Secure Mobile Commerce based on XML Security

Document Sample
Secure Mobile Commerce based on XML Security Powered By Docstoc
					                  Secure Mobile Commerce based on XML Security
                   JOO-YOUNG LEE, KI-YOUNG MOON, and SUNG-WON SOHN
                             Information Security Technology Division
                       Electronics and Telecommunications Research Institute
                              161 Gajeong-dong, Yuseong- gu, Daejeon

Abstract: - Companies across the world are turning to mobile commerce because mobility brings competitive
advantages through personal contact, resource flexitbility and streamlined processes enabling comapanies to
enhance revenue generation. Therefore success in the mobile commerce is dependent on the development and
deployment of an end-to-end security solution that protects wireless network, devices, application and data. In
order to fulfill such needs, currently some security technologies have been developed. While there are a plethora of
security tools on the market, no one has offered an end-to-end security solution tailored to the specific demands of
wireless environment. Therefore, in this paper, we’ll propose an XML security method to help the secure mobile
commerce and discuss some implementation issues to bring the XML security to mobile devices. As it allows
protecting the data not only transferred over the network, but also stored within devices, it can provide end-to-end
security. Additionally it serves full compatibility, flexibility, and extensibility by using XML.

Key-Words: - XML Security, Wireless Devices, Mobile Commerce, Java

1 Introduction                                              urgently need an end-to-end security strategy for
Companies across the world are turning to mobile            mobile e-business.
commerce because mobility brings competitive                   End-to-end security and full compatibility with
advantages through personal contact, resource               large installed base of secure web severs are
flexitbility and streamlined processes enabling             compelling reasons to consider the existing security
comapanies to enhance revenue generation. But               solution for wireline, such as SSL/TLS for next
wireless e-business creates a whole new set of security     generation wireless devices. However, each wireless
risks and challenges. So they want to keep private,         security has it shortcomings. For example, SSL is too
such as mobile e-commerce transactions, e-mail, and         heavy weight for comparatively weak CPUs, low
corporate data transmissions. Therefore success in the      bandwidth, and high latency wireless system. For the
mobile environment is dependent on the development          reason, it is challenging to implement security in small
and deployment of an end-to-end security solution that      foot-print devices with low processing power and
protects your wireless network, devices, application        small memory capacities and that use unreliable, low
and data[1].                                                bandwidth networks.
   However, wireless devices, including cellular                                     ll
                                                               In this paper, we’ propose an XML security
phones and personal digital assistant (PDA) with            method for wireless devices to help the secure mobile
Internet access, were not originally designed with          commerce and discuss some implementation issues to
security as a top priority. Furthermore most mobile         bring the XML security to mobile devices. As it allows
devices have little or no built-in security functions.      protecting the data not only transferred over the
Users who chose to deactivate their passwords could         network, but also stored within devices, it can provide
inadvertently allow unauthorized access to                  end-to-end security. Additionally it serves full
applications and plain data in device. Additionally         compatibility, flexibility, and extensibility by using
wireless devices may have Over The Air (OTA)                XML.
remote configuration facilities that could be exposed
and abused. In such a situation, success hinges upon
careful selection of feature subsets without destroying     2 Related Works
compatibility. Any gap in defenses could be exploited       Currently some security technologies have been
to the detriment of companies, so organizations                               e
                                                            developed for wirel ss network and devices. While
there are a plethora of security tools on the market,      integrity, and availability. For example, protecting
until now no one has offered an end-to-end security        your secrets with encryption does little good if the true
solution tailored to the specific demands of wireless      identity of your recipient is not what you anticipated.
environment.                                               Digital signatures are used to identify the author of a
                                                           message; people who receive the message can verify
                                                           the identity of the person who signed them. They can
2.1 WAP based on WTLS                                      be used in conjunction with passwords or as an
Wireless Transport Layer Security (WTLS) is similar        alternative to them.
to the Internet’s transport layer security protocol. It
provides authentication, data integrity, and private       3.2     Confidentiality
services within wireless technologies’ limited             Confidentiality is to prohibit eavesdropping during
processing       power,    memory     capacity,    and     data communication or disclosure from application or
bandwidth[2]. But because many e-commerce and              storage media[4]. It is important to protect the
corporate sites use SSL-based security, a transmission     confidentiality of the data held in device. Data must be
to such a site from WAP phone must first pass through      kept private, safe from interception and only available
a gateway that converts the encryption formatting          to users that are authorized to access it. One solution is
from WTLS to SSL. During this conversion process,          protecting within the device any long-term keys used
however, the message is very briefly unencrypted and       to encrypt private data. However, while it is
thus is subject to interception.                           straightforward to protect the confidentiality of
                                                           wireless traffic, it is much harder to protect the
2.2 SSL for small devices                                  confidentiality of the information held in the devices
Secure Socket Layer (SSL) for small devices may be         themselves.
one solution. It not only offers authentication, data
integrity, and private services, but also clears the       3.3     Data Integrity
above-mentioned problem that may happen during             Integrity is to verify that data has not been altered in
conversion processing[ 3]. But it is too heavy weight      transit by a third party, and to prevent forgery and
for comparatively weak CPUs and low-bandwidth,             unauthorized alteration[4]. Data must not be tampered
high latency wireless networks and chatty handshakes       with, because if it is modified it can become useless or
involve some long messages. Additionally SSL               dangerous, for example, false stock exchange
memory requirements, both static and runtime, are          information. Any electronic communication contains a
known to be high.                                          theoretical risk that the data could be corrupted while
                                                           in transit. The basic integrity problem is to ensure that
                                                           the message from one principal to another are not
3 Security Issues for Mobile Commerce                      corrupted by a malicious third principal.
Customers demand for an end-to-end package that
allows security policies already in place for wired        3.4     Non-Repudiation
networks to be extended to wireless network. In order      Parties of a transaction need to be able to confirm the
to provide end-to-end wireless security, it is necessary   identities of the other parties and the date and time of
to cover all of these following issues.                    the transaction[5]. For example a service provider may
                                                           want to prove to its customer that a human, in which
3.1     Authentication                                     case the authentication mechanism must verify that it
Authentication is to ensure that users, clients and        is a valid computer belonging to the legitimate
servers establish their identity. At some fundamental      organization. Non-repudiation is to prevent parties
level, you want to be sure that the people you deal with   from falsely denying data transactions after they were
are really who they say they are. The process of           supposedly done, enforcing accountability for
proving identity is called authentication[4]. A key        electronic transactions.
aspect of security for activities such as mobile
e-commerce and mission critical corporate                  3.5     Availabilty
communications is the ability to authenticate a            Availability is violated when the system is prevented
message sender’s identity. A failure of authentication     from performing its intended function, as when
can easily lead to violations of confidentiality,          someone brings down the web site of an online
store[5]. Data and machines must be accessible when         In this section, we’ll present components for XML
needed. If resources are not available there is denial of   security for mobile commerce. Fig. 1 depicts the XML
service, which may cause frustration and financial loss.    security model. It consists of XML signature module,
In some cases – such as systems that are connected to       XML encryption module and cryptography module.
production lines, where continuous service is essential     XML signature and XML encryption will be described
– denial of service has much more serious                   based on XML digital signature specification and
consequences.                                               XML encryption specification by W3C, respectively
                                                            because they have already defined as the international
                                                            standards and we need to conform to them. Next, we’ll
4 XML Security for Mobile Commerce                          discuss some implementation issues to bring them to
Security protocols dominant on the Internet                 wireless devices having relatively small system
commonly perceived as too big for small devices, and        resources.
today’s wireless architectures are proxy based and
lack end-to-end security. An end-to-end security            4.1 XML Signature
strategy needs to encompass an increasingly complex         XML signature aims to guarantee the integrity and
technology chain, including mobile phones, laptops          authentication to any digital content including XML
and PDAs from multiple venders, multiple operating          documents[6]. It allows generating and verifying a
systems, various network standards, wireless                signature for the entire document or specific parts of it.
e-business applications, and IT management                     In order to generate a signature, it is the first step
frameworks. Additionally companies need to be kept          that resources to be signed are accessed and
abreast of current and future risk in order to react        appropriately transformed. For example, enveloped
efficiently and effectively with minimal disruption to      signature transform removes the signature structure
service and quality.                                        from the document prior to digesting. Next, Reference
   The approach to the security model based on XML          elements that contain URI, Transform Method, Digest
is a secure and resilience solution design that meets the   Method and Digest Value can be generated after
business’ security and privacy requirements. It fulfills    message digests are computed over each entity. When
the security issues such as authentication, integrity,      multiple resources are signed together, Reference
confidentiality, non-repudiation, and availability          elements for each resource can be included in the
required for mobile commerce using wireless devices.        SignedInfo directly or contained in the Manifest
In addition, due to the features of XML and Java, it        element. In the latter case, the Reference element for
offers compatibility, extensibility, and flexibility.       the Manifest is only included in the SignedInfo
                                                               A Manifest is a list of entity References along with
                                                            their digests, just like the main SignedInfo structure.
                                                            This Manifest is included within the signature
                                                            structure and is signed by including a Reference to it
                                                            within the main signed info structure. During
                                                            verification, however, the References within the
                                                            Manifest need not be verified. A recipient can check
                                                            these References secondarily, if required.
                                                               SignedInfo element is generated, containing
                                                            Canonicalization Method information for SignedInfo
                                                            itself, Signature Method information, Manifest,
                                                            Signature Properties, Object and References for other
                                                            resource. This element allows a signature recipient to
                                                            ensure that no signed entity has been modified. The
                                                            location information allows the recipient to locate the
                                                            signed entity. A new message digest can then be
Fig. 1 The XML security model for secure mobile             computed over this entity and compared with the
commerce.                                                   message digest in the SignedInfo. By the properties of
                                                            cryptographic message digest algorithms, if the
document has changed, the message digest will have
changed. Therefore, if the two match, the document
has not changed from the time of signing.
   A digital signature is computed over this SignedInfo
fragment using the signature method indicated by
SignatureMethod element in the SignedInfo.
Canonicalization has to be performed before the
digital     signature      computation     using      the
canonicalization        method        indicated        by
CanonicalizatonMethod element in the Signed Info.
The digital signature allows the recipient to ensure that
the signed info fragment has not changed and that the
document was signed by a particular person. An XML
signature element is produced, containing the
SignedInfo element, the digital signature value and
various additional pieces of information such as the
signer's key information, Object element, etc.
Verification of a signature thus involves both checking
the digital signature on the signed info fragment and
checking the message digest of each entity listed in the
signed info.
   The verification of XML signature is processed by         Fig. 2 The processing flow of XML signature
following flow. Resources are accessed for                   generation and the structure of signature.
verification using the URI information in the
corresponding Reference element. Then they are               4.2 XML Encryption
transformed using the transform algorithm specified in        XML Encryption is a method whereby XML content
the Transform Method element in the Reference.               can be transformed such that it is discernible only to
Digest Values of the resources are computed using the        the intended recipients and opaque to all others[7].
digest algorithm specified in the Digest Method              Similar with XML signature, XML encryption
element in the corresponding Reference. Computed             specification describes a process for encrypting and
Digest Values are compared with the Signature Value          decrypting digital content (including XML documents
in the SignedInfo element. All the References a         re   and portions thereof) and an XML syntax used to
verified in this way.                                        represent the encrypted content and information that
   SignedInfo is canonicalized using the algorithm           enables an intended recipient to decrypt it.
specified in the Canonicalization Method element in             In order to encrypt an XML document, it requires
the SignedInfo. The signature is verified. First the         two-step encryption process. One is for documents to
public key information is obtained from the KeyInfo          be sealed, and the other is for a secret key used in
element and the signature value of the SignedInfo is         encryption of document. For first step encryption,
calculated using the signature algorithm specified in        most of all, it is necessary to generate a secret key
the Signature Method element. The value is compared          using Pseudo-Random Number Generator. The other
with the value in the SignatureValue ele ment.               hand, an XML document is encoded in a stream of
Manifest is verified. Digest Values of each Reference        bytes and compressed. It has advantages of reducing
in the Manifest are verified. The verification               the size of a ciphertext generated as a result and
processing is up to application program. The                 preventing attacker from getting information related
processing flow of XML Signature is depicted in Fig.2.       with the plaintext. Next, the compressed byte stream is
In this flow, the structure of XML Signature is              encrypted using a symmetric encryption algorithm and
conformed to that of XML Signature Draft.                    the secret key generated right before, and then the
                                                             ciphertext bytes are encoded in an XML node.
                                                                The second step encryption is for the secret key that
                                                             is used in encrypting an XML document. It is
                                                             encrypted usin g a particular recipient’s public key.
                                                             The ciphered secret key is also encoded in an XML
node and Ancillary information (such as the
encryption algorithm used, etc) is encoded as further     5 Implementation Issues
XML nodes. XML nodes generated previously are             In this section, we’ll discuss some implementation
organized into a DTD-defined XML structure and            issues to bring XML security to wireless devices
returned to the caller. The following Table 1             having relatively poor system resources.
summarizes the encryption process described right
before. To unseal the encrypted document, first of all,
the ancillary information is decoded to check what        5.1 XML Parser
algorithm was used to encrypt the document. The           We need to parse XML as part of J2ME application.
recipient’s private key is used to decrypt the            As XML parsing, traditionally, is a relatively intensive
embedded secret key contained within the XML              task in terms of processing power and memory, we’ll
document. The embedded XML ciphertext is                  need to be careful in selecting a parser for a MIDP
decrypted using the selected symmetric encryption         environment. To select a proper parser, we can
algorithm and the deciphered secret key. If the           consider following conditions.
decrypted stream of bytes was compressed, it needs to        First, we can take an account its code is small and it
be decompressed. Finally, the resulting stream of         doesn’t take gobs of memory to parse a document.
bytes is decoded back into an XML structure to form       Small parsers for J2ME devices are evolving rapidly,
the nodes of the hierarchy.                               and there are already nice choices of decent parsers
                                                          that don’t take up a lot of space, such as ASXMLP,
4.3 Cryptography Algorithm                                kXML, MinXML, TinyXML and so on[8].
In order to support XML signature and encryption, a          Second, we have to give up on running a validating
cryptography library contains symmetric and               parser in a MIDP environment. Validation is fairly
asymmetric cipher algorithms, hash algorithms, digital    intensive work, and the extra memory and processing
signature algorithms, and key generation algorithms.      requirements will reduce mobile phone to a
The security services and cryptographic algorithms        smoldering heap of scrap metal before you can finish
basically required are listed in Table 2.                 parsing a document. But we need not to give up on
                                                          validation entirely it may still be useful during
                                                          development cycle. We can use J2SE client with
Table 1. The process of making an encrypted XML           validating parsers to emulate our MIDP clients. We
document.                                                 may well flush out bugs in XML documents this way.
  1. Generate a symmetric key                             Once everything is running smoothly, switch over to
  2. Encode an XML document to byte stream                the nonvalidating parsers in the MIDP clients.
  3. Compress byte stream Optional
  4. Encrypt byte stream                                  5.2 Cryptographic Algorithm
  5. Encode byte stream Base64                            We need a cryptography package, which is organized
  6. Encrypt the symmetric key with asymmetric key        so that it constrains a light- weight API suitable for use
  7. Encode the encrypted the symmetric key with          in mobile environment with the additional
 Base64                                                   infrastructure to conform the algorithms to the JCE
  8. Encode the ancillary information                     framework. Although J2ME provides a few security
                                                          classes such as Cipher class, they can’t be public for
Table. 2 The required security services and               export clearance and are no open crypto APIs.
cryptographic algorithms by default.                      Therefore we need to implement our own security
                          Cryptographic                   service APIs and algorithms.
   Security Services
                          Algorithms                         Like XML parsing, cryptographic operations are
   Message Digest         SHA1, MD5                       intensive task in terms of processing power and
                                                          memory. As one solution, we can consider exploring
  Block Cipher              DES, DESede, AES              support for Elliptic Curve Cryptography (ECC). It
  Cipher (Asymmetric)       RSA                           provides a high level of security while demanding
  Signature                 DSA                           fewer computing and memory resources than other
                                                          encryption approaches[9]. This is an important
                                                          consideration for the small-footprint handheld devices.
In addition to this, we have to amortize the cost of       performance. Careful implementations of Internet
expensive operations by reusing their results multiple     security have acceptable performance on today’s
times.                                                     wireless, mobile devices.

5.3 WPKI
Although PKI is not the direct component of the XML        References:
security for wireless devices which we have proposed       [1] The wireless security acceleration team,
until now, we consider this mechanism as an indirect          “End-to-end wireless security: Integrated solutions
participant because it provides a set of technologies         that protect your business and your customer,”
that relies on encryption and digital certificates for a index.shtml, Dec. 2001.
digital signature. The certificates are message            [2] S. K. Miller, “Facing the challenge of wireless
attachments, issued by a certificate authority, that          security,” IEEE Computer, pp.16~18, July 2001.
authenticate a sender’s identity and provide               [3] PWH, E-Business Technology Forecast,
encryption keys.                                              PriceWaterHouse Coopers, May 1999.
   PKI is difficult to implement in the wireless world.    [4] Ovum, E-Business Security: New Directions and
Although there are several ways to accomplish them            Successful Strategies, 2000.
using variations of wireline PKI mechanism, the            [5] S. Garfinkel and G. Spafford, Web Security &
challenges have been designing PKI to work on                 Commerce, O’Reilly & Associates Inc., 1999.
devices with low throughput and computational power        [6] IETF/W3C, “XML-Signature Syntax and
and developing wireless PKI systems that can interact         Processing (Working Draft)”, October 2000,
with their wire line counterpart. There are several PKI
products for wireless communications. Using                   0001012/
technology from security v   enders such as Certicom,      [7] IETF/W3C, “XML-Encryption Syntax and
eTrust, and VeriSign, Neomar is shipping a                    Processing (Working Draft)”, March 2002,
commercial wireless browser that can store and      
manage PKI keys[3].                                           20304/
                                                           [8] J. Knudsen, “XML going wireless,” XML Journel,
                                                              vol. 2, issue. 11, Nov. 2001.
6 Concluding Remarks and Further                           [9] J. Knudsen, Java Cryptography , O’Reilly &
                                                              Associates Inc., 1998.
In this paper, we have proposed the security model
based on XML for secure mobile commerce. Because
today’s wireless architectures lack end-to-end security,
a truly effective, future-proofed wireless security need
to offer integrated technology, processes and
organizational solutions. Extending XML security to
wireless environment can meet all of the challenges
required of wireless security. It provides end-to-end
security by protecting data when they are not only
transferred over the network, but also stored in
wireless devices. Additionally, properties of XML and
Java allow full compatibility with large installed base
of secure web servers, extensibility, and flexibility.
These are compelling reasons to consider XML
security as for wireless device as the security solution
for next generation smart phones or PDAs.
   Although we have proposed an end-to-end security
solution for wireless devices, there are still many
things to do. First, we have to develop a demo
application for wireless devices, test its performance,
and think of the reuse method to improve the