1 / 21

LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009

DOCUMENT-BASED MESSAGE-CENTRIC SECURITY USING XML AUTHENTICATION AND ENCRYPTION FOR COALITION AND INTERAGENCY OPERATIONS. LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009. This thesis was done at the MOVES Institute. Problem Statement.

sarai
Télécharger la présentation

LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DOCUMENT-BASED MESSAGE-CENTRIC SECURITY USING XML AUTHENTICATION AND ENCRYPTION FOR COALITION AND INTERAGENCY OPERATIONS LCDR Jeffrey S. Williams Naval Postgraduate School September 9, 2009 This thesis was done at the MOVES Institute

  2. Problem Statement • Different agencies and different nations are not able to communicate and share structured information • Different data formats • Different security policies • The current evolution of data and security policies by different agencies and nations will not solve this problem.

  3. Motivation • Show that existing web standards for document security can be commonly applied across a range of scenarios. • Canonicalization (C14N) • Authentication (digital signature) • Encryption • Compression • Demonstrate a meaningful exemplar that can work for multiple agencies and nations

  4. Exemplar Scenario • Coalition Operations for antipiracy • Task Force 151 and NATO ATALANTA • Approx. 30 nations, variable membership • Shared need for document security • Diverse communication channels: NATO messaging, “free formatted” messaging, e-mail, and bridge-to-bridge radio! • Assume secure endpoints and non-secure transport for any message

  5. International Navies Concerns

  6. Problem Constraints • Allow a diverse communications framework to securely enable shared/common data exchange between traditional and nontraditional actors. • Provide a mechanism with minimal exchange of cryptographic technology by implementing open standard technology. • No nation trusts another nation’s security software • World Wide Web security is a potential for international standardization because multiple independent implementations are available. • Can substitute alternative cryptographic algorithms

  7. Key Exchange Public Key Cryptography has well-defined formal mechanisms for defining secure operations. • Step 1. B  A: {Nb, B}KB • Step 2. A  B: {Nb, Na, A}KA • Step 3. B  A: {Na}KB

  8. XML Digital Signature Process

  9. Digital Signature http://www.xml.com/pub/a/2001/08/08/xmldsig.html

  10. XML Encryption Process

  11. Recommended Best Practice

  12. XML Encryption

  13. Goal of EXI integration with XML Security

  14. Encryption <EncryptedData Id? Type? MimeType? Encoding?> <EncryptionMethod/>? <ds:KeyInfo> <EncryptedKey>? <AgreementMethod>? <ds:KeyName>? <ds:RetrievalMethod>? <ds:*>? </ds:KeyInfo>? <CipherData> <CipherValue>? <CipherReference URI?>? </CipherData> <EncryptionProperties>? </EncryptedData> -EncryptedData (Element Node) +[Attribute] - EncryptionMethod (Element Node) +[Attribute] - KeyInfo (Element Node) - EncryptedKey (Element Node) + EncryptionMethod (Element Node) - KeyInfo (Element Node) +KeyName (Element Node) + CipherData (Element Node) - CipherValue (Element Node) - CipherData (Element Node) + CipherValue http://dotnetslackers.com/articles/xml/XMLEncryption.aspx http://www.w3.org/TR/xmlenc-core/

  15. XML Decryption Process

  16. Conclusions • XML Security is a feasible approach for multiple agency and coalition operations. • This thesis demonstrates practical results for a meaningful scenario • The approach works for any type of XML.

  17. Future Work • Certification and Accreditation of XML Encryption and Authentication for the unclassified Architecture • Contrast of XML Security with SSL and TLS • Mitigation techniques and tactics to isolate risks associated with Web Based Security methods. • Applicability of XML Encryption for real time web services • Application of XML encryption and authentication techniques within the classified arena • A Comparative Analysis and potential for document centric security using XML in support of CENTRIXS and Coalition Secure Management and Operations System (COSMOS)

  18. Contact Information • Jeff Williams jswillia@nps.edu jeffrey.williams2@navy.mil skype: williams6us • Don Brutzman brutzman@nps.edu Code USW/br Naval Postgraduate School Monterey, CA 93943 1-831-656-2149

  19. Brief Biography of LCDR Williams USN/1600 • LCDR Williams joined the Navy in 1987 through the Delayed Entry Program (DEP). He was commissioned through NROTC Atlanta Consortium via the BOOST program. • Since his commission in 1996 he has served at the following commands: • USS ESSEX (LHD-2) • Military Sealift Command Office (MSCO) Beaumont TX • Naval Network and Space Operations Command (NNSOC) • Destroyer Squadron Two Six (CDS-26) • Naval Postgraduate School (NPS) • Next Assignment: • Network Engineer Program Manager, Brussels Belgium • Industry Certifications • CISSP, CISA, CWSP, Security+, Network+, I-NET+, A+

  20. Acknowledgements • The thesis was developed under the guidance of Prof. Don Brutzman, PhD. Naval Postgraduate School and second reader Don McGregor, Research Associate Naval Postgraduate School at the Modeling Virtual Environment and Simulation (MOVES) Institute. • The Scenario Authoring for Visual Graphical Environments (SAVAGE) team’s expertise in the development and processing of information contributing to the proof of concept formulations. • Course work and further guidance from the Naval Postgraduate School Center of Information Security Research (CISR) contributed greatly in understanding and articulating key security concepts.

More Related