XML Security Threats
All the components in web services are described in XML. SOAP and all the WS -Security specifications are XML formats. Hence it just makes sense for expressing security data in XML format. Fortunately, there has been no need to invent new cryptography technologies for XML. The XML security standards have used existing cryptography directly. XML-based data transfer has emerged as the standard for organizations to exchange business data. As with all communications over the public Internet, XML-based transfers have their own set of vulnerabilities to confront. Like any other document exchange, XML document exchange must support the usual security measures which are Confidentiality, Integrity, Authenticity, and Non-Repudiation. The following list illustrates some specific XML security threats:
- Schema Altering — Manipulation of WS schema to alter the data processed by the application.
- XML Parameter Tampering — Injection of malicious scripts or content into XML parameters
- Coercive Parsing — Injection of malicious content into the XML
- Oversized Payload — Sending oversized files to create an XDoS attack
- Recursive Payload — Sending mass amounts of nested data to create an XDoS attack against an XML parser
- XML Routing Detours — Redirecting sensitive data within the XML path
- External Entity Attack — An attack on an application that parses XML input from suspicious sources using an incorrectly configured XML parser
These threats pose potentially serious problems to developers creating applications, components, and systems that depend on XML data. The solution for the above problems is XML Encryption.
XML Encryption provides end-to-end security for applications that require secure exchange of structured data. XML itself is the most popular technology for structuring data, and therefore XML-based encryption is the natural way to handle complex requirements for security in data interchange applications.
XML Encryption is a process for encrypting and decrypting parts of XML documents. Most of today’s encryption schemes use transport-level techniques that encrypt an entire request and response stream between a sender and receiver, offering zero visibility into contents of the interchange to intermediaries. Contentlevel encryption converts document fragments into illegible ciphertext, while other elements remain legible as plaintext.
Some features of XML encryption are:
- The ability to encrypt a complete XML file
- The ability to encrypt a single element of an XML file
- The ability to encrypt only the contents of an XML element
- The ability to encrypt binary data within an XML file
Encrypting an XML File
Here’s a short sample XML file that can serve to demonstrate XML encryption:
July 6, 2006
When you encrypt an entire XML file, the process simply replaces the root element (
Here is how the encrypted file will look:
Encrypting a Single Element
To encrypt a single element of an XML file, you specify the desired child element, rather than the root element of the input file as the element to encrypt. The following snippet shows the results of encrypting only the
Notice that the encryption process replaced the
This type of encryption can be performed using XML Signature and Encryption. The interested reader may look up the implementation at the Apache site (http://xml.apache.org/security/).
Best practices for XML encryption, can be summarized as follows:
- It is good to have standard element tags for representing encrypted elements within the XML documents. This will enable parsers to better understand encrypted elements and data during the validation process.
- It is necessary to provide means for encrypting only the desired elements within an XML document instead of encrypting the whole document. This will pave the way for incorporating several confidential data elements that are intended for different recipients within a single XML document.
- There should be standard mechanisms for exchanging the secret keys used for encryption and decryption processes.
- The standard should allow encryption of different parts of the document with different keys, so that multiple recipients can decrypt only those portions that are intended for them.
- The standards should be adaptable to both ASCII and binary data.
- The standards should be adaptable to different cryptographic algorithms.
- The standards should work along with other XML security standards and specifications.