Presentation is loading. Please wait.

Presentation is loading. Please wait.

DOCUMENT-BASED MESSAGE-CENTRIC SECURITY USING XML AUTHENTICATION AND ENCRYPTION FOR COALITION AND INTERAGENCY OPERATIONS LCDR Jeffrey S. Williams Naval.

Published byJerome Horton Modified over 8 years ago

Similar presentations

Presentation on theme: "DOCUMENT-BASED MESSAGE-CENTRIC SECURITY USING XML AUTHENTICATION AND ENCRYPTION FOR COALITION AND INTERAGENCY OPERATIONS LCDR Jeffrey S. Williams Naval."— Presentation transcript:

1 DOCUMENT-BASED MESSAGE-CENTRIC SECURITY USING XML AUTHENTICATION AND ENCRYPTION FOR COALITION AND INTERAGENCY OPERATIONS LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009 This thesis was done at the MOVES Institute

2 Problem Statement Different agencies and different nations are not able to communicate and share structured information –Different data formats –Different security policies The current evolution of data and security policies by different agencies and nations will not solve this problem.

3 Motivation Show that existing web standards for document security can be commonly applied across a range of scenarios. –Canonicalization (C14N) –Authentication (digital signature) –Encryption –Compression Demonstrate a meaningful exemplar that can work for multiple agencies and nations

4 Exemplar Scenario Coalition Operations for antipiracy –Task Force 151 and NATO ATALANTA –Approx. 30 nations, variable membership –Shared need for document security –Diverse communication channels: NATO messaging, “free formatted” messaging, e- mail, and bridge-to-bridge radio! Assume secure endpoints and non-secure transport for any message

5 International Navies Concerns

6

7 Problem Constraints Allow a diverse communications framework to securely enable shared/common data exchange between traditional and nontraditional actors. Provide a mechanism with minimal exchange of cryptographic technology by implementing open standard technology. –No nation trusts another nation’s security software –World Wide Web security is a potential for international standardization because multiple independent implementations are available. –Can substitute alternative cryptographic algorithms

8 Key Exchange Public Key Cryptography has well-defined formal mechanisms for defining secure operations. Step 1. B  A: {Nb, B} KB Step 2. A  B: {Nb, Na, A} KA Step 3. B  A: {Na} KB

9 XML Digital Signature Process

10 Digital Signature http://www.xml.com/pub/a/2001/08/08/xmldsig.html

11 XML Encryption Process

12 Recommended Best Practice

13 XML Encryption

14 Goal of EXI integration with XML Security

15 Encryption -EncryptedData (Element Node) +[Attribute] - EncryptionMethod (Element Node) +[Attribute] - KeyInfo (Element Node) - EncryptedKey (Element Node) + EncryptionMethod (Element Node) - KeyInfo (Element Node) +KeyName (Element Node) + CipherData (Element Node) - CipherValue (Element Node) - CipherData (Element Node) + CipherValue ? ? ? ? http://www.w3.org/TR/xmlenc-core/http://dotnetslackers.com/articles/xml/XMLEncryption.aspx

16 XML Decryption Process

17 Conclusions XML Security is a feasible approach for multiple agency and coalition operations. This thesis demonstrates practical results for a meaningful scenario The approach works for any type of XML.

18 Future Work Certification and Accreditation of XML Encryption and Authentication for the unclassified Architecture Contrast of XML Security with SSL and TLS Mitigation techniques and tactics to isolate risks associated with Web Based Security methods. Applicability of XML Encryption for real time web services Application of XML encryption and authentication techniques within the classified arena A Comparative Analysis and potential for document centric security using XML in support of CENTRIXS and Coalition Secure Management and Operations System (COSMOS)

19 Contact Information Jeff Williams jswillia@nps.edujswillia@nps.edu jeffrey.williams2@navy.mil skype: williams6us Don Brutzman brutzman@nps.edubrutzman@nps.edu Code USW/br Naval Postgraduate School Monterey, CA 93943 1-831-656-2149

20 Brief Biography of LCDR Williams USN/1600 LCDR Williams joined the Navy in 1987 through the Delayed Entry Program (DEP). He was commissioned through NROTC Atlanta Consortium via the BOOST program. Since his commission in 1996 he has served at the following commands: –USS ESSEX (LHD-2) –Military Sealift Command Office (MSCO) Beaumont TX –Naval Network and Space Operations Command (NNSOC) –Destroyer Squadron Two Six (CDS-26) –Naval Postgraduate School (NPS) Next Assignment: –Network Engineer Program Manager, Brussels Belgium Industry Certifications –CISSP, CISA, CWSP, Security+, Network+, I-NET+, A+

21 Acknowledgements The thesis was developed under the guidance of Prof. Don Brutzman, PhD. Naval Postgraduate School and second reader Don McGregor, Research Associate Naval Postgraduate School at the Modeling Virtual Environment and Simulation (MOVES) Institute. The Scenario Authoring for Visual Graphical Environments (SAVAGE) team’s expertise in the development and processing of information contributing to the proof of concept formulations. Course work and further guidance from the Naval Postgraduate School Center of Information Security Research (CISR) contributed greatly in understanding and articulating key security concepts.

Download ppt "DOCUMENT-BASED MESSAGE-CENTRIC SECURITY USING XML AUTHENTICATION AND ENCRYPTION FOR COALITION AND INTERAGENCY OPERATIONS LCDR Jeffrey S. Williams Naval."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
School of Graduate Professional Studies Systems Engineering Research at Penn State Colin J. Neill Representing the work of: Kathryn Jablokow, Assoc Prof.

School of Graduate Professional Studies Systems Engineering Research at Penn State Colin J. Neill Representing the work of: Kathryn Jablokow, Assoc Prof.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
AUV Workbench: Integrated 3D for Interoperable Mission Rehearsal, Reality and Replay Jeffrey Weekley Naval Postgraduate School, Monterey, CA USA

AUV Workbench: Integrated 3D for Interoperable Mission Rehearsal, Reality and Replay Jeffrey Weekley Naval Postgraduate School, Monterey, CA USA
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.

INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
2° cycle degree programme (lm) in Telecommunications Engineering Principles Models and Applications for Distributed Systems Prof. Maurelio Boari

2° cycle degree programme (lm) in Telecommunications Engineering Principles Models and Applications for Distributed Systems Prof. Maurelio Boari
Web services security I

Web services security I
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Similar presentations

Ads by Google