XML Signature/Encryption — the Basis of Web Services Security
Total Page:16
File Type:pdf, Size:1020Kb
Special Issue on Security for Network Society Falsification Prevention and Protection Technologies and Products XML Signature/Encryption — the Basis of Web Services Security By Koji MIYAUCHI* XML is spreading quickly as a format for electronic documents and messages. As a consequence, ABSTRACT greater importance is being placed on the XML security technology. Against this background research and development efforts into XML security are being energetically pursued. This paper discusses the W3C XML Signature and XML Encryption specifications, which represent the fundamental technology of XML security, as well as other related technologies originally developed by NEC. KEYWORDS XML security, XML signature, XML encryption, Distributed signature, Web services security 1. INTRODUCTION 2. XML SIGNATURE XML is an extendible markup language, the speci- 2.1 Overview fication of which has been established by the W3C XML Signature is an electronic signature technol- (WWW Consortium). It is spreading quickly because ogy that is optimized for XML data. The practical of its flexibility and its platform-independent technol- benefits of this technology include Partial Signature, ogy, which freely allows authors to decide on docu- which allows an electronic signature to be written on ment structures. Various XML-based standard for- specific tags contained in XML data, and Multiple mats have been developed including: ebXML and Signature, which enables multiple electronic signa- RosettaNet, which are standard specifications for e- tures to be written. The use of XML Signature can commerce transactions, TravelXML, which is an EDI solve security problems, including falsification, spoof- (Electronic Data Interchange) standard for travel ing, and repudiation. agencies, and NewsML, which is a standard specifica- tion for new distribution formats. 2.2 XML Signature and Related Specifications As the popularity of XML becomes established, a XML Signature was established as a formal ver- greater importance is being placed on security tech- sion of W3C recommendations in Feb. 2002. W3C has nology for data the represented in XML. This means also established related specifications that need to be that XML needs to include features that can deal with fulfilled when XML Signature is actually used. The security risks, including falsification and eavesdrop- specifications relating to XML Signature are as fol- ping on data that is being transmitted over communi- lows: cation paths, such as the Internet, as well as on spoofing and repudiation. · XML-Signature Syntax and Processing: W3C Rec- In order to solve these problems, W3C, OASIS, and ommendation 2002/2/12 other standards organizations are working to estab- · Canonical XML Version 1.0: W3C Recommenda- lish standards specifications for XML security. In tion 2001/3/15 particular, the XML Signature and XML Encryption · Exclusive XML Canonicalization Version 1.0: W3C specifications established by the W3C can be the ba- Recommendation 2002/7/18 sis for all other XML security standards. This paper · XML-Signature XPath Filter 2.0: W3C Recommen- discusses these specifications and related technolo- dation 2002/11/08 gies originally developed by NEC. 2.3 XML-Signature Syntax and Processing This specification forms the core of XML Signa- ture. It defines electronic signature formats using XML, the creation of electronic signatures, and rules *System Platform Software Development Division for verification processing. Figure 1 shows an NEC Journal of Advanced Technology, Vol. 2, No. 1 35 Fig. 1 XML signature format example. example of an XML signature format and XML data 2.4 Canonical XML/Exclusive XML Canonicalization that is XML-signed. Canonical XML is an important specification relat- As shown in Fig. 1, an XML signature is a docu- ing to XML Signature. XML 1.0 is so flexible in docu- ment structure with the <Signature> element at its ment formats that equivalent contents can be ex- top. Under the <Signature> element, lie its child ele- pressed in multiple formats. An example is provided ments, including a <SignedInfo> element, which con- below. tains references to the algorithm used for the XML signature creation and to the target XML data. It also (1) <document></document> holds digest value and other information, a (2) <document/> <SignatureValue> element that contains the signa- ture value, and a <KeyInfo> element that contains Both code fragments in (1) and (2) above represent the public key certificate information to be used when an empty element. They are different in byte repre- the XML signature is verified. When considering the sentation, but are equivalent as XML data. In addi- characteristics of XML Signature, the <Reference> tion, the XML 1.0 specification allows equivalent element, which is a child element of the <SignedInfo> XML data to be expressed in multiple formats in element is particularly important. Multiple <Refer- terms of attribute occurrence sequence, blank charac- ence> elements may be contained in the <SignedInfo> ter handling, and naming space definitions, among element. This enables any number of XML data seg- others. ments at any location to be signed. This feature en- However, the electronic signature is a technology sures that an extremely flexible system can be built based on hash calculation that applies to byte repre- up by using XML Signature. sentations of data. The flexibility of the XML 1.0 specification could raise fatal problems in electronic 36 NEC J. of Adv. Tech., Winter 2005 Special Issue on Security for Network Society signatures. Against this background, the Canonical Recommendation 2002/12/10 XML specification, which provides for canonical forms that are equivalent to XML data formats, was 3.2.1 XML Encryption Syntax and Processing established ahead of XML signature specifications. This specification provides for encryption formats Before XML data is signed and verified, it is con- using XML and processing rules regarding encryption verted to a canonical form that complies with the and decryption. Figure 2 shows an XML encryption Canonical XML specification to ensure that the prob- format and an example of XML-encrypted XML data. lem of format variations can be solved in order to As shown in Fig. 2, XML-encrypted data is of a allow the use of XML Signature. document structure with the <EncryptedData> ele- On the other hand, Exclusive XML Canon- ment at its top. Under the <EncryptedData> element, icalization is one of the XML canonicalization specifi- lie its child elements, including the <Encryption- cations. It has been established considering special Method> element, which contains information on the situations. For example, in consideration that XML- algorithm used for encryption, the <KeyInfo> ele- signed XML data A will be added to a child element of ment, which contains information on the decryption XML data B. When XML data B is converted in accor- key to be used for decryption, and the <CipherData> dance with the Canonical XML specification, the element, which contains the cipher data. If hybrid naming space of XML data A changes because of encryption is used, the structure can also include the canonicalization. This will lead to failure in XML <EncryptedKey> element, which contains the key- signature verification for XML data A. This situation encryption key. In addition to XML signatures and in generally occurs when XML-signed XML data is em- order to ensure that multiple encryption and designa- bedded in a SOAP message. To avoid this problem, tion of multiple recipients are possible URIs can also the Exclusive XML Canonicalization was established be used to specify what is to be encrypted. This fea- as a specification that is based on Canonical XML and ture enables users to build extremely flexible systems excludes naming space and other contexts for the using XML Encryption. target of canonicalization. This specification is par- ticularly important for Web Services Security, which 3.2.2 Decryption Transform for XML Signature specifies XML-signed SOAP messages. The Decryption Transform for XML Signature specification was established to solve problems that 3. XML ENCRYPTION are raised when XML Signature and XML Encryption are used at the same time. It provides for a method 3.1 Overview used to determine whether XML encryption has been XML Encryption is an encryption technology that applied before or after the XML signature creation. is optimized for XML data. Its practical benefits in- This has been established by the W3C’s XML encryp- clude partial encryption, which encrypts specific tags tion working group as an additional specification with contained in XML data, multiple encryption, which regard to the conversion processing that is performed encrypts data multiple times, and complex encryp- on XML signatures. tion, such as the designation of recipients who were permitted to decrypt respective portions of data. The 4. NEC’S ORIGINAL TECHNOLOGIES RELATED use of XML Encryption also helps solve security prob- TO XML SECURITY lems, including XML data eavesdropping. The most important point in the field of XML secu- 3.2 XML Encryption and Related Specifications rity is to guarantee inter-operability with other prod- XML Encryption was established by the W3C as a ucts, or to place precedence on compliance with stan- formal version of W3C recommendations in Dec. dard specifications. This means that vendors find dif- 2002. The W3C also established related specifications ficulty in developing discriminating points for their that solve problems raised when XML Encryption products in this field. NEC has developed the original and XML Signature are used in combination. The technologies, Distributed Signature and HTML Sig- specifications relating to XML Encryption are as fol- nature; has applied for patents of these technologies, lows: and considers that the technologies are discriminat- ing points for the NEC products range. This paper · XML Encryption Syntax and Processing: W3C Rec- discusses Distributed Signature. It is a technology ommendation 2002/12/10 developed to allow the use of XML Signature on thin · Decryption Transform for XML Signature: W3C clients. NEC’s products are being employed in NEC Journal of Advanced Technology, Vol.