Using XML Signature

A digital signature is a cryptographic value that enables a recipient to verify the source and validity of
an incoming message. XML Signature defines an XML syntax for digital signatures.

When you enable SOAP header processing for a particular virtual service, the ACE XML Gateway
validates XML signatures in incoming messages received at the interface defined by the object. If a
signature does not match the element that is signed, the message is rejected.

Signature validity may not alone ensure message integrity—the signature could have been generated
using any certificate, including one issued by an untrusted source. If using XML Signature as part of
your implementation strategy, you should also specify which Certificate Authorities you want to be
trusted, and direct the ACE XML Gateway to accept only signatures generated with certificates issued
by those trusted CA.

Enabling header processing causes signatures to be validated if present in an incoming message (and
causes messages with invalid signatures to be blocked), but it doesn’t require a message to have a
signature.

The final step in configuring XML Signature, therefore, is specifying the elements of the incoming
message that must be signed. In the policy configuration, you can require a signature covering one or
more of:

• the message timestamp (a common practice in Web service implementations).
• the first element below the SOAP body.
• a particular element you specify by XPath. Each XPath expression you specify must resolve to a
  signed XML element whose signature must be valid for the ACE XML Gateway to accept the
  message.

Public Key Cryptography

The purpose of a digital signature is to provide a means for an entity to bind its identity
to a piece of information. Digital signatures use PKC (Public Key Cryptography), which
employs an algorithm using two different but mathematically related keys: one to create a
digital signature and another to verify a digital signature.

Unlike conventional symmetric-key cryptography, which uses the same secret key for encryption
and decryption, PKC uses a key pair, a private and a public key, for encryption and decryption
operations (see Figure 1). The public key is freely available to anyone, but the private key
is protected and never shared. Each key pair shares a mathematical relationship that ties the
two keys exclusively to one another, and they are related to no other keys.

A cryptographic transformation encoded with one key can be reversed only with the other key. It
is computationally not feasible to deduce the private key from the public key nor to deduce the
public key from the private key. This defining nature of PKC enables the following:

• Confidentiality. A message encrypted with a public key can only be decrypted with the corresponding private key.
• Endpoint authentication. The recipient can determine the sender’s identity.
• Nonrepudiation. The sender cannot deny sending the message or committed actions.
• Message integrity. The recipient can easily identify whether anything has tampered with the message content during
  transit.

Power Analysis Attacks on Secure Embedded Systems

The power consumption of any hardware circuit (cryptographic ASICs or processors running
cryptographic software) is a function of the switching activity at the wires inside it.
Since the switching activity (and hence, power consumption) is data dependent, it is not
surprising that the key used in a cryptographic algorithm can be inferred from the power
consumption statistics gathered over a wide range of input data. These attacks are called
power analysis attacks and have been shown to be very effective in breaking embedded
systems such as smartcards. Power analysis attacks are categorized into two main classes:
Simple Power Analysis (SPA) attacks and Differential Power Analysis (DPA) attacks.

SPA attacks rely on the observation that in some systems, the power profile of
cryptographic computations can be directly used to reveal cryptographic information. For
example, Figure 1 shows the power consumption profile for an ASIC implementing the DES
algorithm. From the profile, one can easily identify the 16 rounds of the DES algorithm.
While SPA attacks have been useful in determining higher granularity information such as
the cryptographic algorithm used, the cryptographic operations being performed, etc.,
they require reasonably high resolution to reveal the cryptographic key directly. In
practice, SPA attacks have been found be useful in augmenting or simplifying brute-force
attacks. For example, it has been shown in that the brute-force search space for a SW DES
implementation on an 8-bit processor with 7 Bytes of key data can be reduced to 2^40 keys
from 2^56 keys with the help of SPA.

Figure 1: The power consumption profile of a custom hardware implementation
of the DES algorithm

DPA attacks employ statistical analysis to infer the cryptographic key from power
consumption data. These attacks use the notion of differential traces (difference between
traces) to overcome the disadvantages of measurement error and noise associated with SPA
techniques. DPA has been shown to be highly robust and effective in extracting keys from
several embedded systems, not limited to smartcards. Recent approaches such as enhance the
effectiveness of DPA attacks by providing techniques that improve the signal to noise
ratio. While the initial DPA attacks targeted DES implementations, DPA has also been used
to break public-key cryptosystems.

XML Digital Signatures

XML digital signatures will enable a sender to cryptographically sign data, and
the signatures can then be used as authentication credentials or a way to check
data integrity. XML signatures can be applied to any XML resource, such as XML,
an HTML page, binary-encoded data such as a gif file, and XML-encoded data. The
standout feature of the XML digital signature is its ability to sign only specific
portions of the XML document.

This article will now discuss the three types of XML signatures:

• Enveloped
• Enveloping
• Detached

Enveloped Signature

An enveloped signature is the signature applied over the XML content that
contains the signature as an element. The signature element is excluded
from the calculation of the signature value. The signed XML element in
Figure 1 represents the signed XML resource fragment. Click here to look
at a sample SOAP message with an enveloped signature.

Figure 1: Enveloped Signatures

Enveloping Signature

An enveloping signature is the signature applied over the content found within
an Object element of the signature itself. The object or its content is
identified through a Reference element by way of a Uniform Resource Identifier
(URI) fragment identifier or transform. The signed XML element in Figure 1
represents the signed XML resource fragment.

Figure 2: Enveloping Signatures

Detached Signature

A detached signature (see Figure 3) is the signature applied over the content external
to the Signature element, and it can be identified by way of a URI or a transform. The
signed XML resource can be present within the same document as the Signature element,
or it can be external to the XML document. Click here to look at a sample SOAP message
with a detached signature.

Figure 3: Detached Signatures

Encryption and Digital Signature

Digital signature

The process of digitally signing starts by taking a mathematical summary (called
a hash code) of the message. This hash code is a uniquely identifying digital
fingerprint of the message. If even a single bit of the message changes, the hash
code will dramatically change. The next step in creating a digital signature is to
sign the hash code with your private key. This signed hash code is then
appended to the message.

How is this a signature? Well, the recipient of your message can verify the hash
code sent by you, using your public key. At the same time, a new hash code can
be created from the received message and compared with the original signed
hash code. If the hash codes match, then the recipient has verified that the
message has not been altered. The recipient also knows that only you could
have sent the message because only you have the private key that signed the original
hash code.

Confidentiality and encryption

Once the electronic message is digitally signed, it can be encrypted using a highspeed
mathematical transformation with a key that will be used later to decrypt
the document. This is often referred to as a symmetric key system because the
same key is used at both ends of the process. As the message is sent over the
network, it is unreadable without the key. The next challenge is to securely
deliver the symmetric key to the bank.

Public-key cryptography for delivering symmetric keys

Public-key encryption is used to solve the problem of delivering the symmetric
encryption key to the bank in a secure manner. To do so, you would encrypt
the symmetric key using the receiver’s (Here Bank) public key. Since only the
receiver (Bank) has the corresponding private key, only the receiver will be able
to recover the symmetric key and decrypt the message.

Why use this combination of public-key and symmetric cryptography?

The reason is simple. Public-key cryptography is relatively slow and is only
suitable for encrypting small amounts of information – such as symmetric keys.
Symmetric cryptography is much faster and is suitable for encrypting large
amounts of information.

 

Security a New Dimension in Embedded System Design

Embedded systems, which will be ubiquitously used to capture, store, manipulate, and access data of a
sensitive nature, pose several unique and interesting security challenges. Security has been the
subject of intensive research in the areas of cryptography, computing, and networking. However,
security is often mis-construed by embedded system designers as the addition of features, such as
specific cryptographic algorithms and security protocols, to the system. In reality, it is an entirely
new metric that designers should consider throughout the design process, along with other metrics
such as cost, performance, and power.security in one form or another is a requirement for an increasing
number of embedded systems, ranging from low-end systems such as PDAs, wireless handsets, networked
sensors, and smart cards, to high-end systems such as routers, gateways, firewalls, storage servers,
and web servers. Technological advances that have spurred the development of these electronic systems
have also ushered in seemingly parallel trends in the sophistication of security attacks. It has been
observed that the cost of insecurity in electronic systems can be very high. For example, it was
estimated that the “I Love You” virus caused nearly one billion dollars in lost revenues worldwide.
With an increasing proliferation of such attacks, it is not surprising that a large number of users in
the mobile commerce world (nearly 52% of cell phone users and 47% of PDA users, according to a survey
by Forrester Research) feel that security is the single largest concern preventing the successful
deployment of next-generation mobile services. With the evolution of the Internet, information and
communications security has gained significant attention. For example, various security protocols
and standards such as IPSec, SSL, WEP, and WTLS, are used for secure communications. While security
protocols and the cryptographic algorithms they contain address security considerations from a
functional perspective, many embedded systems are constrained by the environments they operate in, and
by the resources they possess. For such systems, there are several factors that are moving security
considerations from a functioncentric perspective into a system architecture (hardware/software) design issue.

• An ever increasing range of attack techniques for breaking security such as software, physical and
  side-channel attacks require that the embedded system be secure even when it can be logically or physically
  accessed by malicious entities. Resistance to such attacks can be ensured only if built into the system
  architecture and implementation.

• The processing capabilities of many embedded systems are easily overwhelmed by the computational demands of
  security processing, leading to undesirable tradeoffs between security and cost, or security and performance.

• Battery-driven systems and small form-factor devices such as PDAs, cell phones and networked sensors often
  operate under stringent resource constraints (limited battery, storage and computation capacities). These
  constraints only worsen when the device is subject to the demands of security.

• Embedded system architectures need to be flexible enough to support the rapid evolution of security mechanisms
  and standards.
• New security objectives, such as denial of service and digital content protection, require a higher degree of
  co-operation between security experts and embedded system architects.

Limitations of Modern Cryptosystems

Before exploring quantum key distribution, it is important to understand the state
of modern cryptography and how quantum cryptography may address current
digital cryptography limitations. Since public key cryptography involves complex
calculations that are relatively slow, they are employed to exchange keys rather
than for the encryption of voluminous amounts of date. For example, widely
deployed solutions, such as the RSA and the Diffie-Hellman key negotiation
schemes, are typically used to distribute symmetric keys among remote parties.
However, because asymmetric encryption is significantly slower than symmetric
encryption, a hybrid approach is preferred by many institutions to take advantage
of the speed of a shared key system and the security of a public key system for
the initial exchange of the symmetric key. Thus, this approach exploits the speed
and performance of a symmetric key system while leveraging the scalability of a
public key infrastructure.

However, public key cryptosystems such as RSA and Diffie-Hellman are not
based on concrete mathematical proofs. Rather, these algorithms are
considered to be reasonably secure based on years of public scrutiny over the
fundamental process of factoring large integers into their primes, which is said to
be “intractable”. In other words, by the time the encryption algorithm could be
defeated, the information being protected would have already lost all of its value.
Thus, the power of these algorithms is based on the fact that there is no known
mathematical operation for quickly factoring very large numbers given today’s
computer processing power.

Secondly, there is uncertainty whether a theorem may be developed in the future
or perhaps already available that can factor large numbers into their primes in a
timely manner. At present, there is no existing proof stating that it is impossible
to develop such a factoring theorem. As a result, public key systems are thus
vulnerable to the uncertainty regarding the future creation of such a theorem,
which would have a significant affect on the algorithm being mathematical
intractable. This uncertainty provides potential risk to areas of national security
and intellectual property which require perfect security.

In sum, modern cryptography is vulnerable to both technological progress of
computing power and evolution in mathematics to quickly reverse one way
functions such as that of factoring large integers. If a factoring theorem were
publicized or computing became powerful enough to defeat public cryptography,
then business, governments, militaries and other affected institutions would have
to spend significant resources to research the risk of damage and potentially
deploy a new and costly cryptography system quickly.