenc-core/

3 XML-Encryption A W3C standard which followed XML Signatures, for encrypting all of an XML document, part of it or an external object. XML Signature points to what is being signed – while in XML Encryption, element contains what is being encrypted. XML Encryption shares the element with XML Signature – which is defined under XML Signature namespace.

4 XML-Encryption Encrypts XML with a symmetric key Symmetric key encryption is much efficient than asymmetric key encryption

5 QUESTION 1 What are the differences between Symmetric key encryption and Asymmetric key encryption ?

6 XML-Encryption (Example) John Smith 4019 2445 0277 5567 Example Bank 04/02

7 XML-Encryption (Example) John Smith <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> A23B45C56

8 XML-Encryption

9 Specify the encryption algorithm to be used. – http://www.w3.org/2001/04/xmlenc#tripledes-cbc – http://www.w3.org/2001/04/xmlenc#aes128-cbc – http://www.w3.org/2001/04/xmlenc#aes256-cbc – http://www.w3.org/2001/04/xmlenc#aes192-cbc

10 <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Element'/> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes- cbc'/> John Smith DEADBEEF XML-Encryption (Example)

11 QUESTION 2 Explain different types of cipher modes.

12 XML-Encryption

13 Either contains encrypted information inside or a reference to the resource being encrypted inside.

14

15 Contains Base-64 encoded encrypted information.

16

17 If the encrypted resource information is located in a URI – addressable location this element is being used. URI attribute is used just like the way it’s being used in in XML Signature This also includes element which contain a pipeline of elements – as in the case of XML Signature. element defined under XML Signature namespace

18

19 <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Element'/> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes- cbc'/> John Smith DEADBEEF XML-Encryption (Example)

20 <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Element'/> XML-Encryption (Example)

21 QUESTION 3 How can we use XML Encryption to encrypt non- xml attachments ?

22 XML-Encryption

23 Almost similar to Holds useful information about the encryption.....

24 XML-Encryption

25 KeyInfo in XML Signature is about providing the public key to verify the signature. In XML Encryption KeyInfo is about providing an encryption key, that is almost always a shared key. In XML Signature we can directly include the key in it. But in XML Encryption we should NOT. XML Encryption extends the XML Signature KeyInfo with two new elements and

26 Locating the Encryption key Leave out the key – assuming the receiving end is aware of the encryption key. Provide a name or pointer, where the receiving end locate the key. Encrypt the key using the public key of the receiving end and include the encrypted ‘encryption’ key inside KeyInfo.

27 XML-Encryption (Example) <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Element'/> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc'/> John Smith DEADBEEF

28 A strategy for safely communicating a secret key. refers to a key agreement protocol that is used to generate the encryption key. Not commonly used – an optional element

29 Zm9v <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha1"/>........

30 is simple another element. Both extends Both do encryption - encrypts the shared key used to encrypt the message. Digital Enveloping / Key transport strategy

31 We will have multiple elements within the same XML document and they all will be referred by a standalone element.

32 is a child element of refers to the elements which use the same key to encrypt

33 With multiple elements are referred by a single key element. The CarriedKeyName element is used to identify the encrypted key value which may be referenced by the KeyName element in ds:KeyInfo

34 XML-Encryption - Processing Choose an encryption algorithm Obtain an encryption key and may represent it Serialize message data to octets [ a stream of bytes] Encrypt the data Specify the Complete the structure

35 Decryption Process Get algorithm, parameters and KeyInfo Locate the encryption key Decrypt data Process XML Elements and XML Element Content If no specified then the result of encryption is passed back to the application.

36 lean. enterprise. middleware

Download ppt "XML Encryption Prabath Siriwardena Director, Security Architecture."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
Technical Presentation AIAC 2010-2011 Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.

Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
WS – Security Policy Prabath Siriwardena Director, Security Architecture.

WS – Security Policy Prabath Siriwardena Director, Security Architecture.
How to Use XML Security Standards in Real World Aleksey Sanin O’Reilly Open Source Convention July 7 - 11, 2003.

How to Use XML Security Standards in Real World Aleksey Sanin O’Reilly Open Source Convention July , 2003.
CIS 375—Web App Dev II SOAP.

CIS 375—Web App Dev II SOAP.
SOAP Quang Vinh Pham Simon De Baets Université Libre de Bruxelles1.

SOAP Quang Vinh Pham Simon De Baets Université Libre de Bruxelles1.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Secure Socket Layer.

Secure Socket Layer.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
1/4722 January 2003Secure XML XML Security Donald E. Eastlake, III

1/4722 January 2003Secure XML XML Security Donald E. Eastlake, III
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Chapter 8 Web Security.

Chapter 8 Web Security.

Similar presentations

Ads by Google