Date post: | 20-Dec-2015 |
Category: |
Documents |
View: | 218 times |
Download: | 0 times |
Applied Cryptography Week 8 Slide 1
Applied Cryptography Week 8Web Services, Secure Voting and
XML Signature
Mike McCarthy
Applied Cryptography Week 8 Slide 2
XML Web Services
Hot topic
Foundation of Service Oriented Architectures
Interoperable
Remote Method Invocation
Supported by all the big players
Applied Cryptography Week 8 Slide 3
Existing XML Web Services
GoogleEBayAmazonXIgnite (financial computations)Hundreds of othersSee www.xmethods.comMany are not public
Applied Cryptography Week 8 Slide 4
XML Web Services & Cryptography
Bob and Alice – Exchange SOAP messages
Eve
Mallory
Applied Cryptography Week 8 Slide 5
What’s going on?
Web Services Security (WSS) specification from OASIS
Message confidentiality
Message authentication
End-to-end (not just point-to-point)
Applied Cryptography Week 8 Slide 6
The WS Cryptography Stack
XML Web Services SecuritySAML (Security Assertion ML),XKMS (XML Key Management Specification),
XACML (eXtensible Access Control Markup Language)
XMLDSIG (W3C)XMLENC (W3C)
.NET Crypto API’s Java Security API’s
Applied Cryptography Week 8 Slide 7
Development Tools We’ll Use
Apache’s WSS4J (Web Services Security)
Apache’s Tomcat/Axis (for XML RPC)
Java’s JCE and JCA
C# Crypto API’s
Applied Cryptography Week 8 Slide 8
Main Project Secure Voting
Hot topic
Build an interoperable implementation of one of Schneier’s “Esoteric Protocols”
Exercise mathematical skills (blind signatures are not normally found in crypto API’s)
Involves the consideration of issues associated with many other secure protocols
Involves the consideration of programming and security issues associated with web services
Applied Cryptography Week 8 Slide 9
Goals Of Secure Voting
Only Authorized Voters Can Vote
No one can vote more than once
No one can determine for whom anyone else voted
No one can duplicate anyone else’s vote
No one can change anyone else’s vote without being discovered
Every voter can make sure that his vote has been taken into account in the final tabulation.
Applied Cryptography Week 8 Slide 10
First Attempt
Each voter encrypts his vote with the public key of a Central Tabulating Facility (CTF)
Each voter send his vote in to the CTF
The CTF decrypts the votes, tabulates them, and makes the results public
What are some problems with this protocol?
Applied Cryptography Week 8 Slide 11
Second Attempt
Each voter signs his vote with his private key
Each voter encrypts his signed vote with the CTF’s public key
Each voter send his vote to the CTF
The CTF decrypts the votes, checks the signature, tabulates the votes and makes the results public
What are some problems with this protocol?
Applied Cryptography Week 8 Slide 12
Third Attempt Page 1
Each voter generates 10 sets of messages, each set containing a valid vote for each possible outcome. Each message also contains a randomly generated identification number, large enough to avoid duplicates with other voters.
Each voter individually blinds all of the messages, signs the package, and sends it to the CTF
The CTF checks its database to make sure the voter has not submitted his blinded votes for signature previously
Applied Cryptography Week 8 Slide 13
Third Attempt Page 2
The CTF chooses 9 of these sets randomly and requests the blinding factors for these 9.
The voter sends the 9 blinding factors to the CTF
The CTF opens 9 of the 10 sets to make sure they are properly formed
The CTF signs each blinded message in the remaining set
Applied Cryptography Week 8 Slide 14
Third Attempt Page 3
It sends them back to the voter, storing the name of the voter in its database
The voter unblinds the messages and is left with a set of votes signed by the CTF
The voter chooses one of the votes, adds some salt and encrypts it with the CTF’s public key
The voter send his vote in to the CTF
Applied Cryptography Week 8 Slide 15
Third Attempt Page 4
The CTF decrypts the vote, discards the salt and checks the signatures, it checks its database for a duplicate identification number, saves the identification number, and tabulates the votes
It publishes the results of the election, along with every identification number and its associated vote
Applied Cryptography Week 8 Slide 16
Detail Page1
Each voter generates 10 sets of messages, each set containing a valid vote for each possible outcome. Each message also contains a randomly generated identification number, large enough to avoid duplicates with other voters.
Kerry862322309811 2 of 10 sets Bush862322309811 Nader862322309811 Kerry732341309936 Bush732341309936 Nader732341309936
Applied Cryptography Week 8 Slide 17
Detail Page 2
Each voter individually blinds all of the messages and sends them to the CTF
(Kerry862322309811)*k1e mod n
(Bush862322309811 )*k1e mod n
(Nader862322309811 )*k1e mod n
(Kerry732341309936 )*k2e mod n
(Bush732341309936 )* k2e mod n
(Nader732341309936 )* k2e mod n
Applied Cryptography Week 8 Slide 18
Detail Page 3
The CTF checks its database to make sure the voter has not submitted his blinded votes for signature previously.
Voter’s signature(
(Kerry862322309811)*k1e mod n
(Bush862322309811 )*k1e mod n
(Nader862322309811 )*k1e mod n
(Kerry732341309936 )*k2e mod n
(Bush732341309936 )* k2e mod n
(Nader732341309936 )* k2e mod n)
Applied Cryptography Week 8 Slide 19
Detail Page 4
The CTF chooses 9 of these sets randomly and requests the blinding factors for these 9.
The voter sends the 9 blinding factors to the CTFThe CTF opens 9 of the 10 sets to make sure they
are properly formed
Suppose m = Nader732341309936 (m*k2
e)d = mdk2ed = mdk2
mdk2 * k2 -1 = md
mde = m
Applied Cryptography Week 8 Slide 20
Detail Page 5
The CTF signs each blinded message in the remaining set
Suppose m = Kerry862322309811
(m*k1 e)d = mdk1
ed = mdk1
Applied Cryptography Week 8 Slide 21
Detail Page 6
It sends them back to the voter, storing the name of the voter in its database
The voter unblinds the messages and is left with a set of votes signed by the CTF
mdk1 * k1-1 = md
The voter can read this by computing
(md) e = m
Applied Cryptography Week 8 Slide 22
Detail Page 7
The voter chooses one of the votes, adds some salt and encrypts it with the CTF’s public key: (md + salt)e mod n
Why the salt? If the voter sends (md)e = m the “encryption” would remove the signature and m would be in the clear.
The voter send his vote in to the CTF.
Applied Cryptography Week 8 Slide 23
Detail Page 8
The CTF decrypts the vote, discards the salt and checks the signatures, it checks its database for a duplicate identification number, saves the identification number, and tabulates the votes
(md + salt)e mod n (md + salt)ed mod n = md + salt mde = m verifies the signatureIt publishes the results of the election, along with
every identification number and its associated vote
Applied Cryptography Week 8 Slide 24
Programming Project 1 - Two Parts
Write a simulation in Java
Write the simulation as a JAX-RPC web service
Applied Cryptography Week 8 Slide 25
Demonstrations
A stand alone simulator
Writing a simple JAX-RPC web service
A JAX-RPC simulator
Applied Cryptography Week 8 Slide 26
Applied Cryptography Web Services Security and XML
Signature
Michael McCarthy
Notes adapted from “Web Services Security”, Bilal Siddiqui
Applied Cryptography Week 8 Slide 27
The Need For Web Services
Application integration within the enterprise
Application integration across enterprise boundaries
customers
partners
suppliers
Applied Cryptography Week 8 Slide 28
A Tourism Supply Chain
Tourists Tour Operator
Car Rental
HotelHotel
Car Rental
Hotel
RoomRentInfoForAll()
RoomRentInfoForPartnersOnly()
Without XML/WSS - message formats must be agreed to - coarse-grained protection provided by firewalls
With XML/WSS - SOAP is used for RPC - WSS provides fine grained security decisions
Anyone may call
Restricted callers
Applied Cryptography Week 8 Slide 29
Service Oriented Architecture
Hotel
RoomRentInfoForAll()
RoomRentInfoForPartnersOnly()
SOAP Server
SOAP (XML RPC) over HTTP
Applied Cryptography Week 8 Slide 30
Listing 1 SOAP RequestPOST /Vendors HTTP/1.1Host: www.myHotel.comContent-Type: text/xml;Charset=utf-8Content-Length: 350SOAPACtion:""
<?xml version='1.0'?> <SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' > <SOAP-Env:Body> <s:GetSpecialDiscountedBookingForPartners xmlns:s='http://www.MyHotel.com/partnerservice/' > <!--Parameters passed with the method call--> </s:GetSpecialDiscountedBookingForPartners> </SOAP-Env:Body> </SOAP-Env:Envelope>
Applied Cryptography Week 8 Slide 31
Listing 2 SOAP Response
HTTP/1.0 200 OKContent-Type: text/xml; charset=utf-8Content-Length: 1474
<?xml version="1.0"><SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' > <SOAP-ENV:Body> <m:GetSpecialDiscountedBookingForPartnersResponse xmlns:m="http://www.MyHotel.com/partnerservice/" > <!-- Booking confirmation details--> </m:GetSpecialDiscountedBookingForPartnersResponse> </SOAP-ENV:Body></SOAP-ENV:Envelope>
Applied Cryptography Week 8 Slide 32
1st Generation Web Services
SOAP Client SOAPServer
Hotel Class
RDBMS
Applied Cryptography Week 8 Slide 33
2ND Generation Web Services
SOAPServer
Hotel Class
RDBMS
SOAP Client SOAPServer
Tour Planning
Class
Applied Cryptography Week 8 Slide 34
3RD Generation Web Services
SOAPServer
Hotel Class
RDBMS
SOAP Client SOAPServer
Tour Planning
Class
SOAPServer
Plane Class
RDBMS
SOAPServer
Tour Planning
Class
WS-Transaction
Applied Cryptography Week 8 Slide 35
WS Security
SOAP Client SOAP
ServerHotel Class
RDBMS
SOAP Server (SOAP Aware Firewall)• inspect SOAP message• match user roles with access lists• XML Signature (not SOAP specific)• XML Encryption (not SOAP specific)• WSS (SOAP specific use of XMLEnc and XMLDsig)• Security Access Markup Language (SAML) for single sign on replacing HTTP cookies• XACML (extensible Access Control Markup Language) to express authorization and access policies
Applied Cryptography Week 8 Slide 37
XML Digital Signatures
Review Message Digest message + digest algorithm -> hash value transmit (message,hash value) pair useful for checking if errors occurred
Problem Mallory might replace the message, hash value
pair with her own message, hash value pair.
Applied Cryptography Week 8 Slide 38
XML Digital Signatures
Solution: get a secret key involved in the
calculation of the hash
Given a message m, compute a hash of m.
Encrypt the hash with a private key.
Mallory doesn’t know the private key.
Applied Cryptography Week 8 Slide 39
XML Signature
• XML Signatures are digital signatures used in XML transactions
• May be used to sign only a portion of an XML document. The document might have
a long history with different parts holding different signatures
• The signature may apply to XML or non-XML data
Applied Cryptography Week 8 Slide 40
Referencing What is Signed
• The XML Signature may hold a URI
• The signature may be a sibling of what is signed.
• The signature may be a parent of what is signed.
• The signature may be a child of what is signed
Applied Cryptography Week 8 Slide 42
The <Reference> Element
• Each signed resource is specified with
a <Reference> element
• A typical <Reference> element will contain
- a pointer to what is signed
- a digest method (for example SHA1)
- and a digest value of the signed data in
base 64 notation
Applied Cryptography Week 8 Slide 43
The <Reference> Element
<Reference URI = “http://.../po.xml”> <DigestMethod>….</DigestMethod> <DigestValue> calculated digest of po.xml </DigestValue> </Reference>
This is the locationof the document beingsigned.
Applied Cryptography Week 8 Slide 44
We may have many references
<Reference>
pointer, digest method, digest value
</Reference>
:
<Reference>
pointer, digest method, digest value
</Reference>
Applied Cryptography Week 8 Slide 45
Place Within a SignedInfo Element
<SignedInfo> <CanonicalizationMethod> algorithm used on SignedInfo element <SignatureMethod> for example dsa-sha1 <Reference> pointer, digest method, digest value </Reference> <Reference> pointer, digest method, digest value </Reference>
</SignedInfo>
Applied Cryptography Week 8 Slide 46
Compute Digest of SignedInfo
<SignedInfo> <CanonicalizationMethod> algorithm used on
SignedInfo element
<SignatureMethod> for example dsa-sha1
<Reference>
pointer, digest method, digest value
</Reference>
<Reference>
pointer, digest method, digest value
</Reference>
</SignedInfo>
Applied Cryptography Week 8 Slide 47
Sign the digest and place value in a SignatureValue element…
<SignedInfo> <CanonicalizationMethod> algorithm used on SignedInfo element <SignatureMethod> for example dsa-sha1 <Reference> pointer, digest method, digest value </Reference> <Reference> pointer, digest method, digest value </Reference></SignedInfo>
<SignatureValue>Base 64 signature of the SignedInfo Element
</SignatureValue>
Applied Cryptography Week 8 Slide 48
Enclose in a Signature Element
<SignedInfo> <CanonicalizationMethod> algorithm used on SignedInfo element <SignatureMethod> for example dsa-sha1 <Reference> pointer, method, digest value </Reference> <Reference> pointer, method, digest value </Reference></SignedInfo><SignatureValue>Base 64 signature of the SignedInfo Element</SignatureValue>
<Signature>
</Signature>
Applied Cryptography Week 8 Slide 49
We may include KeyInfo
<SignedInfo> <Canonicalization> <SignatureMethod> <Reference>… <Reference>…</SignedInfo><SignatureValue>Base 64 signature of the SignedInfo Element</SignatureValue>
<KeyInfo> <X509Data> <X509SubjectName>CN=Cristina McCarthy, O=CMU,… <X509Certificate> base 64 public key and identity signed by
a CA </X509Certificate> </X509Data></KeyInfo>
<Signature>
</Signature>
Applied Cryptography Week 8 Slide 50
KeyInfo Element in XMLDsig
• Optional element
• Holds key information required to validate the signature or
• Points to that key information
• May have children such as
<PGPData> <SPKIData> <X509Data>
Applied Cryptography Week 8 Slide 51
What Can Mallory Do?
Can she modify the CA signed certificate so that someone else appears to have signed the document?
Can she modify what is being pointed by the reference element?
Can she change the canonicalization method?
Can she change the contents of the signature method tag?
Applied Cryptography Week 8 Slide 52
Verification
1. Canonicalize the SignedInfo element.2. Compute the digest of the SignedInfo element using the method described within it3. Compare the above value with that value got from applying the signer’s public key to the value in the SignatureValue element4. Compute digests of referenced items (after any transformations) and compare those digests found within each reference tag
Applied Cryptography Week 8 Slide 54
Signing in Three Steps(1)
Prepare a Signature DOM tree
This an XML document holding the Signature element.
This may be done with an XSS4J TemplateGenerator or with an existing template document
Applied Cryptography Week 8 Slide 55
Signing in Three Steps(2)
2. Create an XSS4J SignatureContext instance
-- may be used to fetch resource to be signed using URLConnection -- may used to find an element being referred to within the same
document -- has a sign() method
Applied Cryptography Week 8 Slide 56
Signing in Three Steps(3)3. Sign with the sign method of the XSS4J SignatureContext object
Prepare a key object (holding the private key in DSS or RSA) used to sign
Prepare a KeyInfo object with an X509 certificate
Insert the KeyInfo into the Signature element
sigContext.sign(sigElement, key)
Applied Cryptography Week 8 Slide 57
Sign a grade book
Gradebook.xml
<?xml version="1.0" encoding="UTF-8"?><GradeBook> <Student> <Score>100</Score> <Score>89</Score> </Student></GradeBook>
Applied Cryptography Week 8 Slide 58
We need keys…
D:\..\95-804\IBMXMLSecuritySuite\SampleSign2>
keytool -genkey -keyalg RSA -keystore test.keystore
-dname "CN=Mike McCarthy, OU=Heinz School,
O=CMU, L=Pgh, S=PA, C=US" -alias mjm
-storepass sesame -keypass sesame
Creates test.keystore holding keys and a self-signed certificate
Applied Cryptography Week 8 Slide 59
Run XSS4J’s SampleSign2
D:\...\95-804\IBMXMLSecuritySuite\
SampleSign2>java SampleSign2 mjm
sesame sesame
-embxml gradebook.xml > signature.xml
Key store: test.keystore
Sign: 851ms
Applied Cryptography Week 8 Slide 60
Examine Signature.xml<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
Applied Cryptography Week 8 Slide 61
<Reference URI="#Res0"> <Transforms> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-
c14n-20010315"> </Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"> </DigestMethod> <DigestValue>m6f9xhOc4iEXokD/29V9EsdY3yI= </DigestValue> </Reference>
We are signing resource 0
Transforms
Prior to hashing
Applied Cryptography Week 8 Slide 62
</SignedInfo> <SignatureValue>
Gll1H/uplOwfaX3j7ST6UqQlc92Hx2nsCdN2KWz32CW0D4hH64n32v/InkGux1dYgTya6S4s55iHqZEjDpH2I359H4PAxBYYXJj4LUBNxAFxUcDy6xrEUbLnKeutT5pf1DBSmxg9Cp3PO5Rs36nVN8GVfnFl1M86WQd19/RsAnA=
</SignatureValue>
Applied Cryptography Week 8 Slide 63
<KeyInfo> <KeyValue> <RSAKeyValue> <Modulus>
7V5eyhVaw0clED11H6PTPoKQA1VxrLAugU3QxKA0hbbUOiavFbqCdc6Z+Fe9JZFMkS
Iqdl+khwWwd+AIsRyrN4V2DWm1f+xyYQf6bdZgCaVVgkST1BpQxBTgNKRcS5VbLrXf
4MXb5TbhA+eo1Qbr2IjlV10aLbVhUk/g+ylag+k= </Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> </KeyValue>
Applied Cryptography Week 8 Slide 64
<X509Data> <X509IssuerSerial> <X509IssuerName>CN=Mike McCarthy,OU=Heinz School,O=CMU,L=Pgh,ST=PA,C=US </X509IssuerName> <X509SerialNumber>1049138061 </X509SerialNumber> </X509IssuerSerial> <X509SubjectName>CN=Mike McCarthy,OU=Heinz School,O=CMU,L=Pgh,ST=PA,C=US </X509SubjectName> <X509Certificate>
Applied Cryptography Week 8 Slide 65
MIICPDCCAaUCBD6Ik40wDQYJKoZIhvcNAQEEBQAwZTELMAkGAUEBhMCVVMxCzAJBgNVBAgTAlBBMQwwCgYDVQQHEwNQZ2gxDAKBgNVBAoTA0NNVTEVMBMGA1UECxMMSGVpbnogU2Nob29sRYwFAYDVQQDEw1NaWtlIE1jQ2FydGh5MB4XDTAzMDMzMTE5MQyMVoXDTAzMDYyOTE5MTQyMVowZTELMAkGA1UEBhMCVVMxzAJBgNVBAgTAlBBMQwwCgYDVQQHEwNQZ2gxDDAKBgNVBAoT0NNVTEVMBMGA1UECxMMSGVpbnogU2Nob29sMRYwFAYDVQQEw1NaWtlIE1jQ2FydGh5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDtXl7KFVrDRyUQPXUfo9M+gpADVXGssC6BTDEoDSFttQ6Jq8VuoJ1zpn4V70lkUyRIip2X6SHBbB34AixHKs3hXYNbV/7HJhB/pt1mAJpVWCRJPUGlDEFOA0pFxLlVsutd/gxdvlNuED56jVBuvYiOVXXRottWFST+D7KVqD6QIDAQABMA0GCSqG3DQEBBAUAA4GBAMpUaA8Cw8mKQn408KuV4xrTciEEcTLNniDGn8d9W1fR4veqhKz8L8+886+4bNS5Wih+1oEC5k/da23QicpTdXfUyA1c9Zu3cGU4ulUfhFPWv0IgdpI63KQt9QwsuTxWck5dAta2+KWWTv85IByHXgoaDlvJ65JjT87nAPAI3
Applied Cryptography Week 8 Slide 66
</X509Certificate> </X509Data> </KeyInfo> <dsig:Object xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Res0">
<GradeBook> <Student> <Score>100</Score> <Score>89</Score> </Student> </GradeBook> </dsig:Object></Signature>
The resource 0 object
Applied Cryptography Week 8 Slide 67
Let’s change the low grade!
<dsig:Object xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Res0">
<GradeBook> <Student> <Score>100</Score> <Score>100</Score> </Student></GradeBook></dsig:Object>
Applied Cryptography Week 8 Slide 68
And run verify…D:\McCarthy\www\95-804\IBMXMLSecuritySuite\SampleSign2>java VerifyCUI <
signature.xml
The signature has a KeyValue element.The signature has one or more X509Data elements.Checks an X509Data:1 certificate(s).
Certificate Information: Version: 1 Validity: OK SubjectDN: CN=Mike McCarthy, OU=Heinz School, O=CMU, L=Pgh, ST=PA, C=US IssuerDN: CN=Mike McCarthy, OU=Heinz School, O=CMU, L=Pgh, ST=PA, C=US Serial#: 0x3e88938dTime to verify: 521 [msec]Core Validity: NGSignature Validity: OK[0] "#Res0" NG: Digest value mismatch: calculated: tfVyHns8wRB6l/HDU2dXZkzf+7Q=Exception in thread "main" java.lang.RuntimeException: Core Validity: NG at dsig.VerifyCUI.main(VerifyCUI.java:137)
Applied Cryptography Week 8 Slide 69
Another Example PO.XML
<?xml version="1.0" encoding="UTF-8"?><PurchaseOrder xmlns="urn:purchase-order"> <Customer> <Name>Robert Smith</Name> <CustomerId>788335</CustomerId> </Customer> <Item partNum="C763"> <ProductId>6883-JF3</ProductId> <Quantity>3</Quantity> <ShipDate>2002-09-03</ShipDate> <Name>ThinkPad X20</Name> </Item></PurchaseOrder>
Applied Cryptography Week 8 Slide 70
PO After Signing<?xml version='1.0' encoding='UTF-8'?><SignedPurchaseOrder>
<PurchaseOrder id="id0" xmlns="urn:purchase-order"> <Customer> <Name>Robert Smith</Name> <CustomerId>788335</CustomerId> </Customer> <Item partNum="C763"> <ProductId>6883-JF3</ProductId> <Quantity>3</Quantity> <ShipDate>2002-09-03</ShipDate> <Name>ThinkPad X20</Name> </Item> </PurchaseOrder>
Applied Cryptography Week 8 Slide 71
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI="#id0"> <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>UfeiscUCL7QkhZtRDLWDPWLpVlA=</DigestValue> </Reference> </SignedInfo>
Applied Cryptography Week 8 Slide 72
<SignatureValue>
Ptysg8WdHI2mxwryOOt5I9r9qZm/2gNFNOJyH1Wak4nCUegRpe72tWnsigAKZyopmgUSH3TG
aGGQF1BTSvk3JUUY/ljrw+5FpTpf3hgZBi7GSWf6WtXqZvMYGUKIlvR/421MZg7P9XRUyy37
ZUzQHtmCYkBorEkEx1J4CYB0G2c=
</SignatureValue>
Applied Cryptography Week 8 Slide 73
<KeyInfo>
<X509Data> <X509Certificate> MIIDGjCCAoOgAwIBAgICAQAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCSlAxETAPBgNVBAgT CEthbmFnYXdhMQ8wDQYDVQQHEwZZYW1hdG8xDDAKBgNVBAoTA0lCTTEMMAoGA1UECxMDVFJMMRAw
DgYDVQQDEwdUZXN0IENBMB4XDTAxMTAwMTA3MTYxMFoXDTExMTAwMTA3MTYxMFowUDELMAkGA1UE
BhMCSlAxETAPBgNVBAgTCEthbmFnYXdhMQwwCgYDVQQKEwNJQk0xDDAKBgNVBAsTA1RSTDESMBAG A1UEAxMJU2lnbmF0dXJlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvnFQiPEJnUZnkmzoc MjsseD8ms9HBgasZR0VOAvsby5aajsm9CtB18dDCemDXZ2YjBdprX+epfF4SLNP5ankfphhr9QXA NJdCKpyF3jPoydckle7E7gI9w3Q4NDa4ryVOuIS2qev6jlE7OVPqiXIDVlCH4u6GbIoJEpJ57yzx
dQIDAQABo4HzMIHwMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMCwGCWCGSAGG+EIBDQQfFh1PcGVu
U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYapFv9MvQ9NNn1Q7zgzqka4XORsw gYgGA1UdIwSBgDB+gBR7FuT9bLBj3vVsgAzIeYa4hBUZBaFjpGEwXzELMAkGA1UEBhMCSlAxETAP BgNVBAgTCEthbmFnYXdhMQ8wDQYDVQQHEwZZYW1hdG8xDDAKBgNVBAoTA0lCTTEMMAoGA1UECxMD VFJMMRAwDgYDVQQDEwdUZXN0IENBggEAMA0GCSqGSIb3DQEBBQUAA4GBALFzGDXMzxJvOnCdJCMZ 2NsZdz1+wmoYyejB5J6Ch2ygdPeibMnW/CiYKCTWBhpEgxEqr1BNlgSVqA6nyvjHsVIvgBfwx37D hJ5hz4azpWu1X22XqyU9fUqoQUtEAdM/MlLekBkprkJVb9uJXTFzzvm/3DoEiBkX/BT78YdM8eq0 </X509Certificate> </X509Data>
</KeyInfo></Signature>
</SignedPurchaseOrder>
Applied Cryptography Week 8 Slide 74
WSS XMLDSig Listing 1
<?xml version=”1.0”?><SOAP-ENV:Envelope xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/”> <SOAP-ENV:Body> <s:GetSpecialDiscountedBookingForPartners xmlns:s=“http://www.MyHotel.com/partnerservice/”> <!--Parameters passed with the method call--> </s:GetSpecialDiscountedBookingForPartners> </SOAP-ENV:Body></SOAP-ENV:Envelope>
From “Web Services Security”, Bilal SiddiquiThere is no XMLDS in this example.
Applied Cryptography Week 8 Slide 75
Sign The SOAP Request <?xml version=”1.0”?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:ds=”http://www.w3.org/2000/09/xmldsig#”>
<SOAP-ENV:Header> <ds:Signature> <!– wraps all other XMLDS elements <ds:SignedInfo> <!– note the ds prefix </ds:SignedInfo> <!– note three children of signedInfo <ds:SignatureValue> </ds:SignatureValue> <ds:KeyInfo> </ds:KeyInfo> </ds:Signature> </SOAP-ENV:Header>
<SOAP-ENV:Body> <s:GetSpecialDiscountedBookingForPartners xmlns:s=“http://www.MyHotel.com/partnerservice/”> <!--Parameters passed with the method call--> </s:GetSpecialDiscountedBookingForPartners> </SOAP-ENV:Body></SOAP-ENV:Envelope>
Applied Cryptography Week 8 Slide 76
<?xml version=”1.0”?><SOAP-ENV:Envelope xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:ds=”http://www.w3.org/2000/09/xmldsig#”>
<SOAP-ENV:Header> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#GetSpecialDiscountedBookingForPartners"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms>
After Signing (1)
Applied Cryptography Week 8 Slide 77
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue> BIUddkjKKo2... </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> halHJghyf765.... </ds:SignatureValue> <ds:KeyInfo> <!– the key name for signature verification <ds:KeyName>MyKeyIdentifier</ds:KeyName> </ds:KeyInfo> <!– application dependent, perhaps a symmetric key ID </ds:Signature> </SOAP-ENV:Header>
After Signing (2)
Applied Cryptography Week 8 Slide 78
<SOAP-ENV:Body> <s:GetSpecialDiscountedBookingForPartners xmlns:s=“http://www.MyHotel.com/partnerservice/” ID="GetSpecialDiscountedBookingForPartners"> <!--Parameters passed with the method call--> </s:GetSpecialDiscountedBookingForPartners> </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
After Signing (3)
Applied Cryptography Week 8 Slide 79
Validation Procedure
(1) Canonicalize the SignedInfo element.
(2) Check message integrity. We’ll need
a. the data to be digested
b. any transforms to perform first
c. the digest algorithm
(3) If the digests compare equal verify the
signature (continued)
Applied Cryptography Week 8 Slide 80
Validation Procedure
(3) If the digests compare equal verify the signature a. get the signer’s key (public key or shared secret) perhaps by consulting the <keyInfo> element. b. read the signature method used to compute the signature c. Attempt to verify and if we have a match call GetSpecialDiscountedBookingForPartners