New York
University
Computer
Science Department
Courant
Institute of Mathematical Sciences
Secure Message Exchange on the Internet
Course Title: Application Servers Course
Number: g22.3033-011
Instructor: Jean-Claude Franchitti Session: 12
XML and Security Standards
Various widely accepted security standards are available today to
secure communication on the Internet. The most relevant standards, which
include IPSec, Secure Socket Layer, S/MIME, and Pretty Good Privacy. IPS
Security (IPSec) provides IP-level security and is widely used for Virtual
Private Networks (VPNs). Secure Socket Layer (SSL) provides transport-level
security and has become a de facto standard for secure HTTP connections. SSL
uses X.509 certificates for authentication. SSL is a secure protocol in the
session layer, and is being standardized by the IETF as the Transport Layer
Security (TLS). Secure/Multipurpose Internet Mail Exchange (S/MIME) is the
secure mail standard, and it also used X.509 certificates for authentication. Pretty
Good Privacy (PGP) is the de facto standard for e-mail security. It can be used
to send encrypted digital signatures and to encrypt stored files.
SSL Secure Messaging
Native SSL supports three of the four aspects of secure messaging
including confidentiality, integrity, and authentication. SSL supports
confidentiality via the use of a symmetric cryptosystem such as the Data
Encryption Standard, and Ron’s Code (i.e., RC-4). While DES uses a 56-bit key,
RC-4 uses a 40-128 bits variable key length. SSL supports integrity via Message
Authentication Code (MAC). MAC is based on a secure hash function such as
Message Digest 5 (i.e., MD5) and Secure Hash Algorithm 1 (i.e., SHA 1). SSL
client authentication is optional and supported via HTTP/SSL or SSL Certificate-Based
methods). SSL server authentication is mandatory, and supported via Server
digital certificates issues by a Certificate Authority (CA) such as Verisign,
Inc. The digital certificate format used in SSL is X.509 as defined by the
International Telecommunications Union-Telecommunication Standardization Sector
(i.e., ITU-T). We refer students to sections 7.5.2 and 7.5.3 of “XML and
Java”for additional details on SSL Secure Messaging (H. Maruyama and al., AW,
ISBN 0-201-48543-5). Relevant information includes the steps to follow to
obtain a server certificate from Verisign, a detailed description of server and
client authentication processes, and SSL-Based web applications implementation
guidelines.
XML Signatures
XML digital signatures are required for SSL to satisfy
non-repudiatability, which corresponds to the fourth secure messaging
requirement. There are several standard digital signature formats among which
PKCS#7 is the most widely used. Digitally signing an XML document requires the
computation of the hash value of the document. However, there may be very many
physical representations of the same logical XML document that only differ due
to XML’s flexibility regarding character encoding, handling of whitespaces,
presence of attribute default values, and expression of empty elements. As a
result of these differing physical representations, the same logical XML
document may have various character
string representations. In order to solve this issue, it is necessary to
recourse to canonicalization of XML documents. Canonicalization guarantees that
two XML representations are logically equal if and only if their canonical
forms are identical. We refer students to section 7.6 of “XML and Java” for
additional information on hash and digital signatures of XML documents. In
particular, section 7.6.2 describes the use of a hash value based on the DOM
structure (i.e., DOMHash) and illustrates the use the Java Cryptography
Architecture (JCA) to sign and verify and XML document using a Digital
Signature based on DOMHash.