1 / 25

XML SECURITY IN THE NEXT GENERATION OPTICAL DISC CONTEXT

JAWAHARLAL NEHRU NATIONAL COLLEGE OF ENGINEERING, SHIMOGA DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING. XML SECURITY IN THE NEXT GENERATION OPTICAL DISC CONTEXT. Presented by Manoj N. Revankar, (4JN06CS042) Under the Guidance of Mr. Manohar Nelli V. B.E. , Lecturer, Dept. of CS&E

ebrown
Download Presentation

XML SECURITY IN THE NEXT GENERATION OPTICAL DISC CONTEXT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. JAWAHARLAL NEHRU NATIONAL COLLEGE OF ENGINEERING, SHIMOGA DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING XML SECURITY IN THE NEXT GENERATION OPTICAL DISC CONTEXT Presented by Manoj N. Revankar, (4JN06CS042) Under the Guidance of Mr. Manohar Nelli V. B.E. , Lecturer, Dept. of CS&E Technical Seminar Coordinators Mr. Chetan K.R., Sr. Lecturer Mr. Vedananda D.E., Lecturer

  2. ABSTRACT The Extensible Markup Language (XML) is considered as the de facto standard for information processing and exchange on the Internet and in the enterprise services domain. The standardization bodies of the Internet domain such as W3C and OASIS have defined specifications for cryptography-based security solutions using XML technology that is mainly aimed for web applications. This prasentation presents various scenarios where XML Security can be applied to markup based interactive applications in the context of a next generation Consumer Electronic Optical Disc Player. Manoj N. Revankar, JNNCE, Shimoga

  3. CONTENTS • Abstract. • Introduction. • End-to-End Usage Model. • A Markup Based Content Hierarchy. • XML Based Security Mechanisms. • Signing/Verification at different Levels. • Structure and Result of XML Signing. • Providing End to End Security. • XML in Blu-ray. • Conclusion. • References. Manoj N. Revankar, JNNCE, Shimoga

  4. INTRODUCTION • Till now, the diverse and well-established domains of Personal Computers (PC), Web (Internet), Consumer Electronics (CE) and Broadcast domains have had their own autonomous realms of existence. • As an example, the content creators could author multi-domain interoperable applications which could be packaged in a disc and additional application extensions such as bonus materials, clips etc could be downloaded from a content server or a set top box in a home network. • One of the possible candidates for this cross-domain sharing is the XML and its related technologies. Manoj N. Revankar, JNNCE, Shimoga

  5. End-to-End Usage Model Figure 1: End-to-End Usage Model Manoj N. Revankar, JNNCE, Shimoga

  6. Security • Careful consideration should go into the interactive application security issues while considering the usual issues of copy protection of audio and video content. • The security mechanisms that could prevent such issues must be non-invasive to the users, should be capable of being applied easily by the content creators. • W3C and OASIS, the major standardization bodies within the Internet domain, have been working on creating XML based security standards for web-based applications. • Consider a malicious application loaded from an external server that could corrupt the local storage of the player. • The user could try to create his/her own application, load to the system and try to access content where he has no access rights. Manoj N. Revankar, JNNCE, Shimoga

  7. A MarkupBased Content Hierarchy Figure 2: markup based content hierarchy Manoj N. Revankar, JNNCE, Shimoga

  8. Cont… • The interactive clustercontains several tracks, which form chapters for video/audioplaylistand optionally manifest (application). • It is used to representing interactive applications. The interactive application refers to a part of the overall content that can be executed by the optical disc player. • Manifest • Markup • Submarkup • Code • Script • XML based languages such as SMIL,SVG,XHTML is used at markups. • ECMAScript is used at programmable part of manifest. Manoj N. Revankar, JNNCE, Shimoga

  9. Identifying Security Using Threat Model • The threat model provides a comprehensive list of threats to the application security and the various mitigation strategies that can be applied. • Widely adapted mitigation strategies are • Authentication & Integrity • Encryption • Key Management • Access Control Manoj N. Revankar, JNNCE, Shimoga

  10. XML Based Security Mechanisms • Authentication and Integrity • The issues of authentication and integrity can be mitigated by digital signatures, • Digital signatures can be used to verify the integrity of the interactive application. • It is useful for signing and verifying entire or portion of the markup, which may be of binary content and/or include multiple documents. Access Control • XACML specification proposed by OASIS. • XACML describes how to interpret the policies. Manoj N. Revankar, JNNCE, Shimoga

  11. Encryption • XML encryption can handle both XML and non-XML data. • XML encryption can be done at two levels. • Cluster level • Manifest level • The content could be encrypted and stored in parts or as a whole. • XML encryption ensures confidentiality of information, both while in transit as well as when stored. Key Management • Using XKMS given by W3C. Manoj N. Revankar, JNNCE, Shimoga

  12. Global Signing/Verification Scenario in Blu-ray Figure 3: Global Signing/Verification Scenario in Blu-ray Manoj N. Revankar, JNNCE, Shimoga

  13. Signing/Verification at Interactive Cluster Level • Since the interactive cluster is markup based, the XML digital signature can be used to sign/verify the interactive cluster in its entirety or can be used to sign/verify at track level. Figure 4: Signing/Verification Scenarios in the Interactive Cluster Level Manoj N. Revankar, JNNCE, Shimoga

  14. Signing/Verification at the Manifest Level • Control of authentication becomes much fine-grained or more granular. • Author can selectively sign only the code or the markup part. • Capability of the script to dynamically manipulate the interactive application makes it much more suited for authentication using XML digital signature. Figure 5: Signing/Verification Scenario at the Manifest Level Manoj N. Revankar, JNNCE, Shimoga

  15. Structure and Result of XML Signing on markup Targets <Signature> <SignedInfo> <SignatureMethod /> <CanonicalizationMethod /> <Reference> <Transforms> <DigestMethod> <DigestValue> </Reference> <Reference /> etc. </SignedInfo> <SignatureValue /> <KeyInfo /> <Object /> </Signature> Manoj N. Revankar, JNNCE, Shimoga

  16. Canonicalization Method • XML based markups allows syntactic variations while remaining semantically equivalent. • Little complex then ordinary digital signature- more then one serialized representation. ex: <Elem > & <Elem> treated differently. • Since the digital signature is created by using an asymmetric key algorithm (RSA) and  Cryptographic hash function (SHA1) a single-byte difference would cause the digital signature to vary. • As XML document is transferred from comp to comp -line terminator may change. -program that digest and validates an XML document may later render the document in different way. • To avoid all these problems XML canonicalization is applied to produce exactly identical serialized representation. Manoj N. Revankar, JNNCE, Shimoga

  17. SignatureMethod • The SignatureMethod is the algorithm that is used to convert the canonicalized SignedInfo into the SignatureValue. • Combination of digest algorithm(MD2,MD4,MD5) & other algorithms such as RSA-SHA1. • For application interoperability set of signature algorithms are specified- use of it is left to the signature creator. Reference • DigestMethod specifies the hash algorithm before applying the hash. • DigestValue contains the result of applying the hash algorithm to the transformed resource(s). Manoj N. Revankar, JNNCE, Shimoga

  18. Applying XML Encryption to Markups • Encryption of non-markup content is an encryption data, which is either created and embedded in the interactive cluster or dropped as a separate markup. Figure 7: Result of XML Encryption on Track Target Manoj N. Revankar, JNNCE, Shimoga

  19. Encryption of markup content results in the encryption data being embedded in the manifest itself. Figure 8: Result of XML Encryption on Manifest Target Manoj N. Revankar, JNNCE, Shimoga

  20. Providing End to End Security Figure 9: Encryption and Decryption process end-to-end Manoj N. Revankar, JNNCE, Shimoga

  21. XML in Blu-ray Reference Blu-Ray Interactive Application XML Security Library • Apache security project & IBM alpha works. • In apache two XML security implementations are available, Java and C++. • Apache XML security uses Java Cryptography Extension (JCE). Figure 10: Reference Blu-ray Markup Target, Script and SubMarkups Manoj N. Revankar, JNNCE, Shimoga

  22. Layered View of the Software Architecture Figure 11 Software Architecture for feasibility – Layered View Manoj N. Revankar, JNNCE, Shimoga

  23. CONCLUSION The XML security offers a standard and interoperable mechanism that can be used by content providers to accommodate necessary security requirements for next generation optical discs. The content authors may use the flexibility of partially signing or encrypting the applications. Additionally, the current prototype could be extended to other underlying platforms, with respect to optical disc formats, operating systems and hardware platforms to account for the interoperability. A scalable interactive application engine library could be developed enabling ease of deployment. Manoj N. Revankar, JNNCE, Shimoga

  24. REFERENCES • XML Security in the Next Generation Optical Disc Context, By Gopakumar G. Nair, Ajeesh Gopalakrishnan, Sjouke Mauw, Eindhoven University of Technology, Eindhoven, Netherland and Erik Moll Philips Applied Technologies, Eindhoven, Netherland. • Tim Bray et al., Extensible Markup Language (XML) 1.0 (Third Edition), World Wide Web Consortium (W3C) Recommendation. • Intel et al., Advanced Access Content System (AACS), Technical Draft, July 14 2004, http://www.aacsla.com/home • http://en.wikipedia.org/wiki/Blu-ray_Disc • http://www.w3.org/TR/2010/WD-xmlenc-core1-20100316/ • http://www.w3.org/TR/REC-xml/ Manoj N. Revankar, JNNCE, Shimoga

  25. THANK YOU Manoj N. Revankar, JNNCE, Shimoga

More Related