Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,

Published byRyann Tichenor Modified over 9 years ago

Similar presentations

Presentation on theme: "Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,"— Presentation transcript:

1 Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville, NS, Canada Gregory Leighton, Department of Computer Science, University of Calgary, Calgary, Canada Krzysztof Miziołek, Centre for Studies on the Classical Tradition in Poland and East-Central Europe, Warsaw University, Warsaw, Poland The Extreme Markup Languages Conference, Montreal, August 7-11, 2006

2 2 The Extreme Markup Languages Conference, Montreal, August 10, 2006 GOAL Share XML documents within decentralized and distributed computing environments. We need mechanisms to facilitate controlled and secure access to these documents.

3 3 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TERMINOLOGY Access Control : Different users have different access rights Access right are defined using permission policies Permission policies may be  Static  Dynamic Permission policies may define accessors, using  Roles, such as auditor  Credentials, such as defined by an XPath

4 4 The Extreme Markup Languages Conference, Montreal, August 10, 2006 GOAL Share XML documents within decentralized and distributed computing environments. We need mechanisms to facilitate controlled and secure access to these documents. the ability to make selective (parts of) documents available to users in multiple, possibly overlapping roles

5 5 The Extreme Markup Languages Conference, Montreal, August 10, 2006 INTRODUCTION I will make my parts of the document available to some users Multiple users access the same document

6 6 The Extreme Markup Languages Conference, Montreal, August 10, 2006 INTRODUCTION Multiple views Select nodes which can be accessed –use them to create an XML document (a view) Problems: A view may be invalid. overhead

7 7 The Extreme Markup Languages Conference, Montreal, August 10, 2006 INTRODUCTION Publish a single view

8 8 The Extreme Markup Languages Conference, Montreal, August 10, 2006 SUMMARY We consider: XML documents accessed by multiple users in P2P environments  using static permission policies  using role-based policies permissions are represented by meta-information which is visible only to authorized users We describe permission policies implemented using cryptographic tools:  a key encryption function, which generates internal keys needed to provide controlled access  use of multi-encryption to provide access specified by the permission policy

9 9 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TERMINOLOGY Super-encryption Multiple-encryption Partial encryption Encrypted with more than one key Various elements are encrypted with different keys

10 10 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

11 11 The Extreme Markup Languages Conference, Montreal, August 10, 2006 SECURITY: ISSUES Confidentiality Integrity Authentication

12 12 The Extreme Markup Languages Conference, Montreal, August 10, 2006 CONFIDENTIALITY Plain textCyphertext

13 13 The Extreme Markup Languages Conference, Montreal, August 10, 2006 SYMMETRIC ENCRYPTION Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document

14 14 The Extreme Markup Languages Conference, Montreal, August 10, 2006 ASYMMETRIC ENCRYPTION Public keyPrivate key

15 15 The Extreme Markup Languages Conference, Montreal, August 10, 2006 ASYMMETRIC ENCRYPTION Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document Encrypted Document

16 16 The Extreme Markup Languages Conference, Montreal, August 10, 2006 INTEGRITY Your new salary will be $5,000 Your new salary will be $1,000

17 17 The Extreme Markup Languages Conference, Montreal, August 10, 2006 CRYPTOGRAPHIC HASH THIS IS MY TEXT Encrypted DIGEST hash

18 18 The Extreme Markup Languages Conference, Montreal, August 10, 2006 DIGITAL SIGNATURE THIS IS MY TEXT SIGNED TEXT: THIS IS MY TEXT DIGEST

19 19 The Extreme Markup Languages Conference, Montreal, August 10, 2006 CERTIFICATE

20 20 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

21 21 The Extreme Markup Languages Conference, Montreal, August 10, 2006 CONTROLLING ACCESS: BASIC CONCEPTS Roles identify subjects. Fixed s et of roles Ψ = { R 1, R 2,..., R t } Views are parts of the document Permission policy associates roles with the specific type of permissions (read/write access) for one or more views Creator of the document defines a permission policy that specifies the access for selected roles

22 22 The Extreme Markup Languages Conference, Montreal, August 10, 2006 CONTROLLING ACCESS: USE OF KEYS (Asymmetric) Key κ is a pair (public part, private part) For each role R, there is an external key κ R associated with this role Users who enter the system are assigned one or more roles The private part of the external key κ R is available only to users who are currently in role R. This key will give access to internal keys.

23 23 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

24 24 The Extreme Markup Languages Conference, Montreal, August 10, 2006 CONTROLLING ACCESS: VIEWS Definition 1. For an XML document D, a view V D = (D, e), where e is an extended Xpath for D. Here, an extended Xpath is of the form: p ¬ p where p is a correct Xpath expression. Intuition: A view represents a tree fragment for which we define an access. Student Instructor

25 25 The Extreme Markup Languages Conference, Montreal, August 10, 2006 VIEWS To define permissions for the document D, we define (in any order):  a number of views (let V be the union of all these views)  a special view: V read / write Let V 0 = D-(V  V read / write ) be the of all elements which have not been defined in the above procedure. These elements will be hidden, i.e. encrypted and inaccessible to any user

26 26 The Extreme Markup Languages Conference, Montreal, August 10, 2006 VIEWS and ROLES The next step in defining permissions involve associating roles and views. Definition 2a. Given an XML document D, a role R j  Ψ, V D i - views of D for i = 1,...,k A single permission is: p j = [R j, read, V D i 1,V D i 2,...,V D i m, write, V D h 1,V D h 2,...,V D h n ] (m,n≤k). Here, a write permission does not automatically give a read permission Conventions; e.g. skip the write part if there are no views in this part.

27 27 The Extreme Markup Languages Conference, Montreal, August 10, 2006 PERMISSION POLICY Definition 2b. Given an XML document D, V D i - views of D for i = 1,...,k a permission policy Π (D) = {p 1,p 2,...,p t, V read / write } Protection requirement: the user in role R can access precisely the set of nodes defined by the union of all views associated with R (by the permission for R) as well as nodes from the set V read / write

28 28 The Extreme Markup Languages Conference, Montreal, August 10, 2006 MULTI-VIEW DOCUMENT Definition 3. Given  an XML document D  a permission policy Π(D) a multi-view document D Π = [D, V D 0,V D 1,...,V D k ], where  V D 1,...,V D k are all the views in Π(D)  V D 0 contains all nodes which don’t belong to any view V D i, i = 1,2,...,k

29 29 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Example Example. Roles: Auditor (access to employees in Marketing) Checker (access to H-R and Marketing, level < 9) Permission policy Π (D) [Auditor, read, /organization/department[@name="Marketing"]/*] [Checker, read, /organization/department[@name="Marketing"]/employee[@level<9]| /organization/department[@name="H-R"]/*]

30 30 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

31 31 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Various parts of the document will be encrypted with different internal keys. However, these keys can not be assigned per-view: ASSIGNING KEYS V1V1 V2V2 d1d1 d2d2 d3d3 D κ1κ1 κ2κ2

32 32 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Key Assignment assigns keys to nodes in a document, based on how the set of nodes is partitioned by views. Let’s now fix an XML document D, a permission policy Π(D), and the corresponding multi-view document D Π = [D, V D 0,V D 1,...,V D k ], and consider a set of keys Κ. KEY ASSIGNMENT The protection requirement for the view V D i is satisfied iff Available ξ (Needed ξ (V D i ))= V D i. The key assignment function ξ:D->K will be used as follows: the node s  D will be encrypted with  (s) to encrypt nodes in V D i we will need the set of keys Needed ξ (V D i )=  V D i ) the set of nodes in D that can be decrypted with keys from the set of keys K 0 is defined as Available ξ (K 0 ) =   (K 0 )

33 33 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Available ξ (Needed ξ (V D i ))= V D i. True for any one-to-one function ξ:D->K, however such functions may unnecessarily assign too many keys. “Weaker” functions may be sufficient: KEY ASSIGNMENT Needed ξ (V 1 ) = { κ 1 }, Available ξ ({ κ 1 }) = V 1 Needed ξ (V 2 ) = { κ 1, κ 2 }, Available ξ ({ κ 1, κ 2 }) = V 2 κ1κ1 κ2κ2 V1V1 V2V2 d1d1 d2d2 d3d3 D ξ K

34 34 The Extreme Markup Languages Conference, Montreal, August 10, 2006 We define a characteristic vector χ:D  {0,1} n where n is the total number of views, as follows: χ(s) = { [c 1,c 2,...c n ]: for i=1,2,…,n, c i = 1 if s  V D i and 0 otherwise} KEY ASSIGNMENT 1 0 1 χ V1V1 V2V2 d1d1 d2d2 d3d3 D

35 35 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Definition 4. A key assignment ξ :D->K is said to be correct if it satisfies the following condition: ξ (s) = ξ (t) iff χ(s) = χ(t) for any two elements s,t  D ( weaker than one-to-one ) KEY ASSIGNMENT χ The above key assignment is correct. 1 0 1 d1d1 d2d2 d3d3 D K ξ κ1κ1 κ2κ2 Note: The set of all elements that belong to a single view is assigned the same key

36 36 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Lemma 1. If the key assignment ξ is correct then the protection requirement is satisfied, i.e. Available ξ (Needed ξ (V D i )) = V D i, for i = 1,2,...,n. KEY ASSIGNMENT

37 37 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Key Assignment Algorithm 1. Input: D Π = [D, V D 0,V D 1,...,V D k ], Output: correct key assignment ξ :D  K. KEY ASSIGNMENT χ 1 0 1 d1d1 d2d2 d3d3 D K ξ κ1κ1 κ2κ2

38 38 The Extreme Markup Languages Conference, Montreal, August 10, 2006 Theorem 1. The key assignment algorithm produces a correct key assignment, its time complexity is O(m), where m is the number of elements in D, and it produces the minimum number of keys. ▄ KEY ASSIGNMENT

39 39 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

40 40 The Extreme Markup Languages Conference, Montreal, August 10, 2006 SUBTREES IDENTIFICATION Fixed XML document D, and permission policy Π(D). A subtree rooted at d  D is called complete if it consists of all descendents of d and is of height at least two. Subtrees Identification Algorithm 2. Input: multi-view XML document D Π = [D, V D 0,V D 1,...,V D k ], Output: set Θ D = {largest complete subtrees θ (d), d  D, which are rooted at d, and whose nodes have all the same characteristic vector; i.e. belong to the same set of views in D Π }.

41 41 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Creating a multi-encrypted document. Step 1: Encryption  Step 2: Meta-information  Access  Future work

42 42 The Extreme Markup Languages Conference, Montreal, August 10, 2006 MULTI-ENCRYPTION: INTRODUCTION The creator (owner) of the document D wants to define for various users access permissions to this document through the permission polic y Π. Based on specifications in Π, the system will create the multi-encrypted document Enc Π (D). The document Enc Π (D) will be made available to other users, who will access the allowed parts of D for a role R as long as they are in this role.

43 43 The Extreme Markup Languages Conference, Montreal, August 10, 2006 MULTI-ENCRYPTION: INTRODUCTION There are two steps: 1. Generate internal keys and use them to encrypt largest subtrees 2. Add meta-information that specifies user ’ s permissions

44 44 The Extreme Markup Languages Conference, Montreal, August 10, 2006 STEP 1: ENCRYPTION Consider a multi-view document based on the permission policy Π D Π = [D, V D 0,V D 1,...,V D k ], Let ξ be the key mapping generated by the Algorithm 1 and Θ D be the set of trees generated by the Algorithm 2. Elements d  V read/write are not encrypted; the remaining elements are encrypted using the private part of the internal key ξ(d):  for d  D which are roots of trees from Θ D, encrypt the entire tree θ(d) using the W3C XML encryption standard  for remaining d  D, use a single-element encryption The structure of the encrypted document is partly visible.

45 45 The Extreme Markup Languages Conference, Montreal, August 10, 2006 STEP 1: EXAMPLESUBTREES IDENTIFICATION Fixed XML document D, and permission policy Π(D). A subtree rooted at d  D is called complete if it consists of all descendents of d and is of height at least two. Subtrees Identification Algorithm 2. Input: multi-view XML document D Π = [D, V D 0,V D 1,...,V D k ], Output: set Θ D = {largest complete subtrees θ (d), d  D, which are rooted at d, and whose nodes have all the same characteristic vector; i.e. belong to the same set of views in D Π }. Encrypted Enc.Encrypted Enc.

46 46 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

47 47 The Extreme Markup Languages Conference, Montreal, August 10, 2006 STEP 2: ADDING META INFORMATION To the encrypted document from Step 1, we add additional meta-nodes. For each role, one meta-node is added to as child of the root D ACL D signed using the creator’s private part of the key κ C

48 48 The Extreme Markup Languages Conference, Montreal, August 10, 2006 META INFORMATION A meta-node contains a element, which defines read or write permission for one or more nodes, corresponding to the views associated with this role. … This design supports pseudo-anonymity requirement: meta-information specifying what parts of the document are available in role R is visible only to the user in role R Encrypted with the public part of the external key associated with the corresponding role

49 49 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access  Future work

50 50 The Extreme Markup Languages Conference, Montreal, August 10, 2006 MULTI-ENCRYPTION Definition 7. Consider an XML document D and a permission policy Π(D). Multi-encrypted document Enc Π (D) = [Encrypted(D), Cert D ] certificate Cert D (signed by the certificate authority) contains the identification of the owner, the digital signature of the ACL D, and the public part of the creator’s key κ C

51 51 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access and Extensions  Future work

52 52 The Extreme Markup Languages Conference, Montreal, August 10, 2006 ACCESS Consider a multi-encrypted document Enc Π (D). Assume that Q is currently in role R (it has the key κ R.) Q determines its permissions on D as follows: Q retrieves the certificate Cert D and uses it to determine the owner P of D (Q may verify this certificate by accessing the certificate authority). Once this certificate is verified, Q can trust that the public key κ P stored in this certificate belongs to P. Q accesses D’s ACL (it can verify the ACL’s signature using P’s public key), specifically it accesses the element with the role R; if such an element does not exist then Q does not have any permissions for D. Q tries to decrypt the role element for R with the private part of κ R. If Q fails, the ACL has been tampered with; if it is successful, then the nested permission element specifies Q’s permissions on parts of D.

53 53 The Extreme Markup Languages Conference, Montreal, August 10, 2006 EXTENSIONS a partial acyclic order in the set of roles: role R1 is stronger than role R2 if all permissions associated with R2 are also available in R1. dynamic roles: the creator of a document may specify a new role R, and use it to define the permission policy. If a peer Q should be able to access parts of the document, then Q will have to be provided with the private key of the external key pair associated with R a priori via a secure channel.

54 54 The Extreme Markup Languages Conference, Montreal, August 10, 2006 TABLE OF CONTENTS Security Overview of controlled access Detailed description of access to parts of documents  Permission policy  Key encryption function  Encrypting largest parts  Step 1: Encryption  Step 2: Meta-information  Multi-encrypted document  Access Future work

55 55 The Extreme Markup Languages Conference, Montreal, August 10, 2006 FUTURE WORK Ensuring data integrity of a document (i.e. to detect when its contents have been tempered with). This problem may be attacked using Merkle hash functions Our approach assumes that the protection policy is known at encryption time, and we intend to investigate strategies for allowing subsequent changes to the protection policy after the document has been initially published We consider only read/write operations, more work is required for updates

Download ppt "Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,"

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Operating System Security

Operating System Security
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Database Management System

Database Management System
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Web services security I

Web services security I
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Key Management in Cryptography

Key Management in Cryptography
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Similar presentations

Ads by Google