1. Addressing confidentiality issue in third party xml publication
PREPARED BY: KUNAL SHAH

2. What is problem. 1) If third party publisher is un trusted
What is problem ? 1) If third party publisher is un trusted? -How if publisher gives more data then user suppose to get -solution?

3. SE-XML Encrypted data key credential Query Publisher Owner Mhash(E.d)
XML Source
Credential
base
policy base
SE-XML
Owner
Mhash(E.d)
Encrypted data
key
credential
Query
User/Subject

4. Procedure : 1)User sends credentials to owner 2)Owner returns user sends subject policy configuration to user 3)Owner computes m. Hash(for encrypted document) and store in local table for corresponding subject policy configuration 4)User sends subject policy configuration to publisher who returns “encrypted” xml document 5)User computes m.hash and subject policy configuration to owner 6)Owner mach the data sent by user to its internal table entries 7)If mach fount then owner will send a key to decrypt the xml document 8)Then m.hash (unencrypted) can be used to check the completeness and integrity Does it solve problem ????????? No!!

5. Why? -publisher sent appropriate data to user -user computed encrypted m.hash and sent it to owner -m.hash matched and owner sent key to client -client requsred data again and publisher sent more data then client should get -but client already have the key to decript the data!!!!!

6. Solution: 1)keep separate key for each and every node in xml tree structure 2)instead of returning single decryption key owner will return xml schema like document which specify decription key for each node

7. Even One Step Further
If we only encrypt data fields and leave elements names as it is in plain text then some information may be inferred by un authenticated user
What we can do is to encrypt the element name as well and associate some unique id’s with element and access elements during decryption by using id associated with it.