SlideShare a Scribd company logo

A novel approach for Multi-Tier security for XML based documents

IOSR Journals
IOSR Journals

IOSR Journal of Computer Engineering (IOSRJCE)

Technology
1 of 4
Download to read offline
IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727 Volume 5, Issue 4 (Sep-Oct. 2012), PP 01-04 www.iosrjournals.org www.iosrjournals.org 1 | Page A novel approach for Multi-Tier security for XML based documents Bimlendu Prasad Verma1 , Shiv Kumar2 , Prashant Sharma3 1 (Faculty of Engineering and Technology, Mewar University, India) 2 (Faculty of Engineering and Technology, Mewar University, India) 3 (J.T. Mahajan College of Engineering, North Maharashtra University, India) Abstract: Recently all the documents formats are being shifted from proprietary formats to the XML based standard formats. One of the key issues associated with any XML based document is security. Most of the approaches of security focus towards securing the access to the data rather than securing the data itself. So once the data/ document are out of their ‘secured environment’, they become completely open. However the data need to be secured in respect of confidentiality, integrity, authenticity and non-reproduction. Here we present an approach to achieve the Multi-Tier security that deals with providing integrity, non repudiation and different confidentiality levels for different users of the document. With this approach different users get to see only the allowed sections / sub sections of the XML based document. Keywords - Access control, Document security, Multi Tier Security, XML Security I. INTRODUCTION Recently all the documents formats are being shifted from proprietary formats to the XML based standard formats. One of the key issues associated with any XML based document is security. Most of the approaches of security focus towards securing the access to the data rather than securing the data itself. So once the data/ document are out of their ‘secured environment’, they become completely open. However the data need to be secured in respect of confidentiality, integrity, authenticity and non-reproduction. Security is essential in order to share the documents out of the ‘secured environment’. The acceptance of XML is growing and so is the need of having XML security. The XML Security standards define XML based rules in order to meet security requirements. The XML Security standards consist of the following:  XML Digital Signature – This standard deals with the integrity and signing the XML document.  XML Key Management (XKMS) – This deals with the public-private key registration and validation  XML Encryption - This standard deals with the encryption and decryption of the XML based document for confidentiality.  Security Assertion Markup Language (SAML) – This deals with conveying of authentication, authorization and attribute assertions.  XML Access Control Markup Language (XACML) – This deals with the defining access control rules for the different part of the XML document. Major use cases include securing Web Services (WS-Security) and Digital Rights Management (eXtensible Rights Markup Language 2.0 - XrML). II. DOCUMENT SECURITY DETAILS Electronic documents are fast replacing the paper based documents; be it electronic health records, photo albums, workflow systems, etc; however it is still far from real world needs on the aspects of security. Let’s look at the current picture as far as document security goes: 2.1 Security – Current scenario The term security encompasses all of the following: Some of the prevailing document formats e.g. Adobe’s PDF, SVG and Microsoft XDocs have either very limited or no built-in security implemented. Adobe PDF provides lock security – i.e. password for reading, writing and printing. However other formats lack on the security part. What we propose is formats based on Open Standard XML complying to standards set by W3C and OASIS (ISO), with following security implemented:  Single secure file that can be digitally signed  Strong support for signatures, i.e. multiple and overlapping signatures  Multiple encryptions for multiple types of access rights. Thus ensuring role based security
A novel approach for Multi-Tier security for XML based documents www.iosrjournals.org 2 | Page III. MULTI TIER SECURITY 3.1 Digital Signature Normal digital signature guarantees three information security properties:  Authentication: The signer is well identified by the private/public key relation.  Non-repudiation: The signing party cannot later on deny performing the action, since the private key was used for encryption process. Note that if a symmetric key cryptography was used, the non-repudiation properties could not be guaranteed.  Integrity: Since the signature itself is associated to the content to the message, any message alteration would make the signature invalid. This also implies that the signature cannot be copied from one message and applied to another. The Single Digital Signature category is complete, but does not aim to replace all the utilizations of traditional written signature, since in many cases, more than one person are required to sign a legal document. Therefore Digital Multiple Signatures are very important. In everyday life, many legal documents require signatures from more than one party For applying multiple and overlapping digital signatures, we could apply Sequential Multiple Signature In which we could sequentially sign the document many times. Refer figure 1. 3.2 Encryption Since encryption granularity is XML node then we could encrypt and decrypt the desired part of full xml document according to roles. Refer figure 5. This can be complimented using the implementation of Access control and Key Management system which will complete the security scenario. IV. FIGURES AND TABLES Fig. 1 Overlapping Digital Signatures. Fig. 2 Original XML File (Meta.xml).
A novel approach for Multi-Tier security for XML based documents www.iosrjournals.org 3 | Page Fig. 3 after applying first digital Signature (Meta.xml). Fig. 4 after applying second digital Signature (Meta.xml).
A novel approach for Multi-Tier security for XML based documents www.iosrjournals.org 4 | Page Fig. 5 Overlapping Digital Signatures V. CONCLUSION Electronic documents are fast replacing the paper based documents; be it electronic health records, photo albums, workflow systems, etc; however it is still far from real world needs on the aspects of security. Today’s challenge is to make the electronic documents as relevant as their paper versions for their suitability for the legal documents such as contract papers, documents that record the workflow trails etc. With the suggested approach it is possible to publish or hide the information based on roles, the overlapping signatures provide a way of authorizing the document by a set of people. VI. Acknowledgements We would like to thank Dr D.B. Ojha of Faculty of Engineering and Technology, Mewar University for encouraging and guiding us to write this paper. REFERENCES [1] Internet documentation at http://home.comcast.net/~fjhirsch/xml/xmlsec/starting-xml-security.html [2] XML Security standards on W3 website http://www.w3.org/standards/xml/security [3] XML Security information on W3 website www.w3.org/2004/Talks/0520-hh-xmlsec/. [4] OASIS website for web service security (WSS) https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss [5] OASIS website for Web Services Security XrML-Based Rights Expression Token profile www.oasis- open.org%2Fcommittees%2Fwss%2Fdocuments%2FWSS-XrML-03- changes.pdf&ei=ZFYrUIuMC4KHrAe36oHICg&usg=AFQjCNFKOvbUYga98mruxq2d4KjBxzXEKg [6] OASIS website on the XACML https://www.oasis-open.org/committees/xacml/ [7] XML Key Management Specifications on W3 website. www.w3.org/TR/xkms/ [8] OASIS website on the SAML https://www.oasis-open.org/committees/security/ [9] XML Key Management Specifications on W3 website. www.w3.org/TR/xkms/

Recommended

Multilayer security mechanism in computer networks (2)
Multilayer security mechanism in computer networks (2)Multilayer security mechanism in computer networks (2)
Multilayer security mechanism in computer networks (2)Alexander Decker
 
PG & Associates
PG & AssociatesPG & Associates
PG & AssociatesPremanandha Gangiah
 
Multilayer security mechanism in computer networks
Multilayer security mechanism in computer networksMultilayer security mechanism in computer networks
Multilayer security mechanism in computer networksAlexander Decker
 
11.multilayer security mechanism in computer networks
11.multilayer security mechanism in computer networks11.multilayer security mechanism in computer networks
11.multilayer security mechanism in computer networksAlexander Decker
 
DATA SECURITY IN MOBILE DEVICES BY GEO LOCKING
DATA SECURITY IN MOBILE DEVICES BY GEO LOCKINGDATA SECURITY IN MOBILE DEVICES BY GEO LOCKING
DATA SECURITY IN MOBILE DEVICES BY GEO LOCKINGIJNSA Journal
 
Jb ia
Jb iaJb ia
Jb iaDeepal Samaraweera
 
8 isecurity database
8 isecurity database8 isecurity database
8 isecurity databaseAnil Pandey
 
Paper published
Paper published Paper published
Paper published University of Fallujah
 

Recommended

Multilayer security mechanism in computer networks (2)
Multilayer security mechanism in computer networks (2)Multilayer security mechanism in computer networks (2)
Multilayer security mechanism in computer networks (2)Alexander Decker
 
PG & Associates
PG & AssociatesPG & Associates
PG & AssociatesPremanandha Gangiah
 
Multilayer security mechanism in computer networks
Multilayer security mechanism in computer networksMultilayer security mechanism in computer networks
Multilayer security mechanism in computer networksAlexander Decker
 
11.multilayer security mechanism in computer networks
11.multilayer security mechanism in computer networks11.multilayer security mechanism in computer networks
11.multilayer security mechanism in computer networksAlexander Decker
 
DATA SECURITY IN MOBILE DEVICES BY GEO LOCKING
DATA SECURITY IN MOBILE DEVICES BY GEO LOCKINGDATA SECURITY IN MOBILE DEVICES BY GEO LOCKING
DATA SECURITY IN MOBILE DEVICES BY GEO LOCKINGIJNSA Journal
 
Jb ia
Jb iaJb ia
Jb iaDeepal Samaraweera
 
8 isecurity database
8 isecurity database8 isecurity database
8 isecurity databaseAnil Pandey
 
Paper published
Paper published Paper published
Paper published University of Fallujah
 
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...IJNSA Journal
 
Microsoft_Enterprise_Mobility_plus_Security_datasheet_EN_US
Microsoft_Enterprise_Mobility_plus_Security_datasheet_EN_USMicrosoft_Enterprise_Mobility_plus_Security_datasheet_EN_US
Microsoft_Enterprise_Mobility_plus_Security_datasheet_EN_US☁ ☁ Gautam T ☁☁
 
Security and privacy in microsoft 2010
Security and privacy in microsoft 2010Security and privacy in microsoft 2010
Security and privacy in microsoft 2010garmendarizc
 
A survey on secure communication protocols for io t systems
A survey on secure communication protocols for io t systemsA survey on secure communication protocols for io t systems
A survey on secure communication protocols for io t systemsVishwesh Nagamalla
 
MITx_Cyber security_Syllabus
MITx_Cyber security_SyllabusMITx_Cyber security_Syllabus
MITx_Cyber security_SyllabusPrakash Prasad ✔
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
 
Securing Sensitive Digital Data in Educational Institutions using Encryption ...
Securing Sensitive Digital Data in Educational Institutions using Encryption ...Securing Sensitive Digital Data in Educational Institutions using Encryption ...
Securing Sensitive Digital Data in Educational Institutions using Encryption ...IJCSIS Research Publications
 
Secure E-Commerce Protocol
Secure E-Commerce ProtocolSecure E-Commerce Protocol
Secure E-Commerce ProtocolCSCJournals
 
Email encryption plus | Seclore
Email encryption plus | SecloreEmail encryption plus | Seclore
Email encryption plus | SecloreSeclore
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Gw3312111217
Gw3312111217Gw3312111217
Gw3312111217IJERA Editor
 
Security and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSecurity and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSysfore Technologies
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Parsing of xml file to make secure transaction in mobile commerce
Parsing of xml file to make secure transaction in mobile commerceParsing of xml file to make secure transaction in mobile commerce
Parsing of xml file to make secure transaction in mobile commerceijcsa
 
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMIJNSA Journal
 
Improving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseImproving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseIOSR Journals
 
Secure Objects
Secure ObjectsSecure Objects
Secure ObjectsAshutosh Jaiswal
 
C0121216
C0121216C0121216
C0121216IOSR Journals
 
B012630608
B012630608B012630608
B012630608IOSR Journals
 
C018211723
C018211723C018211723
C018211723IOSR Journals
 

More Related Content

What's hot

INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...IJNSA Journal
 
Microsoft_Enterprise_Mobility_plus_Security_datasheet_EN_US
Microsoft_Enterprise_Mobility_plus_Security_datasheet_EN_USMicrosoft_Enterprise_Mobility_plus_Security_datasheet_EN_US
Microsoft_Enterprise_Mobility_plus_Security_datasheet_EN_US☁ ☁ Gautam T ☁☁
 
Security and privacy in microsoft 2010
Security and privacy in microsoft 2010Security and privacy in microsoft 2010
Security and privacy in microsoft 2010garmendarizc
 
A survey on secure communication protocols for io t systems
A survey on secure communication protocols for io t systemsA survey on secure communication protocols for io t systems
A survey on secure communication protocols for io t systemsVishwesh Nagamalla
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
 
Securing Sensitive Digital Data in Educational Institutions using Encryption ...
Securing Sensitive Digital Data in Educational Institutions using Encryption ...Securing Sensitive Digital Data in Educational Institutions using Encryption ...
Securing Sensitive Digital Data in Educational Institutions using Encryption ...IJCSIS Research Publications
 
Secure E-Commerce Protocol
Secure E-Commerce ProtocolSecure E-Commerce Protocol
Secure E-Commerce ProtocolCSCJournals
 
Email encryption plus | Seclore
Email encryption plus | SecloreEmail encryption plus | Seclore
Email encryption plus | SecloreSeclore
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Security and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSecurity and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSysfore Technologies
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Parsing of xml file to make secure transaction in mobile commerce
Parsing of xml file to make secure transaction in mobile commerceParsing of xml file to make secure transaction in mobile commerce
Parsing of xml file to make secure transaction in mobile commerceijcsa
 
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMIJNSA Journal
 
Improving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseImproving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseIOSR Journals
 

What's hot (19)

INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
 
Microsoft_Enterprise_Mobility_plus_Security_datasheet_EN_US
Microsoft_Enterprise_Mobility_plus_Security_datasheet_EN_USMicrosoft_Enterprise_Mobility_plus_Security_datasheet_EN_US
Microsoft_Enterprise_Mobility_plus_Security_datasheet_EN_US
 
Security and privacy in microsoft 2010
Security and privacy in microsoft 2010Security and privacy in microsoft 2010
Security and privacy in microsoft 2010
 
A survey on secure communication protocols for io t systems
A survey on secure communication protocols for io t systemsA survey on secure communication protocols for io t systems
A survey on secure communication protocols for io t systems
 
MITx_Cyber security_Syllabus
MITx_Cyber security_SyllabusMITx_Cyber security_Syllabus
MITx_Cyber security_Syllabus
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
 
Securing Sensitive Digital Data in Educational Institutions using Encryption ...
Securing Sensitive Digital Data in Educational Institutions using Encryption ...Securing Sensitive Digital Data in Educational Institutions using Encryption ...
Securing Sensitive Digital Data in Educational Institutions using Encryption ...
 
Secure E-Commerce Protocol
Secure E-Commerce ProtocolSecure E-Commerce Protocol
Secure E-Commerce Protocol
 
Email encryption plus | Seclore
Email encryption plus | SecloreEmail encryption plus | Seclore
Email encryption plus | Seclore
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Gw3312111217
Gw3312111217Gw3312111217
Gw3312111217
 
Security and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSecurity and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | Sysfore
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
Parsing of xml file to make secure transaction in mobile commerce
Parsing of xml file to make secure transaction in mobile commerceParsing of xml file to make secure transaction in mobile commerce
Parsing of xml file to make secure transaction in mobile commerce
 
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
 
Improving Security Measures of E-Learning Database
Improving Security Measures of E-Learning DatabaseImproving Security Measures of E-Learning Database
Improving Security Measures of E-Learning Database
 
Secure Objects
Secure ObjectsSecure Objects
Secure Objects
 

Viewers also liked

A Novel Approach of Text Steganography based on null spaces
A Novel Approach of Text Steganography based on null spacesA Novel Approach of Text Steganography based on null spaces
A Novel Approach of Text Steganography based on null spacesIOSR Journals
 
Qualitative Chemistry Education: The Role of the Teacher
Qualitative Chemistry Education: The Role of the TeacherQualitative Chemistry Education: The Role of the Teacher
Qualitative Chemistry Education: The Role of the TeacherIOSR Journals
 
A Block Cipher Based Cryptosystem through Modified Forward Backward Overlappe...
A Block Cipher Based Cryptosystem through Modified Forward Backward Overlappe...A Block Cipher Based Cryptosystem through Modified Forward Backward Overlappe...
A Block Cipher Based Cryptosystem through Modified Forward Backward Overlappe...IOSR Journals
 
The effect of Encryption algorithms Delay on TCP Traffic over data networks
The effect of Encryption algorithms Delay on TCP Traffic over data networksThe effect of Encryption algorithms Delay on TCP Traffic over data networks
The effect of Encryption algorithms Delay on TCP Traffic over data networksIOSR Journals
 
Corporate Policy Governance in Secure MD5 Data Changes and Multi Hand Adminis...
Corporate Policy Governance in Secure MD5 Data Changes and Multi Hand Adminis...Corporate Policy Governance in Secure MD5 Data Changes and Multi Hand Adminis...
Corporate Policy Governance in Secure MD5 Data Changes and Multi Hand Adminis...IOSR Journals
 
A Review: Machine vision and its Applications
A Review: Machine vision and its ApplicationsA Review: Machine vision and its Applications
A Review: Machine vision and its ApplicationsIOSR Journals
 
Securing Group Communication in Partially Distributed Systems
Securing Group Communication in Partially Distributed SystemsSecuring Group Communication in Partially Distributed Systems
Securing Group Communication in Partially Distributed SystemsIOSR Journals
 
Linux-Based Data Acquisition and Processing On Palmtop Computer
Linux-Based Data Acquisition and Processing On Palmtop ComputerLinux-Based Data Acquisition and Processing On Palmtop Computer
Linux-Based Data Acquisition and Processing On Palmtop ComputerIOSR Journals
 

Viewers also liked (20)

C0121216
C0121216C0121216
C0121216
 
B012630608
B012630608B012630608
B012630608
 
C018211723
C018211723C018211723
C018211723
 
O1803017981
O1803017981O1803017981
O1803017981
 
A017420108
A017420108A017420108
A017420108
 
D017311724
D017311724D017311724
D017311724
 
H1803025360
H1803025360H1803025360
H1803025360
 
A Novel Approach of Text Steganography based on null spaces
A Novel Approach of Text Steganography based on null spacesA Novel Approach of Text Steganography based on null spaces
A Novel Approach of Text Steganography based on null spaces
 
Q01061117126
Q01061117126Q01061117126
Q01061117126
 
A017540106
A017540106A017540106
A017540106
 
G011124753
G011124753G011124753
G011124753
 
Qualitative Chemistry Education: The Role of the Teacher
Qualitative Chemistry Education: The Role of the TeacherQualitative Chemistry Education: The Role of the Teacher
Qualitative Chemistry Education: The Role of the Teacher
 
A Block Cipher Based Cryptosystem through Modified Forward Backward Overlappe...
A Block Cipher Based Cryptosystem through Modified Forward Backward Overlappe...A Block Cipher Based Cryptosystem through Modified Forward Backward Overlappe...
A Block Cipher Based Cryptosystem through Modified Forward Backward Overlappe...
 
The effect of Encryption algorithms Delay on TCP Traffic over data networks
The effect of Encryption algorithms Delay on TCP Traffic over data networksThe effect of Encryption algorithms Delay on TCP Traffic over data networks
The effect of Encryption algorithms Delay on TCP Traffic over data networks
 
C012661216
C012661216C012661216
C012661216
 
Corporate Policy Governance in Secure MD5 Data Changes and Multi Hand Adminis...
Corporate Policy Governance in Secure MD5 Data Changes and Multi Hand Adminis...Corporate Policy Governance in Secure MD5 Data Changes and Multi Hand Adminis...
Corporate Policy Governance in Secure MD5 Data Changes and Multi Hand Adminis...
 
A Review: Machine vision and its Applications
A Review: Machine vision and its ApplicationsA Review: Machine vision and its Applications
A Review: Machine vision and its Applications
 
J01046673
J01046673J01046673
J01046673
 
Securing Group Communication in Partially Distributed Systems
Securing Group Communication in Partially Distributed SystemsSecuring Group Communication in Partially Distributed Systems
Securing Group Communication in Partially Distributed Systems
 
Linux-Based Data Acquisition and Processing On Palmtop Computer
Linux-Based Data Acquisition and Processing On Palmtop ComputerLinux-Based Data Acquisition and Processing On Palmtop Computer
Linux-Based Data Acquisition and Processing On Palmtop Computer
 

Similar to A novel approach for Multi-Tier security for XML based documents

Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA ijsc
 
Designing a logical security framework
Designing a logical security frameworkDesigning a logical security framework
Designing a logical security frameworkijsc
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications TechnologiesSarah Jimenez
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Alexander Decker
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Alexander Decker
 
Network and cyber security module(15ec835, 17ec835)
Network and cyber security module(15ec835, 17ec835)Network and cyber security module(15ec835, 17ec835)
Network and cyber security module(15ec835, 17ec835)Jayanth Dwijesh H P
 
Secure File SharingSecure File Sharing Using Access Contro.docx
Secure File SharingSecure File Sharing Using Access Contro.docxSecure File SharingSecure File Sharing Using Access Contro.docx
Secure File SharingSecure File Sharing Using Access Contro.docxjeffreye3
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionCSCJournals
 
Secure File Sharing In Cloud Using Encryption with Digital Signature
Secure File Sharing In Cloud Using Encryption with Digital Signature Secure File Sharing In Cloud Using Encryption with Digital Signature
Secure File Sharing In Cloud Using Encryption with Digital Signature IJMER
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldIdentive
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLcscpconf
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocolcsandit
 
Exploring Cloud Encryption
Exploring Cloud EncryptionExploring Cloud Encryption
Exploring Cloud EncryptionSamuel Borthwick
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemIJERA Editor
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemIJERA Editor
 
INFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTINGINFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTINGijitcs
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd Iaetsd
 

Similar to A novel approach for Multi-Tier security for XML based documents (20)

Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA
 
Designing a logical security framework
Designing a logical security frameworkDesigning a logical security framework
Designing a logical security framework
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...
 
Network and cyber security module(15ec835, 17ec835)
Network and cyber security module(15ec835, 17ec835)Network and cyber security module(15ec835, 17ec835)
Network and cyber security module(15ec835, 17ec835)
 
Secure File SharingSecure File Sharing Using Access Contro.docx
Secure File SharingSecure File Sharing Using Access Contro.docxSecure File SharingSecure File Sharing Using Access Contro.docx
Secure File SharingSecure File Sharing Using Access Contro.docx
 
security issue
security issuesecurity issue
security issue
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data Encryption
 
Secure File Sharing In Cloud Using Encryption with Digital Signature
Secure File Sharing In Cloud Using Encryption with Digital Signature Secure File Sharing In Cloud Using Encryption with Digital Signature
Secure File Sharing In Cloud Using Encryption with Digital Signature
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
 
Ssl tls-beginners-guide
Ssl tls-beginners-guideSsl tls-beginners-guide
Ssl tls-beginners-guide
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
 
Exploring Cloud Encryption
Exploring Cloud EncryptionExploring Cloud Encryption
Exploring Cloud Encryption
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
 
INFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTINGINFORMATION SECURITY IN CLOUD COMPUTING
INFORMATION SECURITY IN CLOUD COMPUTING
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 
Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...Iaetsd a novel approach to provide the security for distributed adaptive netw...
Iaetsd a novel approach to provide the security for distributed adaptive netw...
 

More from IOSR Journals

More from IOSR Journals (20)

A011140104
A011140104A011140104
A011140104
 
M0111397100
M0111397100M0111397100
M0111397100
 
L011138596
L011138596L011138596
L011138596
 
K011138084
K011138084K011138084
K011138084
 
J011137479
J011137479J011137479
J011137479
 
I011136673
I011136673I011136673
I011136673
 
G011134454
G011134454G011134454
G011134454
 
H011135565
H011135565H011135565
H011135565
 
F011134043
F011134043F011134043
F011134043
 
E011133639
E011133639E011133639
E011133639
 
D011132635
D011132635D011132635
D011132635
 
C011131925
C011131925C011131925
C011131925
 
B011130918
B011130918B011130918
B011130918
 
A011130108
A011130108A011130108
A011130108
 
I011125160
I011125160I011125160
I011125160
 
H011124050
H011124050H011124050
H011124050
 
G011123539
G011123539G011123539
G011123539
 
F011123134
F011123134F011123134
F011123134
 
E011122530
E011122530E011122530
E011122530
 
D011121524
D011121524D011121524
D011121524
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

A novel approach for Multi-Tier security for XML based documents

  • 1. IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727 Volume 5, Issue 4 (Sep-Oct. 2012), PP 01-04 www.iosrjournals.org www.iosrjournals.org 1 | Page A novel approach for Multi-Tier security for XML based documents Bimlendu Prasad Verma1 , Shiv Kumar2 , Prashant Sharma3 1 (Faculty of Engineering and Technology, Mewar University, India) 2 (Faculty of Engineering and Technology, Mewar University, India) 3 (J.T. Mahajan College of Engineering, North Maharashtra University, India) Abstract: Recently all the documents formats are being shifted from proprietary formats to the XML based standard formats. One of the key issues associated with any XML based document is security. Most of the approaches of security focus towards securing the access to the data rather than securing the data itself. So once the data/ document are out of their ‘secured environment’, they become completely open. However the data need to be secured in respect of confidentiality, integrity, authenticity and non-reproduction. Here we present an approach to achieve the Multi-Tier security that deals with providing integrity, non repudiation and different confidentiality levels for different users of the document. With this approach different users get to see only the allowed sections / sub sections of the XML based document. Keywords - Access control, Document security, Multi Tier Security, XML Security I. INTRODUCTION Recently all the documents formats are being shifted from proprietary formats to the XML based standard formats. One of the key issues associated with any XML based document is security. Most of the approaches of security focus towards securing the access to the data rather than securing the data itself. So once the data/ document are out of their ‘secured environment’, they become completely open. However the data need to be secured in respect of confidentiality, integrity, authenticity and non-reproduction. Security is essential in order to share the documents out of the ‘secured environment’. The acceptance of XML is growing and so is the need of having XML security. The XML Security standards define XML based rules in order to meet security requirements. The XML Security standards consist of the following:  XML Digital Signature – This standard deals with the integrity and signing the XML document.  XML Key Management (XKMS) – This deals with the public-private key registration and validation  XML Encryption - This standard deals with the encryption and decryption of the XML based document for confidentiality.  Security Assertion Markup Language (SAML) – This deals with conveying of authentication, authorization and attribute assertions.  XML Access Control Markup Language (XACML) – This deals with the defining access control rules for the different part of the XML document. Major use cases include securing Web Services (WS-Security) and Digital Rights Management (eXtensible Rights Markup Language 2.0 - XrML). II. DOCUMENT SECURITY DETAILS Electronic documents are fast replacing the paper based documents; be it electronic health records, photo albums, workflow systems, etc; however it is still far from real world needs on the aspects of security. Let’s look at the current picture as far as document security goes: 2.1 Security – Current scenario The term security encompasses all of the following: Some of the prevailing document formats e.g. Adobe’s PDF, SVG and Microsoft XDocs have either very limited or no built-in security implemented. Adobe PDF provides lock security – i.e. password for reading, writing and printing. However other formats lack on the security part. What we propose is formats based on Open Standard XML complying to standards set by W3C and OASIS (ISO), with following security implemented:  Single secure file that can be digitally signed  Strong support for signatures, i.e. multiple and overlapping signatures  Multiple encryptions for multiple types of access rights. Thus ensuring role based security
  • 2. A novel approach for Multi-Tier security for XML based documents www.iosrjournals.org 2 | Page III. MULTI TIER SECURITY 3.1 Digital Signature Normal digital signature guarantees three information security properties:  Authentication: The signer is well identified by the private/public key relation.  Non-repudiation: The signing party cannot later on deny performing the action, since the private key was used for encryption process. Note that if a symmetric key cryptography was used, the non-repudiation properties could not be guaranteed.  Integrity: Since the signature itself is associated to the content to the message, any message alteration would make the signature invalid. This also implies that the signature cannot be copied from one message and applied to another. The Single Digital Signature category is complete, but does not aim to replace all the utilizations of traditional written signature, since in many cases, more than one person are required to sign a legal document. Therefore Digital Multiple Signatures are very important. In everyday life, many legal documents require signatures from more than one party For applying multiple and overlapping digital signatures, we could apply Sequential Multiple Signature In which we could sequentially sign the document many times. Refer figure 1. 3.2 Encryption Since encryption granularity is XML node then we could encrypt and decrypt the desired part of full xml document according to roles. Refer figure 5. This can be complimented using the implementation of Access control and Key Management system which will complete the security scenario. IV. FIGURES AND TABLES Fig. 1 Overlapping Digital Signatures. Fig. 2 Original XML File (Meta.xml).
  • 3. A novel approach for Multi-Tier security for XML based documents www.iosrjournals.org 3 | Page Fig. 3 after applying first digital Signature (Meta.xml). Fig. 4 after applying second digital Signature (Meta.xml).
  • 4. A novel approach for Multi-Tier security for XML based documents www.iosrjournals.org 4 | Page Fig. 5 Overlapping Digital Signatures V. CONCLUSION Electronic documents are fast replacing the paper based documents; be it electronic health records, photo albums, workflow systems, etc; however it is still far from real world needs on the aspects of security. Today’s challenge is to make the electronic documents as relevant as their paper versions for their suitability for the legal documents such as contract papers, documents that record the workflow trails etc. With the suggested approach it is possible to publish or hide the information based on roles, the overlapping signatures provide a way of authorizing the document by a set of people. VI. Acknowledgements We would like to thank Dr D.B. Ojha of Faculty of Engineering and Technology, Mewar University for encouraging and guiding us to write this paper. REFERENCES [1] Internet documentation at http://home.comcast.net/~fjhirsch/xml/xmlsec/starting-xml-security.html [2] XML Security standards on W3 website http://www.w3.org/standards/xml/security [3] XML Security information on W3 website www.w3.org/2004/Talks/0520-hh-xmlsec/. [4] OASIS website for web service security (WSS) https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss [5] OASIS website for Web Services Security XrML-Based Rights Expression Token profile www.oasis- open.org%2Fcommittees%2Fwss%2Fdocuments%2FWSS-XrML-03- changes.pdf&ei=ZFYrUIuMC4KHrAe36oHICg&usg=AFQjCNFKOvbUYga98mruxq2d4KjBxzXEKg [6] OASIS website on the XACML https://www.oasis-open.org/committees/xacml/ [7] XML Key Management Specifications on W3 website. www.w3.org/TR/xkms/ [8] OASIS website on the SAML https://www.oasis-open.org/committees/security/ [9] XML Key Management Specifications on W3 website. www.w3.org/TR/xkms/