1 / 18

Software based Acceleration Methods for XML Signature (Or: is there such a method)

This paper explores the performance of XML signature and encryption and investigates the feasibility of software-based acceleration methods. It also discusses new techniques outside the XML standards and proposes the use of "signcryption" in XML. Experimental findings and comparisons with hardware-based solutions are presented.

meigs
Download Presentation

Software based Acceleration Methods for XML Signature (Or: is there such a method)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software based Acceleration Methods for XML Signature(Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North Carolina at Charlotte yzheng@uncc.edu May 5, 2005

  2. Motivations • To examine performance of XML signature and encryption • To investigate feasibility of software based acceleration • To investigate (new) techniques not specified in the XML standards

  3. Overview • Introduction • Speed of XML Components • Quick survey • Hardware based acceleration • Software based acceleration • Experimental findings • Use “signcryption” in XML • Conclusion

  4. Resource intensive operations XML Signing Xml verification XSLT transformation Computational time of XML Components

  5. Quick survey • To increase XML processing speed and for XML security, • Hardware based solutions • Software based solutions • Hardware based solutions: • DataPower • Sarvega • WestBridge

  6. Hardware based acceleration: DataPower • XS40 XML Security Gateway • wire speed XML processing • Good transaction speed with low latency • At least 20-30 times faster • XA35 XML Accelerator • Secure transactions at wire speed • digital signing and verification • Protects against XML denial of service attack

  7. Hardware based acceleration: Sarvega • Speedway™ XSLT Accelerator • decreases the operational costs by 90% • 10-30 times the normal XML processing speed • XML Guardian™ Security • Digital forensics • Can be used as • Public DMZ • Offline Signature generation/ verification

  8. Hardware based acceleration: WestBridge • XML Message Server [XMS] version 3 • XMS slashes Web Services deployment, testing and ongoing administration costs by up to 75%. • 13 times faster for XML signatures. • 17 times faster for XML encryption. • XML Schema validations and the XSLT transformation 12 times and 10 times faster than the speed of XMS 2.0. • XMS increases the speed of XML processing: • Streaming of XML versus building trees; • Intelligent caching of credentials, schemas and style sheets; • "Only as needed" processing • Pre-compiled rule sets.  

  9. Hardware v.s. Software

  10. Experimental Environment • Machine: • Pentium 4 with 2.66GHz processing speed with 512MB RAM. • Programming Environment: • Java • Simple API for XML [SAX] parsers for XML processing • Java Crypto Extensions & RSA-BSAFE • Flexiprovider for creating crypto parameters

  11. Build an XML Security Library XML Schema validation and parsing using SAX parser Java to C communication through Java Native Interface Crypto / Non-crypto operations Signing a static / dynamic template file Signing with X509 certificate Verifying a signature with a single key, X509 certificates or Security Assertions Markup Language [SAML] file. Verifying a XML document Software based acceleration

  12. What we’ve learned • Did quite a number of experiments (single doc and bulk of docs) • SHA1 with RSA, SHA1 with DSA, …… • Obtained a large number of test result sets • Considered to tweak the underlying crypto library • Findings • Negative ! • Not much to be gained by tweaking or re-building crypto library

  13. Consider other techniques • Authenticity + Confidentiality • Approach 1 • Signature followed encryption • Approach 2 • Signcryption • Does both signature and encryption, but with fewer exponentiations • Cost (signcryption) << Cost (signature) + Cost (encryption) • “hit 2 birds in 1 stone”

  14. In theory:Time -- DL Signcryption v.s. RSA and DL sign-then-encrypt Time -- # of multiplications DL: Discrete log Level of security -- |p|=|n|

  15. Signcryption test results • After comparing with data sets for RSA, DSA etc, • Match theoretical analysis

  16. “Crippled” Signcryption • Turn off the “public key encryption” part of signcryption • Act as signature with designated verifier • Especially useful in B2B and C2B, where typically no 3rd party is involved in verification • (Universally verifiable signatures are • good for certificates where verifiers are not fixed, but • “over-kill” when no 3rd party is needed.)

  17. Conclusion • Performance gain in XML signature/encryption by tweaking crypto library is limited • New techniques (out of the “XML standards” box) are needed • Performance gain of signcryption over sign-then-encrypt is verified

  18. Questions?

More Related