Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.

Published byBartholomew Lane Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume."— Presentation transcript:

1 Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume

2 Secure Systems Research Group - FAU Outline Introduction A Pattern for WS-Security Conclusion

3 Secure Systems Research Group - FAU Introduction Digital signature existed before XML Signature. One of the most common is PKCS#7 Signature. Before XML Signature, it was possible to sign XML documents, but it was not possible to express the signature in an XML format. Also, it was not possible to sign only some parts of the document. XML Signature was developed by the W3C and the IETF (Internet Engineering Task Force).

4 Secure Systems Research Group - FAU A Pattern for WS-Security XML Signature standard describes the syntax and the process of generating and validating digital signatures. XML Signature provides message integrity, message authentication, and non-repudiation. Context – Users of web services send and receive SOAP messages through insecure channel such as the Internet.

5 Secure Systems Research Group - FAU Problem Because SOAP messages travel through insecure channels, they may be intercepted and modified while they are in transit. The solution for this problem is affected by the following forces: – We need to express a digital signature in a standardized XML format, so interoperability can be ensured between applications.

6 Secure Systems Research Group - FAU Problem Forces… – Messages may be captured while they are in transit, so we need to be able to verify if this data was modified. – Messages can be sent and later disavowed, so we need to prevent senders to deny having sent a specific message. – An XML message, any part of an XML message, or external resources can be signed. We need a way to refer and locate these elements. – XML documents may be parsed by different processors, and also XML allows some flexibility without changing the semantic of the message. Thus, we need to convert the data to a standard format.

7 Secure Systems Research Group - FAU Solution – Structure - Class Diagram Structure

8 Secure Systems Research Group - FAU Signature Types Enveloping Signature

9 Secure Systems Research Group - FAU Signature Type Enveloped Signature

10 Secure Systems Research Group - FAU Signature Type Detached Signature

11 Secure Systems Research Group - FAU Signature Type Detached Signature

12 Secure Systems Research Group - FAU – Dynamics Sequence Diagram for the UC: Sign an XML-Element

13 Secure Systems Research Group - FAU Consequences This pattern presents the following advantages: – XML Signature describes a common framework for digital signatures. – Using digest algorithms guarantee that any change in the message will invalidate the signature. – A signature is generated using the sender’s private key. Because the sender is the only one that knows his private key, he cannot deny signing the data. – The data being signed is referred by its URI (Uniform Resource Identifier), so elements within XML messages and external resources can be located using their identifiers. – XML Signature uses canonicalization algorithms to ensure that different representations of XML are transformed into a standard format before applying any digest algorithm.

14 Secure Systems Research Group - FAU Consequences The pattern also has some (possible) liabilities: – Large overhead because of the use of many types of algorithms such as digest, canonicalization and signature algorithms.

15 Secure Systems Research Group - FAU Known Uses Several vendors have developed products that support WS-Security. – Xtradyne’s WS-DBC (Web Service Domain Boundary Controller) http://www.xtradyne.com/products/ws- dbc/WSDBCfeatures.htm http://www.xtradyne.com/products/ws- dbc/WSDBCfeatures.htm – IONA Artix www.iona.com/info/aboutus/collateral/Artix%20and%20Security.p df www.iona.com/info/aboutus/collateral/Artix%20and%20Security.p df – Forum Sentry™ http://forumsys.com/products_sentry_specs.htm http://forumsys.com/products_sentry_specs.htm – SecureXML Digital Signature Web Service http://www.infomosaic.net/Welcome.htm http://www.infomosaic.net/Welcome.htm

16 Secure Systems Research Group - FAU Related Patterns – WS-Security Standard uses XML Signature.

17 Secure Systems Research Group - FAU Conclusion We need to develop patterns for the WS – family such as WS-Policy, WS-Privacy, WS- SecureConversation, WS-Federation, and WS- Authorization. We need to develop a pattern diagram describing how this standards are related to each other.

Download ppt "Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume."

Similar presentations

XML DIGITAL SIGNATURE ASIM REHMAN YURI ALEGRIA. Introduction What is a digital signature Digital signature provides a mechanism for assuring integrity.

XML DIGITAL SIGNATURE ASIM REHMAN YURI ALEGRIA. Introduction What is a digital signature Digital signature provides a mechanism for assuring integrity.
Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.

Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Web services security I

Web services security I
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Digital Signature Technologies & Applications Ed Jensen Fall 2013.

Digital Signature Technologies & Applications Ed Jensen Fall 2013.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
E-mail Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Similar presentations

Ads by Google