Cryptography and Computer Network-SecurityFall 2006Tuesdays, 7:20-10:00 PMScience and Technology I, room 122 Instructor: Jens-Peter Kaps, [email protected] of Specification for implementation ProjectImplementation of XML Digital SignaturesNandita Srivastava Neeharika KolaMounika VallbhaneniIntroductionThe globally-recognized method for satisfying the authenticity (who sent them?), data integrity (have they been modified in transit?), and support for non-repudiation (can the sender deny sending them?) of business messages for secure business transactions are to use digital certificates to enable the encryption and digital signing of the exchanged data.XML Digital Signatures, using public-key cryptography solves the problem of verifying that information came from a particular source, and that the information has not changed. This standard is just one of many included in Microsoft's WS-Security Specification[6] and can be used to verify the source of a Web Service response, or to verify that any XML data has not changed since it was signed.The very features that make XML so powerful for business transactions (e.g., semantically rich and structured data, text-based, and Web-ready nature) provide both challenges and opportunities for the application of encryption and digital signature operations to XML-encoded data. For example, in many workflow scenarios where an XML document flows stepwise between participants, and where a digital signatureimplies some sort of commitment or assertion, each participant may wish to sign only that portion for which they are responsible and assume a concomitant level of liability. Older standards for digital signatures provide neither syntax for capturing this sort of high-granularity signature nor mechanisms for expressing which portion a principal wishes to sign.Therefore it is very interesting to work on the practical implementation of the Digital Signature in XML documents.Language, platform, and compiler used for primary implementation We will be using Microsoft .NET SDK on windows platform. The language used will be primarily C#.Specification of the input and output Input will be an XML document. Output will be a signed document.Description of the function performedThere are many challenges to an XML document which will be addressed during the process .One among them is that XML documents can have different indentation and amounts of white space. Typically a canonicalization method is applied. A canonicalization method removes whitespace and other formatting, thereby reducing XML data to its simplest form.Signatures will be created by linking references to several transformations together over the content of the XML document, either in whole or in part. One of these transformations is a hash. The most popular hash algorithms are MD5[7] and SHA1[8].Finally, a signature transformation is applied to encrypt the hash.In short follwing functions will be perfrmed.Typically following functions will be performedCreation of an XML document to be signed.Creation of key pairs.After applying essential transforms to the content .The content will be signed .Next the XML document signature will be verified.Procedures for testing the functionality and performance of theprogram(s).Testing will be done via verification.To verify the signed XML document, we will simply load the signed XML document, andverify the Signature node in the signed XML document against the public key in theCSP. The SignedXml will automatically determine which standard transforms wereapplied and will compute and verify the hash based on the transforms used when thedocument was signed: This can be tested by using a wrong public key.The hash will comeout wrong in that case.Time schedule, including the detailed intermediate goals to beachieved by the dates of the progressOctober 1*Sunday, midnight Final project specification October 17, 18 Tuesday, Wednesday Prototype completion. November 7, 8 Tuesday, Wednesday Completion of development work. November 23rd Thusday,Friday Completion of Testing. December 5, 6 Tuesday, WednesdayFinal progress report with the draft version of the final viewgraph presentationList of possible areas, where the specification can change depending on the progress of the project.There will be a lot of intermediate processes which will be used to obtain the finalSigned XML document .We will document those processes. For example the constraints with an XML document itself. Also we might need additional like IIS server and ASP.Net technology for completion of this project.List of literature.Below is a list of reference that may be used during the project. 1. Extensible Markup Language (XML): http://www.w3.org/XML/ 2. XML-Signature Syntax and Processing: http://www.w3.org/TR/xmldsig-core/ 3. RSA Laboratories | Cryptography FAQ: http://www.rsasecurity.com/rsalabs/faq/index.html 4. Counterpane Labs: Applied Cryptography (Bruce Schneier): http://www.schneier.com/book-applied.html 5. RSA Security: http://www.rsasecurity.com/ 6. WS-Security Specification Index Page: http://msdn.microsoft.com/library/en-us/dnglobspec/html/wssecurspecindex.asp 7. MD5: http://www.ietf.org/rfc/rfc1321.txt 8. SHA1: http://csrc.nist.gov/publications/fips/fips180-1/fip180-1.txt 9. XML Schema: http://www.w3.org/XML/Schema 10. Strong Name Tool (sn.exe): http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfstrongnameutilitysnexe.asp 11. Transform Algorithms: http://www.w3.org/TR/xmldsig-core/#sec-TransformAlg 12. Canonicalization Algorithms: http://www.w3.org/TR/xmldsig-core/#sec-c14nAlg13. Enveloped Signature Transform: http://www.w3.org/2000/09/xmldsig#enveloped-signature 14. SSL 3.0 Specification: http://wp.netscape.com/eng/ssl3/ 15. MSIL Disassembler (ildasm.exe):
View Full Document
Unlocking...