Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing XML Documents Through Merkle Hash Trees

Published byCharleen Simon Modified over 6 years ago

Similar presentations

Presentation on theme: "Securing XML Documents Through Merkle Hash Trees"— Presentation transcript:

1 Securing XML Documents Through Merkle Hash Trees
Bhavani Thuraisingham October 8, 2007 Lecture #19 (Guest Lecture) Good afternoon, my name is Barbara Carminati, and In this talk, I’m going to present the work carried out in secure Publishing Service of XML documents. Due to the widespread use of XML as a standard for document representation and exchange over the Web, the development of a framework supporting secure publishing of XML documents is becoming a crucial need.

2 Outline Motivation for Research on XML Security
Connection to digital forensics Technical Details of the Research on XML Security Related work and Future Directions Based on paper published in IEEE Transactions on Knowledge and Data Engineering, October (Bertino, Ferrari, Carminati, Thuraisingham)

3 Motivation for Research on XML Security
XML (extensible Markup Language) Security XML has become the standard document interchange language for the web (internal and external) XML is a critical technology for the semantic web RDF and other specifications are built on XML XML documents must satisfy security and privacy policies Challenges: Access Control, Secure publishing, Secure Web Services Applications, Securing RDF, Secure semantic web, Temporal models, Privacy, Handling evolving XML specifications Outline of XML Security Presentation Access Control Example XML document, Policy Specification, Access Control Strategy and Architecture Third Party Publication of XML Documents Architecture Interactions between Owner, Publisher and Subject Checking for Authenticity and Completeness Potential Attacks and Performance Issues Integrating Confidentiality with Authenticity and Completeness Application: Secure Web Services

4 Connection to Digital Forensics
Law enforcement is using XML documents to exchange data through their internal webs; these documents have to be protected on a need to know basis Law enforcement gets XML standard for data exchange “:A few years ago, there were no law enforcement standards for electronic data interchange, Gill said. Through the Justice XML Standards Task Force formed in August 2002, state, local, federal and tribal IT officials have been hashing out standards to make their systems talk to each other. “ In general one can assume that the environment is trusted; however different law enforcement officials may have different needs; furthermore, their systems may be hacked Digital Forensics service could be offered as a web service Semantic web based infrastructure could be used to build a digital forensics system

5 Example XML Document Patents Asset Year: 2003 Name: UTD Expenses Dept
Author Short-desc ID Annual report Assets Equipment Books Patent Other Tot Funds Date 6/1/03 Type Amout 1m$ UTD Tech-details Cash CS Fund NSF

6 Publishing service: how it works
A new class of information-centered applications based on Data dissemination Possible scenarios: Information commerce (Digital libraries, Electronic news, etc.) Intra-company information systems Users Publishing Service WEB Push/Pull modes Security requirements: Confidentiality Integrity Authenticity Completeness Secure dissemination in a web environment entails addressing three main issues: authenticity, integrity, and confidentiality. Ensuring document confidentiality means that the document contents can only be disclosed to users authorized according to the specified access control policyies. Ensuring document integrity means ensuring that the contents of the document are not altered during its transmission from the source to the intended recipient. es. Ensuring document authenticity means that the subject receiving a document is assured that the document contents come from the source it claims to be from. 9/20/2018

7 Subject Credentials, Protection Objects and Policy Base
Subjects are given access to XML documents or portions of documents depending on user ID and/or Credentials Credential specification is based on credentials a subject has Professor is a credential; Secretary is a credential Protection objects are objects to which access is controlled Entire XML documents or portions of XML documents Policy base stores security policies for protecting the XML source contents

8 Subject Credential Base Example
<Professor credID=“9” subID = “16: CIssuer = “2”> <name> Alice Brown </name> <university> UTD <university/> <department> CS </department> <research-group> Security </research-group> </Professor> <Secretary credID=“12” subID = “4: CIssuer = “2”> <name> John James </name> <department>CS </department> <level> Senior </level> </Secretary>

9 Policy Base Example <?xml version="1.0" encoding="UTF-8"?>
... <policy_spec ID=‘P1' cred_expr="//Professor[department='CS']" target="annual_report.xml" priv="VIEW"/> <policy_spec ID=‘P2' cred_expr="//Professor[department='CS']" target="annual_report.xml" and priv="VIEW"/> <policy_spec ID=‘P3' cred_expr="//Professor[department='IST'] " target="annual_report.xml" priv="VIEW"/> <policy_spec ID=‘P4' cred_expr="//Professor[department='IST']" target="annual_report.xml" and priv="VIEW"/> <policy_spec ID=‘P5' cred_expr="//secretary[department='CS' and level='junior']" target="annual_report.xml" priv="VIEW "/> <policy_spec ID=‘P6' cred_expr="//secretary[department='CS' and level='senior']" target="annual_report.xml" and priv="VIEW "/> <policy_spec ID=‘P7' cred_expr="//secretary[department='IST' and level='junior']" target="annual_report.xml" priv="VIEW "/> </policy_base> 9/20/2018

10 Access Control Strategy
Subjects request access to XML documents under two modes: Browsing and authoring With browsing access subject can read/navigate documents Authoring access is needed to modify, delete, append documents Access control module checks the policy based and applies policy specs Views of the document are created based on credentials and policy specs In case of conflict, least access privilege rule is enforced Works for Push/Pull modes

11 System Architecture for Access Control
User Pull/Query Push/result X-Access X-Admin Admin Tools Credential base Policy base XML Documents

12 Third-Party Architecture
XML Source Credential base policy base The Owner is the producer of information It specifies access control policies The Publisher is responsible for managing (a portion of) the Owner information and answering subject queries Goal: Untrusted Publisher with respect to Authenticity and Completeness checking SE-XML Owner Publisher Reply document credentials Query User/Subject 9/20/2018

13 Subject Owner Interaction
Subjects register with Owner during subscription phase; during this phase subject is assigned by owner credentials stored at the owner site Owner returns to the subject the Subject Policy Configuration (policy identifiers) that apply to the subject signed with the private key of the owner Example: If polices P1 and P2 apply to John (e.g. CS prof) and policy P6 applies to Jane (IST secretary), owner Joe sends John P1 and P2 and to Jane P6 signed with Joe’s private key

14 Subject Policy Configuration
<?xml version="1.0" encoding="UTF-8" ?> <SubjectPolicyConfiguration ID=“ProfessorCS" created=" "> <owner> <name>owner1</name> <organization>CS</organization> <state>Texas</state> <uri> <policy>VtaUBIxliHS1hzrqkKhYVTtYrafVSmCoJPkUVKYXCA7yVdc7a/ne5sgIg0tGGRe3 /D2Xg6Fbwp3SAKK/Ref1teZCpD0nlkx89GOIIcw8o9R3Mb2YY/slk5+Fu0xxWXlB YuWKWWNsXENKTkgiXL4mB1SUt4bmF6YG4lTxfxduVAw=</policy> </SubjectPolicyConfiguration> P1, P2 9/20/2018

15 Owner Publisher Interaction
For each document the owner sends the publisher the following information Information on which subjects can access which portions of the document according to the policy base (I.e. access control policies) Policy element which describes the policies for the document is also inserted Also for each element e based on the policies applied to e, the owner inserts policy configuration (binary string) converted to hexadecimal representation Merkle Signature of each document The document together with the security information is called “Security Enhanced Document” (SE-XML) and will enable the subject to verify the authenticity of the document Additional information encoded in the document called Secure Structure is used by the subject to verify completeness of the result

16 Policy Configuration/Policy Element
Where m is the number of policies applied on document d Consider the element e of an XML document d The policy configuration of e consists of a binary string, of m bits where the i-th bit is equal to: 1 if the policies, whose identifier is i, is applied on e 0 otherwise SE-XML document has information about the set of the m policies applied to the document: <Policy> 1, 2, 3, 4, 5, 6, 7 </Policy> For each element, policy information in hexadecimal representation is also inserted 9/20/2018

17 Policy Configuration: example
Consider the short-descr element of the CS dept: The only policies applied to it are: 1st and 4th policy (i.e. P1, P4) According to the Policy element, these policies are located in the first and fourth position of the policy configuration The policy configuration associated with short-descr element is short-descr’s PC value is 90 (hexadecimal representation) 9/20/2018

18 Publisher Policy evaluation: example
1. Decrypt with the Public key of the Owner the policies applied to the subject (i.e., the Subject Policy Configuration) P1, P2 2. Match the obtained policy identifiers with the identifiers contained in the Policy element i.e. match P1, P2 with P1, P2, P3, P4, P5, P6, P7 3. Find the policies applicable to the element specified in the query (e.g., short description element) P1, P4 4. Find the matching policies from steps 2 and 3 P1 The only policies applied on Short-descr element is “P1” 9/20/2018

19 Security Enhanced XML document
Policy Information Merkle Signature SE-XML Document 9/20/2018

20 Merkle Signature Example
title Author paragraph Politic_page Literary_page Paragraphs date topic Article Newspaper Frontpage Leading Sport_page news Politic MhX(Author)=h(h(Author)||h(Author.value)) MhX(title)=h(h(title)||h(title.value)) MhX(paragraph)=h(h(paragraph)||h(paragraph.content)|| MhX(Author)||MhX(title)) 9/20/2018

21 Merkle Signature Example
title Author Politic_page Literary_page Paragraphs date topic Article Newspaper Frontpage Leading Sport_page news Politic paragraph MhX(Newspaper)=h(h(Newspaper)||h(Newspaper.content)|| MhX ()……||MhX()||…||MhX()) MhX(Newspaper) Merkle Signature of Newspaper XML file 9/20/2018

22 Security Enhanced XML document: Example
<?xml version="1.0" encoding="UTF-8"?> <Annual Report Year = 2003 Name = CS“ CG4g3D8/,mPVV/t+T2O1kZRFhdio="> <Policy>1,2,3,4,5,6,7 </Policy> <Assets> <Asset Dept = “CS"> <Expense Tot="...." PC_ATTR="08"/> <Funds> <Fund Funding Date=“6/1/03" Type=“NSF" Amount="..." PC_ATTR="080808"/> </Funds> </Asset> <Asset Dept=“IST"> <Expenses Tot="...." PC_ATTR="02"/> <Fund Funding Date=“10/1/03" Type=“DoD" Amount="..." PC_ATTR="060602"/> <Fund Funding Date=“4/1/03" Type=“CIA" Amount="..." PC_ATTR="060602"/> </Assets> /AnnualReport> 9/20/2018

23 Secure Structure Example
<?xml version="1.0" encoding="UTF-8"?> <x x ="rVR5DQ" x ="QTQXS“ Sign="OD2mc9aVV/tP4g3TG+1kr4sFhdio="> <Policy>1,2,3,4,5,6,7 </Policy> <x > <x x ="PlcZUo"> <x x ="...." PC_ATTR="08"/> <x > <x x ="fNhtL" x ="hgKID" x ="..." PC_ATTR="080808"/> </x > </x > <x x ="pKGEs"> <x x ="...." PC_ATTR="02"/> <x x ="gPd39" x ="hgKID" x ="..." PC_ATTR="060602"/> <x x ="o4GpM" x ="yr0QjJ" x ="..." PC_ATTR="060602"/> </x > /x > Additionally, in order to prevent alterations by the Publisher, the Owner computes the Merkle Signature of the secure structure. Similarly to the SE-XML document, this signature is sent to Publishers together with the corresponding secure structure. 9/20/2018

24 Subject Publisher Interaction
The subject submits queries to publisher; it also sends its subject policy configuration Publisher computes a view of the requested documents based on access control policies for the subject set by the owner To verify the authenticity of the answer, subject must recompute the same bottom up hash value signed by owner (i.e. Merkle signature) and compare it with the Merkle signature generated by the owner and inserted by the publisher Subject may not get the entire document; therefore publisher sends to the subject additional hash values that refer to the missing portions of the document Subject verifies the authenticity of the document

25 Merkle Hash Paths 5 8 11 9 13 4 2 10 12 6 14 16 15 17 7 3 1 w v MhPath(4,1) MhPath(7,1) MhPath(5,1) 9/20/2018

26 Completeness Verification
<?xml version="1.0" encoding="UTF-8"?> <x x ="rVR5DQ" x ="QTQXS“ Sign="OD2mc9aVV/tP4g3TG+1kr4sFhdio="> <Policy>1,2,3,4,5,6,7 </Policy> <x > <x x ="PlcZUo"> <x x ="...." PC_ATTR="08"/> <x > <x x ="fNhtL" x ="hgKID" x ="..." PC_ATTR="080808"/> </x > </x > <x x ="pKGEs"> <x x ="...." PC_ATTR="02"/> <x x ="gPd39" x ="hgKID" x ="..." PC_ATTR="060602"/> <x x ="o4GpM" x ="yr0QjJ" x ="..." PC_ATTR="060602"/> </x > /x > Verify authenticity and integrity of ST by using the Merkle Signature Verify the completness Translate the submitted query Evaluate the obtained query on the secure structure Check the policy configuration Hash the result answer received by the Publisher Match it with the obtained node-set. x /* Finally, the last step of the completeness verification is to hash the answer received by the Publisher, and match it with the obtained node-set. The junior secretary verifies that in the answer received by the Publisher an element is omitted, more preCSely, a Fund element. 9/20/2018

27 Reply Document Generation Algorithm
Reply Generator Algorithm Input: SE-XML version of XML document d; A query q on d submitted by s; the policy configuration of s Output: Reply document r Evaluate q on d and return a well-formed XML document containing all and only the nodes satisfying q Determine which access control policies apply to each node satisfying q Remove from node-set the nodes that s is not authorized to see based on information in SE-XML for d All the attributes in the resulting document are replaced with an AtteibuteElement element An additional attribute called MhPath is inserted in each node to be returned to s Insert Merkle signature of d Rebuild document by taking the set of nodes returned from the above steps and transform into a well-formed document

28 Example Reply Document
Reply document generated by Publisher to an IST Professor who requests all the patents of CS department MhPath attribute associated with Short-descr contains all the hash values needed to computer the Merkle has value of Patent starting from Short-descr. Patent Sign MhPath Authors Short-descr MhPath MhPath

29 Authentication: Authenticable Element
Document d = (Vd, vd, Ed, Fed) is defined as follows: Vd is the set of all element nodes and attribute nodes in d, vd is the node representing the document element called the document root, Ed is the set of edges in d, and FEd is the edge labeling function Definition 1: Let d = (Vd, vd, Ed, FEd) be an XML document, let g = (Vg, vg, Eg, FEg) be the SE-XML version of d, and r = (Vr, vr, Er, FEr) be the reply document to a query on d submitted by s. Let VT be the set of terminal nodes of r. Let Vr,e be the set of element nodes in the reply document r. For each v in Vr, e, v is authenticable by s iff. there exists vt in VT with v in path(vt) such that it is possible through a recursive bottom up computation to compute the Merkle hash value of vd using only the values in {w.MhPath: w is in path(vt)} Theorem 1: Let g = (Vg, vg, Eg, FEg) be the SE-XML version of an XML document d and r = (Vr, vr, Er, FEr) be the reply document corresponding to a query submitted on d by subject s. Each node in Vr,e is authenticable by s Proof of Theorem is by Induction on the length of the relative path of w with respect to v where v is in VT, w is in Vd and v is in path(w)

30 Authentication Subject Verification Algorithm
Subject Verification Algorithm: Input: Reply document r = (Vr, vr, Er, FEr) Output = True if all nodes in r are authentic. False otherwise Starting from each terminal node in the reply document, the algorithm recomputes the Merkle hash value of the root of document d through a bottom-up computation that uses the values of attributes MhPath of each node belonging to the path connecting the terminal node to the root of the reply document The obtained value is compared with the decryption of the Merkle Signature of d using the Owner’s public key If the two values coincide then all the nodes belonging to the path are authentic, otherwise the algorithm terminates and returns false

31 Authentication:Authentic Element
Definition 2: Let g = (Vg, vg, Eg, FEg) be the SE-XML version of d, and r = (Vr, vr, Er, FEr) be the reply document to a query on d submitted by s. Each node v in Vr, e is authentic iff. V is authenticable by s and the computed Merkle has value of vd is equal to the decryption of Sign.val using the Owner public key Theorem 2: Let s be a subject, q be a query submitted by s, and r be the reply document received by s as an answer to q. Subject verification algorithm returns True iff. Each v in Vr,e is authentic where Vr,e is the set of element nodes in the reply document r Proof: By theorem 1 all nodes of a reply document correspond to elements are authenticable by s. Therefore bt definitions 1 and 2, there exists for each vt in VT a recursive bottom-up computation able to compute Merkle hash value of the root of the document d using only the values of MhPath attributes of all nodes belonging to path (vt), and this value coincides with the decryption of the value of the Sign attribute with the Owner public key The proof is to show that this recursive bottom-up computation is implemented by the Subject Verification Algorithms

32 Potential Attacks and Performance Issues
Subject attacks Subject Si eavesdropping during subscription phase of subject Sm Subject attacking the secure structure and deducing sensitive attributes Publisher attacks Publisher changes the Sign element in SE-XML Performance Issues Update management Modification of document implies changes to Merkle hash and SE-XML document Storage complexity of security information E.g, SE-XML and Secure Structure

33 Challenge: Integrating Confidentiality and Authentication
Currently the portion of the Publisher that actually enforces the access control policy must be trusted I.e. Trust with respect to Confidentiality Challenge: How can we come up with a unified approach that ensures Confidentiality, Authenticity and Completeness Directions: Apply access control policies to portions of the document and encrypt the views computers; only those authorized to see the views have the keys for decryption Querying encrypted databases

34 Application: Secure Web Services
How authenticity, confidentiality and integrity can be ensured in the presence of an untrusted UDDI? Traditional techniques are not enough! Possible solutions: Integrity, confidentiality: selective encryption of the data managed by the UDDI according to the specified access control policies Authenticity: Merkle hash trees Additional security properties: Completeness Consistency

35 <dsig:Signature>
Authenticity ….traditional digital signatures do not fit well in third-party architectures!! BusinessEntity UDDI <dsig:Signature> tModel Query BusinessService BusinessService PublisherAssertion BindingTemplate Service requestor Service provider 9/20/2018

36 <dsig:Signature>
Merkle Signature An alternative way to sign an XML doc By applying a unique digital signature on an XML doc it is possible to ensure the authenticity of: the whole document any portion of it It uses a different way to compute the digest of XML docs, based on the Merkle tree authentication mechanisms <dsig:Signature> BusinessEntity tModel BusinessService PublisherAssertion BindingTemplate 9/20/2018

37 Related Work and Directions on XML Security
University of CA, Davis (started with relational databases and extended to XML) Directions Keep up with security as XML specifications evolve How can we integrate confidentiality with authenticity and completeness without trusting the publisher? Secure RDF models Paper submitted to DEXA WebS Workshop Temporal access control models for XML documents Secure information interoperability Secure semantic web Computer Standards and Interface Journal, March 2005

Download ppt "Securing XML Documents Through Merkle Hash Trees"

Similar presentations

Operating System Security

Operating System Security
UDDI v3.0 (Universal Description, Discovery and Integration)

UDDI v3.0 (Universal Description, Discovery and Integration)
Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,

Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Secure Knowledge Management Dr. Bhavani Thuraisingham The National Science Foundation September 2004.

Secure Knowledge Management Dr. Bhavani Thuraisingham The National Science Foundation September 2004.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)

Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)
Secure Publishing of XML Documents Bhavani Thuraisingham October 29, 2010.

Secure Publishing of XML Documents Bhavani Thuraisingham October 29, 2010.
General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.

General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Similar presentations

Ads by Google