Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software based Acceleration Methods for XML Signature (Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North.

Published byHelena Stokes Modified over 9 years ago

Similar presentations

Presentation on theme: "Software based Acceleration Methods for XML Signature (Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North."— Presentation transcript:

1 Software based Acceleration Methods for XML Signature (Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North Carolina at Charlotte yzheng@uncc.edu May 5, 2005

2 2 Motivations To examine performance of XML signature and encryption To investigate feasibility of software based acceleration To investigate (new) techniques not specified in the XML standards

3 3 Overview Introduction Speed of XML Components Quick survey Hardware based acceleration Software based acceleration Experimental findings Use “signcryption” in XML Conclusion

4 4 Computational time of XML Components Resource intensive operations XML Signing Xml verification XSLT transformation

5 5 Quick survey To increase XML processing speed and for XML security, Hardware based solutions Software based solutions Hardware based solutions: DataPower Sarvega WestBridge

6 6 Hardware based acceleration: DataPower XS40 XML Security Gateway wire speed XML processing Good transaction speed with low latency At least 20-30 times faster XA35 XML Accelerator Secure transactions at wire speed digital signing and verification Protects against XML denial of service attack

7 7 Hardware based acceleration: Sarvega Speedway™ XSLT Accelerator decreases the operational costs by 90% 10-30 times the normal XML processing speed XML Guardian™ Security Digital forensics Can be used as Public DMZ Offline Signature generation/ verification

8 8 Hardware based acceleration: WestBridge XML Message Server [XMS] version 3 XMS slashes Web Services deployment, testing and ongoing administration costs by up to 75%. 13 times faster for XML signatures. 17 times faster for XML encryption. XML Schema validations and the XSLT transformation 12 times and 10 times faster than the speed of XMS 2.0. XMS increases the speed of XML processing: Streaming of XML versus building trees; Intelligent caching of credentials, schemas and style sheets; "Only as needed" processing Pre-compiled rule sets.

9 9 Hardware v.s. Software Hardware based Software based CostHighLow FlexibilityLowHigh EffectivenessHighOK

10 10 Experimental Environment Machine: Pentium 4 with 2.66GHz processing speed with 512MB RAM. Programming Environment: Java Simple API for XML [SAX] parsers for XML processing Java Crypto Extensions & RSA-BSAFE Flexiprovider for creating crypto parameters

11 11 Software based acceleration Build an XML Security Library XML Schema validation and parsing using SAX parser Java to C communication through Java Native Interface Crypto / Non-crypto operations Signing a static / dynamic template file Signing with X509 certificate Verifying a signature with a single key, X509 certificates or Security Assertions Markup Language [SAML] file. Verifying a XML document

12 12 What we’ve learned Did quite a number of experiments (single doc and bulk of docs) SHA1 with RSA, SHA1 with DSA, …… Obtained a large number of test result sets Considered to tweak the underlying crypto library Findings Negative ! Not much to be gained by tweaking or re-building crypto library

13 13 Consider other techniques Authenticity + Confidentiality Approach 1 Signature followed encryption Approach 2 Signcryption  Does both signature and encryption, but with fewer exponentiations  Cost (signcryption) << Cost (signature) + Cost (encryption)  “hit 2 birds in 1 stone”

14 14 In theory: Time -- DL Signcryption v.s. RSA and DL sign-then-encrypt Time -- # of multiplications DL: Discrete log Level of security -- |p|=|n|

15 15 Signcryption test results After comparing with data sets for RSA, DSA etc, Match theoretical analysis

16 16 “Crippled” Signcryption Turn off the “public key encryption” part of signcryption Act as signature with designated verifier Especially useful in B2B and C2B, where typically no 3 rd party is involved in verification (Universally verifiable signatures are good for certificates where verifiers are not fixed, but “over-kill” when no 3 rd party is needed.)

17 17 Conclusion Performance gain in XML signature/encryption by tweaking crypto library is limited New techniques (out of the “XML standards” box) are needed Performance gain of signcryption over sign- then-encrypt is verified

18 Questions?

Download ppt "Software based Acceleration Methods for XML Signature (Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Overview Environment for Internet database connectivity

Overview Environment for Internet database connectivity
1/7 ITApplications XML Module Session 8: Introduction to Programming with XML.

1/7 ITApplications XML Module Session 8: Introduction to Programming with XML.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & email) Java Security on the Browser Java Security in the Enterprise.

Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 

Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
April 18, 2006 Shared Services Tools and Technologies.

April 18, 2006 Shared Services Tools and Technologies.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
XML Parsing Using Java APIs AIP Independence project Fall 2010.

XML Parsing Using Java APIs AIP Independence project Fall 2010.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Similar presentations

Ads by Google