DOI QR코드

DOI QR Code

Design and Implementation of a new XML-Signcryption scheme to protect the XML document

XML 문서 보안을 위한 새로운 XML-Signcryption scheme 설계 및 구현

  • 한명진 (삼성전자 CTO 전략실 소프트웨어센터) ;
  • 이영경 (부경대학교 대학원 전자계산학과) ;
  • 신정화 (부경대학교 대학원 전자계산학과) ;
  • 이경헌 (부경대학교 전자컴퓨터정보통신공학부)
  • Published : 2003.08.01

Abstract

As the XML is approved standard language by the UN, the progress which complemented the XML security has being processed rapidly. In this paper, we design and implement the "XML-Signcryption" as a security mechanism to protect the XML document that can operate between other platforms. The signature and encryption which is the standard specification in W3C needs to be able to proceed them separately. Generally the signature and encryption require four times modular exponential operation, however the signcryption only needed three times modular exponential operation. This will benefit overall system effectiveness in terms of cost. And this scheme offers to convenient the user, because the signature and encryption implement as a single XML format. This tool can save the parsing time as a number of tags is few within a document. And also, in this paper, based on a research of Web Services security, we can apply XML-Signcryption to the SOAP message to provide the security services. Based on the XML-Signcryption scheme which provides confidentiality, integrity, authentication and non-repudiation to the XML document and Web Service security simultaneously.

Keywords

References

  1. W3C, XML-Signature Syntax and Processing, http://www.w3.org/TR/2002/REC-xmldsig-core-20020212, 2002
  2. W3C, XML Encryption Syntax and Processing, http://www.w3.org/TR/2002/CR-zmlenc-core-20020802, 2002
  3. SOAP security extensions http://www.trl.ibm.com/projects/xml/soap/wp/wp.htm#SOAP, November, 2000
  4. W3C, SOAP Security Extensions : Digital Signature, http://www.w3.org/TR/SOAP-dsig, 2001
  5. Proposed Federal Information Proceeding Standard for Digital Signature Standard(DSS), Federal Register, Vol.56, No.169, 1991
  6. Y. Zheng, 'Digital signcryption or how to achieve cost (signature and encryption) << cost (signature) + cost (encryption),' Advances in Cryptology, Proceedings of CRYFTO '97, LNCS, Vol.1294, pp.165-179, Springer-Verlag, 1997 https://doi.org/10.1007/BFb0052234
  7. Y. Zheng, 'Signcryption and its application in efficient public key solutions,' Proc. of Information Security Workshop(ISW'97), LNCS, Springer-Verlag, Vol.1396, pp.291-312, 1998 https://doi.org/10.1007/BFb0030430
  8. F. Bao and H. Deng, 'A signcryption scheme with signature directly verifiable by public key,' Proceeding of Public Key Cryptography (PKC '98), LNCS Vol.1431, pp. 55-59, 1998 https://doi.org/10.1007/BFb0054014
  9. A. J. Menezes P. C. van Oorschot and S. A. Vanstone, 'Handbook of Applied Cryptography,' 1997
  10. Joe, Web Service Gotchas, IBM, 2002
  11. Patrick, Professional XML Web Services, Wrox, 2001
  12. Ben, Professional Java Web Services, Wrox, 2002
  13. Blake, XML Security, Mc Graw Hill, 2002
  14. Cauldwell, Professional XML Web Services, Wrox, 2001
  15. Building Web Services with Java (Making Sense of XML, SOAP, WSDL, and UDDD, SAMS, 2002
  16. 한명진, 이경현, 'XML web services 보안을 위한 XML-Signcryption 설계', 한국정보과학회 추계학술발표논문집, 2002