- Open Access
- Total Downloads : 504
- Authors : Ankita Gandhi, Ajay Dhabaria
- Paper ID : IJERTV1IS10293
- Volume & Issue : Volume 01, Issue 10 (December 2012)
- Published (First Online): 28-12-2012
- ISSN (Online) : 2278-0181
- Publisher Name : IJERT
- License: This work is licensed under a Creative Commons Attribution 4.0 International License
A Message Security in SOA Using XML Encryption with using ODD-EVEN Data Methodology
Ankita Gandhi
Student of M.Tech, COE Department, SITE Nathdwara, Rajasthan, India
Asst. Prof. Ajay Dhabaria
Assistant Professor, COE Department, SITE Nathdwara, Rajasthan, India
Abstract
XML is the language of business transaction & used as a specific standard format to exchange any documents or messages. XML encryption which is the one most popular technology to handle complex requirement for securing any XML file. In this paper, we represent the implementation of message security in SOA (Service Oriented Architecture). For that we use XML Encryption with Odd Even data Techniques compliance with W3Cs working draft for XML encryption. Here we have to take two security factor confidentiality & data Integrity. Confidentiality is maintained by applying XML Encryption & Data integrity is maintained by XML Signature. SOA is largely based on the concept of services. In terms of services – communication between consumer and provider. A provider is a system that implements a service so that other systems can call it. A consumer is a system that calls a service (uses a provided service). so here we have to create a web service & also measure the message security.
Keywords: – XML security, XML encryption, symmetric key, asymmetric key, SOA, Web Service;
-
Introduction
XML encryption standard was established by the W3C as formal version of W3C recommendations in Dec 2002.W3C XML Encryption Syntax and Processing specifies the process for encrypting the
data and represent it in to XML format. XML encryption uses any security algorithm to encrypt & decrypt the data. In this paper use AES algorithm for encryption & decryption. XML encryption can handle ASCII and non-ASCII data. This paper is Designed to enable user to perform encryption on various binary format files; e.g. jpeg, doc, txt, etc. which is consider as a Message. Implementation of XML encryption with take a odd-even data methodology for securing message in web services. The implementation complies with W3C XML Encryption Syntax and Processing Standard [1] for XML Encryption Format and data structure. Web service is used for securing purpose. Web service decryption language (WSDL) is used for create a web service. The encrypted message is first stored in web service and then decrypts it through web service [6].
-
Message Security Analysis in SOA using XML Encryption
As a message security, the confidentiality and privacy of the sensitive information must be protected during transfer. But there are some time not transfers information correctly. Whenever we apply any encryption algorithm for secure message it is somewhat easily decrypt. So, here we are improved the security level by level in SOA.[5] Our encrypted message stored in web service so, only web service through our encrypted message will decrypt.
So, now below we have described our Architecture for Securing Message in SOA using XML encryption
with odd- even data methodology. Using this architecture we are easily prove that whatever message is stored in web service, it is easily secure. Here we are show the architecture for understanding of the related work. We are going in step by step in related work to prove the desire output.
-
Architecture for securing Message in SOA using XML Encryption
Take any Binary Format File as a Input
( Consider as a Message) & also create a web service.
Create a XML Document
Data of XML Document Divide in EVEN ODD Data & Apply Encryption on it
Apply Encryption & Decryption on generated XML Document
Measure time to convert XML Document to Original File and also check for attack
Now Apply X.509 Certificate & XML Signature on that Encrypted file & Decrypt it in to original file.
Measure time to Decrypt Last Encrypted File to Back in to Original File and also check for attack
Compare Both Result
Fig 3.1. Architecture for securing message
Here we are represent the architecture for improve the message security in SOA. In above figure we have to mention the flow of the implementation.
-
Related Work
STEP:1 The first operation of XML encryption process is to read the binary data from the source document (e.g. jpeg file), followed by Base64 encoding operation on the binary data. Which is shown in below fig.4.1 and The output of the Base64 encoding is used to generate ASCII based XML syntax document as an input for XML Encryption processes. The output for it given in fig.4.3
Fig 4.1. Base64 Encoding
Fig 4.2. Plaintext XML Document
STEP: 2 Applying Odd-Even Data Methodology on generated XML Documents. So, we got below output. Means here we are trying to divide data in even & odd data form. So, we improve the security level.
Fig 4.3. Divide data in ODD-EVEN data
STEP:3 Apply XML Encryption on Odd-Even data using AES Algorithm. So, we are apply here security on even odd data. So, somewhat security level is increase.
STEP:4 we want to apply for improve the message security level by level in which we have to implement
-
X.509 Certificate: Which is created through write a below code:
use makecert.exe (Certificate Creation Tool). For that we have to write the below code:
Makecert r -pc n CN=XML_ENC_TEST_CERT b 01/01/2005 -e
01/01/2020 -sky exchange – ss my
-
XML Signature: XML Signature is used for provide the data integrity. In asp.net we can used the EnvelopedSignatureTransform ()[3] to create a enveloped Signature & add it in to created reference object. And after that created signature is attached with the final encrypted document.
STEP:5 generate graph for level by level security for secure message. By measure the decryption time. It is shows that here we have improve security level. Below table shows the output of response time for decrypt the message.
Table 1 Response Time Vs. Security Level
Graph 1 Improve Security Level
STEP: 6 finally we have to compare both result, in which first is apply encryption on data. & Check for attack. And second, apply encryption on even data, odd data & also provide more security through XML Signature & X.509 Certificate. In which 2nd result is improve compare with 1st result.
-
-
Conclusion
We have described the architecture of Message Security in SOA using encryption through a combination usage of symmetric and asymmetric algorithms to create an encrypted XML that complies with W3C standard. We have also shown that the integrity of the binary document is preserved after subjecting to encryption and decryption process. Therefore, this is a successful practical implementation of the XML encryption on any binary documents which is here considered as a Message. And also message is secure in created web service against the Attack. This is proving bye using the soapUI tool.
-
Future Work
The potential future work will be able to extend this XML security solution to support multiple files encryption and defining multiple recipients of the encrypted XML file. And also improve for more attackers.
-
Reference
-
Takeshi Eastlake, Blair Dillaway, Ed Simon, XML Encryption and Processing W3C, Recommendation 10 December 2002.URL=http://www.w3.org/TR/xmlenc-core/
-
Koji Miyauchi, XML Signature / Encryption The Basic of Web Services Security NEC Journal of Advanced Technology, ol 2.
-
Merlin Hughes, Takeshi Imamura, Hiroshi Maruyama, Decryption Transform for XML Signature, W3C Recommendation 10 December 2002. URL=http://www.w3.org/TR/xmlenc-decrypt/
-
Philippe Camacho, An Introduction to XML Signature and XML Encryption with XMLSec, URL=http://www.dcc.uchile.cl/~pcamacho/tutorial/w eb/xmlsec/xmlsec.html
-
T. Erl. Service-Oriented Architecture: Concepts, Technology, and Design. Prentice Hall PTR, Upper Saddle River, NJ, USA, 2005.
-
M. O'Neill. Web Services Security. McGraw- Hill, Inc., New York, NY, USA, 2003.