IBM [11] DOM : Web Services, security, WS-Security, XML, performance, RSA DSA HMAC

Size: px

Start display at page:

Download "IBM [11] DOM : Web Services, security, WS-Security, XML, performance, RSA DSA HMAC"

Quentin Boone
5 years ago
Views:

1 WS-Security IBM Abstract: Web Services Security () Web Services Security XML SOAP SSL XML XML Signature [11] XML DOM Encryption [13] 58% 1.2 XML Signature XML Signature ( : Web Services, security, WS-Security, XML, performance, )XML RSA DSA HMAC 1. Web XML Services Security [9] [1] ( ) DOM (DOM ) (canonicalization, c14n) XML Signature Exclusive XML Canonicalization [12] 1.1 Web Services Security SOAP [8] 1.3 DOM XML XML DOM SAX 2 API DOM XML SAX SOAP DOM SAX SSL DOM DOM

2 XML Signature DOM XML Encryption Java 2. DOM SAX [1] XML Signature Exclusive XML Canonicalization Java UTF-16 XML Incoming Message Matching Result XML <Envelope> signature_value=abc cipher_value=def <SignatureValue> UTF-8 ABC </SignatureValue> Automaton UTF-8 <Body> <EncryptedData> <CipherValue> DEF UTF-16 </CipherValue> </EncryptedData> </Body> UTF-8 </Envelope> DOM-based UTF-8 XML <Body> Figure 1 Operations Template-based Operations <CipherValue> ${cipher_value} SAX </CipherValue> </EncryptedData> </Body> DOM </Envelope> Message Template Figure 1: DOM 45% DOM SOAP XML 1.4 SSL DOM SOAP over SSL XML DOM SSL 1 1 SSL SSL XML SOAP <wsse:security> SOAP XML ( )Base64 XML 2.1 XML Base64 1 SOAP XML Signature SOAP XML SOAP SSL -to- <Envelope> <SignatureValue> ${signature_value} </SignatureValue> <EncryptedData> (In case of match) (In case of mismatch) Add Template into the Automaton Template Generator Result <Envelope> <SignatureValue> ABC </SignatureValue> <Body> <getquote /> </Body> </Envelope>

3 <SOAP-ENV:Envelope > <ds:signaturemethod Algorithm= ${algorithm} > <ds:canonicalizationmethod XML XML XML <SOAP-ENV:Envelope > <ds:signaturemethod Algorithm= ${algorithm} ( ) > n<ds:canonicalizationmethod XML Figure 2: <soap:envelope > 1 <dsig:signaturemethod Algorithm= ${algorithm} > <dsig:canonicalizationmethod Add a template into an automaton <ds:signaturevalue> ${signaturevalue} < </ds:signaturevalue> <ds:signaturevalue> 5678ABCD== soap:envelope > <dsig:signaturemethod Algorithm= </ds:signaturevalue> ${algorithm} ${algorithm} ${signautrevalue} 567ABCD== > n<dsig:canonicalizationmethod XML SOAP-ENV:Envelope > <ds:signaturemethod Algorithm= > n<ds:canonicalizationmethod (Figure 2) Figure 3: 2.2 XML (Figure 3) XML : (> > ' ) XML DOM XML ( )

4 HMAC-SHA1 Figure 5 X 1 65 Y 1, 3, 4 Triple DES HMAC-SHA1 2 XML RSA-v1.5 RSA Figure 4 Figure 6 X {None, foo bar Symmetric} (HMAC-SHA1) Y ' 1024 Original Message <S:Body><GetQuote foo= foo bar= a'b >XXX</GetQuote></S:Body> C14n Pre-template <S:Body><GetQuote foo= ${attr1} bar= ${attr2} >${text1}</getquote></s:body> C14n Post-template <S:Body xmlns=><getquote bar= ${attr2} foo= ${attr1} >${text1}</getquote></s:body> <S:Body xmlns=><getquote bar= a b foo= foo >XXX</GetQuote></S:Body> C14n Result Figure 4: (a) 1 XML W3C XML Schema [14] xsd:boolean xsd:enumeration (b) Figure 5: Triple DES

5 (a) ( )Y (KBytes) Receiver; Type=Template; Alg={Symmetric, Symmetric}; Size= Memory Usage Memory usage (Matching Only) (b) Figure 8: Figure 8 X Y (KBytes) Figure 6: 2 DOM % DOM <ds:digestvalue> SOAP Body 1 SOAP Body Figure 7: DOM Figure 7 Template (Matching Only) 2 X

6 2.5MB IASTED PDCS [7] N. Abu-Ghazaleh, M. J. Lewis and M. 2 Govindaraju, Differential Serialization for Optimized SOAP Performance, in DOM Proceedings of the IEEE HPDC-13, [8] W3C Recommendation, SOAP Version 1.2 Part 1: Messaging Framework, 5 [9] Web Services Security Core Specification, DOM 58% wsssoap-message-security-1.0.pdf [10] OASIS Web Services Security TC, XML XML [11] W3C Recommendation, XML Signature Syntax and Processing, [12] W3C Recommendation, Exclusive XML Canonicalization Version 1.0, SSL [13] W3C Recommendation, XML Encryption References Syntax and Processing, [1] S. Makino, K. Tamura, T. Imamura and Y. Nakamura, Implementation and [14] W3C Recommendation, XML Schema, Performance of WS-Security, in International Journal of Web Services Research, Vol. 1, No. 1, March [2] T. Takase, H. Miyashita, M. Tatsubori and T. Suzumura, An Adaptive, Fast, and Safe XML Parser Based on Byte Sequences Memorization, to appear in Proceedings of the WWW [3] G. Apostolopoulos, V. Peris and D. Saha, Transport Layer Security: How much does it really Cost?, in Proceedings of the IEEE INFOCOM [4] M. Govindaraju, A. Slominski, V. Choppella, R. Bramley and D. Gannon, Requirements for and Evaluation of RMI Protocols for Scientific Computing, in Proceedings of the IEEE/ACM SC2000. [5] H. Liu, S. Pallickara and G. Fox, Performance of Web Services Security, Technical Report, November 2004, lications/perf.pdf [6] K. Devaram and D. Andresen, SOAP Optimization via Parameterized Client-Side Caching, in Proceedings of the

Application-aware Interface for SOAP Communication in Web Services

Application-aware Interface for SOAP Communication in Web Services Hao Wang 1, 2, Yizhu Tong 1, 2, Hong Liu 1, 2, Taoying Liu 1 1 (Research Centre for Grid and Service Computing Institute of Computing