XML Security in Certificate Management - XML Certificator

The trend of rapid growing use of XML format in data/document management system reveals that security measures should be urgently considered into next generation's data/document systems. This paper presents a new certificate management system developed on the basis of XML security mechanisms. The system is supported by the theories of XML security as well as Object oriented technology and database. Finally it has been successfully implemented in using C&#, SQL, XML signature and XML encryption. An implementation metrics is evidently presented

XML security in XML data integrity, authentication, and confidentiality

The widely application of XML has increasingly required high security. XML security confronts some challenges that are strong relating to its features. XML data integrity needs to protect element location information and contextreferential meaning as well as data content integrity under fine-grained security situations. XML data authentication must satisfy a signing process under a dependent and independent multi-signature generation scenario. When several different sections are encrypted within the XML data, it cannot query the encrypted contents without decrypting the encrypted portions. The technologies relating to XML security demand further development. This thesis aims to improve XML security relative technologies, and make them more practicable and secure. A novel revocation information validation approach for X.509 certificate is proposed based on the XML digital signature technology. This approach reduces the complexity of XKMS or PKI systems because it eliminates the requirement for additional revocation checking from XKMS or CA. The communication burden between server and client could be alleviated. The thesis presents the context-referential integrity for XML data. An integrity solution for XML data is also proposed based on the concatenated hash function. The integrity model proposed not only ensures XML data content integrity, but also protects the structure integrity and elements’ context relationship within an XML data. If this model is integrated into XML signature technology, the signature cannot be copied to another document still keeping valid. A new series-parallel XML multi-signature scheme is proposed. The presented scheme is a mixed order specified XML multi-signature scheme according to a dependent and independent signing process. Using presented XML data integrity-checking pool to provide integrity-checking for decomposed XML data, it makes signing XPath expression practicable, rather than signing XML data itself. A new labeling scheme for encrypted XML data is presented to improve the efficiency of index information maintenance which is applied to support encrypted XML data query processing. The proposed labelling scheme makes maintenance index information more efficient, and it is easy to update XML data with decreasing the number of affected nodes to the lowest. In order to protect structural information for encrypted XML data, the encrypted nodes are removed from original XML data, and structural information is hidden. A case study is carried out to demonstrate how the proposed XML security relative approaches and schemes can be applied to satisfy fine-grained XML security in calibration certificate management.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

One-Way Signature Chaining - A New Paradigm For Group Cryptosystems

In this paper, we describe a new cryptographic primitive called \emph{(One-Way) Signature Chaining}. Signature chaining is essentially a method of generating a chain of signatures on the same message by different users. Each signature acts as a ``link\u27\u27 of the chain. The \emph{one-way}-ness implies that the chaining process is one-way in the sense that more links can be easily added to the chain. However, it is computationally infeasible to remove any intermediate links without removing all the links. The signatures so created are called chain signatures. We give precise definitions of chain signatures and discuss some applications in trust transfer. We also present a practical construction of a CS scheme that is secure under the Computational Diffie-Hellman (CDH) assumption in bilinear maps

Survey on XML encryption

Every transaction on the Internet involves some kind of data. Data can be transferred in various modes. Now a days, XML is widely used for transferring and storing the data. There must be some mechanism to protect these data. In most of the literature, two most important techniques i.e. XML Signature and XML Encryption are used for securing these XML data. These two techniques provide signing and encrypting of XML data using cryptographic functionalities and results are also represented in XML format. These two techniques are con- sidered as standard worldwide which is released by W3C. In this thesis we are focusing on XML Encryption. In this study, W3C standards are used to encrypt sensitive XML data. JavaScript has been used to implement encryption of XML data and "Node.js" as software platform for providing the environment for encrypting. In this study, time elapsed is also measured in case of encryption and decryption. We have used AES and Triple DES algorithm for encryption of XML data. For encryption of symmetric key, RSA is used. Library used is "xml-encryption" for encryption and decryption. Time analysis for encryption and decryption are also shown by graph

Lohkoketjun hajautettu DNS ilman luottamusta: IOT laitteen osoitteen julkaisu ja datan verifiointi

Blockchain enabled distributed DNS makes possible to have a trustless system, where no participant needs to be trusted. Blockstack is such a distributed DNS that is built on top of Bitcoin’s blockchain. In this thesis I will extend this trustless feature to data sharing from an IOT device, by creating a proof of concept implementation. Cryptographically linking parts together, the trustless feature of the underlying blockchain can be preserved from the blockchain to the shared data from the device.Lohkoketjun päälle rakennettu hajautettu DNS mahdollistaa järjestelmän, jossa ei tarvitse luottaa muihin osapuoliin. Blockstack on tällainen hajautettu DNS, joka on rakennettu Bitcoinin lohkoketjun päälle. Tässä työssä laajennan tämän luottamattomuus ominaisuuden IOT laitteen datan jakamiseen demo-ohjelman muodossa. Kryptograafisesti linkittämällä eri osat toisiinsa, voidaan perustalla olevan lohkoketjun luottamattomuus ominaisuus laajentaa myös IOT laitteen jakamaan dataan asti

TSKY: a dependable middleware solution for data privacy using public storage clouds

Dissertação para obtenção do Grau de Mestre em Engenharia InformáticaThis dissertation aims to take advantage of the virtues offered by data storage cloud based systems on the Internet, proposing a solution that avoids security issues by combining different providers’ solutions in a vision of a cloud-of-clouds storage and computing. The solution, TSKY System (or Trusted Sky), is implemented as a middleware system, featuring a set of components designed to establish and to enhance conditions for security, privacy, reliability and availability of data, with these conditions being secured and verifiable by the end-user, independently of each provider. These components, implement cryptographic tools, including threshold and homomorphic cryptographic schemes, combined with encryption, replication, and dynamic indexing mecha-nisms. The solution allows data management and distribution functions over data kept in different storage clouds, not necessarily trusted, improving and ensuring resilience and security guarantees against Byzantine faults and at-tacks. The generic approach of the TSKY system model and its implemented services are evaluated in the context of a Trusted Email Repository System (TSKY-TMS System). The TSKY-TMS system is a prototype that uses the base TSKY middleware services to store mailboxes and email Messages in a cloud-of-clouds

Tunneling Trust Into the Blockchain: A Merkle Based Proof System for Structured Documents

The idea of Smart contracts foresees the possibility of automating contractual clauses using hardware and software tools and devices. One of the main perspectives of their implementation is the automation of interactions such as bets, collaterals, prediction markets, insurances. As blockchain platforms, such as Ethereum, offer very strong guarantees of untampered, deterministic execution, that can be exploited as smart contracts substrate, the problem of how to provide reliable information from the "outside world" into the contracts becomes central. In this article, we propose a system based on a Merkle tree representation of structured documents (such as all XML), with which it is possible to generate compact proofs on the content of web documents. The proofs can then be efficiently checked on-chain by a smart contract, to trigger contract action. We provide an end-to-end proof of concept, applying it to real use case scenarios, which allows us to give an estimate of the costs