Table of Contents ž  Introduction ž  XML (eXtensible Markup Language) ž  XML Security       —  Element wise Encryption...
Introductionž    XML (eXtensible Markup Language) - the      “love child” of W3C (World Wide Web      Consortium)ž    XM...
Introduction (contd.)ž    XML inherits transport layer security such      as SSL as used in HTML for basic securityž    ...
Introduction (contd.)ž    XSLT (eXtensible Stylesheet Language      Transformations)ž    XSLT may well have sufficient f...
XMLž  XML  is open standard for cross  application communicationž  XMLallows users to structure and label  information s...
XML (contd.)ž    XML is generally parsed or manipulated      using Document Object Model (DOM)ž    DOM allows navigation...
XML Securityž    XML uses existing Transport Layer Security      (TLS) mechanism such as SSL for basic end      to end co...
Element Wise Encryptionž  Element-wise encryption allows the user  to select the data fields to be encryptedž  Therefore...
Element Wise Encryption (contd.)ž    An Example: <payment type=card”>     <issuer>Card Company A</issuer>     <cardinfo> ...
XML Access Control Modelž  Providing            the right people with the right  access to information is as important as...
XML Access Control Model
XSLTž    XSLT (eXtensible Stylesheet      Language Transformations) is a      W3C specification for a document      manip...
XML Security using XSLTž    If we regard encryption/decryption as just      another XML document transformation      oper...
XML Security using XSLT
Conclusionž    XSLT processors remain as a standard      specification in the client side, the server side and      can b...
Referencesž    Kayvan Farzaneh; Mahmood Doroodchi, "XML Security      beyond XSLT," Innovations in Information Technology...
Thank You…ž    Read the research whitepaper here:      Slideshare.netž    Like this presentation? Share it...ž    Quest...
XML Security Using XSLT
Upcoming SlideShare
Loading in …5
×

XML Security Using XSLT

993 views

Published on

XML is expected to facilitate Internet B2B messaging because of its simplicity and flexibility.

One big concern that customer may have in doing Internet B2B messaging is security.

Therefore considering some security features in XML such as element-wise encryption, access control and digital signature that are beyond the capability of the transport-level security protocol such as SSL is of interest.

We describe element-wise encryption of XML documents by performing some cryptographic transformations on it. For this reason, XSLT (Extensible Stylesheet Language Transformations) may well have sufficient functionality to perform all reasonable cryptographic transformations.

In this paper we implement element wise encryption operation in the document using XSLT. Extension functions of XSLT are made use to enhance the abilities of XSLT to include the encryption and decryption functions.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
993
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

XML Security Using XSLT

  1. 1. Table of Contents ž  Introduction ž  XML (eXtensible Markup Language) ž  XML Security —  Element wise Encryption —  Access Control Model ž  XSLT (eXtensible Stylesheet Language Transformations) ž  XML Security using XSLT ž  Conclusion ž  References
  2. 2. Introductionž  XML (eXtensible Markup Language) - the “love child” of W3C (World Wide Web Consortium)ž  XML - Mainly used for B2B messagingž  Biggest concern for customer is security
  3. 3. Introduction (contd.)ž  XML inherits transport layer security such as SSL as used in HTML for basic securityž  Some security features of XML are beyond transport layer securityž  This project addresses the specific security features of XML by —  Describing an access control model & —  Performing cryptographic transformations on it
  4. 4. Introduction (contd.)ž  XSLT (eXtensible Stylesheet Language Transformations)ž  XSLT may well have sufficient functionality to perform all reasonable cryptographic transformations.ž  We extend the XSLT Processor to provide encryption and decryption functionsž  We also implement a real world application in PHP, utilizing the cryptographic functions in the XSLT processor
  5. 5. XMLž  XML is open standard for cross application communicationž  XMLallows users to structure and label information separately from the presentation of that information.ž  An XML document must adhere to particular syntax and semantics as outlined in XML Specification by W3C
  6. 6. XML (contd.)ž  XML is generally parsed or manipulated using Document Object Model (DOM)ž  DOM allows navigation of an XML document as if it were a tree with node objects as branches <payment type=card”> <issuer> Card Company A </issuer> <cardinfo> <name> ADAM ISHMAEL </name> <expiration> 04/2010 </expiration> <number> 5283 8304 6232 0010 </number> </cardinfo> </payment>
  7. 7. XML Securityž  XML uses existing Transport Layer Security (TLS) mechanism such as SSL for basic end to end communication securityž  TLS prevents eavesdropping, tampering, and message forgery between a client and serverž  TLS doesn’t address some specific XML Security features such as: —  Element Wise Encryption —  Digital Signature and —  Access Control
  8. 8. Element Wise Encryptionž  Element-wise encryption allows the user to select the data fields to be encryptedž  Therefore,the remaining nonconfidential data fields will be readable.ž  Instead of the encrypting an entire document, it is enough to encrypt only a part of it which should be confidential.
  9. 9. Element Wise Encryption (contd.)ž  An Example: <payment type=card”> <issuer>Card Company A</issuer> <cardinfo> <name> ADAM ISHMAEL </name> <expiration> 04/2010 </expiration> <number> 5283 8304 6232 0010 </number> </cardinfo> </payment>ž  Card Info Encrypted <payment type=card”> <issuer>Card Company A</issuer> <EncryptedElement contentType=”text/plain” algorithm=”DES” encoding=”base64”> PHJvdz4KICAglCAgPGNvbCBwYWNrZWQ9lmJhc2U2NCl+ </EncryptedElement> </payment>
  10. 10. XML Access Control Modelž  Providing the right people with the right access to information is as important as having the information in the first placež  XMLAccess Control is performed by providing XML documents with a sophisticated access control model by applying appropriate encryption / decryption transformation
  11. 11. XML Access Control Model
  12. 12. XSLTž  XSLT (eXtensible Stylesheet Language Transformations) is a W3C specification for a document manipulation language capable of restructuring documents and performing computations on their elements.
  13. 13. XML Security using XSLTž  If we regard encryption/decryption as just another XML document transformation operation, then it is apparent that the advantages XSLTž  We propose a model to implement the various XML security features using XSLT thus making it possible for a standard XSLT processor to provide XML security functions.
  14. 14. XML Security using XSLT
  15. 15. Conclusionž  XSLT processors remain as a standard specification in the client side, the server side and can be implemented anywhere in a business applicationž  Our proposal thus makes encryption / decryption of an XML Document possible just by using a XSL encrypting / decrypting documentž  The project thus extends the XSLT processor to provide encryption and decryption functions and implement an Access Control Modelž  For demonstration of the cryptographic capabilities implemented using XSLT processor, a real world application is developed using PHP
  16. 16. Referencesž  Kayvan Farzaneh; Mahmood Doroodchi, "XML Security beyond XSLT," Innovations in Information Technology, 2006 , pp.1-5, Nov. 2006ž  Maruyama H. and Imamura T., “Element-Wise XML Encryption”, April 2000.ž  W3C, “Extensible Markup Language (XML) 1.0 (Fifth Edition) W3C Recommendation 26 November 2008”ž  W3C, “XSL Transformations (XSLT) Version 2.0 W3C Recommendation 23 January 2007”
  17. 17. Thank You…ž  Read the research whitepaper here: Slideshare.netž  Like this presentation? Share it...ž  Questions? Tweet me @ahmedmzlž  This presentation was presented at the National Conference on Computational Intelligence and Network Security, April 2009

×