Tutorials to .com

Tutorials to .com » Dotnet » Webservice » SOAP Security Extensions: Digital Signature <zt>

SOAP Security Extensions: Digital Signature <zt>

Print View , by: iSee ,Total views: 7 ,Word Count: 4207 ,Date: Wed, 20 May 2009 Time: 7:32 PM

SOAP Security Extensions: digital Signature (SOAP-DSIG) defines the digital signature using SOAP message and verify the signature syntax and processing rules. This article discusses the SOAP-DSIG and SSL have what kind of relationship, and describes how these two technologies are complementary.

Digital signature so that the initial users and software to reliably send a message. Unfortunately, the simple object access protocol (Simple Object Access Protocol, SOAP) 1.1 does not include the provisions of the signature information, and therefore there is no such security. I and my companions have been proposed to add SOAP digital signature technology (it was included for the World Wide Web Consortium SOAP-DSIG note), to define ways to use digital signatures as well as the SOAP message to confirm the signature syntax and processing rules. Since then the technology has been applied to IBM, Microsoft and other companies made products.

However, SOAP-DSIG must use Secure Sockets Layer (Secure Sockets Layer, SSL), which is a Web site has been the most widely used security technology. Therefore, we should make such an issue: SOAP-DSIG and SSL have what kind of relationship? The difference between these two technologies, then what is it?

This article answers these questions and describes how these two technologies in their own inadequacies complementary with each other to achieve. Similarly, HTTP (the HTTP is SOAP) a wide range of applications, this paper will be mainly to HTTP as the transport layer to focus on. However, you should pay attention to, SOAP and SOAP-DSIG and are independent of the existence of transmission, which can be used on other transport protocol such as SMTP, FTP and MQ. In the use of other transport protocol, you need to know SOAP-DSIG and the transport layer (for example, SMTP in the S / MIME) security of the corresponding kind of relationship with, that is what I will be in the description of the contents of this article.

HTTP was originally introduced <br> Although only HTML documents as a transmission protocol development, and now your Web site through the CGI script or java servlet can use it to order products and services. Ordering products on the Internet, you may need to send credit card numbers and other personal information. However, you should only put this information in a safe way to send to the HTTP server to be trusted, so that no third parties can intercept hostile and steal the information. The development of SSL is to address these privacy and server authentication issues, it is now widely used.

With these business-to-customer (B2C) application of different business-to-business (B2B) applications, not by the browser used to display the HTML document, but by a computer to process an order. For example, goods orders and data may be used, such as xml rather than HTML format description, and for the exchange of HTTP and SOAP.

SOAP is an xml document used to exchange any of the standard message-passing layer, Web services is one of the main components. In addition to SOAP, there are other relevant technologies such as Universal Description, Discovery and Integration (Universal Description, Discovery and Integration, UDDI) and Web Services Description Language (Web Service Description Language, WSDL), but this article does not wish to discuss these technologies. (Need to mention in this article on the technology link, please see the reference section.)

In the development of SOAP-based Web services and B2B applications, security issues are still very important. Especially in commercial transactions between enterprises, the non-repudiation security requirements need to be met. SOAP-DSIG is proposed for this purpose. In this paper, answer the following questions: What is a non-repudiation? SOAP-DSIG and SSL is how to combine in order to achieve non-repudiation?

Messaging security requirements of each SOAP message <br> has a SOAP envelope and SOAP encoding. SOAP envelope can be used to load an xml document in any data structure. SOAP encoding is used to encode non-XML data as XML documents, so that it can be installed in the SOAP envelope in the transmission. Typically, the code intended to be used similar to Remote Procedure Call (RPC) applications. As a result of this article is focused on SOAP envelope is not directly related SOAP encoding, so it applies to any SOAP-based applications, including RPC and B2B applications.

In the beginning of, I will outline from one computer (sender) to another computer (receiver) transmission of the message the general safety requirements. Rather, I will be talking about the news authentication, sender / receiver authentication, as well as non-repudiation. Please note that here described the security of the SOAP request is not proprietary, they can apply to any kind of message transfer.

The first requirement is to encrypt confidential. Due to the confidentiality requirement is to meet through the use of SSL, and SOAP-DSIG not resolved, it will not be discussed in this article. I am concerned about the security requirement is authentication. Please consider the following two questions:

● From the sender's point of view: When sending messages, the identity of the target receiver is how it has been proven?
● From the perspective of the receiver: receiving message, the sender identity and message is how to get it authenticated?

Here, I will be two types of authentication as a combination of security requirements. One is the creator of the message authentication, it is known as the message authentication. The other is the sender and receiver identity authentication, it is known as the sender / receiver authentication. That may exist in unreliable or malicious computer network environment, the creation of messages and the sender information is not always the same. For example, if there is malicious in some way to steal one from the sender to create a legitimate message may be forwarded to anyone. Therefore, this difference is important.

These two types of authentication involves the following areas:

Message Authentication:
Message authentication to ensure that the information will not be transmitted be changed in the way and create the identity of the news will not be abused. Typically, authentication information can be transmitted in the message or attach a digital signature Message Authentication Code (Message Authentication Code, MAC) to achieve. Here you need to be aware that authentication information can not guarantee who sent the message.
sender / receiver authentication:
Sender and receiver authentication to ensure that the sender and receiver, respectively, claimed that they were. In other words, the sender can confirm the news of their wishes in the identity of the recipient, and to receive in order to confirm the identity of message sender. Please note that the sender / receiver authentication Who can not guarantee that the information created.

The next part, I will outline the realization of the above two security requirements of security technology.

<br> Authentication technology news, as mentioned above, in order to meet the requirements of authentication information, use two common techniques: Message Authentication Code (Message Authentication Code) and digital signatures. Here are some of their advantages and disadvantages.

● Message Authentication Code (Message Authentication Code, MAC):
SSL will be appended to the mac of the message transmission, SOAP-DSIG can also be used to attach MAC. As a result of the calculation of MAC faster than digital signatures, so it, such as SSL for data transmission, such as a large quantity of the Transport Layer Security is practical. However, since the MAC is a sender and receiver share the key to the calculation, so it can only guarantee that the news has not been transmitted by the sender is created by the receiver. In other words, from the perspective of a third party, you are not sure what the message is created by the sender or the receiver was created.
● Digital Signature:
SOAP-DSIG initial motivation in the SOAP message is an additional digital signature. In particular, SOAP-DSIG defines the SOAP message to the XML signature of the additional data formats. Since the digital signature is based on public key cryptography-based, so a digital signature by calculating the time spent is often longer than the calculation of a multi-MAC. And because the sender and the recipient share a key is no longer required, so you will be able to identify the source of the identity of the creator, in other words, it ensures that the signer is the founder.

Sender / receiver authentication technology <br> sender / receiver authentication, there are two widely used technologies. Please note, HTTP client (server) can be can also be sent to the recipient.

● Password Authentication:
This is a widely used mechanism, in fact, Amazon.com has been the use of such a mechanism. Typical examples include HTTP basic authentication and forms-based authentication. It can be used for sender authentication, in which case the HTTP client should be used to send a message. HTTP client can send its identity and password to the HTTP server to confirm his identity. As the password needs to be kept confidential, it is often used to send SSL.
● SSL server / client authentication:
This is an HTTP-based server and client's public key certificate of the identity of their two-way authentication technology. SSL server authentication on the Internet in particular has been widely used, such as Amazon.com. On the other hand, SSL client authentication is optional, is also not yet used in many Web sites. However, in some public key certificate is distributed to each account holder's circumstances, such as in online transactions, SSL client authentication will be used to verify the identity of the account holder.

On security, the password authentication and SSL authentication can not be directly compared. However, due to the need for SSL public key certificate and the corresponding special key (which must be issued by the management), so the management of a password-based authentication system than the management of an SSL-based authentication system to be easier. As key revocation and update must have a CRL (Certificate Revocation List, CRL), so for the release and management of public key certificate and the corresponding demand for a dedicated key is becoming increasingly high.

What is a non-repudiation?
In addition to the above two security requirements, the non-repudiation is also important to B2B application request. Non-repudiation of the demand was caused by a malicious sender. Non-repudiation to ensure that the malicious sender can not subsequently deny their information to create and send a fact-specific. This means that non-repudiation to ensure that the sender of the message and the news created by the same person.

For example, suppose a company to create and send a purchase order to B business. When the B in dealing with the orders and money orders out later, a company should not deny the fact that sending the purchase order. In order to meet the requirements of non-repudiation will also need to source authentication and sender authentication. (The recipient authentication has nothing to do with the non-repudiation)

The use of digital signature authentication of the message can not meet the conditions for non-repudiation. Because only a digital signature and sender can not guarantee that the claims of their own people, information transmission is vulnerable to malicious attacks, such as third-party reproduction technology, such as attacks.

For example, suppose a company with a digital signature to the purchase order is sent to B business. In addition, the assumption of c another malicious means to gain access through a copy of an order. If the C++ repeat business orders sent to the company B, then B will be enterprises from a business as the other orders (from C to attack the re-emergence of enterprises). Similarly, a malicious can also deny the second order, and claimed that the second order of C is a malicious attack reproduce the results of enterprises, despite the fact that it is a business to send orders. Of course, the message MAC authentication for non-repudiation of no use, because, as mentioned above, as no one can determine whether the message is created by the sender or the receiver was created.

Similarly, sender authentication can not meet the conditions for non-repudiation. Can not be guaranteed due to the way the news has not been modified, a malicious sender can claim that the recipient received the message has been modified along the way, although the news is from a malicious sender created.

In general, in order to satisfy the requirements of non-repudiation, it is necessary to use digital signatures to satisfy the requirements of the authentication information of the sender at the same time meet the requirements of authentication.

How to achieve non-repudiation using SOAP-DSIG and SSL
Now, I will not deny the point of view of analysis of SOAP-DSIG and SSL relations. As part of this analysis of the environment, I will first describe a typical scenario, in which case, a pair of request / response messages through the SOAP-DSIG signatures, and the use of HTTP exchange. The following is an example of a request message. 1 in the list, <SOAP-ENV:Body> element includes the purchase of IBM stock on behalf of the application data of the orders. In addition, the use of SOAP-DSIG, the <SOAP-ENV:Body> get a signature element, and the generated signature (<SOAP-SEC:Signature> elements) included in the first part of SOAP. In this example, the key used to sign messages through <ds:KeyName> elements ( "Michael") to identify, so that it ensures that the SOAP message is created by the user Michael. In other words, SOAP-DSIG is used to meet the requirements of authentication information. Finally, by the signature of the SOAP message (<SOAP-ENV:Envelope> elements) are placed in a HTTP POST request in the payload, and sent to an online transaction server. Please note that the HTTP request can be sent through the SSL.

Please refer to the list of 1 to understand the typical SOAP-DSIG request message.
Receiving the order, the online transaction server is to create a receipt, as the HTTP response and send it to Michael. In a similar way, receipts can be used to sign SOAP-DSIG. The list 2 is an example of a receipt.
Please refer to the list of 2 to understand the response of the SOAP message.
These lists show how to obtain the SOAP message is signed and carried out in the exchange of HTTP. Please note that it is important, you can exchange through the SSL on HTTP messages to the above-mentioned use SOAP-DSIG and SSL. Table 1 summarizes the security requirements which can be SOAP-DSIG and SSL to meet. SSL provides confidentiality and sender / receiver authentication. SSL will also be added to the MAC of the message transmission to function. On the other hand, SOAP-DSIG can not only transmit information in the addition of MAC, but also adding a digital signature, but the sender / receiver authentication is still not enough, because it vulnerable to attacks such as reproduction, as attacks. Therefore, SOAP-DSIG and SSL for the inadequacies of each other provides a complementary function.


Table 1: A SOAP-DSIG and SSL 1 to meet the security requirements

Technology

Met the security requirements

SSL

Confidentiality, sender / receiver authentication, as well as information for use MAC authentication

SOAP-DSIG

With MAC and digital signature authentication information to achieve

Remember, in order to satisfy the requirements of non-repudiation, you at least need to ensure that the use of digital signatures with message authentication and sender authentication. Therefore, at the same time the use of SOAP-DSIG and SSL (with client authentication) is to achieve the first step in non-repudiation. Rather, that is, you use SOAP-DSIG digital signature authentication of the message, using SSL client / server authentication for sender / receiver authentication. Please note, SOAP-DSIG and SSL itself can not guarantee non-repudiation.

In addition, an important point to remember is that SOAP messages must always ensure that that is the signature of the sender information. To achieve this, I suggest that in the SOAP-DSIG and SSL exclusive use of a public key and the corresponding public key certificate. Rather, in the above example, HTTP is used to sign a special order request should be key for SSL client authentication the same key. Similarly, in the HTTP response to the receipt of a dedicated key signature should also be used for SSL server authentication the same key. Signed from the point of view of confirmation, in order to verify the signatures of orders (or the signature of receipt), to confirm the adoption of SSL can authenticate using SSL client certificate public key (or SSL server's public key certificate). In this case, the above-mentioned examples of messages can be omitted <ds:KeyInfo> elements.

Efforts to achieve more security B2B application <br> we need to ask, B2B applications in order to achieve non-repudiation at the same time the use of SOAP-DSIG and SSL adequacy conditions. Unfortunately, from a strictly security point of view, the answer is no. Now I will take into account the recipient of malicious attacks, and a detailed description of how to protect applications from such attacks. Application design and development of staff must be responsible for providing such protection, because the SOAP-DSIG not make any definition of such an attack.

As mentioned above, from the re-emergence of a malicious third party attacks are the most vulnerable to attack. And SSL to protect applications from attack again. SSL to achieve due to the confidentiality of the information was encrypted transmission, it does not have a malicious third party can steal the information. Even if a malicious third party to steal information, unless he can break through SSL client / server authentication, otherwise the message can not be re-issued to other parties. So look at the same time the use of SOAP-DSIG and SSL for the realization of non-repudiation is already sufficient, then I will now provide two from the malicious receiver (as opposed to a third party) attacks.

Please imagine that a malicious receiver claimed that the two received from the sender of the message, even though the sender sent only once. Since the digital signature scheme can not guarantee that information be sent to the number of signatures and send it, then no one will be able to establish a malicious receiver of the authenticity of the statement. Therefore, a malicious receiver may succeed. On the contrary, a malicious sender may claim that he only sent a message, even if in fact it sent more than once. In order for the application of such attacks or to avoid ambiguity, the application designer or developer should be in the application data to be signed in to add a nonce (current logo). nonce is a sender (signer) New generation of non-duplication of the string, so that the recipient will be able to target only of a check. nonce is usually able to achieve for the counter (a serial number) or time postmark. By adding nonce, will be able to send the same message several times to distinguish between the.

Please imagine, malicious receiver has received the SOAP message by the signature and forward it to another malicious side. Claimed that if the malicious party has received from the sender of the message signed, then what would happen then? Since the digital signature scheme can not guarantee who is the news of the signature of the target recipient, then there will be no malicious party were able to determine the authenticity of the statement. Therefore, the malicious party is likely to succeed. To allow applications to avoid such attacks or vague points, the application designer or developer should be signed in to add application data target recipient's identity. The identity of the recipient can use the name of the recipient's public key certificate or other means to express.

As described above, as to deny the fact that the security for example, in the application data to be signed at the same time adding the goal nonce and the identity of the recipient is very important. A list of 3 is an extension of the above-mentioned examples of order information. Please note, nonce (20010711-0001287634) and the recipient's identity is to be added to orders for the main body of the SOAP message. Received a signed order, online transaction server nonce on the need to recognize the uniqueness and check whether their identity has been designated as the target recipient.
Please refer to the list of 3 to view the order information.
This article explains <br> summed up the fact that: Although the SOAP-DSIG and SSL does not provide the same functionality, but they can provide each other's deficiencies to provide complementary functions. In the near future, I hope that many businesses can be accessed on the Internet through HTTP to exchange XML documents using SOAP. Therefore, at the same time the use of SSL, and SOAP-DSIG is to protect the transmission of SOAP message security in order to achieve non-repudiation of the most promising approach.

Reference
  • SOAP Security Extensions: Digital Signature (SOAP-DSIG) was published as a W3C Note.
  • SOAP-DSIG in WebSphere Application Server Version 4.0 has been achieved.
  • SSL e-commerce site in a number of applications received, including Amazon.com.
  • SOAP (Simple Object Access Protocol, Simple Object Access Protocl) the exchange of XML documents is a standard news story, but also Web services, one of the main components.
  • And SOAP technology, including closely related to the UDDI (Universal Description, Discovery and Integration, Universal Description, Discovery, and Integration) and WSDL (Web Services Description Language, Web Service Description Language).
  • SOAP-DSIG defines a SOAP message to the additional signatures XML data formats.
  • Recently, W3C for standardization of XML encryption to create a XML Encryption Working Group, and has released a working draft.
  • Readers interested in the IBM alphaWorks of Web Service Toolkit in a prototype realization of SOAP encryption.
Haneda <br> About the author know the history of the IBM Tokyo Research Laboratory researchers, engaged in research work messaging. He is SOAPSecurity Extensions: Digital Signatures Note (World Wide Web Consortium has been accepted as the Residual SOAP1.1), one of the authors. Satoshih@jp.ibm.com can communicate with him.


.Net WebService Articles


Can't Find What You're Looking For?


Rating: Not yet rated

Comments

No comments posted.