550 likes | 708 Views
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents. Tomasz Müldner , Jodrey School of Computer Science, Acadia University, Wolfville, NS, Canada Gregory Leighton , Department of Computer Science, University of Calgary, Calgary, Canada
E N D
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville, NS, Canada Gregory Leighton, Department of Computer Science, University of Calgary, Calgary, Canada Krzysztof Miziołek, Centre for Studies on the Classical Tradition in Poland and East-Central Europe,Warsaw University, Warsaw, Poland The Extreme Markup Languages Conference, Montreal, August 7-11, 2006
GOAL • Share XML documents within decentralized and distributed computing environments. • We need mechanisms to facilitate controlled and secure access to these documents.
TERMINOLOGY • Access Control: • Different users have different access rights • Access right are defined using permission policies • Permission policies may be • Static • Dynamic • Permission policies may define accessors, using • Roles, such as auditor • Credentials, such as defined by an XPath
GOAL • Share XML documents within decentralized and distributed computing environments. • We need mechanisms to facilitate controlled and secure access to these documents. • the ability to make selective (parts of) documents available to users in multiple, possibly overlapping roles
INTRODUCTION I will make my parts of the document available to some users Multiple users access the same document
INTRODUCTION Select nodes which can be accessed –use them to create an XML document (a view) Multiple views • Problems: • A view may be invalid. • overhead
INTRODUCTION Publish a single view
SUMMARY We consider: • XML documents accessed by multiple users in P2P environments • using static permission policies • using role-based policies • permissions are represented by meta-information which is visible only to authorized users • We describe permission policies implemented using cryptographic tools: • a key encryption function, which generates internal keys needed to provide controlled access • use of multi-encryption to provide access specified by the permission policy
Encrypted with more than one key Various elements are encrypted with different keys TERMINOLOGY • Super-encryption • Multiple-encryption • Partial encryption
TABLE OF CONTENTS • Security • Overview of controlled access • Detailed description of access to parts of documents • Permission policy • Key encryption function • Encrypting largest parts • Step 1: Encryption • Step 2: Meta-information • Multi-encrypted document • Access • Future work
SECURITY: ISSUES • Confidentiality • Integrity • Authentication
Cyphertext Plain text CONFIDENTIALITY
Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document SYMMETRIC ENCRYPTION
ASYMMETRIC ENCRYPTION Public key Private key
Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Encrypted Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document Document ASYMMETRIC ENCRYPTION
INTEGRITY Your new salary will be $5,000 Your new salary will be $1,000
CRYPTOGRAPHIC HASH THIS IS MY TEXT hash Encrypted DIGEST
DIGITAL SIGNATURE THIS IS MY TEXT SIGNED TEXT: THIS IS MY TEXT DIGEST
TABLE OF CONTENTS • Security • Overview of controlled access • Detailed description of access to parts of documents • Permission policy • Key encryption function • Encrypting largest parts • Step 1: Encryption • Step 2: Meta-information • Multi-encrypted document • Access • Future work
CONTROLLING ACCESS: BASIC CONCEPTS • Roles identify subjects. Fixed set of roles Ψ = {R1, R2, ..., Rt} • Views are parts of the document • Permission policy associates roles with the specific type of permissions (read/write access) for one or more views • Creator of the document defines a permission policy that specifies the access for selected roles
CONTROLLING ACCESS: USE OF KEYS • (Asymmetric) Keyκ is a pair (public part, private part) • For each role R, there is an external keyκR associated with this role • Users who enter the system are assigned one or more roles • The private part of the external key κR is available only to users who are currently in role R.This key will give access to internal keys.
TABLE OF CONTENTS • Security • Overview of controlled access • Detailed description of access to parts of documents • Permission policy • Key encryption function • Encrypting largest parts • Step 1: Encryption • Step 2: Meta-information • Multi-encrypted document • Access • Future work
Instructor Student CONTROLLING ACCESS: VIEWS Definition 1. For an XML document D, a view VD = (D, e), where e is an extended Xpath for D. Here, an extended Xpath is of the form: • p • ¬ p where p is a correct Xpath expression. Intuition: A view represents a tree fragment for which we define an access.
VIEWS To define permissions for the document D, we define (in any order): • a number of views (let V be the union of all these views) • a special view: Vread/ write Let V0 = D-(VVread/ write) be the of all elements which have not been defined in the above procedure. These elements will be hidden, i.e. encrypted and inaccessible to any user
VIEWS and ROLES The next step in defining permissions involve associating roles and views. Definition 2a. Given an XML document D, a role RjΨ, VDi - views of D for i = 1,...,k A single permission is: pj = [Rj, read, VDi1,VDi2,...,VDim, write, VDh1,VDh2,...,VDhn ] (m,n≤k). Here, a write permission does not automatically give a read permission Conventions; e.g. skip the write part if there are no views in this part.
PERMISSION POLICY Definition 2b. Given an XML document D, VDi - views of D for i = 1,...,k a permission policyΠ(D) = {p1,p2,...,pt , Vread/ write } Protection requirement: the user in role R can access precisely the set of nodes defined by the union of all views associated with R (by the permission for R) as well as nodes from the set Vread/ write
MULTI-VIEW DOCUMENT Definition 3. Given • an XML document D • a permission policy Π(D) a multi-view document DΠ = [D, VD0,VD1,...,VDk], where • VD1,...,VDkare all the views in Π(D) • VD0 contains all nodes which don’t belong to any viewVDi, i = 1,2,...,k
Example Example. Roles: Auditor (access to employees in Marketing) Checker (access to H-R and Marketing, level < 9) Permission policy Π(D) [Auditor, read, /organization/department[@name="Marketing"]/*] [Checker, read, /organization/department[@name="Marketing"]/employee[@level<9]| /organization/department[@name="H-R"]/*]
TABLE OF CONTENTS • Security • Overview of controlled access • Detailed description of access to parts of documents • Permission policy • Key encryption function • Encrypting largest parts • Step 1: Encryption • Step 2: Meta-information • Multi-encrypted document • Access • Future work
V1 d1 d2 d3 κ1 V2 D κ2 ASSIGNING KEYS Various parts of the document will be encrypted with different internal keys. However, these keys can not be assigned per-view:
KEY ASSIGNMENT Key Assignment assigns keys to nodes in a document, based on how the set of nodes is partitioned by views. Let’s now fix an XML document D, a permission policy Π(D), and the corresponding multi-view documentDΠ = [D, VD0,VD1,...,VDk], and consider a set of keys Κ. • The key assignment function ξ:D->K will be used as follows: • the node sDwill be encrypted with x(s) • to encrypt nodes in VDi we will need the set of keys Neededξ(VDi)= x(VDi) • the set of nodes in D that can be decrypted with keys from the set of keys K0 is defined as Availableξ(K0) = x-1(K0) The protection requirement for the view VDi is satisfied iff Availableξ(Neededξ(VDi))= VDi.
V1 d1 d2 d3 κ1 V2 ξ D κ2 K KEY ASSIGNMENT Availableξ(Neededξ(VDi))= VDi. True for any one-to-one function ξ:D->K, however such functions may unnecessarily assign too many keys. “Weaker” functions may be sufficient: Neededξ(V1) = {κ1}, Availableξ({κ1}) = V1 Neededξ(V2) = {κ1,κ2}, Availableξ ({κ1,κ2}) = V2
V1 d1 d2 d3 χ V2 1 1 1 1 D 0 1 KEY ASSIGNMENT We define a characteristic vector χ:D{0,1}n where n is the total number of views, as follows: χ(s) = {[c1,c2,...cn]: for i=1,2,…,n, ci = 1 if sVDi and 0 otherwise}
χ d1 d2 d3 κ1 1 1 ξ 1 1 D 0 1 κ2 K The above key assignment is correct. KEY ASSIGNMENT Definition 4. A key assignment ξ:D->K is said to be correct if it satisfies the following condition: ξ(s) = ξ(t) iffχ(s) = χ(t) for any two elements s,tD (weaker than one-to-one) Note: The set of all elements that belong to a single view is assigned the same key
KEY ASSIGNMENT Lemma 1. If the key assignment ξ is correct then the protection requirement is satisfied, i.e. Availableξ(Neededξ(VDi)) = VDi, for i = 1,2,...,n.
d1 d2 d3 κ1 χ 1 1 D κ2 ξ 1 1 0 1 K KEY ASSIGNMENT Key Assignment Algorithm 1. Input: DΠ = [D, VD0,VD1,...,VDk], Output: correct key assignment ξ:DK.
KEY ASSIGNMENT Theorem 1. The key assignment algorithm produces a correct key assignment, its time complexity is O(m), where m is the number of elements in D, and it produces the minimum number of keys. ▄
TABLE OF CONTENTS • Security • Overview of controlled access • Detailed description of access to parts of documents • Permission policy • Key encryption function • Encrypting largest parts • Step 1: Encryption • Step 2: Meta-information • Multi-encrypted document • Access • Future work
SUBTREES IDENTIFICATION Fixed XML document D, and permission policy Π(D). A subtree rooted at dD is called complete if it consists of all descendents of d and is of height at least two. Subtrees Identification Algorithm 2. Input: multi-view XML document DΠ = [D, VD0,VD1,...,VDk], Output: set ΘD = {largest complete subtrees θ(d), dD, which are rooted at d, and whose nodes have all the same characteristic vector; i.e. belong to the same set of views in DΠ}.
TABLE OF CONTENTS • Security • Overview of controlled access • Detailed description of access to parts of documents • Permission policy • Key encryption function • Encrypting largest parts • Creating a multi-encrypted document. Step 1: Encryption • Step 2: Meta-information • Access • Future work
MULTI-ENCRYPTION:INTRODUCTION • The creator (owner) of the document D wants to define for various users access permissions to this document through the permission policy Π. • Based on specifications in Π, the system will createthe multi-encrypted documentEncΠ(D). • The documentEncΠ(D) will be made available to other users, who will access the allowed parts of D for a role R as long as they are in this role.
MULTI-ENCRYPTION: INTRODUCTION There are two steps: • Generate internal keys and use them to encrypt largest subtrees • Add meta-information that specifies user’s permissions
STEP 1: ENCRYPTION Consider a multi-view document based on the permission policy Π DΠ = [D, VD0,VD1,...,VDk], Let ξ be the key mapping generated by the Algorithm 1and ΘD be the set of trees generated by the Algorithm 2. Elements dVread/writeare not encrypted; the remaining elements are encrypted using the private part of the internal key ξ(d): • for dD which are roots of trees from ΘD, encrypt the entire tree θ(d) using the W3C XML encryption standard • for remaining dD, use a single-element encryption The structure of the encrypted document is partly visible.
SUBTREES IDENTIFICATION Encrypted Fixed XML document D, and permission policy Π(D). A subtree rooted at dD is called complete if it consists of all descendents of d and is of height at least two. Subtrees Identification Algorithm 2. Input: multi-view XML document DΠ = [D, VD0,VD1,...,VDk], Output: set ΘD = {largest complete subtrees θ(d), dD, which are rooted at d, and whose nodes have all the same characteristic vector; i.e. belong to the same set of views in DΠ}. Encrypted Enc. Enc. STEP 1: EXAMPLE
TABLE OF CONTENTS • Security • Overview of controlled access • Detailed description of access to parts of documents • Permission policy • Key encryption function • Encrypting largest parts • Step 1: Encryption • Step 2: Meta-information • Multi-encrypted document • Access • Future work
ACLD STEP 2: ADDING META INFORMATION To the encrypted document from Step 1, we add additional meta-nodes. For each role, one meta-node is added to as child of the root signed using the creator’s private part of the key κC D
META INFORMATION A meta-node contains a <role> element, which defines read or write permission for one or more nodes, corresponding to the views associated with this role. <role name="R"> <permission name="read"> <node xpath="..." key="..."/> </permission> … </role> This design supports pseudo-anonymity requirement: meta-information specifying what parts of the document are available in role R is visible only to the user in role R Encrypted with the public part of the external key associated with the corresponding role
TABLE OF CONTENTS • Security • Overview of controlled access • Detailed description of access to parts of documents • Permission policy • Key encryption function • Encrypting largest parts • Step 1: Encryption • Step 2: Meta-information • Multi-encrypted document • Access • Future work
MULTI-ENCRYPTION Definition 7. Consider an XML document D and a permission policy Π(D). Multi-encrypted document EncΠ(D) = [Encrypted(D), CertD] certificate CertD (signed by the certificate authority) contains the identification of the owner, the digital signature of the ACLD, and the public part of the creator’s key κC