DOCUMENT-BASED MESSAGE-CENTRIC SECURITY USING XML AUTHENTICATION AND ENCRYPTION FOR COALITION AND INTERAGENCY OPERATIONS LCDR Jeffrey S. Williams Naval.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Encrypting Wireless Data with VPN Techniques

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

School of Graduate Professional Studies Systems Engineering Research at Penn State Colin J. Neill Representing the work of: Kathryn Jablokow, Assoc Prof.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

AUV Workbench: Integrated 3D for Interoperable Mission Rehearsal, Reality and Replay Jeffrey Weekley Naval Postgraduate School, Monterey, CA USA

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Principles of Information Security, 2nd edition1 Cryptography.

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

2° cycle degree programme (lm) in Telecommunications Engineering Principles Models and Applications for Distributed Systems Prof. Maurelio Boari

Web services security I

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Public-key Cryptography Strengths and Weaknesses Matt Blumenthal.

Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.

1 NATO HQ C 3 Staff The NATO HQ need for the Web: How policy requirements are affected by the need to take web development into account Georges D’hollander.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Information Security and Computer Systems: An Integrated Approach Mark A. Holliday and Bill Kreahling, Dept of Mathematics and Computer Science Western.

SAVAGE Modeling Analysis Language (SMAL)

ECE509 Cyber Security : Concept, Theory, and Practice Cryptography Spring 2014.

John Trinidad Senior Systems Engineer Harris Corporation Rochester, NY (585) The Challenge in Developing an SCA Compliant.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

An Overview of Cryptography Ying Wang-Suorsa Helsinki University of Technology.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Cryptography and Network Security (SSL)

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

1 Don Brutzman Naval Postgraduate School (NPS) Modeling, Virtual Environments & Simulation (MOVES) Institute Naval Postgraduate School 8 June 2006 NPS.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

Encryption / Security Victor Norman IS333 / CS332 Spring 2014.

Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.

Transboundary Trust Space February 16, 2012 Ensuring trust in information exchange – proposal and approaches from Russia and CIS-states (RCC states) National.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

Page 1 Unclassified _NB_Next Steps.ppt Phillip E. Paulsen Space Communications Office NASA Glenn Research Center (GRC) Cleveland, Ohio 6 November.

Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Extensible Modeling and Simulation Framework Extensible 3D Graphics (X3D) Don Brutzman MOVES Institute, Naval Postgraduate School Andreas Tolk VMASC, Old.

Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.

Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

May 2010 GGIM, New York City The National System for Coordination of Territorial Information SNIT NSDI of Chile.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.

Key management issues in PGP

CompTIA Security+ Study Guide (SY0-401)

CompTIA Security+ Study Guide (SY0-501)

NAAS 2.0 Features and Enhancements

Tim Bornholtz Director of Technology Services

Presentation transcript:

DOCUMENT-BASED MESSAGE-CENTRIC SECURITY USING XML AUTHENTICATION AND ENCRYPTION FOR COALITION AND INTERAGENCY OPERATIONS LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009 This thesis was done at the MOVES Institute

Problem Statement Different agencies and different nations are not able to communicate and share structured information –Different data formats –Different security policies The current evolution of data and security policies by different agencies and nations will not solve this problem.

Motivation Show that existing web standards for document security can be commonly applied across a range of scenarios. –Canonicalization (C14N) –Authentication (digital signature) –Encryption –Compression Demonstrate a meaningful exemplar that can work for multiple agencies and nations

Exemplar Scenario Coalition Operations for antipiracy –Task Force 151 and NATO ATALANTA –Approx. 30 nations, variable membership –Shared need for document security –Diverse communication channels: NATO messaging, “free formatted” messaging, e- mail, and bridge-to-bridge radio! Assume secure endpoints and non-secure transport for any message

International Navies Concerns

Problem Constraints Allow a diverse communications framework to securely enable shared/common data exchange between traditional and nontraditional actors. Provide a mechanism with minimal exchange of cryptographic technology by implementing open standard technology. –No nation trusts another nation’s security software –World Wide Web security is a potential for international standardization because multiple independent implementations are available. –Can substitute alternative cryptographic algorithms

Key Exchange Public Key Cryptography has well-defined formal mechanisms for defining secure operations. Step 1. B  A: {Nb, B} KB Step 2. A  B: {Nb, Na, A} KA Step 3. B  A: {Na} KB

XML Digital Signature Process

Digital Signature

XML Encryption Process

Recommended Best Practice

XML Encryption

Goal of EXI integration with XML Security

Encryption -EncryptedData (Element Node) +[Attribute] - EncryptionMethod (Element Node) +[Attribute] - KeyInfo (Element Node) - EncryptedKey (Element Node) + EncryptionMethod (Element Node) - KeyInfo (Element Node) +KeyName (Element Node) + CipherData (Element Node) - CipherValue (Element Node) - CipherData (Element Node) + CipherValue ? ? ? ?

XML Decryption Process

Conclusions XML Security is a feasible approach for multiple agency and coalition operations. This thesis demonstrates practical results for a meaningful scenario The approach works for any type of XML.

Future Work Certification and Accreditation of XML Encryption and Authentication for the unclassified Architecture Contrast of XML Security with SSL and TLS Mitigation techniques and tactics to isolate risks associated with Web Based Security methods. Applicability of XML Encryption for real time web services Application of XML encryption and authentication techniques within the classified arena A Comparative Analysis and potential for document centric security using XML in support of CENTRIXS and Coalition Secure Management and Operations System (COSMOS)

Contact Information Jeff Williams skype: williams6us Don Brutzman Code USW/br Naval Postgraduate School Monterey, CA

Brief Biography of LCDR Williams USN/1600 LCDR Williams joined the Navy in 1987 through the Delayed Entry Program (DEP). He was commissioned through NROTC Atlanta Consortium via the BOOST program. Since his commission in 1996 he has served at the following commands: –USS ESSEX (LHD-2) –Military Sealift Command Office (MSCO) Beaumont TX –Naval Network and Space Operations Command (NNSOC) –Destroyer Squadron Two Six (CDS-26) –Naval Postgraduate School (NPS) Next Assignment: –Network Engineer Program Manager, Brussels Belgium Industry Certifications –CISSP, CISA, CWSP, Security+, Network+, I-NET+, A+

Acknowledgements The thesis was developed under the guidance of Prof. Don Brutzman, PhD. Naval Postgraduate School and second reader Don McGregor, Research Associate Naval Postgraduate School at the Modeling Virtual Environment and Simulation (MOVES) Institute. The Scenario Authoring for Visual Graphical Environments (SAVAGE) team’s expertise in the development and processing of information contributing to the proof of concept formulations. Course work and further guidance from the Naval Postgraduate School Center of Information Security Research (CISR) contributed greatly in understanding and articulating key security concepts.