Unblocking The Main Thread Solving ANRs and Frozen Frames
XML Key Management Protocol for Secure Web Service
1. Submitted By : Md. Hasan Basri
Reg. No. : 1010048, Roll: 700030, Session: 2006 -2007
Department of Computer Science, IST.
National University Bangladesh.
Supervised By: A.N.M Khaleqdad Khan
Assistant Professor, Department of Computer Science,
Institute of Science and Technology (IST).
National University Bangladesh.
2. “Without Trust and Security, Web Services are
Dead on Arrival.”
- Phillip Hallam-Baker
3. Providing a key management specification for
secure web service communication considering the
principal of symmetric key cryptography.
4. • Security Requirements
• Public Key Infrastructure (PKI) Challenge
• What is XML Key Management Services (XKMS)
• XKMS Basic Services (Advantages, PKI Essentials)
• XML Signature using XKMS
• XML Encryption using XKMS
• Authentication using XKMS
• Interaction with XKMS
• Conclusion
5. • Secure Authentication Requirement: Password-based
authentication is weak, costly, and difficult to manage
• Message Security: Message-level confidentiality and non-
repudiation needed
• Payload Security: Confidential business information (CBI)
may require submissions to be signed and encrypted
6. • Very complicated technology with some proprietary
implementations
• Non-standard interface, difficult to use, deploy, and maintain
• Very high cost of acquisition, support, and operation
• Very low interoperability (No PKI standard interfaces)
• Certificate validation is very challenging
7.
8. • A World Wide Web Consortium (W3C) standard, XKMS
2.0, is finalized
• A central key depository with Web service interface to PKI
• Vendor-neutral PKI solution for public key and certificate
management
• A very simple access model
• Foundation for secure Web services (XML signature, XML
encryption, XKMS)
• XKMS will be the PKI solution to the Exchange Network,
and the key element to a strong security model.
9.
10. • XKMS Advantages
– A Web service interface to PKI technologies, accessible to any applications
on the Internet
– Vendor-neutral PKI solution for public keys and certificates management
– Dramatically reduces cost of PKI. Key can be generated and registered at
anytime on any machine
– Online real-time key/certificate validation using a simple Web method
11. • PKI Essentials
– A key is generated and broken up into two pieces – Public
Key and Private Key
– Private Key never goes out of your machine, but share Public
Key with anyone
– When a data is encrypted using one key, it could only be
decrypted using another
– Encryption: Encrypt data using the receiver’s Public Key
– Signature: Encrypt data using your Private Key
12. • XML Key Information Services (XKISS) – Locate and
validate Public Keys
• XML Key Registration Services (XKRSS) – Register, revoke,
recover, and reissue public keys or X.509 certificates
• Secure key exchange with XML encryption and signature
• All operations are defined as Web service methods
13. • A document is signed using the Private Key and key
information (KeyName, KeyValue)
• The receiver locates / validates the Public Key used for the
signature from an XKMS server
• The receiver verifies the signature using the valid key
14. • The sender locates the receiver’s Public Key from an XKMS
server
• The sender encrypts a document using the receiver’s
Public Key
• The receiver decrypts the document using the Private Key
15. • A user registers Public Key in XKMS
• The user creates an Authenticate message and signs the
message using the Private Key
• Network Authentication and Authorization Server (NAAS)
locates / validates the user’s Public Key from XKMS
• NAAS verifies the signature. The user is authenticated if
the signature is valid – the holder of the Private Key
16. • XKMS is the foundation for secure exchanges in the
network – basic component for XML encryption and
signature
• XKMS provides a simple standard interface to PKI
• Network XKMS services will be available to all
network nodes and node clients
• XKMS will be integrated into NAAS for key-based
authentication
• XKMS is the PKI solution without the PKI complexity
and cost