web services & security
DESCRIPTION
Web Services & Security. ir. Paul Brandt, TNO-ICT Today, Friday January 13 Next week, Friday January 20. Web Services & Security. Web Services. What are Web Services?. Web pages for computers Reality: heterogeneous systems, platforms, data Reality: Processes change, be agile to cope - PowerPoint PPT PresentationTRANSCRIPT
Web Services & Security
ir. Paul Brandt, TNO-ICT
Today, Friday January 13Next week, Friday January 20
Web Services & Security
Web Services
What are Web Services?Web pages for computersReality: heterogeneous systems,
platforms, dataReality: Processes change, be agile to
copeApplication: provides serviceRequest-responseLousely coupled
What's its Significance?Application IntegrationEAI, B2B, Automating Business
ProcessesUniversal Application Connectivity
Universal Application ConnectivityEasy to access remote resourcesExpose business processes over the
WebInterface is standard, published,
discoverable, self-describing
What are the Security Challenges?Message orientedIdentities
Message orientedWeb services typically use multi-hop
communication pathsTransport level security (SSL, TLS,
IPSEC, ...) only provides Point-2-Point (on-the-wire) confidentiality
Messages are decrypted in the servers (a.o. routing), violating confidentiality
Hence End-2-End, i.e. message based, confidentiality required
Combined approach is possible
IdentitiesWeb services transport potentially
unkown identies into my platformWho are they?Are they authorized?Assett protection: What critical
information is leaving my platform?Can it be proved they did these
things?
XML-family
XML-family
XML basics
XML ObjectiveStructured, self describing interface...... totally independent application,
protocol, vocabulary, operating system & programming language
Grammar & syntax to build interfaceNothing to do with semantics!!
XML CharacteristicsXML stores data within descriptive
element tags: <PartNo>54-2345</PartNo>
Character-oriented, not binary, hence human-readable
Extensible Meta LanguageSeparates content from structure &
formAll family members are specified in
XML itself
Example 1: Simple XML (1/1)
<Order> <LineItem sku="82394" quantity="1"> <ProductName>Birdcage</ProductName> <Model material="Iron" color="Blue" /> </LineItem> <Amount Currency="USD">108.50</Amount> <Customer id="customer" custNum="A2345"> <FirstName>Fred</FirstName> <MiddleInit>L</MiddleInit> <LastName>Jones</LastName> <CreditCard> <CreditCardType>VISA</CreditCardType> <CreditCardNumber>43343456343566</CreditCardNumber> <CreditCardExpiration>10/08</CreditCardExpiration> </CreditCard> </Customer></Order>
An OrderElement: Data enclosed by
named tags: <element>data</element>
Hierarchical: <Element> can contain other <Element>’s
Start-tag can contain attributes:attributeName=value
Reserved attributeNames:“id=” uniquely identifies
individual element
Empty element:no data, single <element/> tag
XML SchemaXML document can be validated
against schema, automaticallySchema defines hierarchical
structureSchema defines data typesSchema defines particular order of
elementsSchema provides for accurate &
consistent dataXML document = instance of defined
XML schema
Example 2: XML Schema (1/1)
<xsd:schema xmlns:xsd="http://www.w3.org/1999/XMLSchema">
<xsd:element name="Order" type="order"/>
<xsd:complexType name="order"> <xsd:element name="LineItem" type="lineItemType"/> <xsd:element name="Amount" type="amountType"/> <xsd:element name="Customer" type="customerType"/> </xsd:complexType>
<xsd:complexType name="lineItemType"> <xsd:element name="ProductName" type="xsd:string"/> <xsd:element name="Model" type="modelType"/> </xsd:complexType>
. . . etc., until all types correspond to simpleTypes (integer, string, double, float, date and time)
</xsd:schema>
An Order
<Order> <LineItem sku="82394" quantity="1"> <ProductName>Birdcage</ProductName> <Model material="Iron" color="Blue" /> </LineItem> <Amount Currency="USD">108.50</Amount> <Customer id="customer" custNum="A2345"> <FirstName>Fred</FirstName> <MiddleInit>L</MiddleInit> <LastName>Jones</LastName> <CreditCard> <CCType>VISA</CCType> <CCNumber> . . </CCNumber> <CCExpiration>10/08</CCExpiration> </CreditCard> </Customer></Order>
NamespacesProblemSolution: xmlns
ProblemAnyone can define element namesHence, name collision and conflicts
all alongXML shall keep names separate and
distinct
Solution: xmlns XML namespace (1/1)
xmlns:myns=“http://www.myorg.com/foo”
<myns:order>
<xsd:schema xmlns:xsd="http://www.w3.org/1999/XMLSchema">
<xsd:element name="Order" type="order"/>
<xsd:complexType name="order"> <xsd:element name="LineItem" type="lineItemType"/> <xsd:element name="Amount" type="amountType"/> <xsd:element name="Customer" type="customerType"/> </xsd:complexType>
<xsd:complexType name="lineItemType"> <xsd:element name="ProductName" type="xsd:string"/> <xsd:element name="Model" type="modelType"/> </xsd:complexType>
. . . etc., until all types correspond to simpleTypes (integer,
string, double, float, date and time)
</xsd:schema>
My unique namespace
Namespaces are uniform resource identifiers:1. Define unique name2. Prepend that to each & every element name
Abbreviated namespace:prefix
Reserved namespace:“namespace def coming up”
Unique element name
XML LandscapeXML standards belonging to
operation domainXML standards belonging to XML
Family (Security)XML standards belonging to XML
Family (general)
XML standards belonging to operation domainhrXML - XML for Human Resource
(employment agencies)X4ML - XML for Merrill LynchHL-7v3: XML message format for
Health Care....really, really big landscape
XML standards belonging to XML Family (Security)
SOAP - Simple Object Access Protocol
XML-Signature XML-Encryption SAML - Security Assertion
Markup Language XACML - eXtensible Access
Control Markup Language XrML - eXtensible Rights
ML XKMS - XML Key
Management Specification WS-Security WS-Policy
XML standards belonging to XML Family (general)WS-*: Web Service standardsWSDL - Web Services Description
LanguageXSL(T) - eXtensible Stylesheet
Language (Transformations)XPath
XML-Signature
XML-Signature
ObjectiveIntegrity of resourceIdentity of originatorNon-repudiation of eventFoundation from Digital Signature
Foundation from Digital SignatureGreatly expands upon it:Uses power and flexibility of XML ...... as well as key Web technologies
(such as URLs) ...to sign almost any type of resource:
to sign almost any type of resource:XML documentsParts thereofnon-XML object such as an imageas long as it has an URL
XML-Signature structure
CoreA set of pointers (references) to
things to be signedThe actual signature(Optional) The key (or a way to look
up the key) for verifying the signature
(Optional) An Object tag for miscellaneous items not included in the first three items
Example Sig1:Highly Simplified XML Signature (1/1)
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <Reference URI="http://www.foo.com/secureDocument.html" />
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>... </KeyInfo>
</Signature>
actual signature bits
information about the key
Reference(s) to what is
being signed
3 Types of XML-SignatureEnveloping SignaturesEnveloped SignaturesDetached Signatures
Example Sig2:Simplified Enveloping Signatures (1/4)
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <Reference URI="#111" /> </SignedInfo> <SignatureValue>...</SignatureValue> <KeyInfo>...</KeyInfo> <Object>
<SignedItem id="111">Stuff to be signed</SignedItem> </Object></Signature>
<PurchaseOrder id="po1"> <SKU>125356</SKU> <Quantity>17</Quantity> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <Reference URI="#po1" /> </SignedInfo> <SignatureValue>...</SignatureValue> <KeyInfo>...</KeyInfo> </Signature></PurchaseOrder>
Example Sig2:Simplified Enveloped Signatures (2/4)
Example Sig2:Detached Signatures (3/4)
internal resource
<PurchaseOrderDocument>
<PurchaseOrder id="po1"> <SKU>12366</SKU> <Quantity>17</SKU> </PurchaseOrder>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <Reference URI="#po1" /> </SignedInfo> <SignatureValue>...</SignatureValue> <KeyInfo>...</KeyInfo> </Signature>
</PurchaseOrderDocument>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <Reference URI="http://www.foo.com/Lion.jpg" /> <Reference URI="http://www.foo.com/Secure.txt" /> <Reference URI="http://www.foo.com/Secure.xml" /> </SignedInfo> <SignatureValue>...</SignatureValue> <KeyInfo>...</KeyInfo></Signature>
Example Sig2:Detached Signatures (4/4)
external resource
The Bloody Details
Core element 1/4: <SignedInfo>1. Security model2. Canonicalization (c14n)3. Identify resource(s) to be signed
1. Security modelNo new security technologies were
invented (Digital Signature)But: Digital Signature == Integrity
AND IdentityHence: Public keys (asymmetrical:
RSA, DSA) => integrity & identityKeyed Hashed Authentication Code
(symmetrical: HMAC) => ONLY integrity, NO identity
<SignatureMethod />
2. Canonicalization (c14n)2.1. c14n normalizes the XML2.2. c14n: What does it actually do?
2.1. c14n normalizes the XMLregardless of inconsequential
physical differences in the XML ...... two logically equivalent XML
documents ...... will become physically, bit-to-bit
equivalent. This is a critical requirement for
digital signatures to work.
2.2. c14n: What does it actually do? The document is encoded in UTF-
8. Line breaks are normalized to
#xA on input, before parsing. Attribute values are normalized,
as if by a validating processor. Character and parsed entity
references are replaced. CDATA sections are replaced with
their character content. The XML declaration and
Document Type Definition (DTD) are removed.
Empty elements are converted to start-end tag pairs.
Whitespace outside the document element and within start and end tags is normalized.
All whitespace in character content is retained (excluding characters removed during linefeed normalization).
Attribute value delimiters are set to quotation marks (double quotes).
Special characters in attribute values and character content are replaced by character references.
Superfluous namespace declarations are removed from each element.
Default attributes are added to each element.
Lexicographic order is imposed on the namespace declarations and attributes of each element.
3. Identify resource(s) to be signedReference the resource(s)
(enveloped/-ing/detached) using URICalculate (& include) Digest of
referenced resource(not before Transforms have been
applied, such as c14n, XSLT, XPath)<Reference URI ? > +
<Reference URI ? > +<Transforms> ?<DigestMethod><DigestValue>
Core element 2/4: <SignatureValue>NOT signature of resource itself!Digital signature of the <SignedInfo>
blockSignature Method, Resource
Reference & Resource DigestIndirect, but water tight signature of
resource
Core element 3/4: <KeyInfo> ?1. Can be omitted completely
(assuming the receiver's got it already).
2. Provide a name to look up the key.
3. Provide the key in a raw form right in the XML.
4. Provide the key within a digital certificate.
Provides a variety of types of keys to support different cryptography standards.
Know your Keys! Verify!
Know your Keys! Verify!Key is Valid (CA)Key is not revoked(asym:) Represents the individual
Core element 4/4: <Object> *Type-attribute: 1 out of three:"Enveloping Signature: Here's your
data"A Manifest elementA SignatureProperties element
Resulting Schema shorthand<Signature>
<SignedInfo> <CanonicalizationMethod><SignatureMethod> (<Reference URI ? >
<Transforms> ?<DigestMethod><DigestValue>
</Reference>)+ </SignedInfo>
<SignatureValue>
(<KeyInfo (id=)?> (<KeyName>)? (<KeyValue>)? (<RetrievalMethod>)? (<X509Data>)? (<PGPData>)? (<SPKIData>)? (<MgmtData>)?
<KeyInfo>)?
(<Object> (<Manifest (id=)?>
<Reference> +</Manifest>) ?(<SignatureProperties>
<SignatureProperty (id=)?> +</SignatureProperties>) ?
</Object> ) *</Signature>
Best practices
1. Transformations1.1. Only what is signed, is secure (... and NOT that what has been
removed by Transform, but still present in resource!)
1.2. WYSIWYS (... hence: include XSL(T)-
stylesheet)1.3. Work on what is signed (... not on resource, but on
transformed resource)
2. Security model2.1. Know your Keys! Verify them!2.2. Public key signatures are primarily
associated with identity and integrity.2.3. Keyed hashed authentication codes
are shared key based, run much faster than public keys, however ONLY provides integrity, not identity
2.4. XML-Signature processing does not automatically sign <Object> elements within a <Signature> element: Only <SignedInfo> is signed!
Summary
XML-Encryption
XML-Encryption
Objective
2. Message oriented2.1. Web services typically use multi-hop
communication paths2.2. Transport level security (SSL, TLS,
IPSEC, ...) only provides Point-2-Point (on-the-wire) confidentiality
2.3. Messages are decrypted in the servers (a.o. routing), violating confidentiality
2.4. Hence End-2-End, i.e. message based, confidentiality required
2.5. Combined approach is possible
3. One document, Multiple views3.1. Encrypt different sections3.2. Possibly with distinct keys3.3. Hence: different sections
mutually exclusive available for different target audiences
4. Target resource4.1. Internal encryption: Within
current document (similar to Enveloping)
4.2. External encryption: external resource (similar to Detached)
... XML document... any other MIME-type document... as long as it has got a URL
XML-Encryption structure
Example Enc1:Highly Simplified XML-Encryption (1/1)
encapsulated by original <SSNo>
encapsulating original <Salary>
Binary, encrypted content
<MyDoc><Employee>
<SSNo>34569812612</SSNo><Name>Fred Jones</Name><Salary>$42.644</Salary><Manager>David Mischief</Manager>
</Employee></MyDoc>
<MyDoc><Employee>
<SSNo><EncryptedData>kjhGEuf7639Fh*e#j&2V</EncryptedData>
</SSNo><Name>Fred Jones</Name><EncryptedData>jHFnkeiuHF3#9jeGi$@kjg*KJGm,jF</EncryptedData><Manager>David Mischief</Manager>
</Employee></MyDoc>
Core: <EncryptedData> elementEither wraps data within the XML
document that is being encryptedOr it points to something that has
been encrypted<EncryptedData> ..CipherData or
ReferenceToCipherData.. </EncryptedData>
<EncryptedData>-element replaces original content
The Bloody Details
1. <EncryptedData>
1.1. Purpose:1.1.1. Overall tag, container for
XML-Encryption structure1.1.2. Can be placed anywhere in
your XML resource1.1.3. Represents: one single
resource that has been encrypted1.1.4. Encrypted data either
encompassed or detached
1.2. Attributes for <EncryptedData>1.2.1. Id : one can refer to this
<EncryptedData> element1.2.2. Type="Content" or "Element":1.2.3. MIME Type :1.2.4. Encoding :1.2.5. All attributes are optional, in
practice Type always included
1.2.2. Type="Content" or "Element":
Don't encrypt <element> tag
... <SSNo> tag encapsulates <EncryptedData> tag
Do encrypt <element> tag
... <EncryptedData>-element encapsulates disappeared <Salary> tag
1.2.3. MIME Type :To further describe the encrypted
item, i.e. GIF imageMimeType='image/gif'
1.2.4. Encoding :To further describe the encrypted
item, i.e. Base-64 character encoding
Because encrypted data is binary data...
... encoding describes method to encode binary encrypted data to character data ...
... to be able to insert it in an XML document
Encoding="http://www.w3.org/2000/09/xmldsig#base64"
1.3. <EncryptedData> & Multiple views:1.3.1. Define <EncryptedData>
elements1.3.2. Each is associated with one
single key1.3.3. Use N keys for N target
audiences
2. <EncryptionMethod/> ?
3. <CipherData>
4. <EncryptionProperties> ?
5. <KeyInfo> ?
5.1. Encryption key = symmetrical key: (1/4)5.1.1. Speed 1000x faster than
asymmetrical5.1.2. Unlimited plain text size of
target5.1.3. Shared key encryption utilizes
public key encryption to manage distribution of the shared key securely to the recipient
5.2. <KeyInfo> element structure (2/4)5.2.1. Identical to XML-Sig
<KeyInfo>5.2.2. Additional elements for key
transport (<EncryptedKey>, <AgreementMethod>)
5.3. Key Transport (3/4)5.3.1. Leave out the key (assuming
both sides already know the secret key).
5.3.2. Provide name or pointer to it (he's got it, but needs to know which one to select: <keyName> or <RetrievalMethod>)
5.3.3. Include encrypted symmetrical key:
5.3.4. Include hint to generate key:
5.3.3. Include encrypted symmetrical key:Uses asymmetrical key technology to
transport symmetrical encryption key
<EncryptedKey> elementContains encrypted asymmetrical keyIdentical to <EncryptedData>
structure & syntaxCan thus be recursive (!)Strategy is called "Digital Enveloping"
5.3.4. Include hint to generate key:Uses "Key Agreement Protocol" to
transport information to generate symm. key
Provide key generation algorithm, nonce, originator & recipient key info etc.
<AgreementMethod> element
5.4. <ReferenceList> (4/4)5.4.1. Lord of the
Keys: "One Key to Rule Them All"
5.4.2. Efficiency: one <KeyInfo> block suffices
5.4.3. List of refs. to <EncryptedData> elements using this <KeyInfo>
Super encryption<EncryptedData> element encrypts
other <EncryptedData> elements:Fully recursiveApplies to entire <EncryptedData>
element(s), not its parts
Resulting Schema shorthand<EncryptedData Id? Type? MimeType? Encoding?>
<EncryptionMethod/>?<ds:KeyInfo>
<EncryptedKey>?<AgreementMethod>?<ds:KeyName>?<ds:RetrievalMethod>?<ds:*>?
</ds:KeyInfo>?<CipherData>
<CipherValue>? <CipherReference URI?>?
</CipherData><EncryptionProperties>?
</EncryptedData>
Combining XML-Encryption with XML-Signature
EncryptedData for SSNo.
Key (1) info belonging to Ciphered SSNo.
Example Enc & Sig 1: Protecting Integrity of <EncryptedData>(1/2)
Ciphered SSNo.
EncryptedData for Key
Encrypted Key to decrypt Ciphered SSNo.
Key (2) info belonging to Encrypted Key
Signed info refers to Encrypted Data for SSNo.
Digest of EncryptedData for SSNo.
Signature of SignedInfo
Key (3) info to verify Signature
Example Enc & Sig 1: Protecting Integrity of <EncryptedData>(2/2)
Reasonable StatementIff:Confident keys are associated with sender & recipientAND private keys are not compromised
Then:“This document was prepared by David Remy and can only be read by Jothy Rosenberg”
SfE: however...
<Signature> & <EncryptedData> are detached
<Signature> can be removed without being noticed
<Signature> can even be replaced: "Signed by David Copperfield"
Need Policy: If encrypted, then also signed
BTW: what's the order of processing ??
Example Enc & Sig 2: Encryption follows Signing (1/3)
<Order> <LineItem sku="82394" quantity="1"> <ProductName>Birdcage</ProductName> </LineItem> <Customer id="customer" custNum="A2345"> <FirstName>Fred</FirstName> <MiddleInit>L</MiddleInit> <LastName>Jones</LastName> <CreditCard> <CreditCardType>VISA</CreditCardType> <CreditCardNumber>43343456343566</CreditCardNumber> <CreditCardExpiration>10/08</CreditCardExpiration> </CreditCard> </Customer></Order>
The original Order
Example Enc & Sig 2: Encryption follows Signing (2/3)
<Order> <LineItem sku="82394" quantity="1"> <ProductName>Birdcage</ProductName> </LineItem> <Customer id="customer" custNum="A2345"> <Name . . . /> <CreditCard . . . /> <Signature> <SignedInfo> <CanonicalizationMethod Algorigthm=". . ." /> <SignatureMethod Algorithm=". . ." /> <Reference URI="#customer"> <Transform Algorithm=".../#envelopedSignature" /> <DigestMethod Algorithm=". . ." /> <DigestValue>. . .</DigestValue> </Reference> </SignedInfo> <SignatureValue>. . . </SignatureValue> <KeyInfo> <X509Data> <X509SubjectName>O=MyCompany,OU=Engineering,CN=David Remy</X509SubjectName> </X509Data> </KeyInfo> </Signature> </Customer></Order>
The Order, signed by David Remy
Example Enc & Sig 2: Encryption follows Signing (3/3)
<Order> <LineItem sku="82394" quantity="1"> <ProductName>Birdcage</ProductName> </LineItem> <EncryptedData id="encryptedData1" Type="Element"> <EncryptionMethod Algorithm=". . ." /> <CipherText> <CipherValue>. . . </CipherValue> </CipherText> <KeyInfo> <EncryptedKey> <EncryptionMethod Algorithm=". . ." /> <CipherText> <CipherValue>. . .</CipherValue> </CipherText> <KeyInfo> <X509Data> <X509Subject>O=HisCompany,OU=Technology,CN=Jothy Rosenberg</X509Subject> </X509Data> </KeyInfo> </EncryptedKey> </KeyInfo> </EncryptedData></Order>
The signed order, <Customer> is element Encrypted
EfS: however...
++ Signature, w/t sensitive data, invisible
++ Clear order of processing
-- Integrity of EncryptedData isn’t guaranteed
In conclusionOrder of processing SfESecurity Model: SfE or EfS
Order of processing SfEProblem: What to do 1st, Decrypt or
Validate SignatureSolution: additional 'Decrypt
Transform' for XML-Signature
Security Model: SfE or EfSDepends on context, the specific
situationSpecify a PolicyConsider multi-layered approach
SfEfS
Summary