Skip to main content
Article thumbnail
Location of Repository

XML Security in XML Data Integrity, Authentication, and Confidentiality

By Baolong Liu


The widely application of XML has increasingly required high security. XML security confronts some challenges that are strong relating to its features. XML data integrity needs to protect element location information and contextreferential meaning as well as data content integrity under fine-grained security\ud situations. XML data authentication must satisfy a signing process under a dependent and independent multi-signature generation scenario. When several different sections are encrypted within the XML data, it cannot query the\ud encrypted contents without decrypting the encrypted portions. The technologies relating to XML security demand further development.\ud \ud \ud This thesis aims to improve XML security relative technologies, and make them more practicable and secure. A novel revocation information validation approach for X.509 certificate is proposed based on the XML digital signature technology. This approach reduces the complexity of XKMS or PKI systems because it eliminates the requirement for additional revocation checking from XKMS or CA. The communication burden between server and client could be alleviated.\ud \ud \ud The thesis presents the context-referential integrity for XML data. An integrity solution for XML data is also proposed based on the concatenated hash function. The integrity model proposed not only ensures XML data content integrity, but also protects the structure integrity and elements’ context relationship within an XML data. If this model is integrated into XML signature technology, the signature\ud cannot be copied to another document still keeping valid.\ud \ud \ud A new series-parallel XML multi-signature scheme is proposed. The presented scheme is a mixed order specified XML multi-signature scheme according to a dependent and independent signing process. Using presented XML data integrity-checking pool to provide integrity-checking for decomposed XML data, it makes signing XPath expression practicable, rather than signing XML data itself.\ud \ud \ud A new labeling scheme for encrypted XML data is presented to improve the efficiency of index information maintenance which is applied to support encrypted XML data query processing. The proposed labelling scheme makes maintenance\ud index information more efficient, and it is easy to update XML data with decreasing the number of affected nodes to the lowest. In order to protect\ud structural information for encrypted XML data, the encrypted nodes are removed from original XML data, and structural information is hidden.\ud \ud \ud A case study is carried out to demonstrate how the proposed XML security relative approaches and schemes can be applied to satisfy fine-grained XML\ud security in calibration certificate management

Topics: T1
OAI identifier:

Suggested articles


  1. (1989). A Certified Digital Signature.
  2. (1991). A digital multisignature scheme based on the fiatshamir scheme. Advances in Cryptology,
  3. (2000). A general model of Multisignature Scheme with Message Flexibility, Order Flexibility and Order Verifiability. ACISP
  4. (2007). A General Model of Structured Multisignatures with Message Flexibility. doi
  5. (2007). A processing model for the optimal querying of encrypted XML documents in XQuery. In:
  6. (2008). A scalable authentication model based on public keys”,
  7. (2005). A security architecture integrated co-operative engineering platform for organised model exchange in a Digital Factory environment.
  8. (2004). A structured ELGamalType Multisignature Scheme.
  9. (2008). A survey on querying encrypted XML documents for databases as a service,
  10. (2005). An Approach to XML Key Management Specification in X-Certificator.
  11. (2006). An efficient approach to support querying secure outsourced XML information.
  12. (1992). An optimal algorithm for generating minimal perfect hash functions.
  13. (2002). An Order-Specified Multisignature Scheme Secure against Active Insider Attacks.
  14. (2004). An XML multisignature scheme.
  15. (2001). Applied Cryptography, 2.nd ed.
  16. (2002). Authenticating distributed data using Web services and XML signatures.
  17. (2004). Authorisation and access control for electronic health record systems.
  18. (2002). available at: (Accessed on
  19. (2003). Available at: (Accessed on
  20. (2002). available at: (Accessed on
  21. (2001). Canonical XML Version 1.0,
  22. (2007). Case Notes from a Vulnerability Assessment of a Bank's Web Services.
  23. (1998). Certificate revocation and certificate update”, In:
  24. (2010). Certificate Revocation and Status Checking. Available at: (Accessed on
  25. (2007). Certificate Revocation using Fine Grained Certificate Space Partitioning. Financial Cryptography
  26. (2004). Confidentiality of XML documents by pool encryption (Unpublished PhD thesis,
  27. (2000). Cryptanalysis of Harn digital multisiganture scheme with distinguished signing authorities.
  28. (2006). Cryptography and Network Security: Principles and Practices,
  29. (2010). Cryptography: An Introduction (3rd Edition). Available at: (Accessed on
  30. (1999). Data Ecryption Standard (DES). FIPS PUB 46-3, available at: (Accessed on
  31. (2002). Decryption transform for XML signature,
  32. (2001). Delegated multisignature scheme with document decomposition.
  33. (2004). Design of a secure fine-grained official document exchange model for e-government.
  34. (1999). Digital multisignature with distinguished signing authorities.
  35. (1997). Distributed Operating System & Algorithms.
  36. (2008). Dynamoc interval-based labeling schme for efficient XML query and update processing. doi
  37. (2002). E-commerce security measures: are they worth it?.
  38. (1997). Efficient certificate revocation”, In:
  39. (2000). Efficient filtering of XML documents for selective dissemination of information.
  40. (2002). Efficient filtering of XML documents with XPath expressions. doi
  41. (2003). Efficient processing of secured
  42. (2006). Efficient secure query evaluation over encrypted XML databases,
  43. (2005). Experiments with Queries over Encrypted Data Using Secret Sharing.
  44. (2009). Extensible Markup Language (XML) 1.0 (Fifth Edition). Availabel at: (Accessed on
  45. (2004). Fast Digital Certificate Revocation”.
  46. (1998). Fast digital identity revocation (extended abstract)”,
  47. (2002). Federal Information Processing Standard Publication 180-2. Available at: (Accessed on
  48. (2001). Flexible authentication of XML documents.
  49. (2002). Getting Started With XML Security, Available at: (Accessed on
  50. (1994). Group-oriented (t,n) threshold digital signature scheme and digital multisignature.
  51. (2001). Handling signature purposes in workflow systems.
  52. (2005). Hash function update due to potential weakness found in sha1. RSA laboratories,
  53. (2005). How to break MD5 and other hash functions. In: Crypto.
  54. (2002). ID-based multisignatures with distinguished signing authorities for sequential and broadcasting architectures.
  55. (2006). ID-based seriesparallel multi signature scheme for multi-message from bilinear maps.
  56. (2002). Implementing Context and Team Based Access Control in Healthcare Intranets, Informatics for Health and Social Care,
  57. (2001). Indexing and querying XML data for regular path expressions.
  58. (2007). Inference Attacks on Location Tracks.
  59. (1989). Information processing systems -- Open Systems Interconnection -- Basic Reference Model -- Part 2: Security Architecture ITU. X.500,
  60. (2004). Maintaining the integrity of XML signatures by using the Manifest element.
  61. (2008). Method of searching in a collection of documents,
  62. (2009). Model design on DAS and research of XML encrypted data querying. doi
  63. (2004). Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions.
  64. (1991). Multisignatures based on zero knowledge schemes. Electronics letters 27,
  65. (2005). Multisignatures with distinguished signing authorities for sequential and broadcasting architectures.
  66. (1976). New Direction in Cryptography.
  67. (2002). Novomodo: Scalable certificate validation and simplified PKI management”, In:
  68. (2005). Observations from the Deployment of a Large Scale PKI”, In:
  69. (2001). On supporting containment queries in relational database management systems. doi
  70. (2003). On the Cost of Authenticated Data Structures. In
  71. (1996). On the risk of disruption in several multiparty signature schemes.
  72. (2000). On the security of the RSA-based multisignature scheme for various group structures.
  73. (2004). Order preserving encryption for numeric data. In:
  74. (2007). Part1: Messaging Framework (Second Edition). Available at: (Accessed on
  75. (2000). Public key certificate revocation schemes”, Master thesis,
  76. (2002). Public key infrastructure in mobile system.
  77. (2006). Recent developments in cryptographic hash functions: Security implications and future directions. Information Security Technical Report.
  78. (2004). Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher. NIST special publication 800-67m version 1.1, available at: (Accessed on
  79. (2007). Research on XML United-Signature Technology and Its Implementation.
  80. (1996). RIPEMD-160: a strengthened version of RIPEMD,
  81. (1990). RSA blocking and multisignature schemes with no bit expansion.
  82. (2002). Secure Hash Standard, available at (Accessed on
  83. (2006). Secure order-specified multisignature scheme based on DSA. doi
  84. (2006). Secure query processing against encrypted XML data using Query-Aware decryption, Information sciences,
  85. (2004). Secure XML querying with security views. In:
  86. (2008). Securing the core with an enterprise key management infrastructure (EKMI)”, in:
  87. (2005). Securing XML data in third-party distribution systems. doi
  88. (2008). Security in grid computing: A review and synthesis. Decision Support Systems,
  89. (2005). Security in XML-based financial reporting services on the Internet.
  90. (2005). Security-enabled code deployment for heterogeneous networks.
  91. Selective and authentic third-party distribution of XML documents.
  92. (2005). SemCrypt-Ensuring privacy of electronic documents through semantic-based encrypted query processing.
  93. (2001). Specification for the Advanced Encryption Standard (AES), FIPS PUB 197, available at: (Accessed on
  94. (2000). Towards secure XML. Availabel at: (Accessed on
  95. (2002). Towards securing XML web services.
  96. (2003). Tradeoffs in certificate revocation schemes”, doi
  97. (2004). Trees and Hierachies in SQL: Adjacency List Model, Available at: (Access on
  98. (2000). Trust requirement in ebusiness.
  99. (2008). Xflat: Query-friendly encrypted XML view publishing, information sciences
  100. (2009). XML Data Integrity Based on Concatenated Hash Funcation”,
  101. (2002). XML Encryption Syntax and Processing,
  102. (2001). XML Key Management Specification (XKMS). Available at: (Accessed on July,
  103. (2002). XML Pool Encryption.
  104. (2008). XML security – A comparative literature review.
  105. (2006). XML Security based Access Control for Healthcare Information in Mobile Environment.
  106. (2001). XML security. Information security technical report,
  107. (2008). XML signature syntax and processing (second edition), Available at:
  108. (2005). XML undeniable signature.
  109. (1999). XML-Signature Requirements, Available at: (Accessed 6
  110. (2002). XML-Signature XPath Filter 2.0,
  111. (2007). XQuery 1.0: An XML Query Language. Available at: (Accessed on

To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.