Real time Stock quotes by web Service and Securing XML for Web Services security. Bismita Srichandan

Slides:

Advertisements

Similar presentations

Siebel Web Services Siebel Web Services March, From

Advertisements

Cryptography and Network Security

Lecture 23 Internet Authentication Applications

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Electronic Transaction Security (E-Commerce)

A New Computing Paradigm. Overview of Web Services Over 66 percent of respondents to a 2001 InfoWorld magazine poll agreed that "Web services are likely.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Computer Science Public Key Management Lecture 5.

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 1 DATE HERE Julie Grace - NetDox, Inc. Emerging Internet Commerce.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

CIS 1310 – HTML & CSS 12 E-Commerce Overview. CIS 1310 – HTML & CSS Learning Outcomes  Define E-commerce  Identify Benefits & Risks of E-Commerce 

16-1 The World Wide Web The Web An infrastructure of distributed information combined with software that uses networks as a vehicle to exchange that information.

10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.

Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

Web Service Bright + Ong. Meaning A collection of protocols and standards used for exchanging data between applications or systems Written in various.

Web Services Description Language (WSDL) Jason Glenn CDA 5937 Process Coordination in Service and Computational Grids September 30, 2002.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Secure Systems Research Group - FAU Web Services Cryptographic Patterns Presented by Keiko Hashizume Advisor: Prof. Eduardo Fernandez.

Encryption and Security Dylan Anderson Michael Huffman Julie Rothacher Dylan Anderson Michael Huffman Julie Rothacher.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Types of Electronic Infection

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.

XML Web Services Architecture Siddharth Ruchandani CS 6362 – SW Architecture & Design Summer /11/05.

1 Advanced Software Architecture Muhammad Bilal Bashir PhD Scholar (Computer Science) Mohammad Ali Jinnah University.

© Copyright IONA Technologies 2002 Colby Dyess Senior Engineer, XMLBus Hacks, cracks and 13 year olds! Avoiding Web Services Security Nightmares Preparing.

1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Summary of Distributed Computing Security Yifeng Zou Georgia State University

Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.

 A Web service is a method of communication between two electronic devices over World Wide Web.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Public Key Encryption.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Hwajung Lee.  Interprocess Communication (IPC) is at the heart of distributed computing.  Processes and Threads  Process is the execution of a program.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.

Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.

S imple O bject A ccess P rotocol Karthikeyan Chandrasekaran & Nandakumar Padmanabhan.

Kemal Baykal Rasim Ismayilov

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Electronic Banking & Security Electronic Banking & Security.

1 Internet data security (HTTPS and SSL) Ruiwu Chen.

Service Oriented Architecture (SOA) Prof. Wenwen Li School of Geographical Sciences and Urban Planning 5644 Coor Hall

The Secure Sockets Layer (SSL) Protocol

Presentation transcript:

Real time Stock quotes by web Service and Securing XML for Web Services security. Bismita Srichandan

Outline What is Web Service? Stock Quote Application Web Services Security XML Security – Digital Signature – Symmetric and Asymmetric Encryption New Algorithm Conclusion References

What is Web Service A technology that enables you to invoke applications using Internet protocols and standards. Key benefits of web services technology, and the reason that it has gained widespread attention and adoption, is because of its promise of interoperability[IBM doc 1]. By Interoperability, we mean suitable for and capable of being implemented in a neutral manner on multiple operating systems and in multiple programming languages. Examples: Weather Report and Stock quote application Few Key terms to describe Web Service in next slides.

Web Service contd.. SOAP: Simple Object Access Protocol is a specification for the exchange of structured information in a decentralized, distributed environment. It is an XML based protocol. SOA: Service Oriented Architecture consists of three basic components: Service provider, Service broker and Service requestor.

Web Services contd.. Service provider creates a Web service and publishes its interface and access information to the service broker. Service broker is responsible for making the web service interface and imple -mentation access information available to any potential service requestor.

Web Services contd.. WSDL: Web Service Definition Language specifies the characteristics of a Web service using XML format, describing what a web service can do, where it resides, and how it is invoked. XML : Extensible Markup Language is the markup language that underlies most of the specifications used for web services. XML example udent Bismita Srichandan Panther card /2010 Bismita Srichandan

Stock quote application This application retrieves stock quote data from servers. It shows the same data which is displayed by yahoo and Google if you give the company code and today’s date on the screen. Why I said it real time though it’s 20 minutes late? The data being retrieved is the same data as Yahoo and Google shows. Actual data displayed by NASDAQ is not getting reflected on other web sites.

Stock quote application Login screen

Stock quote application Enter Quote Name

Stock quote application Quote Result Page

Web service security Why we need to secure it? Since Web service is widely used these days, it should be secured. So that it can be ensured that sensitive data is not corrupted.

Security Issues with Web service There are two different types of security issues: 1 Transport level and Message level. Transport Level Security is done by Secure Socket Layer and Transport layer security. Why message level security essential? Many companies have already made their data available to all of their divisions and departments on web, but in some cases proprietary solutions is a major concern. Next slide discusses what has been done already for message level security

WS-security[2] Ws-Security is a communication protocol providing a means for applying message level security to web services. WS-Security describes how to attach signatures and encryption to SOAP messages. Since XML is used widely, especially WSDL is written in XML, and SOAP is also XML based protocol, so main focus is on securing XML. WS-Security standard has already developed XML encryption and adding digital signature to XML data. XML security can ensure security partially, so we can secure sensitive data only. This is one of the advantages.

XML Encryption[4] Encryption is generally done by symmetric key encryption. Symmetric key encryption uses single key shared by both parties. It has some problem as confidential information can be captured by someone who knows the key. To avoid this problem involved with symmetric key, asymmetric or public-key cryptography was designed.

Public key Cryptography[7] In this a matched pair of keys are used. The sender encrypts message by the public key of the receiver but the message can be decrypted only by the private key by the receiver.

New Algorithm, a theoretical approach!

XML Encryption Embedded With Public Key Cryptography It can be very efficient if we use symmetric cryptography and public key cryptography together. In this process symmetric key is used to encrypt the content and then the symmetric key is encrypted using public key cryptography. Both the encrypted content and encrypted symmetric key will be sent to the recipient.

XML Encryption Embedded With Public Key Cryptography <customerInfo xmlns= “ Bismita Srichandan <EncryptedData Xmlns=” Type=” A12B34C657

Comparison of existing algorithm with new method. 1. Though only using public key cryptography provides good protection, when we use both symmetric key encryption and asymmetric key encryption together, it makes security more tight.

Digital Signature[3, IBM doc] A digital signature is a type of asymmetric cryptography. Digital signatures are implemented to make sure that the message receiver receives was sent by the claimed sender.

XML Undeniable Signature[5] Undeniable signatures were firstly introduced by Chaum and Van Antulerpen [3] ( ) ( ) How it Works? This type of methodology ca n be used in places where co- operation of the signer is required. ---It is a new approach to secure sensitive information in XML decument transitions and signers cannot deny. ---Undeniable signature can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message.

Web Services Security[6] How can we achieve Web Services security? Since Simple Object Access Protocol is used for Web Services which contains XML data, and Web Services Definition Language which is written in XML. We can secure XML by undeniable digital signature and a combination of symmetric and public key cryptography.

conclusion The stock quote application does not have any security issues as there is no sensitive data. I did it to see how web service does some amazing work. But for business, where most data are sensitive we need strong Web service security. The new method, where the data is encrypted by the symmetric key and then the key is encrypted by asymmetric key will give a higher level of protection. Which will make it impossible for the hacker to crack.

References [1] [2] [3] Chaum D. and Van Antwerpen H. Undeniable signatures. Advances in Cryptology--Crypto89 volume435 of Lectures Notes in Computer Science, pages 212—216, Springer-Verlag, [4] XML-Signature Syntax and Processing. February 2002, [5] Lili Sun and Yan Li Computational Intelligence for Modeling, Control and Automation, 2005 and International Conference on Intelligent Agents, Web Technologies and Internet Commerce, International, International Conference on XML undeniable signatures. [6] Web Services Security: SOAP Message Security 1.0 (WS-Security 2004). March 2004, org/wss [7] Rex Macedo Arokiaraj, A.; Shanmugam, A., International Conference on ACS: An efficient address based cryptography scheme for Mobile ad hoc networks security, May 2008.

Thank You Questions?