XML Encryption: Applications & Proposal Overview

Ed Simon, Entrust Technologies

XML Encryption Application: Wireless online banking

Brokerage wants to provide access to stock trading through handheld device and uses a transcoder to strip out images.

Transcoder needs to be able to parse and filter the XML but should not have access to sensitive data.

XML Encryption Application:  Wireless online banking...

XML Encryption Application: Buyer-vendor-bank transaction

XML Encryption Application: Buyer-vendor-bank transaction...

<Invoice> 
<Buyer>Bob</Buyer> 
<Goods> 
<EncryptedData xmlns=“Encryption”> <DecryptionInfo> {Acme’s encryption public key} </DecryptionInfo> 
</EncryptedData> 
</Goods> 
<CreditCard Type=“SuperBank”> 
<EncryptedData xmlns=“Encryption”> <DecryptionInfo> {SuperBank’s encryption public key} </DecryptionInfo> 
</EncryptedData> 
</CreditCard > 
</Invoice>

Invoice’s encrypted nodes encrypted for different organizations.

XML Security Application: Fine-Grained Access Control

Scenario: A teaching hospital maintains patient records in XML. Each record consists of the patient’s name, address, diagnosis, and history.

Doctors are allowed to see the entire patient record, and update the diagnosis and history.

Administration can see only the patient’s name and address, and only update the address.

Researchers can see only the history and diagnosis. Cannot update any part of the record.

XML Security Application: Fine-Grained Access Control...

<MedicalRecord> 
<Patient SerialNumber=“ {EncryptedAttribute} ”> 
<Name> <EncryptedData…> </Name> 
<Address> <EncryptedData…> </Address> 
<Diagnosis> <EncryptedData…> </Diagnosis> 
<History> <EncryptedData…> </History> 
</Patient> 
</MedicalRecord> 

Who can see what:

• Doctors have full read access and can modify <> and <> elements

• Researchers can only read <> and <>

• Hospital Admin can only read SerialNumber@, <><>, and modify <>

XML Security Application: Fine-Grained Access Control...

How XML Security can help:

• XML Encryption restricts who can see what (eg. <> only readable by doctors and researchers). Elements are encrypted with keys bound to those with authority to see the element’s contents.

• XML Signatures identify who modified a specific XML nodes (eg. Doctors digitally sign updates made to <> element)

• Encrypted nodes can be stored in a <> file or...

XML Security Application: Fine-Grained Access Control...

XML Encryption: Proposal Overview

Introduction

“XML Encryption will specify an XML-based syntax and processing rules for encrypting both XML nodes and arbitrary data”

• “XML-based syntax” - XML, rather than ASN.1 or other, will be used as the data formatting language

• “encrypting…XML nodes” - XML Encryption will specify how to encrypt specific XML nodes such as elements and attributes. For example, it will be possible to selectively encrypt just a particular element or a particular attribute value

• “encrypting arbitrary data” - XML Encryption will support the encryption of non-XML data, not just XML data

The Technical Details

XML Encryption has two principal elements:

• <EncryptedData> - contains, or has a reference to, encrypted data
• <DecryptionInfo> - has information about decrypting parameters: the key, the algorithm, IV, etc.

The <> element: Non-attribute XML nodes

In the encrypted version of an XML instance, the <> element will appear in place of the non-attribute plaintext node that was encrypted. For example:

Before:

<Element>
  <Cat/>
  <ElementToBeEncrypted>
    <Rabbit/>
  </ElementToBeEncrypted>
   <Dog/>
 </Element>

After:

<Element>
 <Cat/>
 <EncryptedData xmlns=“...”>qYrSiO2R5X...</EncryptedData>
 <Dog/>
</Element>

Processing rules: Encrypting non-attribute nodes

1. Serialize (into a string) the node list to be encrypted.
2. Encrypt the string and put it in a <CipherText> element.
3. Create the <EncryptedData> element, put in the <DecryptionInfo> and <CipherText> elements.
4. Replace the plaintext node list with the <EncryptedData> element.

Processing rules: Decrypting non-attribute nodes

1. Find an <EncryptedData> element(s) with Type attribute equal to “Element” or “ElementContent”.
2. Decrypt the text nodes of the <CipherText> element to form an XML fragment.
3. Parse the XML fragment into a DOM node list.
4. Replace the <EncryptedData> element with the node list.

The <EncryptedData> element:
XML Attribute nodes

Because attributes are inside elements, one cannot just pop in an element in place of an attribute.

So, if one or more attributes of an element need to be encrypted, an EncryptedDataManifest attribute pointing to a list of encrypted nodes is added to that element. Here’s how it looks:

< AttributeA="A" AttributeB="B"
  AttributeValueToBeEncrypted1="ONI9WvqL7RFN9FBB59kC3A=="
  AttributeValueToBeEncrypted2="A2e35shNcL5sWwUKfyzHoQ=="
  enc:EncryptedDataManifest="./EncryptedDataManifest"
  xmlns:enc="http://www.example.org/xmlenc">
< xmlns="http://www.exampleorg/xmlenc">
< Name="AttributeValueToBeEncrypted1” Type="AttributeValue">...</EncryptedData>
< Name="AttributeValueToBeEncrypted2” Type="AttributeValue">...</EncryptedData>
</EncryptedDataManifest>...</Element>

Processing rules: Encrypting attribute values

1. Encrypt the attribute value and replace the attribute’s plaintext value with ciphertext. Repeat for each attribute value to be encrypted.
2. Add an EncryptedDataManifest attribute to the owner element; give it the xmlenc namespace .
3. Create an <EncryptedDataManifest> element as a child of the owner element.
4. For each encrypted attribute value, create an <EncryptedData> element specifying its Name attribute as the name of an attribute whose value was encrypted. Include the <DecryptionInfo> element with the info for decrypting that attribute.

Processing rules: Decrypting attribute vales

1. Find an <EncryptedData> element with Type attribute equal to “Attribute”.
2. Obtain the decryption parameters from the <DecryptionInfo> child.
3. Obtain the name of the encrypted attribute value owner from the <EncryptedData> Name attribute.
4. Decrypt the encrypted attribute value and set the attribute value as the derived plaintext .

The <EncryptedData> element: Attribute values...

Some questions:

• Should the encrypted attribute value be in the <EncryptedData> element or replace the attribute’s value?
• Should the encryption of both the attribute name and value be supported?
• <EncryptedDataManifest> could potentially support encryption of any descendant node. Is that desirable?

The <EncryptedData> element: Arbitrary data

XML Encryption can encrypt one or more arbitrary data instances.

< xmlns=“http://www.example.org/xmlenc”> < Type=“video/mpeg” Name=“secret.mpg”> <>…</DecryptionInfo> < URI=“http://www.example.com/videos/secret.enc”/> </EncryptedData> < Type=“text” Name=“secret.txt”> <>...</DecryptionInfo> <>...</CipherText> </EncryptedData> </EncryptedDataManifest>

The above example covers two encrypted data sources (say for SMIL): an MPEG video with referenced ciphertext (detached encryption?) and a text file which is encrypted and stored directly in the <> element.

A closer look at <EncryptedData>

Psuedo-syntax:

<EncryptedData Type=“...” Name=“...”>
 <DecryptionInfo URI=“...”?>…<DecryptionInfo>?
 <CipherText URI=“”?>…</CipherText>? 
</EncryptedData> 

Attributes:

• Type - indicates the media type of the plaintext. Required

• Name - identifies the owner node or file of the encrypted data. Required

Children:

• DecryptionInfo - contains, and/or references through its URI attribute, the information necessary for decrypting the ciphertext. If both children and URI present, local info added on top of referenced info

• CipherText - contains, or references through its URI attribute, the ciphertext

The <DecryptionInfo> element

The <DecryptionInfo> element contains information about the decryption key:

<DecryptionInfo (Id=)? (URI=)?> <Method Algorithm=”..."/><!-- The decryption method --> 
<PropertyList>...</PropertyList>
<Manifest>...</Manifest> <!-- Pointers to <EncryptedData> elements -->
<KeyInfo> <Value/>? <!-- Raw key value --> 
<Identifier/>? <!-- Key identifier -->
<Agreement/>? <!-- Key agreement data -->
<EncryptedKey/>+ <!-- Info for encrypted decryption keys --> </KeyInfo>
</DecryptionInfo> 

The <DecryptionInfo> element...

XML Encryption can be data-centric or key-centric: An <EncryptedData> element can indicate the associated <DecryptionInfo> element OR A <DecryptionInfo> element can indicate associated <EncryptedData> elements

XML Encryption and XML Signature

XML Encryption works with XML Signature so that data can be signed then encrypted OR encrypted then signed

Signed then Encrypted

On verification of the signature, an XML Signature transform is called to decrypt the data before the hash is calculated.

Encrypted then Signed
No special processing required.

Issues needing more study

• Compression - probably often desirable to compress XML strings before encryption.

• Canonicalization - for detached encrypted nodes, need to handle entity references, character encodings, and inherited info (eg. Namespaces)

XmlEncryptor: A proof-of-concept demo

• Demo for testing the feasibility of node-wise encryption

• Currently encrypts elements, element content, and attribute values

• Uses DOM Level 1 except for DOM Level 2 importNode() method

• Will be looking at XSLT

XmlEncryptor: General comments

• Verifies that DOM has everything necessary for node-wise encryption

• No special parser functionality was required; NO PARSER-CALLBACK REQUIRED!; used off the shelf Xerces parser and only DOM API was used

• Note: the demo was not exhaustive; used only a well-formed XML instance with a few test cases

Addendum: PWC Questions

• Q4: Streaming XML? A4: If we design XML Encryption so that all decryption parameters are known before ciphertext is presented, streaming (eg. In a SAX framework) should be fine.

• Q7: Authentication of sender and intended recipient? A7: XML Signature and XML Encryption will enable applications to ensure the identity of the sender and the intended recipients are secure but this functionality need not be an explicit part of XML Signature or XML Encryption. See the thread started by Don Davis in September.

Addendum: PWC Questions...

• Q8: GUI for non-technical users? A8: Expect it will generally be the application that dictates what gets encrypted and the user will not have control. If it is necessary to give a user control, maybe the user can just mark what needs to be encrypted and then select an “Encrypt” command.

Addendum: PWC Questions...

• Q10: How does one schema-validate a XML instance if data is encrypted? A10: XML Encryption enables the encryptor to be precise about exactly what is being encrypted. If element structure is being encrypted, it means the encryptor does not want the structure to be “known”. Hence, schema-validation is, intentionally, not possible. If an application wants an XML instance with encrypted nodes to validate, it should have a schema that indicates that content may be either plaintext or ciphertext. Eg.

<></></x> OR <></><> OR <>

Addendum: PWC Questions...

• Q12: Will XML Encryption support XSL and other XML-standard tools, or will programmatic tools be required. A10: Expect that some level of programming will be required but once one has an XML Encryption toolkit, non-XML Encryption-aware designers should just be able to use the Toolkit-provided API through XSLT extensions. Eg. XSLT specialists wouldn’t have to learn Java but they would have to know how to call Java APIs from XSLT.

• Q16: Can one use the content of XML elements to determine if the element should be encrypted or not? (Do I understand the question correctly?) A16: Yes. However, XML Encryption does not need to explicitly provide a mechanism for this. If an application detects that an element needs to be encrypted, for whatever reason, it can use XML Encryption.

XML Encryption: Contact info

Ed Simon Entrust Technologies ph: (613) 247-2583 email: ed.simon@entrust.com

or ejs19630722@hotmail.com