Cryptography and Computer Network-Security
Fall 2006
Tuesdays, 7:20-10:00 PM
Science and Technology I, room 122
Instructor: Jens-Peter Kaps,
Draft of Specification for implementation Project
Implementation of XML Digital Signatures
Nandita Srivastava
Neeharika Kola
Mounika Vallbhaneni
Introduction
The globally-recognized method for satisfying the authenticity (who sent
them?), data integrity (have they been modified in transit?), and support for non-
repudiation (can the sender deny sending them?) of business messages for secure
business transactions are to use digital certificates to enable the encryption and digital signing of the exchanged data.
XML Digital Signatures, using public-key cryptography solves the problem of verifying that information came from a particular source, and that the information has not changed. This standard is just one of many included in Microsoft's WS-Security Specification[6] and can be used to verify the source of a Web Service response, or to verify that any XML data has not changed since it was signed.
The very features that make XML so powerful for business transactions (e.g., semantically rich and structured data, text-based, and Web-ready nature) provide both challenges and opportunities for the application of encryption and digital signature operations to XML-encoded data. For example, in many workflow scenarios where an XML document flows stepwise between participants, and where a digital signature
implies some sort of commitment or assertion, each participant may wish to sign only that portion for which they are responsible and assume a concomitant level of liability. Older standards for digital signatures provide neither syntax for capturing this sort of high-granularity signature nor mechanisms for expressing which portion a principal wishes to sign.
Therefore it is very interesting to work on the practical implementation of the Digital Signature in XML documents.
Language, platform, and compiler used for primary implementation
We will be using Microsoft .NET SDK on windows platform. The language used will be primarily C#.
Specification of the input and output
Input will be an XML document.
Output will be a signed document.
Description of the function performed
There are many challenges to an XML document which will be addressed during the process .One among them is that XML documents can have different indentation and amounts of white space.
Typically a canonicalization method is applied. A canonicalization method removes white space and other formatting, thereby reducing XML data to its simplest form.Signatures will be created by linking references to several transformations together over the content of the XML document, either in whole or in part. One of these transformations is a hash. The most popular hash algorithms are MD5[7] and SHA1[8].
Finally, a signature transformation is applied to encrypt the hash.In short follwing functions will be perfrmed.Typically following functions will be performed
Creation of an XML document to be signed.
Creation of key pairs.
After applying essential transforms to the content .The content will be signed .
Next the XML document signature will be verified.
Procedures for testing the functionality and performance of the program(s).
Testing will be done via verification.
To verify the signed XML document, we will simply load the signed XML document, and verify the Signature node in the signed XML document against the public key in the CSP. The SignedXml will automatically determine which standard transforms were applied and will compute and verify the hash based on the transforms used when the document was signed: This can be tested by using a wrong public key.The hash will come out wrong in that case.
Time schedule, including the detailed intermediate goals to be achieved by the dates of the progress
October 1* / Sunday, midnight / Final project specificationOctober 17, 18 / Tuesday, Wednesday / Prototype completion.
November 7, 8 / Tuesday, Wednesday / Completion of development work.
November 23rd / Thusday,Friday / Completion of Testing.
December 5, 6 / Tuesday, Wednesday / Final progress report with the draft version of the final viewgraph presentation
List of possible areas, where the specification can change depending on the progress of the project.
There will be a lot of intermediate processes which will be used to obtain the final
Signed XML document .We will document those processes. For example the constraints
with an XML document itself. Also we might need additional like IIS server and ASP.Net technology for completion of this project.
List of literature.
Below is a list of reference that may be used during the project.
1. Extensible Markup Language (XML): http://www.w3.org/XML/
2. XML-Signature Syntax and Processing: http://www.w3.org/TR/xmldsig-core/
3. RSA Laboratories | Cryptography FAQ: http://www.rsasecurity.com/rsalabs/faq/index.html
4. Counterpane Labs: Applied Cryptography (Bruce Schneier): http://www.schneier.com/book-applied.html
5. RSA Security: http://www.rsasecurity.com/
6. WS-Security Specification Index Page: http://msdn.microsoft.com/library/en-us/dnglobspec/html/wssecurspecindex.asp
7. MD5: http://www.ietf.org/rfc/rfc1321.txt
8. SHA1: http://csrc.nist.gov/publications/fips/fips180-1/fip180-1.txt
9. XML Schema: http://www.w3.org/XML/Schema
10. Strong Name Tool (sn.exe): http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfstrongnameutilitysnexe.asp
11. Transform Algorithms: http://www.w3.org/TR/xmldsig-core/#sec-TransformAlg
12. Canonicalization Algorithms: http://www.w3.org/TR/xmldsig-core/#sec-c14nAlg
13. Enveloped Signature Transform: http://www.w3.org/2000/09/xmldsig#enveloped-signature
14. SSL 3.0 Specification: http://wp.netscape.com/eng/ssl3/
15. MSIL Disassembler (ildasm.exe): http://msdn.microsoft.com/library/en-us/cptools/html/cpconmsildisassemblerildasmexe.asp