SlideShare a Scribd company logo

XML Key Management Protocol for Secure Web Service

Download as PPTX, PDF
Md. Hasan Basri (Angel)
Md. Hasan Basri (Angel)
Technology
1 of 17
Submitted By : Md. Hasan Basri Reg. No. : 1010048, Roll: 700030, Session: 2006 -2007 Department of Computer Science, IST. National University Bangladesh. Supervised By: A.N.M Khaleqdad Khan Assistant Professor, Department of Computer Science, Institute of Science and Technology (IST). National University Bangladesh.
 “Without Trust and Security, Web Services are Dead on Arrival.” - Phillip Hallam-Baker
 Providing a key management specification for secure web service communication considering the principal of symmetric key cryptography.
• Security Requirements • Public Key Infrastructure (PKI) Challenge • What is XML Key Management Services (XKMS) • XKMS Basic Services (Advantages, PKI Essentials) • XML Signature using XKMS • XML Encryption using XKMS • Authentication using XKMS • Interaction with XKMS • Conclusion
• Secure Authentication Requirement: Password-based authentication is weak, costly, and difficult to manage • Message Security: Message-level confidentiality and non- repudiation needed • Payload Security: Confidential business information (CBI) may require submissions to be signed and encrypted
• Very complicated technology with some proprietary implementations • Non-standard interface, difficult to use, deploy, and maintain • Very high cost of acquisition, support, and operation • Very low interoperability (No PKI standard interfaces) • Certificate validation is very challenging
• A World Wide Web Consortium (W3C) standard, XKMS 2.0, is finalized • A central key depository with Web service interface to PKI • Vendor-neutral PKI solution for public key and certificate management • A very simple access model • Foundation for secure Web services (XML signature, XML encryption, XKMS) • XKMS will be the PKI solution to the Exchange Network, and the key element to a strong security model.
• XKMS Advantages – A Web service interface to PKI technologies, accessible to any applications on the Internet – Vendor-neutral PKI solution for public keys and certificates management – Dramatically reduces cost of PKI. Key can be generated and registered at anytime on any machine – Online real-time key/certificate validation using a simple Web method
• PKI Essentials – A key is generated and broken up into two pieces – Public Key and Private Key – Private Key never goes out of your machine, but share Public Key with anyone – When a data is encrypted using one key, it could only be decrypted using another – Encryption: Encrypt data using the receiver’s Public Key – Signature: Encrypt data using your Private Key
• XML Key Information Services (XKISS) – Locate and validate Public Keys • XML Key Registration Services (XKRSS) – Register, revoke, recover, and reissue public keys or X.509 certificates • Secure key exchange with XML encryption and signature • All operations are defined as Web service methods
• A document is signed using the Private Key and key information (KeyName, KeyValue) • The receiver locates / validates the Public Key used for the signature from an XKMS server • The receiver verifies the signature using the valid key
• The sender locates the receiver’s Public Key from an XKMS server • The sender encrypts a document using the receiver’s Public Key • The receiver decrypts the document using the Private Key
• A user registers Public Key in XKMS • The user creates an Authenticate message and signs the message using the Private Key • Network Authentication and Authorization Server (NAAS) locates / validates the user’s Public Key from XKMS • NAAS verifies the signature. The user is authenticated if the signature is valid – the holder of the Private Key
• XKMS is the foundation for secure exchanges in the network – basic component for XML encryption and signature • XKMS provides a simple standard interface to PKI • Network XKMS services will be available to all network nodes and node clients • XKMS will be integrated into NAAS for key-based authentication • XKMS is the PKI solution without the PKI complexity and cost
XML Key Management Protocol for Secure Web Service

Recommended

Tokenization vs encryption vs masking
Tokenization vs encryption vs maskingTokenization vs encryption vs masking
Tokenization vs encryption vs maskingUlf Mattsson
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication rajakhurram
 
Block Chain Cloud Technology
Block Chain Cloud TechnologyBlock Chain Cloud Technology
Block Chain Cloud TechnologyVedant Mane
 
DMsuite Static & Dynamic Data Masking Overview
DMsuite Static & Dynamic Data Masking OverviewDMsuite Static & Dynamic Data Masking Overview
DMsuite Static & Dynamic Data Masking OverviewAxis Technology, LLC
 
Blockchain, Predictive Analytics and Healthcare
Blockchain, Predictive Analytics and HealthcareBlockchain, Predictive Analytics and Healthcare
Blockchain, Predictive Analytics and HealthcareRuchi Dass
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication ProtocolsTrinity Dwarka
 
Ch14
Ch14Ch14
Ch14Francis Alamina
 
Kerberos
KerberosKerberos
KerberosRahul Pundir
 

Recommended

Tokenization vs encryption vs masking
Tokenization vs encryption vs maskingTokenization vs encryption vs masking
Tokenization vs encryption vs maskingUlf Mattsson
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication rajakhurram
 
Block Chain Cloud Technology
Block Chain Cloud TechnologyBlock Chain Cloud Technology
Block Chain Cloud TechnologyVedant Mane
 
DMsuite Static & Dynamic Data Masking Overview
DMsuite Static & Dynamic Data Masking OverviewDMsuite Static & Dynamic Data Masking Overview
DMsuite Static & Dynamic Data Masking OverviewAxis Technology, LLC
 
Blockchain, Predictive Analytics and Healthcare
Blockchain, Predictive Analytics and HealthcareBlockchain, Predictive Analytics and Healthcare
Blockchain, Predictive Analytics and HealthcareRuchi Dass
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication ProtocolsTrinity Dwarka
 
Ch14
Ch14Ch14
Ch14Francis Alamina
 
Kerberos
KerberosKerberos
KerberosRahul Pundir
 
Cryptography
CryptographyCryptography
CryptographySagar Janagonda
 
Cryptography
CryptographyCryptography
CryptographyAnandKaGe
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Anas Rock
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity ManagementKarthikeyan Dhayalan
 
Introduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsIntroduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsSaad Zaher
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
VTU 6th Sem Elective CSE - Module 3 cloud computing
VTU 6th Sem Elective CSE - Module 3 cloud computingVTU 6th Sem Elective CSE - Module 3 cloud computing
VTU 6th Sem Elective CSE - Module 3 cloud computingSachin Gowda
 
Protocol for Secure Communication
Protocol for Secure CommunicationProtocol for Secure Communication
Protocol for Secure Communicationchauhankapil
 
Applied Cryptography
Applied CryptographyApplied Cryptography
Applied CryptographyMarcelo Martins
 
Authentication
AuthenticationAuthentication
Authenticationprimeteacher32
 
Hash crypto
Hash cryptoHash crypto
Hash cryptoHarry Potter
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Hyperledger Fabric
Hyperledger FabricHyperledger Fabric
Hyperledger FabricMurughan Palaniachari
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
 
Encryption.ppt
Encryption.pptEncryption.ppt
Encryption.pptreshmy12
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
Basic introduction in blockchain, smart contracts, permissioned ledgers
Basic introduction in blockchain, smart contracts, permissioned ledgersBasic introduction in blockchain, smart contracts, permissioned ledgers
Basic introduction in blockchain, smart contracts, permissioned ledgersKoen Vingerhoets
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI InfrastructureShubham Sharma
 
Blockchain in healthcare sector
Blockchain in healthcare sectorBlockchain in healthcare sector
Blockchain in healthcare sectorBalaji Naik
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricAraf Karsh Hamid
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 

More Related Content

What's hot

Cryptography
CryptographyCryptography
CryptographyAnandKaGe
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Anas Rock
 
Introduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsIntroduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsSaad Zaher
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
VTU 6th Sem Elective CSE - Module 3 cloud computing
VTU 6th Sem Elective CSE - Module 3 cloud computingVTU 6th Sem Elective CSE - Module 3 cloud computing
VTU 6th Sem Elective CSE - Module 3 cloud computingSachin Gowda
 
Protocol for Secure Communication
Protocol for Secure CommunicationProtocol for Secure Communication
Protocol for Secure Communicationchauhankapil
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
 
Encryption.ppt
Encryption.pptEncryption.ppt
Encryption.pptreshmy12
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
Basic introduction in blockchain, smart contracts, permissioned ledgers
Basic introduction in blockchain, smart contracts, permissioned ledgersBasic introduction in blockchain, smart contracts, permissioned ledgers
Basic introduction in blockchain, smart contracts, permissioned ledgersKoen Vingerhoets
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI InfrastructureShubham Sharma
 
Blockchain in healthcare sector
Blockchain in healthcare sectorBlockchain in healthcare sector
Blockchain in healthcare sectorBalaji Naik
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricAraf Karsh Hamid
 

What's hot (20)

Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity Management
 
Introduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsIntroduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart Contracts
 
Digital signature
Digital signatureDigital signature
Digital signature
 
VTU 6th Sem Elective CSE - Module 3 cloud computing
VTU 6th Sem Elective CSE - Module 3 cloud computingVTU 6th Sem Elective CSE - Module 3 cloud computing
VTU 6th Sem Elective CSE - Module 3 cloud computing
 
Protocol for Secure Communication
Protocol for Secure CommunicationProtocol for Secure Communication
Protocol for Secure Communication
 
Applied Cryptography
Applied CryptographyApplied Cryptography
Applied Cryptography
 
Authentication
AuthenticationAuthentication
Authentication
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Hyperledger Fabric
Hyperledger FabricHyperledger Fabric
Hyperledger Fabric
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
 
Encryption.ppt
Encryption.pptEncryption.ppt
Encryption.ppt
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
 
Basic introduction in blockchain, smart contracts, permissioned ledgers
Basic introduction in blockchain, smart contracts, permissioned ledgersBasic introduction in blockchain, smart contracts, permissioned ledgers
Basic introduction in blockchain, smart contracts, permissioned ledgers
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
 
Blockchain in healthcare sector
Blockchain in healthcare sectorBlockchain in healthcare sector
Blockchain in healthcare sector
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger Fabric
 

Similar to XML Key Management Protocol for Secure Web Service

The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
Blockchain Introduction
Blockchain IntroductionBlockchain Introduction
Blockchain IntroductionAyham Madi
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Shumon Huque
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxAliMohamed855266
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPSJackio Kwok
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
 
KMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelKMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelJon Todd
 
Isse 2014 homomorphic encryption and porticor post event
Isse 2014 homomorphic encryption and porticor post eventIsse 2014 homomorphic encryption and porticor post event
Isse 2014 homomorphic encryption and porticor post eventICT Economic Impact
 
InitVerse Blockchain - 5 minutes to understand the blockchain.pdf
InitVerse Blockchain - 5 minutes to understand the blockchain.pdfInitVerse Blockchain - 5 minutes to understand the blockchain.pdf
InitVerse Blockchain - 5 minutes to understand the blockchain.pdfInitVerse Blockchain
 
Information Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric VanderburgInformation Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric VanderburgEric Vanderburg
 
Block chain fundamentals and hyperledger
Block chain fundamentals and hyperledgerBlock chain fundamentals and hyperledger
Block chain fundamentals and hyperledgersendhilkumarks
 

Similar to XML Key Management Protocol for Secure Web Service (20)

PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
 
Blockchain Introduction
Blockchain IntroductionBlockchain Introduction
Blockchain Introduction
 
Unit08
Unit08Unit08
Unit08
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSL
 
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
 
Wpa3
Wpa3Wpa3
Wpa3
 
Public Blockchain Development Services
Public Blockchain Development ServicesPublic Blockchain Development Services
Public Blockchain Development Services
 
Webinar- Internet of Things: Application Frameworks in IoT
Webinar- Internet of Things: Application Frameworks in IoTWebinar- Internet of Things: Application Frameworks in IoT
Webinar- Internet of Things: Application Frameworks in IoT
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
 
KMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelKMS at Okta - Intermediate Level
KMS at Okta - Intermediate Level
 
Isse 2014 homomorphic encryption and porticor post event
Isse 2014 homomorphic encryption and porticor post eventIsse 2014 homomorphic encryption and porticor post event
Isse 2014 homomorphic encryption and porticor post event
 
InitVerse Blockchain - 5 minutes to understand the blockchain.pdf
InitVerse Blockchain - 5 minutes to understand the blockchain.pdfInitVerse Blockchain - 5 minutes to understand the blockchain.pdf
InitVerse Blockchain - 5 minutes to understand the blockchain.pdf
 
Information Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric VanderburgInformation Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric Vanderburg
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Block chain fundamentals and hyperledger
Block chain fundamentals and hyperledgerBlock chain fundamentals and hyperledger
Block chain fundamentals and hyperledger
 
BlockChain-1.pptx
BlockChain-1.pptxBlockChain-1.pptx
BlockChain-1.pptx
 

More from Md. Hasan Basri (Angel)

Introduction to Apache Hadoop Eco-System
Introduction to Apache Hadoop Eco-SystemIntroduction to Apache Hadoop Eco-System
Introduction to Apache Hadoop Eco-SystemMd. Hasan Basri (Angel)
 
Agile/Scrum Methodology Gains Your Productivity
Agile/Scrum Methodology Gains Your ProductivityAgile/Scrum Methodology Gains Your Productivity
Agile/Scrum Methodology Gains Your ProductivityMd. Hasan Basri (Angel)
 
Signature based virus detection and protection system
Signature based virus detection and protection systemSignature based virus detection and protection system
Signature based virus detection and protection systemMd. Hasan Basri (Angel)
 

More from Md. Hasan Basri (Angel) (9)

Introduction to Apache Hadoop Eco-System
Introduction to Apache Hadoop Eco-SystemIntroduction to Apache Hadoop Eco-System
Introduction to Apache Hadoop Eco-System
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Introduction to Blockchain Technology
Introduction to Blockchain TechnologyIntroduction to Blockchain Technology
Introduction to Blockchain Technology
 
MicroService Architecture
MicroService ArchitectureMicroService Architecture
MicroService Architecture
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven Development
 
Introduction to Bank Reconciliation
Introduction to Bank ReconciliationIntroduction to Bank Reconciliation
Introduction to Bank Reconciliation
 
Agile/Scrum Methodology Gains Your Productivity
Agile/Scrum Methodology Gains Your ProductivityAgile/Scrum Methodology Gains Your Productivity
Agile/Scrum Methodology Gains Your Productivity
 
ISO 8583 Financial Message Format
ISO 8583 Financial Message FormatISO 8583 Financial Message Format
ISO 8583 Financial Message Format
 
Signature based virus detection and protection system
Signature based virus detection and protection systemSignature based virus detection and protection system
Signature based virus detection and protection system
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

XML Key Management Protocol for Secure Web Service

  • 1. Submitted By : Md. Hasan Basri Reg. No. : 1010048, Roll: 700030, Session: 2006 -2007 Department of Computer Science, IST. National University Bangladesh. Supervised By: A.N.M Khaleqdad Khan Assistant Professor, Department of Computer Science, Institute of Science and Technology (IST). National University Bangladesh.
  • 2.  “Without Trust and Security, Web Services are Dead on Arrival.” - Phillip Hallam-Baker
  • 3.  Providing a key management specification for secure web service communication considering the principal of symmetric key cryptography.
  • 4. • Security Requirements • Public Key Infrastructure (PKI) Challenge • What is XML Key Management Services (XKMS) • XKMS Basic Services (Advantages, PKI Essentials) • XML Signature using XKMS • XML Encryption using XKMS • Authentication using XKMS • Interaction with XKMS • Conclusion
  • 5. Secure Authentication Requirement: Password-based authentication is weak, costly, and difficult to manage • Message Security: Message-level confidentiality and non- repudiation needed • Payload Security: Confidential business information (CBI) may require submissions to be signed and encrypted
  • 6. Very complicated technology with some proprietary implementations • Non-standard interface, difficult to use, deploy, and maintain • Very high cost of acquisition, support, and operation • Very low interoperability (No PKI standard interfaces) • Certificate validation is very challenging
  • 7.
  • 8. A World Wide Web Consortium (W3C) standard, XKMS 2.0, is finalized • A central key depository with Web service interface to PKI • Vendor-neutral PKI solution for public key and certificate management • A very simple access model • Foundation for secure Web services (XML signature, XML encryption, XKMS) • XKMS will be the PKI solution to the Exchange Network, and the key element to a strong security model.
  • 9.
  • 10. XKMS Advantages – A Web service interface to PKI technologies, accessible to any applications on the Internet – Vendor-neutral PKI solution for public keys and certificates management – Dramatically reduces cost of PKI. Key can be generated and registered at anytime on any machine – Online real-time key/certificate validation using a simple Web method
  • 11. PKI Essentials – A key is generated and broken up into two pieces – Public Key and Private Key – Private Key never goes out of your machine, but share Public Key with anyone – When a data is encrypted using one key, it could only be decrypted using another – Encryption: Encrypt data using the receiver’s Public Key – Signature: Encrypt data using your Private Key
  • 12. XML Key Information Services (XKISS) – Locate and validate Public Keys • XML Key Registration Services (XKRSS) – Register, revoke, recover, and reissue public keys or X.509 certificates • Secure key exchange with XML encryption and signature • All operations are defined as Web service methods
  • 13. A document is signed using the Private Key and key information (KeyName, KeyValue) • The receiver locates / validates the Public Key used for the signature from an XKMS server • The receiver verifies the signature using the valid key
  • 14. The sender locates the receiver’s Public Key from an XKMS server • The sender encrypts a document using the receiver’s Public Key • The receiver decrypts the document using the Private Key
  • 15. A user registers Public Key in XKMS • The user creates an Authenticate message and signs the message using the Private Key • Network Authentication and Authorization Server (NAAS) locates / validates the user’s Public Key from XKMS • NAAS verifies the signature. The user is authenticated if the signature is valid – the holder of the Private Key
  • 16. • XKMS is the foundation for secure exchanges in the network – basic component for XML encryption and signature • XKMS provides a simple standard interface to PKI • Network XKMS services will be available to all network nodes and node clients • XKMS will be integrated into NAAS for key-based authentication • XKMS is the PKI solution without the PKI complexity and cost