Inhalt

•  
   Doctorate Thesis Disclaimer
•  
   Bibliographic Information
•  
   Dedication
•  
   Acknowledgements
•  
   Danksagung
•  
   Abstract
•  
   Zusammenfassung
•  
   Table of Contents
•  
   List of figures
•  
   1 Introduction
•  
   2 IT Security Services and Mechanisms
•  
   2.1 Security services
•  
   2.2 Confidentiality
•  
   2.2.1 Definitions
•  
   2.2.2 Ways to disclose information
•  
   2.2.3 Types of confidentiality security mechanisms
•  
  2.2.4 Cryptographic algorithms for confidentiality security mechanisms
•  
   2.2.4.1 Encryption mechanisms
•  
   2.2.4.2 Symmetric encryption systems
•  
   2.2.4.3 Symmetric encryption algorithms
•  
   2.2.4.4 Asymmetric encryption systems
•  
   2.2.4.5 Asymmetric encryption algorithms
•  
   2.2.5 Key Management
•  
   2.2.6 Pseudo random bit generation
•  
   2.3 Traffic Flow Confidentiality
•  
  2.3.1 Security mechanisms for traffic flow confidentiality
•  
   2.3.1.1 Confidentiality provision through data padding
•  
   2.3.1.2 Confidentiality provision through dummy events
•  
   2.3.1.3 Examples
•  
   2.3.2 Analogies between network traffic and structured data
•  
   2.4 Data integrity
•  
   2.4.1 Types of data integrity services
•  
   2.4.2 Data integrity mechanisms
•  
   2.4.3 Data integrity algorithms
•  
   2.5 Authentication
•  
   2.5.1 Authentication mechanisms
•  
   2.5.2 Authentication protocols
•  
   2.6 Access Control
•  
   2.7 Plausible Deniability
•  
   3 Introduction to XML
•  
   3.1 XML v1.0
•  
  3.2 XML Namespaces
•  
   3.2.1 An example with namespaces
•  
   3.2.2 Namespaces for Attributes
•  
   3.2.3 Redeclaring namespaces and undeclaring default namespaces
•  
   3.2.4 Special namespaces
•  
   3.2.5 Relative URLs in namespaces
•  
   3.2.6 Namespaces 1.1
•  
   3.3 XML InfoSet
•  
   3.4 Document Object Model (DOM)
•  
   3.5 XPath
•  
  3.5.1 XPath axes
•  
   3.5.1.1 self axis
•  
   3.5.1.2 Parent axis
•  
   3.5.1.3 Ancestor axis
•  
   3.5.1.4 Ancestor-or-self axis
•  
   3.5.1.5 Child axis
•  
   3.5.1.6 Descendant axis
•  
   3.5.1.7 Descendant-or-self axis
•  
   3.5.1.8 Preceding-sibling axis
•  
   3.5.1.9 Following-sibling axis
•  
   3.5.1.10 Preceding axis
•  
   3.5.1.11 Following axis
•  
   3.5.1.12 Attribute axis
•  
   3.5.1.13 Namespace axis
•  
   3.5.1.14 Partitioning of the document using axes
•  
  3.5.2 XPath examples
•  
   3.5.2.1 Example 1
•  
   3.5.2.2 Example 2
•  
   3.6 Differences between the DOM2 and XPath data model
•  
  4 Canonical XML and XML Signature
•  
   4.1 Canonical XML
•  
   4.1.1 Document subsets
•  
  4.1.2 Applications of Canonical XML
•  
   4.1.2.1 XML Signature
•  
   4.1.2.2 XML Encryption
•  
   4.1.2.3 Comparison of XML documents or fragments
•  
  4.2 XML Signature
•  
   4.2.1 Introduction
•  
  4.2.2 Enveloping, enveloped and detached signatures
•  
   4.2.2.1 Enveloping signatures
•  
   4.2.2.2 Detached signatures
•  
   4.2.2.3 Enveloped signatures
•  
   4.2.2.4 Comparison
•  
  4.2.3 References
•  
   4.2.3.1 Basics
•  
   4.2.3.2 De-referencing URI attributes
•  
   4.2.3.3 Transformation of resources using Transform elements
•  
   4.2.4 SignedInfo element
•  
   4.2.4.1 SignatureValue element
•  
   4.2.4.2 Complex transforms vs. multiple references
•  
   4.2.5 Key Management using the KeyInfo element
•  
   4.2.6 Embedded objects for enveloping signatures - the Object element
•  
  5 Confidentiality Systems - State of the Art
•  
  5.1 Encryption of Unstructured Data
•  
   5.1.1 Example: IP Security Protocol (IPSec)
•  
   5.1.2 Example: Transport Layer Security (TLS)
•  
   5.1.3 Example: S/MIME
•  
   5.1.4 Example: OpenPGP
•  
   5.2 Selective Field Confidentiality
•  
  5.3 W3C XML Encryption
•  
   5.3.1 Introduction
•  
  5.3.2 Encryption for multiple recipients
•  
   5.3.2.1 Encrypting the same content
•  
   5.3.2.2 Super-Encryption
•  
   5.3.3 Serialization of XML for XML Encryption
•  
   5.3.4 An Example of XML Encryption
•  
   5.3.5 Ciphertext Locations
•  
   5.3.6 XML Encryption Key Management
•  
   5.3.7 XML Key Management
•  
   5.4 Information Disclosure in Encryption Systems
•  
  5.5 XML Access Control
•  
   5.5.1 Introduction
•  
   5.5.2 The invisible ancestors problem
•  
   5.5.2.1 The Schema-friendly solution
•  
   5.5.2.2 Real Invisible Ancestors
•  
   5.5.3 Information disclosure
•  
   5.6 Summary
•  
   6 Requirements for the New Confidentiality System
•  
  7 XML Pool Encryption
•  
   7.1 Basic mechanism
•  
  7.2 Terms used in this chapter
•  
   7.2.1 Document states
•  
   7.2.2 Node types
•  
   7.2.3 Components of the pool encryption procedure.
•  
   7.2.4 Components of the pool decryption procedure
•  
   7.2.5 Terms about the labeling procedure
•  
  7.3 Concepts and design principles
•  
   7.3.1 Removing nodes from the tree
•  
   7.3.2 Pool Key Management
•  
   7.3.3 Dummy nodes
•  
  7.4 Representing the position of a node in the tree
•  
   7.4.1 Simple approaches
•  
  7.4.2 “Adjacency List Mode” (ALM)
•  
   7.4.2.1 Overview
•  
   7.4.2.2 Analogy between the ALM and the event stream of an XML parser
•  
   7.4.2.3 Storing ALM labels
•  
   7.5 “Modified Adjacency List Mode” (MALM)
•  
   7.5.1 A MALM example
•  
   7.5.2 Definitions
•  
   7.5.3 Interval generators
•  
  7.5.4 Stepsize S
•  
   7.5.4.1 Enabling the tree labeling process
•  
   7.5.4.2 Hiding dependencies between nodes
•  
   7.5.4.3 Length of encoded labels
•  
  7.6 Key Management
•  
   7.6.1 Overview
•  
   7.6.2 Relationship between encrypted nodes and node keys
•  
   7.6.3 Collaboration of users
•  
   7.7 XML Structure
•  
   7.8 Dummy Nodes
•  
   7.9 Syntax for the algorithms
•  
  7.10 Node selection procedure
•  
   7.10.1 Overview
•  
   7.10.2 Algorithm
•  
   7.10.3 Example
•  
   7.11 Pool encryption procedure
•  
  7.11.1 Labelling procedure
•  
   7.11.1.1 Overview
•  
   7.11.1.2 Algorithm
•  
  7.11.2 Pruning procedure
•  
   7.11.2.1 Overview
•  
   7.11.2.2 Algorithm
•  
  7.11.3 Node encryption procedure
•  
   7.11.3.1 Overview
•  
   7.11.3.2 Algorithm
•  
   7.12 Pool decryption procedure
•  
  7.12.1 Node decryption procedure
•  
   7.12.1.1 Overview
•  
   7.12.1.2 Algorithm
•  
  7.12.2 Node restoration procedure
•  
   7.12.2.1 Overview
•  
   7.12.2.2 Algorithms for the node restoration
•  
   7.12.2.2.1 getNearestAncestor algorithm
•  
   7.12.2.2.2 parentalizeOrphan algorithm
•  
   7.12.2.2.3 restoreNode algorithm
•  
   7.13 A restoration example
•  
   7.13.1 First node restoration example
•  
   7.13.2 Second node restoration example
•  
   7.13.3 Third node restoration example
•  
  7.14 Encryption granularity
•  
   7.14.1 Document information item
•  
   7.14.2 Comment information items
•  
   7.14.3 Processing Instruction information items
•  
   7.14.4 Element information items
•  
   7.14.4.1 Attribute handling
•  
   7.14.4.2 Namespace handling
•  
   7.14.5 Attribute information items
•  
   7.14.6 Namespace information items
•  
   7.14.7 Character information items
•  
   7.14.8 Document Type Decl information items
•  
   7.14.9 Unexpanded Entity Reference information items
•  
   7.14.10 Unparsed Entity information items
•  
   7.14.11 Notation information items
•  
  7.15 Correctness of the Modified Adjacency List Mode
•  
   7.15.1 Introduction
•  
   7.15.2 Proof of correctness
•  
   7.15.3 Proof of non-ambiguous reconstruction
•  
  7.16 Editing documents after encryption
•  
   7.16.1 Destroying the label mechanism
•  
   7.16.2 Enabling editing in public documents
•  
   7.16.3 Trade-off between editability and structure awareness
•  
   7.17 Schema validity and encryption
•  
  8 Properties of XML Pool Encryption
•  
   8.1 Confidentiality of arbitrary nodes
•  
   8.2 Confidentiality of the original structure
•  
   8.3 Confidentiality of the total number of confidential nodes
•  
   8.4 Plausible deniability
•  
  9 Conclusions
•  
   9.1 Summary
•  
   9.2 Future work
•  
  Annex Implementation
•  
   A.1 Implementation of XML Pool Encryption
•  
   A.2 Syntax of pool encryption
•  
   A.2.1 EncryptedPool
•  
   A.2.2 EncryptedNodes
•  
   A.2.3 EncryptedNode
•  
   A.2.4 KeyCollections
•  
   A.2.5 EncryptedKeyCollection
•  
   A.2.6 KeyCollection
•  
   A.2.7 Serialization format for confidential nodes
•  
  A.3 The Apache XML Signature Implementation
•  
   A.3.1 org.apache.xml.security.* package
•  
   A.3.2 org.apache.xml.security.algorithm.**.* Package
•  
   A.3.3 org.apache.xml.security.c14n.**.* Package
•  
   A.3.4 org.apache.xml.security.keys.(content).* package
•  
   A.3.5 org.apache.xml.security.keys.keyresolver.* package
•  
   A.3.6 org.apache.xml.security.keys.storage.* package
•  
   A.3.7 org.apache.xml.security.signature.* package
•  
   A.3.8 org.apache.xml.security.transforms.* package
•  
   A.3.9 org.apache.xml.security.utils.* package
•  
   A.3.10 org.apache.xml.security.utils.resolver.**.* package
•  
   A.3.11 exceptions of the org.apache.xml.security hierarchy
•  
   References