XML Security Threats

All the components in web services are described in XML. SOAP and all the WS -Security specifications are XML formats. Hence it just makes sense for expressing security data in XML format. Fortunately, there has been no need to invent new cryptography technologies for XML. The XML security standards have used existing cryptography directly. XML-based data transfer has emerged as the standard for organizations to exchange business data. As with all communications over the public Internet, XML-based transfers have their own set of vulnerabilities to confront. Like any other document exchange, XML document exchange must support the usual security measures which are Confidentiality, Integrity, Authenticity, and Non-Repudiation. The following list illustrates some specific XML security threats:

• Schema Altering — Manipulation of WS schema to alter the data processed by the application.


    

• XML Parameter Tampering — Injection of malicious scripts or content into XML parameters


    

• Coercive Parsing — Injection of malicious content into the XML


    

• Oversized Payload — Sending oversized files to create an XDoS attack


    

• Recursive Payload — Sending mass amounts of nested data to create an XDoS attack against an XML parser


    

• XML Routing Detours — Redirecting sensitive data within the XML path


    

• External Entity Attack — An attack on an application that parses XML input from suspicious sources using an incorrectly configured XML parser

These threats pose potentially serious problems to developers creating applications, components, and systems that depend on XML data. The solution for the above problems is XML Encryption.

XML Encryption

XML Encryption provides end-to-end security for applications that require secure exchange of structured data. XML itself is the most popular technology for structuring data, and therefore XML-based encryption is the natural way to handle complex requirements for security in data interchange applications.

XML Encryption is a process for encrypting and decrypting parts of XML documents. Most of today's encryption schemes use transport-level techniques that encrypt an entire request and response stream between a sender and receiver, offering zero visibility into contents of the interchange to intermediaries. Contentlevel encryption converts document fragments into illegible ciphertext, while other elements remain legible as plaintext.

Some features of XML encryption are:

1. The ability to encrypt a complete XML file





2. The ability to encrypt a single element of an XML file





3. The ability to encrypt only the contents of an XML element





4. The ability to encrypt binary data within an XML file

Encrypting an XML File

Here's a short sample XML file that can serve to demonstrate XML encryption:

    <?xml version='1.0'?>
    <POInfo >
        <Name>FJ</Name>
        <Amount>125.00</Amount>
        <CreditCardNumber>1234-5678-4564-4321</CreditCardNumber>
    <Date>July 6, 2006</Date>
    </POInfo>

When you encrypt an entire XML file, the process simply replaces the root element (<POInfo> in the sample) with an <EncryptedData> element that contains the encryption details, including the encrypted content.

Here is how the encrypted file will look:

    <?xml version="1.0" encoding="UTF-8"?>
    <xenc:EncryptedData
        
        Type="http://www.w3.org/2001/04/xmlenc#Element">
        <xenc:EncryptionMethod
            Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
            />
        <ds:KeyInfo >
            <xenc:EncryptedKey
                >
                <xenc:EncryptionMethod
                    Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes"
                    />
                <xenc:CipherData
                    >
                    <xenc:CipherValue
                        >
                        MKeT0ZmHFLwnZaSXO+oZSxlSJ5/BqvblqG76B3nOMU0=
                    </xenc:CipherValue>
                </xenc:CipherData>
            </xenc:EncryptedKey>
        </ds:KeyInfo>
        <xenc:CipherData
            >
            <xenc:CipherValue
                >
                    +M/Tamk/62Lut4HqLpU/es9sdhnNTTpasbeszN8GN8EAJZsX0vvClcKEW
                    UAgIdbvyJpprQ+jUIiWJKTz1X3L6VAefHqO963pU3bzmGMo
                    pHLqS1Eg7iAPFhKV1PJclyswyyepEjyu+bOgqzgGnS1XA0/V
                    NP7kLK70rB2Zb0DSbaCi+7HjTNGWF9YKtPIP5bvrs5xw+x
                    HnKO++2EuqzK+deD7mCu8w6sG9vmRCrUR99Mx1QDZon9a2962ZD
                    FSwoIJKg5I83GzOU+RObBBUme+yTf7UWybEiwtHp5ZgvuaQYJA=
            </xenc:CipherValue>
        </xenc:CipherData>
    </xenc:EncryptedData>

Encrypting a Single Element

To encrypt a single element of an XML file, you specify the desired child element, rather than the root element of the input file as the element to encrypt. The following snippet shows the results of encrypting only the <CreditCardNumber> element of the sample file.

    <?xml version="1.0" encoding="UTF-8"?>
    <POInfo >
        <Name>John Doe</Name>
        <Amount>125.00</Amount>
        <xenc:EncryptedData
           
            Type="http://www.w3.org/2001/04/xmlenc#Element">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
                />
            <ds:KeyInfo >
                <xenc:EncryptedKey
                    >
                    <xenc:EncryptionMethod
                        Algorithm=
                            "http://www.w3.org/2001/04/xmlenc#kw-tripledes"
                        />
                    <xenc:CipherData
                        >
                        <xenc:CipherValue
                            >
                                6zhAcEW7KIKrbSjEOkXDrVkmws5zhQQLDO4YYW+RfRY=
                        </xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData
                >
                <xenc:CipherValue
                    >
                    JqsRmdSoS+PXqCe80Y8zNiQ49sHTLNaAgHX1Ja7d+u9fv
                    TFBrkBMK7C7EHsQTglZ3yT9yCZDuFnjBoQTLULKqOy71Qw
                    EPRPObtYLPIJgy1vUdNrw47uDmJ/R5r/B0SH37HN8mfNv
                    i50zPt1qPxxRwA==
                </xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
        <Date>July 6, 2005</Date>
    </POInfo>

Notice that the encryption process replaced the <CreditCardNumber> tag and its contents with an <EncryptedData> tag, while leaving the siblings of the <CreditCardNumber> element unaltered.

This type of encryption can be performed using XML Signature and Encryption. The interested reader may look up the implementation at the Apache site (http://xml.apache.org/security/).

Best practices for XML encryption, can be summarized as follows:

• It is good to have standard element tags for representing encrypted elements within the XML documents. This will enable parsers to better understand encrypted elements and data during the validation process.


    

• It is necessary to provide means for encrypting only the desired elements within an XML document instead of encrypting the whole document. This will pave the way for incorporating several confidential data elements that are intended for different recipients within a single XML document.


    

• There should be standard mechanisms for exchanging the secret keys used for encryption and decryption processes.


    

• The standard should allow encryption of different parts of the document with different keys, so that multiple recipients can decrypt only those portions that are intended for them.


    

• The standards should be adaptable to both ASCII and binary data.


    

• The standards should be adaptable to different cryptographic algorithms.


    

• The standards should work along with other XML security standards and specifications.