95-702 OCT

1
95-702 OCT Week 10 Securing Web Services

• XML Digital Signature
• XML Encryption
• Web Service Security

2
XML Web Services

• Hot topic
• Foundation of Service Oriented Architectures
• Interoperable
• Remote Method Invocation
• Messaging
• Supported by all the big players
• Notes adpated from the required reading Web
  Services Security,
• Bilal Siddiqui

3
Existing XML Web Services

• Google
• EBay
• Amazon
• XIgnite (financial computations)
• Hundreds of others
• See www.xmethods.com
• But remember, many are not public.
• An SOA would have many in house web
• services.

4
XML Web Services Cryptography

• Bob and Alice want to exchange SOAP messages.
• Eve and Mallory need to be taken
• seriously.

5
Whats going on?

• Web Services Security (WSS) specification from
  OASIS
• Message confidentiality
• Message authentication
• End-to-end (not just point-to-point like SSL)

6
The WS Cryptography Stack
XML Web Services Security SAML (Security
Assertion ML),XKMS (XML Key Management
Specification), XACML (eXtensible Access Control
Markup Language)
XMLDSIG (W3C) XMLENC (W3C)
.NET Crypto APIs
Java Security APIs
7
The Need For Web Services

• Application integration within the enterprise
• Application integration across enterprise
  boundaries
• customers
• partners
• suppliers
• Service Oriented Architecture is often built on
• a web service foundation

8
A Tourism Supply Chain
Hotel
Hotel
Tourists
Tour Operator
Car Rental
Car Rental
Without XML/WSS - message formats must be
agreed to - coarse-grained protection
provided by firewalls
Hotel
Anyone may call
RoomRentInfoForAll()
With XML/WSS - SOAP is used for RPC or
messaging - WSS provides fine grained
security decisions
Restricted callers
RoomRentInfoForPartnersOnly()
9
Service Oriented Architecture
SOAP (XML RPC) over HTTP
SOAP Server
Hotel
RoomRentInfoForAll()
RoomRentInfoForPartnersOnly()
10
Listing 1 SOAP Request
POST /Vendors HTTP/1.1Host www.myHotel.comConte
nt-Type text/xmlCharsetutf-8Content-Length
350SOAPACtion"" lt?xml version'1.0'?gt  
ltSOAP-ENVEnvelope       xmlnsSOAP-ENV'http//s
chemas.xmlsoap.org/soap/envelope/' gt     
ltSOAP-EnvBodygt         ltsGetSpecialDiscountedBo
okingForPartners             xmlnss'http//www.
MyHotel.com/partnerservice/' gt        
lt!--Parameters passed with the method
call--gt         lt/sGetSpecialDiscountedBookingFo
rPartnersgt      lt/SOAP-EnvBodygt
lt/SOAP-EnvEnvelopegt
11
Listing 2 SOAP Response
HTTP/1.0 200 OKContent-Type text/xml
charsetutf-8Content-Length 1474lt?xml
version"1.0"gtltSOAP-ENVEnvelope   
xmlnsSOAP-ENV'http//schemas.xmlsoap.org/soap/en
velope/' gt   ltSOAP-ENVBodygt     
ltmGetSpecialDiscountedBookingForPartnersResponse
         xmlnsm"http//www.MyHotel.com/partnerse
rvice/" gt           lt!-- Booking
confirmation details--gt      lt/mGetSpecialDiscou
ntedBookingForPartnersResponsegt  
lt/SOAP-ENVBodygtlt/SOAP-ENVEnvelopegt
12
1st Generation Web Services

SOAP Server
Hotel Class
RDBMS
SOAP Client
13
2ND Generation Web Services

SOAP Server
Hotel Class
RDBMS
SOAP Server
Tour Planning Class
SOAP Client
14
3RD Generation Web Services

SOAP Server
Plane Class
RDBMS
SOAP Server
Hotel Class
RDBMS
WS-Transaction
SOAP Server
Tour Planning Class
SOAP Client
SOAP Server
Tour Planning Class
15
WS Security

SOAP Server
Hotel Class
RDBMS
SOAP Client

• SOAP Server (SOAP Aware Firewall)
• inspect SOAP message
• match user roles with access lists
• XML Signature (not SOAP specific)
• XML Encryption (not SOAP specific)
• WSS (SOAP specific use of XMLEnc and XMLDsig)
• Security Access Markup Language (SAML) for
• single sign on replacing HTTP cookies
• XACML (extensible Access Control Markup
  Language)
• to express authorization and access policies

16
XML SignatureAn IETF/W3C Recommendation

17
XML Digital Signatures

• Review
• Message Digest
• message digest algorithm -gt hash value
• transmit (message,hash value) pair
• useful for checking if errors occurred
• Problem
• Mallory might replace the message, hash value
  pair with her own message, hash value pair.

18
XML Digital Signatures

• Solution get a symmetric key involved in
• the calculation of the hash.
• Solution Given a message m, compute a
• hash of m and encrypt the hash with an
• asymmetric private key.
• Mallory doesnt know the keys. So, she
• cant forge the signature.
• But how do we do this in XML?

19
XML Signature

• XML Signatures are digital signatures used in XML
  transactions
• May be used to sign only a portion of an XML
  document. The document might have
• a long history with different parts holding
  different signatures
• The signature may apply to XML or non-XML data

20
Referencing What is Signed

• The XML Signature may hold a URI
• The signature may be a sibling of what is signed.
• The signature may be a parent of what is signed.
• The signature may be a child of what is signed

21
XMLDsig General Form
The Components of an XML Signature
                                                  
                                                  
            
22
The ltReferencegt Element

• Each signed resource is specified with
• a ltReferencegt element
• A typical ltReferencegt element will contain
• - a pointer to what is signed
• - a digest method (for example SHA1)
• - and a digest value of the signed data in
• base 64 notation

23
The ltReferencegt Element
This is the location of the document being signed.

• ltReference URI http//.../po.xmlgt
• ltDigestMethodgt.lt/DigestMethodgt
• ltDigestValuegt calculated digest of
• po.xml
• lt/DigestValuegt
• lt/Referencegt

24
We may have many references

• ltReferencegt
• pointer, digest method,
  digest value
• lt/Referencegt
• ltReferencegt
• pointer, digest method,
  digest value
• lt/Referencegt

25
Place Within a SignedInfo Element

• ltSignedInfogt
• ltCanonicalizationMethodgt algorithm used
  on
• 
  SignedInfo
• 
  element
• ltSignatureMethodgt for example dsa-sha1
• ltReferencegt
• pointer, digest
  method, digest value
• lt/Referencegt
• ltReferencegt
• pointer, digest
  method, digest value
• lt/Referencegt
• lt/SignedInfogt

26
Compute Digest of SignedInfo

• ltSignedInfogt
• ltCanonicalizationMethodgt algorithm used
  on
• 
  SignedInfo element
• ltSignatureMethodgt for example dsa-sha1
• ltReferencegt
• pointer, digest
  method, digest value
• lt/Referencegt
• ltReferencegt
• pointer, digest
  method, digest value
• lt/Referencegt
• lt/SignedInfogt

27
Sign the digest and place value in a
SignatureValue element

• ltSignedInfogt
• ltCanonicalizationMethodgt algorithm used
  on SignedInfo element
• ltSignatureMethodgt for example dsa-sha1
• ltReferencegt
• pointer, digest
  method, digest value
• lt/Referencegt
• ltReferencegt
• pointer, digest
  method, digest value
• lt/Referencegt
• lt/SignedInfogt
• ltSignatureValuegtBase 64 signature of the
  SignedInfo Element
• lt/SignatureValuegt

28
Enclose in a Signature Element
ltSignaturegt

• ltSignedInfogt
• ltCanonicalizationMethodgt algorithm used
  on SignedInfo
• 
  element
• ltSignatureMethodgt for example dsa-sha1
• ltReferencegt
• pointer, method,
  digest value
• lt/Referencegt
• ltReferencegt
• pointer, method,
  digest value
• lt/Referencegt
• lt/SignedInfogt
• ltSignatureValuegtBase 64 signature of the
  SignedInfo Element
• lt/SignatureValuegt

lt/Signaturegt
29
We may include KeyInfo
ltSignaturegt

• ltSignedInfogt
• ltCanonicalizationgt
• ltSignatureMethodgt
• ltReferencegt
• ltReferencegt
• lt/SignedInfogt
• ltSignatureValuegtBase 64 signature of the
  SignedInfo Element
• lt/SignatureValuegt
• ltKeyInfogt
• ltX509Datagt
• ltX509SubjectNamegtCNCristina
  McCarthy, OCMU,
• ltX509Certificategt base 64 public
  key and identity signed by a CA
• lt/X509Certificategt
• lt/X509Datagt
• lt/KeyInfogt

lt/Signaturegt
30
KeyInfo Element in XMLDsig

• Optional element
• Holds key information required to validate the
  signature or
• Points to that key information
• May have children such as
• ltPGPDatagt ltSPKIDatagt ltX509Datagt

31
What Can Mallory Do?

• Can she modify the CA signed certificate so that
  someone else appears to have signed the document?
• Can she modify what is being pointed by the
  reference element?
• Can she change the canonicalization method?
• Can she change the contents of the signature
  method tag?

32
Verification

• 1. Canonicalize the SignedInfo element.
• 2. Compute the digest of the SignedInfo
• element using the method described within it
• 3. Compare the above value with that value
• got from applying the signers public key
• to the value in the SignatureValue element
• 4. Compute digests of referenced items (after any
  
• transformations) and compare those digests
• found within each reference tag

33
Using IBMs XML Security Suite
34
Signing in Three Steps(1)

• Prepare a Signature DOM tree
• This an XML document holding the
• Signature element.
• This may be done with an XSS4J
  TemplateGenerator or with an existing
• template document

35
Signing in Three Steps(2)

• 2. Create an XSS4J SignatureContext instance
• -- may be used to fetch resource to be
  signed using URLConnection
• -- may used to find an element being
  referred to within the same
• document
• -- has a sign() method

36
Signing in Three Steps(3)

• 3. Sign with the sign method of the XSS4J
  SignatureContext object
• Prepare a key object (holding the
• private key in DSS or RSA) used to sign
• Prepare a KeyInfo object with an X509
• certificate
• Insert the KeyInfo into the Signature
  element
• sigContext.sign(sigElement, key)

37
Sign a grade book

• Gradebook.xml
• lt?xml version"1.0" encoding"UTF-8"?gt
• ltGradeBookgt
• ltStudentgt
• ltScoregt100lt/Scoregt
• ltScoregt89lt/Scoregt
• lt/Studentgt
• lt/GradeBookgt

38
We need keys

• D\..\95-804\IBMXMLSecuritySuite\SampleSign2gt
• keytool -genkey -keyalg RSA -keystore
  test.keystore
• -dname "CNMike McCarthy, OUHeinz School,
• OCMU, LPgh, SPA, CUS" -alias mjm
• -storepass sesame -keypass sesame

Creates test.keystore holding keys and a
self-signed certificate
39
Run XSS4Js SampleSign2

• D\...\95-804\IBMXMLSecuritySuite\
• SampleSign2gtjava SampleSign2 mjm
• sesame sesame
• -embxml gradebook.xml gt signature.xml
• Key store test.keystore
• Sign 851ms

40
Examine Signature.xml

• ltSignature xmlns"http//www.w3.org/2000/09/xmldsi
  g"gt
• ltSignedInfogt
• ltCanonicalizationMethod Algorithm"http//www.
  w3.org/TR/2001/REC-xml-c14n-20010315"gtlt/Canonicali
  zationMethodgt
• ltSignatureMethod Algorithm"http//www.w3.org/
  2000/09/xmldsigrsa-sha1"gtlt/SignatureMethodgt

41
We are signing resource 0
Transforms Prior to hashing

• ltReference URI"Res0"gt
• ltTransformsgt
• ltTransform Algorithm"http//www.w3.
  org/TR/2001/REC-xml-
• 
  c14n-20010315"gt
• lt/Transformgt
• lt/Transformsgt
• ltDigestMethod
• Algorithm"http//www.w3.org
  /2000/09/xmldsigsha1"gt
• lt/DigestMethodgt
• ltDigestValuegtm6f9xhOc4iEXokD/29V9EsdY3yI
• lt/DigestValuegt
• lt/Referencegt

42

• lt/SignedInfogt
• ltSignatureValuegt
• Gll1H/uplOwfaX3j7ST6UqQlc92Hx2nsCdN2KWz32CW0
  D4hH64n32v/InkGux1dYgTya6S4s55iHqZEjDpH2I359H4PAxB
  YYXJj4LUBNxAFxUcDy6xrEUbLnKeutT5pf1DBSmxg9Cp3PO5Rs
  36nVN8GVfnFl1M86WQd19/RsAnA
• lt/SignatureValuegt

43

• ltKeyInfogt
• ltKeyValuegt
• ltRSAKeyValuegt
• ltModulusgt
• 7V5eyhVaw0clED11H6PTPoKQA1VxrLAugU3QxKA0
  hbbUOiavFbqCdc6ZFe9JZFMkS
• IqdlkhwWwdAIsRyrN4V2DWm1fxyYQf6bdZgCa
  VVgkST1BpQxBTgNKRcS5VbLrXf
• 4MXb5TbhAeo1Qbr2IjlV10aLbVhUk/gylagk
  
• lt/Modulusgt
• ltExponentgtAQABlt/Exponentgt
• lt/RSAKeyValuegt
• lt/KeyValuegt

44

• ltX509Datagt
• ltX509IssuerSerialgt
• ltX509IssuerNamegtCNMike
  McCarthy,OUHeinz
• School,OCMU,LPgh,STPA,CUS
• lt/X509IssuerNamegt
• ltX509SerialNumbergt1049138061
• lt/X509SerialNumbergt
• lt/X509IssuerSerialgt
• ltX509SubjectNamegtCNMike
  McCarthy,OUHeinz
• School,OCMU,LPgh,STPA,CUS
• lt/X509SubjectNamegt
• ltX509Certificategt

45

• MIICPDCCAaUCBD6Ik40wDQYJKoZIhvcNAQEEBQAwZTELMAkGA
• UEBhMCVVMxCzAJBgNVBAgTAlBBMQwwCgYDVQQHEwNQZ2gx
• DAKBgNVBAoTA0NNVTEVMBMGA1UECxMMSGVpbnogU2Nob29s
• RYwFAYDVQQDEw1NaWtlIE1jQ2FydGh5MB4XDTAzMDMzMTE5M
• QyMVoXDTAzMDYyOTE5MTQyMVowZTELMAkGA1UEBhMCVVMx
• zAJBgNVBAgTAlBBMQwwCgYDVQQHEwNQZ2gxDDAKBgNVBAoT
• 0NNVTEVMBMGA1UECxMMSGVpbnogU2Nob29sMRYwFAYDVQQ
• Ew1NaWtlIE1jQ2FydGh5MIGfMA0GCSqGSIb3DQEBAQUA
• A4GNADCBiQKBgQDtXl7KFVrDRyUQPXUfo9MgpADVXGssC6BT
• DEoDSFttQ6Jq8VuoJ1zpn4V70lkUyRIip2X6SHBbB34AixHKs3
  hXYN
• bV/7HJhB/pt1mAJpVWCRJPUGlDEFOA0pFxLlVsutd/gxdvl
• NuED56jVBuvYiOVXXRottWFSTD7KVqD6QIDAQABMA0GCSqG
• 3DQEBBAUAA4GBAMpUaA8Cw8mKQn408KuV4xrTciEEcTLNniDGn
  
• 8d9W1fR4veqhKz8L88864bNS5Wih1oEC5k/da23QicpTdXf
  UyA1c
• 9Zu3cGU4ulUfhFPWv0IgdpI63KQt9QwsuTxWck5dAta2KWWTv
  85I
• ByHXgoaDlvJ65JjT87nAPAI3

46
The resource 0 object

• lt/X509Certificategt
• lt/X509Datagt
• lt/KeyInfogt
• ltdsigObject xmlns""
• 
  xmlnsdsig"http//www.w3.org/2000/09/xmldsig"
  
• Id"Res0"gt
• ltGradeBookgt
• ltStudentgt
• ltScoregt100lt/Scoregt
• ltScoregt89lt/Scoregt
• lt/Studentgt
• lt/GradeBookgt
• lt/dsigObjectgt
• lt/Signaturegt

47
Lets change the low grade!

• ltdsigObject xmlns"" xmlnsdsig"http//www.w3.o
  rg/2000/09/xmldsig" Id"Res0"gt
• ltGradeBookgt
• ltStudentgt
• ltScoregt100lt/Scoregt
• ltScoregt100lt/Scoregt
• lt/Studentgt
• lt/GradeBookgtlt/dsigObjectgt

48
And run verify

• D\McCarthy\www\95-804\IBMXMLSecuritySuite\SampleS
  ign2gtjava VerifyCUI lt signature.xml
• The signature has a KeyValue element.
• The signature has one or more X509Data elements.
• Checks an X509Data
• 1 certificate(s).
• Certificate Information
• Version 1
• Validity OK
• SubjectDN CNMike McCarthy, OUHeinz
  School, OCMU, LPgh, STPA, CUS
• IssuerDN CNMike McCarthy, OUHeinz
  School, OCMU, LPgh, STPA, CUS
• Serial 0x3e88938d
• Time to verify 521 msec
• Core Validity NG
• Signature Validity OK
• 0 "Res0" NG Digest value mismatch
  calculated tfVyHns8wRB6l/HDU2dXZkzf7Q
• Exception in thread "main" java.lang.RuntimeExcept
  ion Core Validity NG
• at dsig.VerifyCUI.main(VerifyCUI.java137)

49
Another Example PO.XML

• lt?xml version"1.0" encoding"UTF-8"?gt
• ltPurchaseOrder xmlns"urnpurchase-order"gt
• ltCustomergt
• ltNamegtRobert Smithlt/Namegt
• ltCustomerIdgt788335lt/CustomerIdgt
• lt/Customergt
• ltItem partNum"C763"gt
• ltProductIdgt6883-JF3lt/ProductIdgt
• ltQuantitygt3lt/Quantitygt
• ltShipDategt2002-09-03lt/ShipDategt
• ltNamegtThinkPad X20lt/Namegt
• lt/Itemgt
• lt/PurchaseOrdergt

50
PO After Signing

• lt?xml version'1.0' encoding'UTF-8'?gt
• ltSignedPurchaseOrdergt
• ltPurchaseOrder id"id0" xmlns"urnpurchase-o
  rder"gt
• ltCustomergt
• ltNamegtRobert Smithlt/Namegt
• ltCustomerIdgt788335lt/CustomerIdgt
• lt/Customergt
• ltItem partNum"C763"gt
• ltProductIdgt6883-JF3lt/ProductIdgt
• ltQuantitygt3lt/Quantitygt
• ltShipDategt2002-09-03lt/ShipDategt
• ltNamegtThinkPad X20lt/Namegt
• lt/Itemgt
• lt/PurchaseOrdergt

51

• ltSignature xmlns"http//www.w3.org/2000/09/xmldsi
  g"gt
• ltSignedInfogt
• ltCanonicalizationMethod Algorithm"http//www
  .w3.org/TR/2001/REC-xml-c14n-20010315"/gt
• ltSignatureMethod Algorithm"http//www.w3.org/
  2000/09/xmldsigrsa-sha1"/gt
• ltReference URI"id0"gt
• ltDigestMethod Algorithm"http//www.w3.org/2
  000/09/xmldsigsha1"/gt
• ltDigestValuegtUfeiscUCL7QkhZtRDLWDPWLpVlAlt/D
  igestValuegt
• lt/Referencegt
• lt/SignedInfogt

52

• ltSignatureValuegt
• Ptysg8WdHI2mxwryOOt5I9r9qZm/2gNFNOJyH1Wak4nCUe
  gRpe72tWnsigAKZyopmgUSH3TG
• aGGQF1BTSvk3JUUY/ljrw5FpTpf3hgZBi7GSWf6WtXqZvM
  YGUKIlvR/421MZg7P9XRUyy37
• ZUzQHtmCYkBorEkEx1J4CYB0G2c
• lt/SignatureValuegt

53

• ltKeyInfogt
• ltX509Datagt
• ltX509Certificategt
• MIIDGjCCAoOgAwIBAgICAQAwDQYJKoZIhvcNAQEFBQ
  AwXzELMAkGA1UEBhMCSlAxETAPBgNVBAgT
• CEthbmFnYXdhMQ8wDQYDVQQHEwZZYW1hdG8xDDAKBg
  NVBAoTA0lCTTEMMAoGA1UECxMDVFJMMRAw
• DgYDVQQDEwdUZXN0IENBMB4XDTAxMTAwMTA3MTYxMF
  oXDTExMTAwMTA3MTYxMFowUDELMAkGA1UE
• BhMCSlAxETAPBgNVBAgTCEthbmFnYXdhMQwwCgYDVQ
  QKEwNJQk0xDDAKBgNVBAsTA1RSTDESMBAG
• A1UEAxMJU2lnbmF0dXJlMIGfMA0GCSqGSIb3DQEBAQ
  UAA4GNADCBiQKBgQCvnFQiPEJnUZnkmzoc
• MjsseD8ms9HBgasZR0VOAvsby5aajsm9CtB18dDCem
  DXZ2YjBdprXepfF4SLNP5ankfphhr9QXA
• NJdCKpyF3jPoydckle7E7gI9w3Q4NDa4ryVOuIS2q
  ev6jlE7OVPqiXIDVlCH4u6GbIoJEpJ57yzx
• dQIDAQABo4HzMIHwMAkGA1UdEwQCMAAwCwYDVR0PBA
  QDAgXgMCwGCWCGSAGGEIBDQQfFh1PcGVu
• U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ
  4EFgQUYapFv9MvQ9NNn1Q7zgzqka4XORsw
• gYgGA1UdIwSBgDBgBR7FuT9bLBj3vVsgAzIeYa4hB
  UZBaFjpGEwXzELMAkGA1UEBhMCSlAxETAP
• BgNVBAgTCEthbmFnYXdhMQ8wDQYDVQQHEwZZYW1hdG
  8xDDAKBgNVBAoTA0lCTTEMMAoGA1UECxMD
• VFJMMRAwDgYDVQQDEwdUZXN0IENBggEAMA0GCSqGSI
  b3DQEBBQUAA4GBALFzGDXMzxJvOnCdJCMZ
• 2NsZdz1wmoYyejB5J6Ch2ygdPeibMnW/CiYKCTWBh
  pEgxEqr1BNlgSVqA6nyvjHsVIvgBfwx37D
• hJ5hz4azpWu1X22XqyU9fUqoQUtEAdM/MlLekBkprk
  JVb9uJXTFzzvm/3DoEiBkX/BT78YdM8eq0

54
WSS XMLDSig Listing 1

• lt?xml version1.0?gtltSOAP-ENVEnvelope    x
  mlnsSOAP-ENVhttp//schemas.xmlsoap.org/soap/env
  elope/gt    ltSOAP-ENVBodygt        ltsGetSpecial
  DiscountedBookingForPartners            xmlnss
  http//www.MyHotel.com/partnerservice/gt         
          lt!--Parameters passed with the method
  call--gt         lt/sGetSpecialDiscountedBookingFo
  rPartnersgt    lt/SOAP-ENVBodygtlt/SOAP-ENVEnvelop
  egt

From Web Services Security, Bilal
Siddiqui There is no XMLDS in this example.
55
Sign The SOAP Request

• lt?xml version1.0?gtltSOAP-ENVEnvelope    
  xmlnsSOAP-ENVhttp//schemas.xmlsoap.org/soap/en
  velope/    xmlnsdshttp//www.w3.org/2000/09/x
  mldsiggt    ltSOAP-ENVHeadergt        ltdsSigna
  turegt lt! wraps all other XMLDS
  elements?             ltdsSignedInfogt
  lt! note the ds prefix ?             lt/dsSignedI
  nfogt lt! note three children of Signature
  ?             ltdsSignatureValuegt             lt/
  dsSignatureValuegt             ltdsKeyInfogt     
          lt/dsKeyInfogt        lt/dsSignaturegt    
  lt/SOAP-ENVHeadergt    ltSOAP-ENVBodygt        lts
  GetSpecialDiscountedBookingForPartners          
    xmlnsshttp//www.MyHotel.com/partnerservice/
  gt                 lt!--Parameters passed with the
  method call--gt         lt/sGetSpecialDiscountedBo
  okingForPartnersgt    lt/SOAP-ENVBodygtlt/SOAP-ENV
  Envelopegt

56
After Signing (1)
lt?xml version1.0?gtltSOAP-ENVEnvelope    xmlns
SOAP-ENVhttp//schemas.xmlsoap.org/soap/envelop
e/    xmlnsdshttp//www.w3.org/2000/09/xmldsi
ggt    ltSOAP-ENVHeadergt        ltdsSignaturegt
             ltdsSignedInfogt                 
ltdsCanonicalizationMethod                     
Algorithm"http//www.w3.org/2001/10/xml-exc-c14n
"/gt                  ltdsSignatureMethod        
              Algorithm"http//www.w3.org/2000/09
/xmldsigrsa-sha1"/gt                 
ltdsReference URI"GetSpecialDiscountedBookingFor
Partners"gt                     
ltdsTransformsgt                         
ltdsTransform                             
Algorithm"http//www.w3.org/2001/10/xml-exc-c14n
"/gt                      lt/dsTransformsgt       
              
57
After Signing (2)
ltdsDigestMethod             
             Algorithm"http//www.w3.org/2000/09/
xmldsigsha1"/gt                     
ltdsDigestValuegt                         
BIUddkjKKo2...                     
lt/dsDigestValuegt                 
lt/dsReferencegt             lt/dsSignedInfogt    
         ltdsSignatureValuegt                 halH
Jghyf765....             lt/dsSignatureValuegt   
          ltdsKeyInfogt lt! the key name for
signature verification ?                 ltdsKeyN
amegtMyKeyIdentifierlt/dsKeyNamegt             lt/ds
KeyInfogt lt! application dependent, perhaps
a symmetric key ID?         lt/dsSignaturegt    lt
/SOAP-ENVHeadergt
58
After Signing (3)
    ltSOAP-ENVBodygt        ltsGetSpecialDiscounte
dBookingForPartners            xmlnsshttp//ww
w.MyHotel.com/partnerservice/            ID"Get
SpecialDiscountedBookingForPartners"gt            
     lt!--Parameters passed with the method
call--gt         lt/sGetSpecialDiscountedBookingFo
rPartnersgt    lt/SOAP-ENVBodygtlt/SOAP-ENVEnvelo
pegt
59
Validation Procedure

• (1) Canonicalize the SignedInfo element.
• (2) Check message integrity. Well need
• a. the data to be digested
• b. any transforms to perform first
• c. the digest algorithm
• (3) If the digests compare equal verify the
• signature (continued)

60
Validation Procedure

• (3) If the digests compare equal verify the
• signature
• a. get the signers key (public key or
• shared secret) perhaps by consulting
• the ltkeyInfogt element.
• b. read the signature method used to
• compute the signature
• c. Attempt to verify and if we have a match
  call
• GetSpecialDiscountedBookingForPartners

61
XML Encryption

• W3C Recommendation 10 December 2002
• Notes from
• http//www-106.ibm.com/developerworks/library/x-e
  ncrypt/index.html
• by Bilal Siddiqui
• And Secure XML by Eastlake and Niles
  Addison Wesley

62
General Form 1

• ltEncryptedDatagt
• ltCipherDatagt
• ltCipherValuegt
• cipher text in Base 64
• lt/CipherValuegt
• lt/CipherDatagt
• lt/EncryptedDatagt

63
General Form 2

• ltEncryptedDatagt
• ltCipherDatagt
• ltCipherReferencegt
• pointer (URL) to cipher text
• lt/CipherReferencegt
• lt/CipherDatagt
• lt/EncryptedDatagt

64
EncryptedData is the core element

• Replaces the encrypted element or
• Serves as the new document root
• May contain a KeyInfo element that describes the
  key needed for decryption (borrowed from XML
  Digital Signature) or
• signature verification

65
General Example (1)

• ltMedInfogt
• ltIDgt
• ltNamegt
• ltAddressgt
• lt/IDgt
• ltMedicalgtlt/Medicalgt
• ltFinancialgtlt/Financialgt
• lt/MedInfogt

66
General Example (2)

• ltMedInfogt
• ltIDgt.lt/IDgt
• ltEncryptedDatagt
• ltKeyInfogt
• ltKeyNamegtMedical
• lt/KeyInfogt
• ltCipherDatagt
• ltCipherValuegt cipher text
• lt/EncryptedDatagt

67
General Example (3)

• ltFinancialgt
• ltEncryptedDatagt
• ltKeyInfogt
• ltKeyNamegtPay
• lt/KeyInfogt
• ltCipherDatagt
• ltCipherValuegt cipher text
• lt/EncryptedDatagt
• lt/Finacialgt
• lt/MedInfogt

68
Detailed Example (Listing 1)

• ltpurchaseOrdergt
• ltOrdergt
• ltItemgtbooklt/Itemgt
• ltIdgt123-958-74598lt/Idgt
• ltQuantitygt12lt/Quantitygt
• lt/Ordergt
• ltPaymentgt
• ltCardIdgt123654-8988889-9996874lt/CardI
  dgt
• ltCardNamegtvisalt/CardNamegt
• ltValidDategt12-10-2004lt/ValidDategt
• lt/Paymentgt
• lt/purchaseOrdergt

69
Encrypting the Entire File (Listing 2)

• lt?xml version'1.0' ?gt
• ltEncryptedData xmlns'http//www.w3.org/2001/04/xm
  lenc' Type'http//www.isi.edu/in-notes/iana/assi
  gnments/media-types/text/xml'gt
• ltCipherDatagt
• ltCipherValuegtA23B45C56lt/CipherValuegt
• lt/CipherDatagt
• lt/EncryptedDatagt

IANA Internet Assigned Numbers Authority a
function of The Internet Corporationfor
Assigned Names and Numbers
70
Encrypting The Payment (Listing 3)

• lt?xml version'1.0' ?gt
• ltPurchaseOrdergt
• ltOrdergt
• ltItemgtbooklt/Itemgt
• ltIdgt123-958-74598lt/Idgt
• ltQuantitygt12lt/Quantitygt
• lt/Ordergt
• ltEncryptedData
• Type'http//www.w3.org/2001/04/xm
  lencElement'
• xmlns'http//www.w3.org/2001/04/
  xmlenc'gt
• ltCipherDatagt
• ltCipherValuegtA23B45C564587lt
  /CipherValuegt
• lt/CipherDatagt
• lt/EncryptedDatagt
• lt/PurchaseOrdergt

One element
71
Encrypting Only the CardId (Listing 4)

• lt?xml version'1.0' ?gt
• ltPurchaseOrdergt
• ltOrdergt
• ltItemgtbooklt/Itemgt
• ltIdgt123-958-74598lt/Idgt
• ltQuantitygt12lt/Quantitygt
• lt/Ordergt
• ltPaymentgt
• ltCardIdgt
• ltEncryptedData
• Type'http//www.w3.org/2001/04/x
  mlencContent'
• xmlns'http//www.w3.o
  rg/2001/04/xmlenc'gt
• ltCipherDatagt
• ltCipherValuegtA23B45C564587lt
  /CipherValuegt
• lt/CipherDatagt
• lt/EncryptedDatagt
• lt/CardIdgt
• ltCardNamegtvisalt/CardNamegt
• ltValidDategt12-10-2004lt/CardNamegt

Element content
72
Encrypting Non-XML Data (Listing 5)

• lt?xml version'1.0' ?gt
• ltEncryptedData xmlns'http//www.w3.org/2001/04/xm
  len'
• Type'http//www.isi.edu/in-notes/iana/assig
  nments/media-types/jpeg' gt
• ltCipherDatagt
• ltCipherValuegtA23B45C56lt/CipherVal
  uegt
• lt/CipherDatagt
• lt/EncryptedDatagt

73
Sending a public key (listing 6)

• lt?xml version'1.0' ?gt
• ltSecureCommunicationDemonstrationgt
• ltEncryptedKey CarriedKeyName"Muhamma
  d
• Imran"
• xmlns'http//www.w3.org/2001/0
  4/xmlenc'gt
• ltdsKeyInfo
• xmlnsds'http//www.w3.org/200
  0/09/xmldsig'gt
• ltdsKeyValuegt1asd25fsdf2dfdsfs
  dfds2f1sd23
• lt/dsKeyValuegt
• lt/dsKeyInfogt
• lt/EncryptedKeygt
• lt/SecureCommunicationDemonstrationgt

This key is in the clear.
74
Receiving a Secret Key Encrypted with a Public
Key (listing 7)

• lt?xml version'1.0' ?gt
• ltSecureCommunicationDemonstrationgt
• ltEncryptedKey CarriedKeyName"Imran Ali"
• xmlns'http//www.w3.org/2001/04/xmlen
  c'gt
• ltEncryptionMethod Algorithm
• "http//www.w3.org/2001/04/xmlencr
  sa-1_5"/gt
• ltCipherDatagt
• ltCipherValuegtxyza21212sdf
  dsfs7989fsdbc
• lt/CipherValuegt
• lt/CipherDatagt
• lt/EncryptedKeygt
• lt/SecureCommunicationDemonstrationgt

This key is encrypted. Its name is Imran Ali.
75
Data Encrypted to Secret Key (Listing 8)

• lt?xml version'1.0' ?gt
• ltltSecureCommunicationDemonstrationgt
• ltOrdergt
• ltItemgtbooklt/Itemgt
• ltIdgt123-958-74598lt/Idgt
• ltQuantitygt12lt/Quantitygt
• ltCardNamegtVisalt/CardNamegt
• ltExpDategt10-10-2005lt/ExpDategt
• ltEncryptedData Type'http//www.w3.o
  rg/2001/04/xmlencElement'
• 
  xmlns'http//www.w3.org/2001/04/xmlenc'gt
• ltEncryptionMethod
  Algorithm'http//www.w3.org/2001/04/xmlenctriple
  des-cbc '/gt
• ltdsKeyInfo
  xmlnsds'http//www.w3.org/2000/09/xmldsig'gt
• 
  ltdsKeyNamegtImran alilt/dsKeyNamegt
• lt/dsKeyInfogt
• ltCipherDatagt
• ltCipherValuegtA23B45C5645
  87lt/CipherValuegt
• lt/CipherDatagt

An element is encrypted with the Imran Ali key.
76
Pointing to encrypted data (listing 9)

• lt?xml version'1.0' ?gt
• ltEncryptedData xmlns'http//www.w3.org/2001/04/x
  mlenc' Type
• 'http//www.w3.org/2001/04/xmlencElement'gt
  
• ltdsKeyInfo
• xmlnsds'http//www.w3.org/2000/0
  9/xmldsig'gt
• ltdsKeyNamegtImran alilt/dsKeyName
• lt/dsKeyInfogt
• ltCipherDatagt
• ltCipherReference
• URI"www.waxsys.com/secureData
  /waxFile.txt"/gt
• lt/CipherDatagt
• lt/EncryptedDatagt

The external source is encrypted with the Imran
Ali key.
77
Point to a distant encrypted element (Listing 10)

• lt?xml version'1.0' ?gt
• ltEncryptedData ID"Enc-Data" xmlns'http//www.w3
  .org/2001/04/xmlenc' Type'http//www.w3.org/2001
  /04/xmlencElement' gt
• ltCipherReference URI"http//www.waxsys.com/E
  ncFile.xml" gt
• ltTransforms xmlnsds"http//www.w3.org
  /2000/09/xmldsig" gt
• ltdsTransform Algorithm"http//www
  .w3.org/TR/1999/REC-
• xpath-19991116"gt
• ltwaxXPath
• xmlnswax"http//w
  ww.waxsys.com/xpathNS"gt
• 
  PruchaseOrder/EncryptedData _at_Id"Imran-Enc-Data"
  
• lt/waxXPathgt
• lt/dsTransformgt
• lt/Transformsgt
• lt/CipherReferencegt
• lt/EncryptedDatagt

XPath is being used to point to the exact
element that is encrypted.
78
SOAP Response
lt?xml version"1.0" encoding"UTF-8"?gt
ltenvEnvelope xmlnsenv"http//schemas.xmlso
ap.org/soap/envelope/"
xmlnsenc"http//schemas.xmlsoap.org/soap/encodin
g/" xmlnsns0"http//xmlsoap.org
/Ping" xmlnsxsd"http//www.w3.org/2001/XMLSchema
" xmlnsxsi"http//www.w3.org/20
01/XMLSchema-instance"gt
ltenvHeadergt ltwsseSecurity
xmlnswsse
"http//docs.oasis-open.org/wss/2004/01/oasis-2004
01-wss-wssecurity-secext-1.0.xsd"
envmustUnderstand"1"gt
ltwsseBinarySecurityToken
xmlnswsu"http//docs.oasis-open.org/wss/2
004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
" EncodingType"http/
/docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
soap-message-security-1.0Base64Binary"
ValueType"http//docs.oasis-ope
n.org/wss/2004/01/oasis-200401-wss-x509-token-prof
ile-1.0X509v3"
wsuId"Id-2811617958072086928"gtMIIDWTCCAsKgAwIBAg
IBATANBgkqhki

G9w0BAQQFADB0MQswCQYDVQQGEw

TkExCzAJBgNVBAcTAk5BMQswCQYDV

Truncated for
slides lt/wsseBinarySecurityTok
engt
79
ltdsSignature
xmlnsds"http//www.w3.org/2000/09/xmldsig"gt
ltdsSignedInfogt
ltdsCanonicalizationMethod
Algorithm"http//www.w3.org/2001/10/xml-exc-c14n
"/gt ltdsSignatureMethod
Algorithm"http//www.w3.org/2000/09/xmldsigrsa-s
ha1"/gt ltdsReference
URI"Id-2759303837586178391"gt
ltdsTransformsgt
ltdsTransform Algorithm"http//www.
w3.org/2001/10/xml-exc-c14n"/gt
lt/dsTransformsgt
ltdsDigestMethod Algorithm"http//www.
w3.org/2000/09/xmldsigsha1"/gt
ltdsDigestValuegtwIvYh7do417KoMegTdIsce
Vwa4lt/dsDigestValuegt
lt/dsReferencegt
ltdsReference URI"Id-6781605803276963"gt
ltdsTransformsgt
ltdsTransform
Algorithm"http//www.w3.org/2001/10/xml-exc-c14n
"/gt
lt/dsTransformsgt
ltdsDigestMethod Algorithm"http//www.w3.org/2000
/09/xmldsigsha1"/gt
ltdsDigestValuegtLmLfuY64iaJ1GNm2tYFVxbGrFO8lt/dsD
igestValuegt
lt/dsReferencegt
lt/dsSignedInfogt
80
ltdsSignatureValuegt
kSzWeh29OTfPhYl1/8RM2z2puuWXrfJLU6k8MlC0PRYljt2
79NzSVgWUuKsCjYEggAtY6OEKIC
hvNp18NQ3Im2NOb35vsFCzc4GQkIm8jn70TF9YFvEYx5xX39f
7mV96YMuwWfebYAAS/AEOnx/zh
/YNfPT6l5oSdd2l5OzI
lt/dsSignatureValuegt ltdsKeyInfogt
ltwsseSecurityTokenReferencegt
ltwsseReference URI"Id-2811617958072086928"
ValueType"http//docs.oasis-open.o
rg/wss/2004/01/oasis-200401-wss-x509-token-profile
-1.0X509v3"/gt lt/wsseSecurityTokenRef
erencegt lt/dsKeyInfogt
lt/dsSignaturegt ltwsuTimestamp
xmlnswsu"http//docs.oasis-open.org/ws
s/2004/01/oasis-200401-wss-wssecurity-utility-1.0.
xsd" wsuId"Id-67816058032769
63"gt ltwsuCreatedgt2005-04-09T15
2744Zlt/wsuCreatedgt
ltwsuExpiresgt2005-04-09T153244Zlt/wsuExpiresgt
lt/wsuTimestampgt lt/wsseSecuritygt
lt/envHeadergt
81
ltenvBody xmlnswsu
"http//docs.oasis-open.org/wss/2004/01/oasis-2
00401-wss-wssecurity-utility-1.0.xsd"
wsuId"Id-2759303837586178391"gt
ltns0PingResponsegt
ltns0textgtHello! Mike!lt/ns0textgt
lt/ns0PingResponsegt lt/envBodygt
lt/envEnvelopegt
82
Tell The Client to Encrypt
ltxwssJAXRPCSecurity xmlnsxwss"http//java.sun.c
om/xml/ns/xwss/config"gt ltxwssServicegt
ltxwssSecurityConfiguration dumpMessages"true"gt
lt!-- Since no targets
have been specified below, the contents of
the soap body would be encrypted by
default. --gt
ltxwssEncryptgt ltxwssX509Token
certificateAlias"s1as"/gt
lt/xwssEncryptgt lt/xwssSecurityConfigurati
ongt lt/xwssServicegt ltxwssSecurityEnviron
mentHandlergt com.sun.xml.wss.sample.Securi
tyEnvironmentHandler lt/xwssSecurityEnvironmen
tHandlergt lt/xwssJAXRPCSecuritygt
83
Tell the server to require encryption
ltxwssJAXRPCSecurity xmlnsxwss"http//java.sun.c
om/xml/ns/xwss/config"gt ltxwssServicegt
ltxwssSecurityConfiguration dumpMessages"true"gt
lt!-- Encryption
requirement. As no target is specified, the
contents of the soap body of the
request are expected to be encrypted.
--gt ltxwssRequireEncryption/gt
lt/xwssSecurityConfigurationgt
lt/xwssServicegt ltxwssSecurityEnvironmentHand
lergt com.sun.xml.wss.sample.SecurityEnviro
nmentHandler lt/xwssSecurityEnvironmentHandler
gt lt/xwssJAXRPCSecuritygt
84
Encrypted Request
lt?xml version"1.0" encoding"UTF-8"?gt
ltenvEnvelope xmlnsenv"http//schemas.xmls
oap.org/soap/envelope/"
xmlnsenc"http//schemas.xmlsoap.org/soap/
encoding/"
xmlnsns0"http//xmlsoap.org/Ping"
xmlnsxsd"http//www.w3.org/20
01/XMLSchema"
xmlnsxsi"http//www.w3.org/2001/XMLSchema-instan
ce"gt ltenvHeadergt
ltwsseSecurity xmlnswsse"http//docs.oasis-open.
org/wss/2004/01/oasis-200401-wss-wssecurity-secext
-1.0.xsd"
envmustUnderstand"1"gt
ltwsseBinarySecurityToken
xmlnswsu"http//docs.oasis-open.org/wss
/2004/01/oasis-200401-wss-wssecurity-utility-1.0.x
sd"
EncodingType"http//docs.oasis-open.org/wss/2004/
01/oasis-200401-wss-soap-message-security-1.0Base
64Binary"
ValueType"http//docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-x509-token-profile-1.0X509v3"
wsuId"Id-684267331
2555922560"gtMIIDWTCCAsKgAwIBAgIBATANBgkqhki


G9w0BAQQFADB0MQswCQYDVQQGEw

Large truncation for slides

85
lt/wsseBinarySecurityTokengt
ltxencEncryptedKey xmlnsxenc"http//www.w3.org/2
001/04/xmlenc"gt
ltxencEncryptionMethod Algorithm"http//www.w3.or
g/2001/04/xmlencrsa-oaep-mgf1p"/gt
ltdsKeyInfo xmlnsds"http//www.w3.org/2000/09/xm
ldsig"gt ltwsseSecurityTokenRef
erencegt ltwsseReference
URI"Id-6842673312555922560"
ValueType"http//docs.oasis-open.org/wss
/2004/01/oasis-200401-wss-x509-token-profile-1.0X
509v3"/gt lt/wsseSecurityTokenR
eferencegt lt/dsKeyInfogt
ltxencCipherDatagt
ltxencCipherValuegtKB79tvoF6Bu7JeL2Re6iGG8

BhdhOFcZiNDJrJNe8lV3GE6
Sks453IF3GFpmkmQttPhzH1D

HKQ2nFjIWPdyZObK3cVyDf
rox7Ysjbfuo4TNwElHvKtnGVNb

cQIGWiwyxHIZCjqCdF8LM8E1
gCZgYSaRh3V48VMlOsfZ8RCR
Vjw
lt/xencCipherValuegt
lt/xencCipherDatagt
86
ltxencReferenceListgt
ltxencDataReference URI"Id7870285788177789579"/gt
lt/xencReferenceListgt
lt/xencEncryptedKeygt lt/wsseSecuritygt
lt/envHeadergt ltenvBodygt
ltxencEncryptedData xmlnsxenc"http//www.w3.org/
2001/04/xmlenc"
Id"Id7870285788177789579"
Type"http//www.w3.org/2001/04/xmlencContent"gt
ltxencEncryptionMethod
Algorithm
"http//www.w3.org/2001/04/xmlenctripledes-cb
c"/gt ltxencCipherDatagt
ltxencCipherValuegt

SL1G08bGFaqEOefJWtBpOipgkvs8i7JWNwoGum5TO

EyZkStSKav/lYygoC5/ji11rccnQWNq/Tg1eYX52UTalAS
Large
truncation for slides
lt/xencCipherValuegt
lt/xencCipherDatagt
lt/xencEncryptedDatagt lt/envBodygt
lt/envEnvelopegt
87
SOAP Response
lt?xml version"1.0"
encoding"UTF-8"?gt ltenvEnvelope
xmlnsenv
"http//schemas.xmlsoap.org/soap/envelope/"
xmlnsenc"http//schem
as.xmlsoap.org/soap/encoding/"
xmlnsns0"http//xmlsoap.org/Ping"

xmlnsxsd"http//www.w3.org/2001/XMLSchema"
xmlnsxsi"http//www.
w3.org/2001/XMLSchema-instance"gt
ltenvBodygt ltns0PingResponsegt
ltns0textgtHello! Mike!lt/ns0textgt
lt/ns0PingResponsegt lt/envBodygt
lt/envEnvelopegt
88
Tell the client to send a username/password
ltxwssJAXRPCSecurity xmlnsxwss"http//java.sun.c
om/xml/ns/xwss/config"gt ltxwssServicegt
ltxwssSecurityConfiguration dumpMessages"true"gt
lt!-- Default Digested
password will be sent. --gt
ltxwssUsernameToken name"Ron" password"noR"/gt
lt/xwssSecurityConfigurationgt
lt/xwssServicegt ltxwssSecurityEnvironmentHand
lergt com.sun.xml.wss.sample.SecurityEnviro
nmentHandler lt/xwssSecurityEnvironmentHandler
gt lt/xwssJAXRPCSecuritygt
89
Username/Password Request
lt?xml version"1.0" encoding"UTF-8"?gt
ltenvEnvelope xmlnsenv"http//schemas.xmlsoap.or
g/soap/envelope/"
xmlnsenc"http//schemas.xmlsoap.org/soap/encodin
g/" xmlnsns0"http//xmlsoap.o
rg/Ping" xmlnsxsd"http//www.
w3.org/2001/XMLSchema"
xmlnsxsi"http//www.w3.org/2001/XMLSchema-instan
ce"gt ltenvHeadergt
ltwsseSecurity xmlnswsse"http//docs.oasis-open.
org/wss/2004/01/oasis-200401-wss-wssecurity-secext
-1.0.xsd"
envmustUnderstand"1"gt
90
ltwsseUsernameTokengt
ltwsseUsernamegtRonlt/wsseUsernamegt
ltwssePasswordgtlt/wssePasswordgt
ltwsseNonce EncodingType
"http//docs.oasis-open.org/wss/2004/01/oasis-2004
01-wss-soap-message-security-1.0Base64Binary"gt
yk/r/wJ0Ny/vbkm9OKpZwR6s
lt/wsseNoncegt
ltwsuCreated
xmlnswsu"http//docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-wssecurity-utility-1.0.xsd"gt
2005-04-09T204840Z
lt/wsuCreatedgt lt/wsseUsernameTokengt
lt/wsseSecuritygt lt/envHeadergt
ltenvBodygt ltns0Pinggt
ltns0ticketgtSUNWlt/ns0ticketgt
ltns0textgtHello!lt/ns0textgt
lt/ns0Pinggt lt/envBodygt
lt/envEnvelopegt
91
SOAP Response
lt?xml version"1.0" encoding"UTF-8"?gt
ltenvEnvelope xmlnsenv"http//schemas.xmlsoap
.org/soap/envelope/"
xmlnsenc"http//schemas.xmlsoap.org/soap/encodin
g/" xmlnsns0"http//xmlsoap.org/
Ping" xmlnsxsd"http//www.w3.org
/2001/XMLSchema"
xmlnsxsi"http//www.w3.org/2001/XMLSchema-instan
ce"gt ltenvBodygt ltns0PingResponsegt
ltns0textgtHello! Mike!lt/ns0textgt
lt/ns0PingResponsegt lt/envBodygt
lt/envEnvelopegt