Secure Mobile Commerce based on XML Security

Transcription

1 Secure Mobile Commerce based on XML Security JOO-YOUNG LEE, KI-YOUNG MOON, and SUNG-WON SOHN Information Security Technology Division Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA etri.re.kr Abstract: - Companies across the world are turning to mobile commerce because mobility brings competitive advantages through personal contact, resource flexitbility and streamlined processes enabling comapanies to enhance revenue generation. Therefore success in the mobile commerce is dependent on the development and deployment of an end-to-end security solution that protects wireless network, devices, application and data. In order to fulfill such needs, currently some security technologies have been developed. While there are a plethora of security tools on the market, no one has offered an end-to-end security solution tailored to the specific demands of wireless environment. Therefore, in this paper, we ll propose an XML security method to help the secure mobile commerce and discuss some implementation issues to bring the XML security to mobile devices. As it allows protecting the data not only transferred over the network, but also stored within devices, it can provide end-to-end security. Additionally it serves full compatibility, flexibility, and extensibility by using XML. Key-Words: - XML Security, Wireless Devices, Mobile Commerce, Java 1 Introduction Companies across the world are turning to mobile commerce because mobility brings competitive advantages through personal contact, resource flexitbility and streamlined processes enabling comapanies to enhance revenue generation. But wireless e-business creates a whole new set of security risks and challenges. So they want to keep private, such as mobile e-commerce transactions, , and corporate data transmissions. Therefore success in the mobile environment is dependent on the development and deployment of an end-to-end security solution that protects your wireless network, devices, application and data[1]. However, wireless devices, including cellular phones and personal digital assistant (PDA) with Internet access, were not originally designed with security as a top priority. Furthermore most mobile devices have little or no built-in security functions. Users who chose to deactivate their passwords could inadvertently allow unauthorized access to applications and plain data in device. Additionally wireless devices may have Over The Air (OTA) remote configuration facilities that could be exposed and abused. In such a situation, success hinges upon careful selection of feature subsets without destroying compatibility. Any gap in defenses could be exploited to the detriment of companies, so organizations urgently need an end-to-end security strategy for mobile e-business. End-to-end security and full compatibility with large installed base of secure web severs are compelling reasons to consider the existing security solution for wireline, such as SSL/TLS for next generation wireless devices. However, each wireless security has it shortcomings. For example, SSL is too heavy weight for comparatively weak CPUs, low bandwidth, and high latency wireless system. For the reason, it is challenging to implement security in small foot-print devices with low processing power and small memory capacities and that use unreliable, low bandwidth networks. In this paper, we ll propose an XML security method for wireless devices to help the secure mobile commerce and discuss some implementation issues to bring the XML security to mobile devices. As it allows protecting the data not only transferred over the network, but also stored within devices, it can provide end-to-end security. Additionally it serves full compatibility, flexibility, and extensibility by using XML. 2 Related Works Currently some security technologies have been developed for wireless network and devices. While

2 there are a plethora of security tools on the market, until now no one has offered an end-to-end security solution tailored to the specific demands of wireless environment. 2.1 WAP based on WTLS Wireless Transport Layer Security (WTLS) is similar to the Internet s transport layer security protocol. It provides authentication, data integrity, and private services within wireless technologies limited processing power, memory capacity, and bandwidth[2]. But because many e-commerce and corporate sites use SSL-based security, a transmission to such a site from WAP phone must first pass through a gateway that converts the encryption formatting from WTLS to SSL. During this conversion process, however, the message is very briefly unencrypted and thus is subject to interception. 2.2 SSL for small devices Secure Socket Layer (SSL) for small devices may be one solution. It not only offers authentication, data integrity, and private services, but also clears the above-mentioned problem that may happen during conversion processing[3]. But it is too heavy weight for comparatively weak CPUs and low-bandwidth, high latency wireless networks and chatty handshakes involve some long messages. Additionally SSL memory requirements, both static and runtime, are known to be high. 3 Security Issues for Mobile Commerce Customers demand for an end-to-end package that allows security policies already in place for wired networks to be extended to wireless network. In order to provide end-to-end wireless security, it is necessary to cover all of these following issues. 3.1 Authentication Authentication is to ensure that users, clients and servers establish their identity. At some fundamental level, you want to be sure that the people you deal with are really who they say they are. The process of proving identity is called authentication[4]. A key aspect of security for activities such as mobile e-commerce and mission critical corporate communications is the ability to authenticate a message sender s identity. A failure of authentication can easily lead to violations of confidentiality, integrity, and availability. For example, protecting your secrets with encryption does little good if the true identity of your recipient is not what you anticipated. Digital signatures are used to identify the author of a message; people who receive the message can verify the identity of the person who signed them. They can be used in conjunction with passwords or as an alternative to them. 3.2 Confidentiality Confidentiality is to prohibit eavesdropping during data communication or disclosure from application or storage media[4]. It is important to protect the confidentiality of the data held in device. Data must be kept private, safe from interception and only available to users that are authorized to access it. One solution is protecting within the device any long-term keys used to encrypt private data. However, while it is straightforward to protect the confidentiality of wireless traffic, it is much harder to protect the confidentiality of the information held in the devices themselves. 3.3 Data Integrity Integrity is to verify that data has not been altered in transit by a third party, and to prevent forgery and unauthorized alteration[4]. Data must not be tampered with, because if it is modified it can become useless or dangerous, for example, false stock exchange information. Any electronic communication contains a theoretical risk that the data could be corrupted while in transit. The basic integrity problem is to ensure that the message from one principal to another are not corrupted by a malicious third principal. 3.4 Non-Repudiation Parties of a transaction need to be able to confirm the identities of the other parties and the date and time of the transaction[5]. For example a service provider may want to prove to its customer that a human, in which case the authentication mechanism must verify that it is a valid computer belonging to the legitimate organization. Non-repudiation is to prevent parties from falsely denying data transactions after they were supposedly done, enforcing accountability for electronic transactions. 3.5 Availabilty Availability is violated when the system is prevented from performing its intended function, as when someone brings down the web site of an online

3 store[5]. Data and machines must be accessible when needed. If resources are not available there is denial of service, which may cause frustration and financial loss. In some cases such as systems that are connected to production lines, where continuous service is essential denial of service has much more serious consequences. 4 XML Security for Mobile Commerce Security protocols dominant on the Internet commonly perceived as too big for small devices, and today s wireless architectures are proxy based and lack end-to-end security. An end-to-end security strategy needs to encompass an increasingly complex technology chain, including mobile phones, laptops and PDAs from multiple venders, multiple operating systems, various network standards, wireless e-business applications, and IT management frameworks. Additionally companies need to be kept abreast of current and future risk in order to react efficiently and effectively with minimal disruption to service and quality. The approach to the security model based on XML is a secure and resilience solution design that meets the business security and privacy requirements. It fulfills the security issues such as authentication, integrity, confidentiality, non-repudiation, and availability required for mobile commerce using wireless devices. In addition, due to the features of XML and Java, it offers compatibility, extensibility, and flexibility. Fig. 1 The XML security model for secure mobile commerce. In this section, we ll present components for XML security for mobile commerce. Fig. 1 depicts the XML security model. It consists of XML signature module, XML encryption module and cryptography module. XML signature and XML encryption will be described based on XML digital signature specification and XML encryption specification by W3C, respectively because they have already defined as the international standards and we need to conform to them. Next, we ll discuss some implementation issues to bring them to wireless devices having relatively small system resources. 4.1 XML Signature XML signature aims to guarantee the integrity and authentication to any digital content including XML documents[6]. It allows generating and verifying a signature for the entire document or specific parts of it. In order to generate a signature, it is the first step that resources to be signed are accessed and appropriately transformed. For example, enveloped signature transform removes the signature structure from the document prior to digesting. Next, Reference elements that contain URI, Transform Method, Digest Method and Digest Value can be generated after message digests are computed over each entity. When multiple resources are signed together, Reference elements for each resource can be included in the SignedInfo directly or contained in the Manifest element. In the latter case, the Reference element for the Manifest is only included in the SignedInfo structure. A Manifest is a list of entity References along with their digests, just like the main SignedInfo structure. This Manifest is included within the signature structure and is signed by including a Reference to it within the main signed info structure. During verification, however, the References within the Manifest need not be verified. A recipient can check these References secondarily, if required. SignedInfo element is generated, containing Canonicalization Method information for SignedInfo itself, Signature Method information, Manifest, Signature Properties, Object and References for other resource. This element allows a signature recipient to ensure that no signed entity has been modified. The location information allows the recipient to locate the signed entity. A new message digest can then be computed over this entity and compared with the message digest in the SignedInfo. By the properties of cryptographic message digest algorithms, if the

4 document has changed, the message digest will have changed. Therefore, if the two match, the document has not changed from the time of signing. A digital signature is computed over this SignedInfo fragment using the signature method indicated by SignatureMethod element in the SignedInfo. Canonicalization has to be performed before the digital signature computation using the canonicalization method indicated by CanonicalizatonMethod element in the Signed Info. The digital signature allows the recipient to ensure that the signed info fragment has not changed and that the document was signed by a particular person. An XML signature element is produced, containing the SignedInfo element, the digital signature value and various additional pieces of information such as the signer's key information, Object element, etc. Verification of a signature thus involves both checking the digital signature on the signed info fragment and checking the message digest of each entity listed in the signed info. The verification of XML signature is processed by following flow. Resources are accessed for verification using the URI information in the corresponding Reference element. Then they are transformed using the transform algorithm specified in the Transform Method element in the Reference. Digest Values of the resources are computed using the digest algorithm specified in the Digest Method element in the corresponding Reference. Computed Digest Values are compared with the Signature Value in the SignedInfo element. All the References are verified in this way. SignedInfo is canonicalized using the algorithm specified in the Canonicalization Method element in the SignedInfo. The signature is verified. First the public key information is obtained from the KeyInfo element and the signature value of the SignedInfo is calculated using the signature algorithm specified in the Signature Method element. The value is compared with the value in the SignatureValue ele ment. Manifest is verified. Digest Values of each Reference in the Manifest are verified. The verification processing is up to application program. The processing flow of XML Signature is depicted in Fig.2. In this flow, the structure of XML Signature is conformed to that of XML Signature Draft. Fig. 2 The processing flow of XML signature generation and the structure of signature. 4.2 XML Encryption XML Encryption is a method whereby XML content can be transformed such that it is discernible only to the intended recipients and opaque to all others[7]. Similar with XML signature, XML encryption specification describes a process for encrypting and decrypting digital content (including XML documents and portions thereof) and an XML syntax used to represent the encrypted content and information that enables an intended recipient to decrypt it. In order to encrypt an XML document, it requires two-step encryption process. One is for documents to be sealed, and the other is for a secret key used in encryption of document. For first step encryption, most of all, it is necessary to generate a secret key using Pseudo-Random Number Generator. The other hand, an XML document is encoded in a stream of bytes and compressed. It has advantages of reducing the size of a ciphertext generated as a result and preventing attacker from getting information related with the plaintext. Next, the compressed byte stream is encrypted using a symmetric encryption algorithm and the secret key generated right before, and then the ciphertext bytes are encoded in an XML node. The second step encryption is for the secret key that is used in encrypting an XML document. It is encrypted using a particular recipient s public key. The ciphered secret key is also encoded in an XML

5 node and Ancillary information (such as the encryption algorithm used, etc) is encoded as further XML nodes. XML nodes generated previously are organized into a DTD-defined XML structure and returned to the caller. The following Table 1 summarizes the encryption process described right before. To unseal the encrypted document, first of all, the ancillary information is decoded to check what algorithm was used to encrypt the document. The recipient s private key is used to decrypt the embedded secret key contained within the XML document. The embedded XML ciphertext is decrypted using the selected symmetric encryption algorithm and the deciphered secret key. If the decrypted stream of bytes was compressed, it needs to be decompressed. Finally, the resulting stream of bytes is decoded back into an XML structure to form the nodes of the hierarchy. 4.3 Cryptography Algorithm In order to support XML signature and encryption, a cryptography library contains symmetric and asymmetric cipher algorithms, hash algorithms, digital signature algorithms, and key generation algorithms. The security services and cryptographic algorithms basically required are listed in Table 2. Table 1. The process of making an encrypted XML document. 1. Generate a symmetric key 2. Encode an XML document to byte stream 3. Compress byte stream Optional 4. Encrypt byte stream 5. Encode byte stream Base64 6. Encrypt the symmetric key with asymmetric key 7. Encode the encrypted the symmetric key with Base64 8. Encode the ancillary information Table. 2 The required security services and cryptographic algorithms by default. Cryptographic Security Services Algorithms Message Digest Block Cipher Cipher (Asymmetric) Signature SHA1, MD5 DES, DESede, AES RSA DSA 5 Implementation Issues In this section, we ll discuss some implementation issues to bring XML security to wireless devices having relatively poor system resources. 5.1 XML Parser We need to parse XML as part of J2ME application. As XML parsing, traditionally, is a relatively intensive task in terms of processing power and memory, we ll need to be careful in selecting a parser for a MIDP environment. To select a proper parser, we can consider following conditions. First, we can take an account its code is small and it doesn t take gobs of memory to parse a document. Small parsers for J2ME devices are evolving rapidly, and there are already nice choices of decent parsers that don t take up a lot of space, such as ASXMLP, kxml, MinXML, TinyXML and so on[8]. Second, we have to give up on running a validating parser in a MIDP environment. Validation is fairly intensive work, and the extra memory and processing requirements will reduce mobile phone to a smoldering heap of scrap metal before you can finish parsing a document. But we need not to give up on validation entirely it may still be useful during development cycle. We can use J2SE client with validating parsers to emulate our MIDP clients. We may well flush out bugs in XML documents this way. Once everything is running smoothly, switch over to the nonvalidating parsers in the MIDP clients. 5.2 Cryptographic Algorithm We need a cryptography package, which is organized so that it constrains a light- weight API suitable for use in mobile environment with the additional infrastructure to conform the algorithms to the JCE framework. Although J2ME provides a few security classes such as Cipher class, they can t be public for export clearance and are no open crypto APIs. Therefore we need to implement our own security service APIs and algorithms. Like XML parsing, cryptographic operations are intensive task in terms of processing power and memory. As one solution, we can consider exploring support for Elliptic Curve Cryptography (ECC). It provides a high level of security while demanding fewer computing and memory resources than other encryption approaches[9]. This is an important consideration for the small-footprint handheld devices.

6 In addition to this, we have to amortize the cost of expensive operations by reusing their results multiple times. 5.3 WPKI Although PKI is not the direct component of the XML security for wireless devices which we have proposed until now, we consider this mechanism as an indirect participant because it provides a set of technologies that relies on encryption and digital certificates for a digital signature. The certificates are message attachments, issued by a certificate authority, that authenticate a sender s identity and provide encryption keys. PKI is difficult to implement in the wireless world. Although there are several ways to accomplish them using variations of wireline PKI mechanism, the challenges have been designing PKI to work on devices with low throughput and computational power and developing wireless PKI systems that can interact with their wire line counterpart. There are several PKI products for wireless communications. Using technology from security venders such as Certicom, etrust, and VeriSign, Neomar is shipping a commercial wireless browser that can store and manage PKI keys[3]. 6 Concluding Remarks and Further Works In this paper, we have proposed the security model based on XML for secure mobile commerce. Because today s wireless architectures lack end-to-end security, a truly effective, future-proofed wireless security need to offer integrated technology, processes and organizational solutions. Extending XML security to wireless environment can meet all of the challenges required of wireless security. It provides end-to-end security by protecting data when they are not only transferred over the network, but also stored in wireless devices. Additionally, properties of XML and Java allow full compatibility with large installed base of secure web servers, extensibility, and flexibility. These are compelling reasons to consider XML security as for wireless device as the security solution for next generation smart phones or PDAs. Although we have proposed an end-to-end security solution for wireless devices, there are still many things to do. First, we have to develop a demo application for wireless devices, test its performance, and think of the reuse method to improve the performance. Careful implementations of Internet security have acceptable performance on today s wireless, mobile devices. References: [1] The wireless security acceleration team, End-to-end wireless security: Integrated solutions that protect your business and your customer, www-3.ibm.com/security/ index.shtml, Dec [2] S. K. Miller, Facing the challenge of wireless security, IEEE Computer, pp.16~18, July [3] PWH, E-Business Technology Forecast, PriceWaterHouse Coopers, May [4] Ovum, E-Business Security: New Directions and Successful Strategies, [5] S. Garfinkel and G. Spafford, Web Security & Commerce, O Reilly & Associates Inc., [6] IETF/W3C, XML-Signature Syntax and Processing (Working Draft), October 2000, / [7] IETF/W3C, XML-Encryption Syntax and Processing (Working Draft), March 2002, / [8] J. Knudsen, XML going wireless, XML Journel, vol. 2, issue. 11, Nov [9] J. Knudsen, Java Cryptography, O Reilly & Associates Inc., 1998.