Upload
sarai
View
38
Download
0
Tags:
Embed Size (px)
DESCRIPTION
DOCUMENT-BASED MESSAGE-CENTRIC SECURITY USING XML AUTHENTICATION AND ENCRYPTION FOR COALITION AND INTERAGENCY OPERATIONS. LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009. This thesis was done at the MOVES Institute. Problem Statement. - PowerPoint PPT Presentation
Citation preview
DOCUMENT-BASED MESSAGE-CENTRIC SECURITY USING XML
AUTHENTICATION AND ENCRYPTION FOR COALITION AND INTERAGENCY
OPERATIONS
LCDR Jeffrey S. Williams
Naval Postgraduate School
September 9, 2009This thesis was done at the MOVES Institute
Problem Statement
• Different agencies and different nations are not able to communicate and share structured information – Different data formats– Different security policies
• The current evolution of data and security policies by different agencies and nations will not solve this problem.
Motivation
• Show that existing web standards for document security can be commonly applied across a range of scenarios.– Canonicalization (C14N)– Authentication (digital signature)– Encryption– Compression
• Demonstrate a meaningful exemplar that can work for multiple agencies and nations
Exemplar Scenario
• Coalition Operations for antipiracy– Task Force 151 and NATO ATALANTA– Approx. 30 nations, variable membership– Shared need for document security– Diverse communication channels: NATO
messaging, “free formatted” messaging, e-mail, and bridge-to-bridge radio!
• Assume secure endpoints and non-secure transport for any message
International Navies Concerns
Problem Constraints
• Allow a diverse communications framework to securely enable shared/common data exchange between traditional and nontraditional actors.
• Provide a mechanism with minimal exchange of cryptographic technology by implementing open standard technology.– No nation trusts another nation’s security software– World Wide Web security is a potential for
international standardization because multiple independent implementations are available.
– Can substitute alternative cryptographic algorithms
Key Exchange
Public Key Cryptography has well-defined formal mechanisms for defining secure operations.
• Step 1. B A: {Nb, B}KB
• Step 2. A B: {Nb, Na, A}KA
• Step 3. B A: {Na}KB
XML Digital Signature Process
Digital Signature
http://www.xml.com/pub/a/2001/08/08/xmldsig.html
XML Encryption Process
Recommended Best Practice
XML Encryption
Goal of EXI integration with XML Security
Encryption-EncryptedData (Element Node) +[Attribute] - EncryptionMethod (Element Node) +[Attribute] - KeyInfo (Element Node) - EncryptedKey (Element Node) + EncryptionMethod (Element Node) - KeyInfo (Element Node) +KeyName (Element Node) + CipherData (Element Node) - CipherValue (Element Node) - CipherData (Element Node) + CipherValue
<EncryptedData Id? Type? MimeType? Encoding?> <EncryptionMethod/>? <ds:KeyInfo> <EncryptedKey>? <AgreementMethod>? <ds:KeyName>? <ds:RetrievalMethod>? <ds:*>? </ds:KeyInfo>? <CipherData> <CipherValue>? <CipherReference URI?>? </CipherData> <EncryptionProperties>? </EncryptedData>
http://www.w3.org/TR/xmlenc-core/http://dotnetslackers.com/articles/xml/XMLEncryption.aspx
XML Decryption Process
Conclusions
• XML Security is a feasible approach for multiple agency and coalition operations.
• This thesis demonstrates practical results for a meaningful scenario
• The approach works for any type of XML.
Future Work• Certification and Accreditation of XML Encryption and
Authentication for the unclassified Architecture • Contrast of XML Security with SSL and TLS• Mitigation techniques and tactics to isolate risks
associated with Web Based Security methods.• Applicability of XML Encryption for real time web
services • Application of XML encryption and authentication
techniques within the classified arena• A Comparative Analysis and potential for document
centric security using XML in support of CENTRIXS and Coalition Secure Management and Operations System (COSMOS)
Contact Information• Jeff Williams [email protected]
[email protected]: williams6us
• Don Brutzman [email protected] USW/br
Naval Postgraduate School Monterey, CA 93943 1-831-656-2149
Brief Biography of LCDR Williams USN/1600
• LCDR Williams joined the Navy in 1987 through the Delayed Entry Program (DEP). He was commissioned through NROTC Atlanta Consortium via the BOOST program.
• Since his commission in 1996 he has served at the following commands: – USS ESSEX (LHD-2)
– Military Sealift Command Office (MSCO) Beaumont TX
– Naval Network and Space Operations Command (NNSOC)
– Destroyer Squadron Two Six (CDS-26)
– Naval Postgraduate School (NPS)
• Next Assignment: – Network Engineer Program Manager, Brussels Belgium
• Industry Certifications– CISSP, CISA, CWSP, Security+, Network+, I-NET+, A+
Acknowledgements• The thesis was developed under the guidance of Prof.
Don Brutzman, PhD. Naval Postgraduate School and second reader Don McGregor, Research Associate Naval Postgraduate School at the Modeling Virtual Environment and Simulation (MOVES) Institute.
• The Scenario Authoring for Visual Graphical Environments (SAVAGE) team’s expertise in the development and processing of information contributing to the proof of concept formulations.
• Course work and further guidance from the Naval Postgraduate School Center of Information Security Research (CISR) contributed greatly in understanding and articulating key security concepts.