Applied Cryptography Week 8 Slide 1 Applied Cryptography Week 8 Web Services, Secure Voting and XML Signature Mike McCarthy

Applied Cryptography Week 8 Slide 1

Applied Cryptography Week 8Web Services, Secure Voting and

XML Signature

Mike McCarthy


XML Web Services

Hot topic

Foundation of Service Oriented Architectures

Interoperable

Remote Method Invocation

Supported by all the big players


Existing XML Web Services

GoogleEBayAmazonXIgnite (financial computations)Hundreds of othersSee www.xmethods.comMany are not public


XML Web Services & Cryptography

Bob and Alice – Exchange SOAP messages

Eve

Mallory


What’s going on?

Web Services Security (WSS) specification from OASIS

Message confidentiality

Message authentication

End-to-end (not just point-to-point)


The WS Cryptography Stack

XML Web Services SecuritySAML (Security Assertion ML),XKMS (XML Key Management Specification),

XACML (eXtensible Access Control Markup Language)

XMLDSIG (W3C)XMLENC (W3C)

.NET Crypto API’s Java Security API’s


Development Tools We’ll Use

Apache’s WSS4J (Web Services Security)

Apache’s Tomcat/Axis (for XML RPC)

Java’s JCE and JCA

C# Crypto API’s


Main Project Secure Voting

Hot topic

Build an interoperable implementation of one of Schneier’s “Esoteric Protocols”

Exercise mathematical skills (blind signatures are not normally found in crypto API’s)

Involves the consideration of issues associated with many other secure protocols

Involves the consideration of programming and security issues associated with web services


Goals Of Secure Voting

Only Authorized Voters Can Vote

No one can vote more than once

No one can determine for whom anyone else voted

No one can duplicate anyone else’s vote

No one can change anyone else’s vote without being discovered

Every voter can make sure that his vote has been taken into account in the final tabulation.


First Attempt

Each voter encrypts his vote with the public key of a Central Tabulating Facility (CTF)

Each voter send his vote in to the CTF

The CTF decrypts the votes, tabulates them, and makes the results public

What are some problems with this protocol?


Second Attempt

Each voter signs his vote with his private key

Each voter encrypts his signed vote with the CTF’s public key

Each voter send his vote to the CTF

The CTF decrypts the votes, checks the signature, tabulates the votes and makes the results public

What are some problems with this protocol?


Third Attempt Page 1

Each voter generates 10 sets of messages, each set containing a valid vote for each possible outcome. Each message also contains a randomly generated identification number, large enough to avoid duplicates with other voters.

Each voter individually blinds all of the messages, signs the package, and sends it to the CTF

The CTF checks its database to make sure the voter has not submitted his blinded votes for signature previously



The CTF chooses 9 of these sets randomly and requests the blinding factors for these 9.

The voter sends the 9 blinding factors to the CTF

The CTF opens 9 of the 10 sets to make sure they are properly formed

The CTF signs each blinded message in the remaining set



It sends them back to the voter, storing the name of the voter in its database

The voter unblinds the messages and is left with a set of votes signed by the CTF

The voter chooses one of the votes, adds some salt and encrypts it with the CTF’s public key

The voter send his vote in to the CTF



The CTF decrypts the vote, discards the salt and checks the signatures, it checks its database for a duplicate identification number, saves the identification number, and tabulates the votes

It publishes the results of the election, along with every identification number and its associated vote


Detail Page1

Each voter generates 10 sets of messages, each set containing a valid vote for each possible outcome. Each message also contains a randomly generated identification number, large enough to avoid duplicates with other voters.

Kerry862322309811 2 of 10 sets Bush862322309811 Nader862322309811 Kerry732341309936 Bush732341309936 Nader732341309936


Detail Page 2

Each voter individually blinds all of the messages and sends them to the CTF

(Kerry862322309811)*k1e mod n

(Bush862322309811 )*k1e mod n

(Nader862322309811 )*k1e mod n

(Kerry732341309936 )*k2e mod n

(Bush732341309936 )* k2e mod n

(Nader732341309936 )* k2e mod n


Detail Page 3

The CTF checks its database to make sure the voter has not submitted his blinded votes for signature previously.

Voter’s signature(

(Kerry862322309811)*k1e mod n

(Bush862322309811 )*k1e mod n

(Nader862322309811 )*k1e mod n

(Kerry732341309936 )*k2e mod n

(Bush732341309936 )* k2e mod n

(Nader732341309936 )* k2e mod n)


Detail Page 4

The CTF chooses 9 of these sets randomly and requests the blinding factors for these 9.

The voter sends the 9 blinding factors to the CTFThe CTF opens 9 of the 10 sets to make sure they

are properly formed

Suppose m = Nader732341309936 (m*k2

e)d = mdk2ed = mdk2

mdk2 * k2 -1 = md

mde = m


Detail Page 5

The CTF signs each blinded message in the remaining set

Suppose m = Kerry862322309811

(m*k1 e)d = mdk1

ed = mdk1


Detail Page 6

It sends them back to the voter, storing the name of the voter in its database

The voter unblinds the messages and is left with a set of votes signed by the CTF

mdk1 * k1-1 = md

The voter can read this by computing

(md) e = m


Detail Page 7

The voter chooses one of the votes, adds some salt and encrypts it with the CTF’s public key: (md + salt)e mod n

Why the salt? If the voter sends (md)e = m the “encryption” would remove the signature and m would be in the clear.

The voter send his vote in to the CTF.


Detail Page 8

The CTF decrypts the vote, discards the salt and checks the signatures, it checks its database for a duplicate identification number, saves the identification number, and tabulates the votes

(md + salt)e mod n (md + salt)ed mod n = md + salt mde = m verifies the signatureIt publishes the results of the election, along with

every identification number and its associated vote


Programming Project 1 - Two Parts

Write a simulation in Java

Write the simulation as a JAX-RPC web service


Demonstrations

A stand alone simulator

Writing a simple JAX-RPC web service

A JAX-RPC simulator


Applied Cryptography Web Services Security and XML

Signature

Michael McCarthy

Notes adapted from “Web Services Security”, Bilal Siddiqui


The Need For Web Services

Application integration within the enterprise

Application integration across enterprise boundaries

customers

partners

suppliers


A Tourism Supply Chain

Tourists Tour Operator

Car Rental

HotelHotel

Car Rental

Hotel

RoomRentInfoForAll()

RoomRentInfoForPartnersOnly()

Without XML/WSS - message formats must be agreed to - coarse-grained protection provided by firewalls

With XML/WSS - SOAP is used for RPC - WSS provides fine grained security decisions

Anyone may call

Restricted callers


Service Oriented Architecture

Hotel

RoomRentInfoForAll()

RoomRentInfoForPartnersOnly()

SOAP Server

SOAP (XML RPC) over HTTP


Listing 1 SOAP RequestPOST /Vendors HTTP/1.1Host: www.myHotel.comContent-Type: text/xml;Charset=utf-8Content-Length: 350SOAPACtion:""

<?xml version='1.0'?> <SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' > <SOAP-Env:Body> <s:GetSpecialDiscountedBookingForPartners xmlns:s='http://www.MyHotel.com/partnerservice/' >  </s:GetSpecialDiscountedBookingForPartners> </SOAP-Env:Body> </SOAP-Env:Envelope>


Listing 2 SOAP Response

HTTP/1.0 200 OKContent-Type: text/xml; charset=utf-8Content-Length: 1474

<?xml version="1.0"><SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' > <SOAP-ENV:Body> <m:GetSpecialDiscountedBookingForPartnersResponse xmlns:m="http://www.MyHotel.com/partnerservice/" >  </m:GetSpecialDiscountedBookingForPartnersResponse> </SOAP-ENV:Body></SOAP-ENV:Envelope>


1st Generation Web Services

SOAP Client SOAPServer

Hotel Class

RDBMS


2ND Generation Web Services

SOAPServer

Hotel Class

RDBMS


Tour Planning

Class


3RD Generation Web Services

SOAPServer

Hotel Class

RDBMS


Tour Planning

Class

SOAPServer

Plane Class

RDBMS

SOAPServer

Tour Planning

Class

WS-Transaction


WS Security

SOAP Client SOAP

ServerHotel Class

RDBMS

SOAP Server (SOAP Aware Firewall)• inspect SOAP message• match user roles with access lists• XML Signature (not SOAP specific)• XML Encryption (not SOAP specific)• WSS (SOAP specific use of XMLEnc and XMLDsig)• Security Access Markup Language (SAML) for single sign on replacing HTTP cookies• XACML (extensible Access Control Markup Language) to express authorization and access policies


XML SignatureAn IETF/W3C Recommendation


XML Digital Signatures

Review Message Digest message + digest algorithm -> hash value transmit (message,hash value) pair useful for checking if errors occurred

Problem Mallory might replace the message, hash value

pair with her own message, hash value pair.


XML Digital Signatures

Solution: get a secret key involved in the

calculation of the hash

Given a message m, compute a hash of m.

Encrypt the hash with a private key.

Mallory doesn’t know the private key.


XML Signature

• XML Signatures are digital signatures used in XML transactions

• May be used to sign only a portion of an XML document. The document might have

a long history with different parts holding different signatures

• The signature may apply to XML or non-XML data


Referencing What is Signed

• The XML Signature may hold a URI

• The signature may be a sibling of what is signed.

• The signature may be a parent of what is signed.

• The signature may be a child of what is signed


XMLDsig General Form

The Components of an XML Signature


The <Reference> Element

• Each signed resource is specified with

a <Reference> element

• A typical <Reference> element will contain

- a pointer to what is signed

- a digest method (for example SHA1)

- and a digest value of the signed data in

base 64 notation


The <Reference> Element

<Reference URI = “http://.../po.xml”> <DigestMethod>….</DigestMethod> <DigestValue> calculated digest of po.xml </DigestValue> </Reference>

This is the locationof the document beingsigned.


We may have many references

<Reference>

pointer, digest method, digest value

</Reference>

:

<Reference>


</Reference>


Place Within a SignedInfo Element

<SignedInfo> <CanonicalizationMethod> algorithm used on SignedInfo element <SignatureMethod> for example dsa-sha1 <Reference> pointer, digest method, digest value </Reference> <Reference> pointer, digest method, digest value </Reference>

</SignedInfo>


Compute Digest of SignedInfo

<SignedInfo> <CanonicalizationMethod> algorithm used on

SignedInfo element

<SignatureMethod> for example dsa-sha1

<Reference>


</Reference>

<Reference>


</Reference>

</SignedInfo>


Sign the digest and place value in a SignatureValue element…

<SignedInfo> <CanonicalizationMethod> algorithm used on SignedInfo element <SignatureMethod> for example dsa-sha1 <Reference> pointer, digest method, digest value </Reference> <Reference> pointer, digest method, digest value </Reference></SignedInfo>

<SignatureValue>Base 64 signature of the SignedInfo Element

</SignatureValue>


Enclose in a Signature Element

<SignedInfo> <CanonicalizationMethod> algorithm used on SignedInfo element <SignatureMethod> for example dsa-sha1 <Reference> pointer, method, digest value </Reference> <Reference> pointer, method, digest value </Reference></SignedInfo><SignatureValue>Base 64 signature of the SignedInfo Element</SignatureValue>

<Signature>

</Signature>


We may include KeyInfo

<SignedInfo> <Canonicalization> <SignatureMethod> <Reference>… <Reference>…</SignedInfo><SignatureValue>Base 64 signature of the SignedInfo Element</SignatureValue>

<KeyInfo> <X509Data> <X509SubjectName>CN=Cristina McCarthy, O=CMU,… <X509Certificate> base 64 public key and identity signed by

a CA </X509Certificate> </X509Data></KeyInfo>

<Signature>

</Signature>


KeyInfo Element in XMLDsig

• Optional element

• Holds key information required to validate the signature or

• Points to that key information

• May have children such as

<PGPData> <SPKIData> <X509Data>


What Can Mallory Do?

Can she modify the CA signed certificate so that someone else appears to have signed the document?

Can she modify what is being pointed by the reference element?

Can she change the canonicalization method?

Can she change the contents of the signature method tag?


Verification

1. Canonicalize the SignedInfo element.2. Compute the digest of the SignedInfo element using the method described within it3. Compare the above value with that value got from applying the signer’s public key to the value in the SignatureValue element4. Compute digests of referenced items (after any transformations) and compare those digests found within each reference tag


Using IBM’s XML Security Suite


Signing in Three Steps(1)

Prepare a Signature DOM tree

This an XML document holding the Signature element.

This may be done with an XSS4J TemplateGenerator or with an existing template document


Signing in Three Steps(2)

2. Create an XSS4J SignatureContext instance

-- may be used to fetch resource to be signed using URLConnection -- may used to find an element being referred to within the same

document -- has a sign() method


Signing in Three Steps(3)3. Sign with the sign method of the XSS4J SignatureContext object

Prepare a key object (holding the private key in DSS or RSA) used to sign

Prepare a KeyInfo object with an X509 certificate

Insert the KeyInfo into the Signature element

sigContext.sign(sigElement, key)


Sign a grade book

Gradebook.xml

<?xml version="1.0" encoding="UTF-8"?><GradeBook> <Student> <Score>100</Score> <Score>89</Score> </Student></GradeBook>


We need keys…

D:\..\95-804\IBMXMLSecuritySuite\SampleSign2>

keytool -genkey -keyalg RSA -keystore test.keystore

-dname "CN=Mike McCarthy, OU=Heinz School,

O=CMU, L=Pgh, S=PA, C=US" -alias mjm

-storepass sesame -keypass sesame

Creates test.keystore holding keys and a self-signed certificate


Run XSS4J’s SampleSign2

D:\...\95-804\IBMXMLSecuritySuite\

SampleSign2>java SampleSign2 mjm

sesame sesame

-embxml gradebook.xml > signature.xml

Key store: test.keystore

Sign: 851ms


Examine Signature.xml<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo>

<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>


<Reference URI="#Res0"> <Transforms> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-

c14n-20010315"> </Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"> </DigestMethod> <DigestValue>m6f9xhOc4iEXokD/29V9EsdY3yI= </DigestValue> </Reference>

We are signing resource 0

Transforms

Prior to hashing


</SignedInfo> <SignatureValue>

Gll1H/uplOwfaX3j7ST6UqQlc92Hx2nsCdN2KWz32CW0D4hH64n32v/InkGux1dYgTya6S4s55iHqZEjDpH2I359H4PAxBYYXJj4LUBNxAFxUcDy6xrEUbLnKeutT5pf1DBSmxg9Cp3PO5Rs36nVN8GVfnFl1M86WQd19/RsAnA=

</SignatureValue>


<KeyInfo> <KeyValue> <RSAKeyValue> <Modulus>

7V5eyhVaw0clED11H6PTPoKQA1VxrLAugU3QxKA0hbbUOiavFbqCdc6Z+Fe9JZFMkS

Iqdl+khwWwd+AIsRyrN4V2DWm1f+xyYQf6bdZgCaVVgkST1BpQxBTgNKRcS5VbLrXf

4MXb5TbhA+eo1Qbr2IjlV10aLbVhUk/g+ylag+k= </Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> </KeyValue>


<X509Data> <X509IssuerSerial> <X509IssuerName>CN=Mike McCarthy,OU=Heinz School,O=CMU,L=Pgh,ST=PA,C=US </X509IssuerName> <X509SerialNumber>1049138061 </X509SerialNumber> </X509IssuerSerial> <X509SubjectName>CN=Mike McCarthy,OU=Heinz School,O=CMU,L=Pgh,ST=PA,C=US </X509SubjectName> <X509Certificate>


MIICPDCCAaUCBD6Ik40wDQYJKoZIhvcNAQEEBQAwZTELMAkGAUEBhMCVVMxCzAJBgNVBAgTAlBBMQwwCgYDVQQHEwNQZ2gxDAKBgNVBAoTA0NNVTEVMBMGA1UECxMMSGVpbnogU2Nob29sRYwFAYDVQQDEw1NaWtlIE1jQ2FydGh5MB4XDTAzMDMzMTE5MQyMVoXDTAzMDYyOTE5MTQyMVowZTELMAkGA1UEBhMCVVMxzAJBgNVBAgTAlBBMQwwCgYDVQQHEwNQZ2gxDDAKBgNVBAoT0NNVTEVMBMGA1UECxMMSGVpbnogU2Nob29sMRYwFAYDVQQEw1NaWtlIE1jQ2FydGh5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDtXl7KFVrDRyUQPXUfo9M+gpADVXGssC6BTDEoDSFttQ6Jq8VuoJ1zpn4V70lkUyRIip2X6SHBbB34AixHKs3hXYNbV/7HJhB/pt1mAJpVWCRJPUGlDEFOA0pFxLlVsutd/gxdvlNuED56jVBuvYiOVXXRottWFST+D7KVqD6QIDAQABMA0GCSqG3DQEBBAUAA4GBAMpUaA8Cw8mKQn408KuV4xrTciEEcTLNniDGn8d9W1fR4veqhKz8L8+886+4bNS5Wih+1oEC5k/da23QicpTdXfUyA1c9Zu3cGU4ulUfhFPWv0IgdpI63KQt9QwsuTxWck5dAta2+KWWTv85IByHXgoaDlvJ65JjT87nAPAI3


</X509Certificate> </X509Data> </KeyInfo> <dsig:Object xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Res0">

<GradeBook> <Student> <Score>100</Score> <Score>89</Score> </Student> </GradeBook> </dsig:Object></Signature>

The resource 0 object


Let’s change the low grade!

<dsig:Object xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Res0">

<GradeBook> <Student> <Score>100</Score> <Score>100</Score> </Student></GradeBook></dsig:Object>


And run verify…D:\McCarthy\www\95-804\IBMXMLSecuritySuite\SampleSign2>java VerifyCUI <

signature.xml

The signature has a KeyValue element.The signature has one or more X509Data elements.Checks an X509Data:1 certificate(s).

Certificate Information: Version: 1 Validity: OK SubjectDN: CN=Mike McCarthy, OU=Heinz School, O=CMU, L=Pgh, ST=PA, C=US IssuerDN: CN=Mike McCarthy, OU=Heinz School, O=CMU, L=Pgh, ST=PA, C=US Serial#: 0x3e88938dTime to verify: 521 [msec]Core Validity: NGSignature Validity: OK[0] "#Res0" NG: Digest value mismatch: calculated: tfVyHns8wRB6l/HDU2dXZkzf+7Q=Exception in thread "main" java.lang.RuntimeException: Core Validity: NG at dsig.VerifyCUI.main(VerifyCUI.java:137)


Another Example PO.XML

<?xml version="1.0" encoding="UTF-8"?><PurchaseOrder xmlns="urn:purchase-order"> <Customer> <Name>Robert Smith</Name> <CustomerId>788335</CustomerId> </Customer> <Item partNum="C763"> <ProductId>6883-JF3</ProductId> <Quantity>3</Quantity> <ShipDate>2002-09-03</ShipDate> <Name>ThinkPad X20</Name> </Item></PurchaseOrder>


PO After Signing<?xml version='1.0' encoding='UTF-8'?><SignedPurchaseOrder>

<PurchaseOrder id="id0" xmlns="urn:purchase-order"> <Customer> <Name>Robert Smith</Name> <CustomerId>788335</CustomerId> </Customer> <Item partNum="C763"> <ProductId>6883-JF3</ProductId> <Quantity>3</Quantity> <ShipDate>2002-09-03</ShipDate> <Name>ThinkPad X20</Name> </Item> </PurchaseOrder>


<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod

Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod

Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI="#id0"> <DigestMethod

Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<DigestValue>UfeiscUCL7QkhZtRDLWDPWLpVlA=</DigestValue> </Reference> </SignedInfo>


<SignatureValue>

Ptysg8WdHI2mxwryOOt5I9r9qZm/2gNFNOJyH1Wak4nCUegRpe72tWnsigAKZyopmgUSH3TG

aGGQF1BTSvk3JUUY/ljrw+5FpTpf3hgZBi7GSWf6WtXqZvMYGUKIlvR/421MZg7P9XRUyy37

ZUzQHtmCYkBorEkEx1J4CYB0G2c=

</SignatureValue>


<KeyInfo>

<X509Data> <X509Certificate> MIIDGjCCAoOgAwIBAgICAQAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCSlAxETAPBgNVBAgT CEthbmFnYXdhMQ8wDQYDVQQHEwZZYW1hdG8xDDAKBgNVBAoTA0lCTTEMMAoGA1UECxMDVFJMMRAw

DgYDVQQDEwdUZXN0IENBMB4XDTAxMTAwMTA3MTYxMFoXDTExMTAwMTA3MTYxMFowUDELMAkGA1UE

BhMCSlAxETAPBgNVBAgTCEthbmFnYXdhMQwwCgYDVQQKEwNJQk0xDDAKBgNVBAsTA1RSTDESMBAG A1UEAxMJU2lnbmF0dXJlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvnFQiPEJnUZnkmzoc MjsseD8ms9HBgasZR0VOAvsby5aajsm9CtB18dDCemDXZ2YjBdprX+epfF4SLNP5ankfphhr9QXA NJdCKpyF3jPoydckle7E7gI9w3Q4NDa4ryVOuIS2qev6jlE7OVPqiXIDVlCH4u6GbIoJEpJ57yzx

dQIDAQABo4HzMIHwMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMCwGCWCGSAGG+EIBDQQfFh1PcGVu

U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYapFv9MvQ9NNn1Q7zgzqka4XORsw gYgGA1UdIwSBgDB+gBR7FuT9bLBj3vVsgAzIeYa4hBUZBaFjpGEwXzELMAkGA1UEBhMCSlAxETAP BgNVBAgTCEthbmFnYXdhMQ8wDQYDVQQHEwZZYW1hdG8xDDAKBgNVBAoTA0lCTTEMMAoGA1UECxMD VFJMMRAwDgYDVQQDEwdUZXN0IENBggEAMA0GCSqGSIb3DQEBBQUAA4GBALFzGDXMzxJvOnCdJCMZ 2NsZdz1+wmoYyejB5J6Ch2ygdPeibMnW/CiYKCTWBhpEgxEqr1BNlgSVqA6nyvjHsVIvgBfwx37D hJ5hz4azpWu1X22XqyU9fUqoQUtEAdM/MlLekBkprkJVb9uJXTFzzvm/3DoEiBkX/BT78YdM8eq0 </X509Certificate> </X509Data>

</KeyInfo></Signature>

</SignedPurchaseOrder>


WSS XMLDSig Listing 1

<?xml version=”1.0”?><SOAP-ENV:Envelope xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/”> <SOAP-ENV:Body> <s:GetSpecialDiscountedBookingForPartners xmlns:s=“http://www.MyHotel.com/partnerservice/”>  </s:GetSpecialDiscountedBookingForPartners> </SOAP-ENV:Body></SOAP-ENV:Envelope>

From “Web Services Security”, Bilal SiddiquiThere is no XMLDS in this example.


Sign The SOAP Request <?xml version=”1.0”?>

<SOAP-ENV:Envelope xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:ds=”http://www.w3.org/2000/09/xmldsig#”>

<SOAP-ENV:Header> <ds:Signature> <!– wraps all other XMLDS elements <ds:SignedInfo> <!– note the ds prefix </ds:SignedInfo> <!– note three children of signedInfo <ds:SignatureValue> </ds:SignatureValue> <ds:KeyInfo> </ds:KeyInfo> </ds:Signature> </SOAP-ENV:Header>

<SOAP-ENV:Body> <s:GetSpecialDiscountedBookingForPartners xmlns:s=“http://www.MyHotel.com/partnerservice/”>  </s:GetSpecialDiscountedBookingForPartners> </SOAP-ENV:Body></SOAP-ENV:Envelope>


<?xml version=”1.0”?><SOAP-ENV:Envelope xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:ds=”http://www.w3.org/2000/09/xmldsig#”>

<SOAP-ENV:Header> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#GetSpecialDiscountedBookingForPartners"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms>

After Signing (1)


<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue> BIUddkjKKo2... </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> halHJghyf765.... </ds:SignatureValue> <ds:KeyInfo> <!– the key name for signature verification <ds:KeyName>MyKeyIdentifier</ds:KeyName> </ds:KeyInfo> <!– application dependent, perhaps a symmetric key ID </ds:Signature> </SOAP-ENV:Header>

After Signing (2)


<SOAP-ENV:Body> <s:GetSpecialDiscountedBookingForPartners xmlns:s=“http://www.MyHotel.com/partnerservice/” ID="GetSpecialDiscountedBookingForPartners">  </s:GetSpecialDiscountedBookingForPartners> </SOAP-ENV:Body>

</SOAP-ENV:Envelope>

After Signing (3)


Validation Procedure

(1) Canonicalize the SignedInfo element.

(2) Check message integrity. We’ll need

a. the data to be digested

b. any transforms to perform first

c. the digest algorithm

(3) If the digests compare equal verify the

signature (continued)


Validation Procedure

(3) If the digests compare equal verify the signature a. get the signer’s key (public key or shared secret) perhaps by consulting the <keyInfo> element. b. read the signature method used to compute the signature c. Attempt to verify and if we have a match call GetSpecialDiscountedBookingForPartners

Documents

Applied Cryptography Week 8 Slide 1 Applied Cryptography Week 8 Web Services, Secure Voting and XML Signature Mike McCarthy