Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project: XML Security CS 259 March, 2004 Jun Yoshida (Visiting Scholar from Hitachi Ltd.)

Published byCatherine George Modified over 9 years ago

Similar presentations

Presentation on theme: "Project: XML Security CS 259 March, 2004 Jun Yoshida (Visiting Scholar from Hitachi Ltd.)"— Presentation transcript:

1 Project: XML Security CS 259 March, 2004 Jun Yoshida (Visiting Scholar from Hitachi Ltd.)

2 Project: XML Security uprotocol or system XML Security (XML Encryption, XML Signature) uproperties which should be preserved XML elements (ex. credit card number) ukind of attacks Authentication, Secrecy, Replay attack,... utool or method Mur j uself or team myself

3 XML Alice 1234 5678 9012 3456 Example Bank 01-05

4 XML Web Services (XWS) XML HTML User (Web Browser) Your Program (.NET, Java) Ex) Google.com Amazon.com Web Server

5 XWS Application Example uTouchGraph.com GoogleBrowser Google.com XML

6 System Integration with XWS Internal Systems PartnersCustomers Your Company/ Organization XML

7 Getting Started... Analysis Tool Informal Protocol Description Find error Specification Intruder Model Formal Protocol

8 Specification uXML Encryption: 31 pages http://www.w3.org/TR/xmlenc-core/ uXML Signature: 47 pages http://www.w3.org/TR/xmldsig-core/ uWS-Security: 22 pages http://www-106.ibm.com/developerworks/ webservices/library/ws-secure/

9 XML on SSL XML SSL XML SSL Commerce Site Credit Company User

10 XML Encryption --- before --- Alice 1234 5678 9012 3456 Example Bank 01-05

11 XML Encryption --- after --- Alice <EncryptionData type=‘http://www.w3c.org/2001/04/xmlenc#Element’ xmlns=‘http://www.w3c.org/2001/04/xmlenc#’> A23B45C56…

12 The Rule of XML Encryption ? ( ? )?

13 Basic Example A {E 1 } SSK A1 /PK B B {E 2 } SSK B2 /PK A E x : XML Element, SSK x : Shared Secret Key, PK x : Public Key... {E 3 } SSK A3 /PK B {E 4 } SSK B4 /PK A {E n-1 } SSK An-1 /PK B {E n } SSK Bn /PK A

14 Shared Secret Key Example A B {E 1 } SSK X1 /PK B, {SSK A } PK B... {E 3 } SSK B {E 4 } SSK A {E n-1 } SSK B {E n } SSK A {E 2 } SSK X2 /PK A, {SSK B } PK A E x : XML Element, SSK x : Shared Secret Key, PK x : Public Key

15 From Spec. to Mur j Model Analysis Tool Informal Protocol Description Find error Mur j code Specification Intruder Model Formal Protocol

16 Send XML encrypted with Public Key ruleset i: ClientId do ruleset j: ServerId do cli[i].state = C_SLEEP & multisetcount (l:net, true) < NetworkSize ==> var outM: Message; -- outgoing message cSSK: SharedSecretKeyId; -- shared secret key for client begin cSSK := GenSharedSecretKey(); -- SSK A undefine outM; outM.source := i; outM.dest := j; outM.mType := M_PK; outM.element1 := i; outM.enKey1_1 := j; -- {E 1 } PK B outM.element2 := cSSK; outM.enKey2 := j; -- {SSK A } PK B multisetadd (outM, net); cli[i].state := C_WAIT_PK_MESSAGE; cli[i].server := j; cli[i].cSK := cSK; end;

17 Send XML encrypted with SSKey ruleset i: ClientId do choose j: net do cli[i].state = C_WAIT_PK_MESSAGE & net[j].dest = i ==> var outM: Message; -- outgoing message inM: Message; -- incoming message sSSK: SharedSecretKeyId; -- shared secret key for Server begin inM := net[j]; multisetremove (j, net); if inM.mType = M_PK then if inM.enKey1_1 = i & inM.enKey2 = i then -- {E 2 } PK A, {SSK B } PK A sSSK := inM.element2; -- SSK B undefine outM; outM.source := i; outM.dest := cli[i].server; outM.mType := M_SSK; outM.element1 := i; outM.enKey1_2 := sSSK; -- {E 3 } SSK B multisetadd (outM, net); cli[i].state := C_WAIT_SSK_MESSAGE; cli[i].sSSK := sSSK; end; end; end; end; end;

18 Intruder Model Analysis Tool Informal Protocol Description Find error Mur j code Mur j code, similar for all protocols Specification Intruder Model Formal Protocol

19 Intruder can Decrypt if Knows Key ruleset i: IntruderId do choose j: net do ruleset intercept : boolean do rule "intruder overhears/intercepts" !ismember(net[j].source, IntruderId) -- not for intruder's message ==> begin alias msg: net[j] do -- message to overhear/intercept -- learn public key based messages if msg.mType = M_PK then if msg.enKey1_1 = i then int[i].elements[msg.element1] := true; end; -- {E x } PK I if msg.enKey2 = i then int[i].keys[msg.element2] := true; end; -- {SSK X } PK I end; -- learn shared secret key based messages if msg.mType = M_SSK & int[i].keys[msg.enKey1_2] = true then -- {E x } SSK I int[i].elements[msg.element1] := true; end; end; end; end; end; end;

20 Intruder can Alter Messages ruleset i: IntruderId do choose j: net do ruleset intercept : boolean do rule "intruder overhears/intercepts and alter ssk" !ismember(net[j].source, IntruderId) -- not for intruder's message ==> var iSSK: SharedSecretKeyId; -- shared secret key for intruder begin alias msg: net[j] do -- message to overhear/intercept if msg.mType = M_PK then iSSK := GenSharedSecretKey(); msg.element2 := iSSK; -- {SSK A } PK B => {SSK I } PK B int[i].keys[iSSK] := true; end; end; end; end; end; end;

21 Running Mur j Analysis Analysis Tool Informal Protocol Description Find error Mur j code Mur j code, similar for all protocols Specify security conditions and run Mur j Specification Intruder Model Formal Protocol

22 Found Error A B {E 1 } SSK X1 /PK B, {SSK A } PK B {E 3 } SSK I {E 2 } SSK X2 /PK A, {SSK B } PK A {E 2 } SSK X2 /PK A, {SSK I } PK A failed E3E3 E x : XML Element, SSK x : Shared Secret Key, PK x : Public Key

23 XML Signature Signed Info.... Reference Signature Value Detached Signature Enveloped Signature XML Element Signed Info.... Reference Signature Value Enveloping Signature Signed Info.... Reference Signature Value XML Element

24 The Rule of XML Signature ( ( )? )+ ( )

25 A B {E 1 } SSK X1 /PK B, {SSK A } PK B... {E 3 } SSK B {E 4 } SSK A {E n-1 } SSK B {E n } SSK A {E 2 } SSK X2 /PK B, {SSK B } PK A E x : XML Element, SSK x : Shared Secret Key, PK x : Public Key Doc 1 Doc 2 Sig A {Doc 1 } Sig B {Doc 2 } Sig A {Doc 3 } Sig A {Doc n-1 } Sig B {Doc 4 } Sig B {Doc n } Fixed Shared Secret Key Example

26 Conclusion uI couldn’t find any error about the combination of XML Enc./Sig. uBut XML Enc./Sig. have the flexibility to use uIt’s important to use correctly

Download ppt "Project: XML Security CS 259 March, 2004 Jun Yoshida (Visiting Scholar from Hitachi Ltd.)"

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Model Checking for Security Anupam Datta CMU Fall 2009 18739A: Foundations of Security and Privacy.

Model Checking for Security Anupam Datta CMU Fall A: Foundations of Security and Privacy.
CS259: Security Analysis of Network Protocols Overview of Murphi Arnab Roy.

CS259: Security Analysis of Network Protocols Overview of Murphi Arnab Roy.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography and Network Security

Cryptography and Network Security
Internet Security Protocols

Internet Security Protocols
The Secure Socket Layer Protocol (SSL) CS391. Overview.

The Secure Socket Layer Protocol (SSL) CS391. Overview.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.

Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Security & Encryption Thomas Fenske & Joseph Minter.

Security & Encryption Thomas Fenske & Joseph Minter.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Analysis of Security Protocols (I) John C. Mitchell Stanford University.

Analysis of Security Protocols (I) John C. Mitchell Stanford University.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Similar presentations

Ads by Google