lcdr jeffrey s. williams naval postgraduate school september 9, 2009
DESCRIPTION
DOCUMENT-BASED MESSAGE-CENTRIC SECURITY USING XML AUTHENTICATION AND ENCRYPTION FOR COALITION AND INTERAGENCY OPERATIONS. LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009. This thesis was done at the MOVES Institute. Problem Statement. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/1.jpg)
DOCUMENT-BASED MESSAGE-CENTRIC SECURITY USING XML
AUTHENTICATION AND ENCRYPTION FOR COALITION AND INTERAGENCY
OPERATIONS
LCDR Jeffrey S. Williams
Naval Postgraduate School
September 9, 2009This thesis was done at the MOVES Institute
![Page 2: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/2.jpg)
Problem Statement
• Different agencies and different nations are not able to communicate and share structured information – Different data formats– Different security policies
• The current evolution of data and security policies by different agencies and nations will not solve this problem.
![Page 3: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/3.jpg)
Motivation
• Show that existing web standards for document security can be commonly applied across a range of scenarios.– Canonicalization (C14N)– Authentication (digital signature)– Encryption– Compression
• Demonstrate a meaningful exemplar that can work for multiple agencies and nations
![Page 4: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/4.jpg)
Exemplar Scenario
• Coalition Operations for antipiracy– Task Force 151 and NATO ATALANTA– Approx. 30 nations, variable membership– Shared need for document security– Diverse communication channels: NATO
messaging, “free formatted” messaging, e-mail, and bridge-to-bridge radio!
• Assume secure endpoints and non-secure transport for any message
![Page 5: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/5.jpg)
International Navies Concerns
![Page 6: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/6.jpg)
![Page 7: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/7.jpg)
Problem Constraints
• Allow a diverse communications framework to securely enable shared/common data exchange between traditional and nontraditional actors.
• Provide a mechanism with minimal exchange of cryptographic technology by implementing open standard technology.– No nation trusts another nation’s security software– World Wide Web security is a potential for
international standardization because multiple independent implementations are available.
– Can substitute alternative cryptographic algorithms
![Page 8: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/8.jpg)
Key Exchange
Public Key Cryptography has well-defined formal mechanisms for defining secure operations.
• Step 1. B A: {Nb, B}KB
• Step 2. A B: {Nb, Na, A}KA
• Step 3. B A: {Na}KB
![Page 9: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/9.jpg)
XML Digital Signature Process
![Page 10: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/10.jpg)
Digital Signature
http://www.xml.com/pub/a/2001/08/08/xmldsig.html
![Page 11: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/11.jpg)
XML Encryption Process
![Page 12: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/12.jpg)
Recommended Best Practice
![Page 13: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/13.jpg)
XML Encryption
![Page 14: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/14.jpg)
Goal of EXI integration with XML Security
![Page 15: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/15.jpg)
Encryption-EncryptedData (Element Node) +[Attribute] - EncryptionMethod (Element Node) +[Attribute] - KeyInfo (Element Node) - EncryptedKey (Element Node) + EncryptionMethod (Element Node) - KeyInfo (Element Node) +KeyName (Element Node) + CipherData (Element Node) - CipherValue (Element Node) - CipherData (Element Node) + CipherValue
<EncryptedData Id? Type? MimeType? Encoding?> <EncryptionMethod/>? <ds:KeyInfo> <EncryptedKey>? <AgreementMethod>? <ds:KeyName>? <ds:RetrievalMethod>? <ds:*>? </ds:KeyInfo>? <CipherData> <CipherValue>? <CipherReference URI?>? </CipherData> <EncryptionProperties>? </EncryptedData>
http://www.w3.org/TR/xmlenc-core/http://dotnetslackers.com/articles/xml/XMLEncryption.aspx
![Page 16: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/16.jpg)
XML Decryption Process
![Page 17: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/17.jpg)
Conclusions
• XML Security is a feasible approach for multiple agency and coalition operations.
• This thesis demonstrates practical results for a meaningful scenario
• The approach works for any type of XML.
![Page 18: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/18.jpg)
Future Work• Certification and Accreditation of XML Encryption and
Authentication for the unclassified Architecture • Contrast of XML Security with SSL and TLS• Mitigation techniques and tactics to isolate risks
associated with Web Based Security methods.• Applicability of XML Encryption for real time web
services • Application of XML encryption and authentication
techniques within the classified arena• A Comparative Analysis and potential for document
centric security using XML in support of CENTRIXS and Coalition Secure Management and Operations System (COSMOS)
![Page 19: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/19.jpg)
Contact Information• Jeff Williams [email protected]
[email protected]: williams6us
• Don Brutzman [email protected] USW/br
Naval Postgraduate School Monterey, CA 93943 1-831-656-2149
![Page 20: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/20.jpg)
Brief Biography of LCDR Williams USN/1600
• LCDR Williams joined the Navy in 1987 through the Delayed Entry Program (DEP). He was commissioned through NROTC Atlanta Consortium via the BOOST program.
• Since his commission in 1996 he has served at the following commands: – USS ESSEX (LHD-2)
– Military Sealift Command Office (MSCO) Beaumont TX
– Naval Network and Space Operations Command (NNSOC)
– Destroyer Squadron Two Six (CDS-26)
– Naval Postgraduate School (NPS)
• Next Assignment: – Network Engineer Program Manager, Brussels Belgium
• Industry Certifications– CISSP, CISA, CWSP, Security+, Network+, I-NET+, A+
![Page 21: LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009](https://reader036.vdocuments.mx/reader036/viewer/2022062809/56815a29550346895dc76ad7/html5/thumbnails/21.jpg)
Acknowledgements• The thesis was developed under the guidance of Prof.
Don Brutzman, PhD. Naval Postgraduate School and second reader Don McGregor, Research Associate Naval Postgraduate School at the Modeling Virtual Environment and Simulation (MOVES) Institute.
• The Scenario Authoring for Visual Graphical Environments (SAVAGE) team’s expertise in the development and processing of information contributing to the proof of concept formulations.
• Course work and further guidance from the Naval Postgraduate School Center of Information Security Research (CISR) contributed greatly in understanding and articulating key security concepts.