Abstract
Push-based systems for distributing information through Internet are today becoming more and more popular and widely used. The widespread use of such systems raises non trivial security concerns. In particular, confidentiality, integrity and authenticity of the distributed data must be ensured. To cope with such issues, we describe here a system for securing push distribution of XML documents, which adopts digital signature and encryption techniques to ensure the above mentioned properties and allows the specification of both signature and access control policies. We also describe the implementation of the proposed system and present an extensive performance evaluation of its main components.
Similar content being viewed by others
References
Al-Mogren, A., Dunham, M.: Data broadcast classification. In: IEEE pp 221–241 (2005)
Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: ACM CCS (2005)
Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. Advances in Cryptology· Asiacrypt 00 LNCS (1976) (2000)
Bertino, E., Carminati, B., Ferrari, E.: A temporal key management scheme for broadcasting XML documents. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS’02) (2002)
Bertino, E., Carminati, B., Ferrari, E.: Securing XML data in third-party distribution systems. In: CIKM ’05: proceedings of the 14th ACM international conference on information and knowledge management, pp 99–106. ACM Press, New York (2005)
Bertino E., Castano S. and Ferrari E. (2001). Author- x: a comprehensive system for securing XML documents. IEEE Internet Comput. 5(3): 21–31
Bertino E. and Ferrari E. (2003). Secure and selective dissemination of XML documents. ACM Trans. Inform. Syst. Secur. 5(3): 290–331
Bertino E., Ferrari, E., Parasiliti Provenza, L.: Signature and access control policies for XML documents. In: Proceedings of 8th European symposium on research in computer security (ESORICS 2003) LNCS 2808(3):1–22 (2003)
Bertino E. and Sandhu R. (2005). Database security—concepts, approaches and challenges. IEEE Trans. Dependable Secure Comput. 2(1): 2–19
Castano S., Fugini M., Martella G., Samarati P.: Secure database systems. In: Diaz O., Piattini M. (eds.), Advanced Databases: Technology and Design, Artech House, London (2000)
Chaum D., van Heijst, E.: Group signatures. In: Eurocrypt 91, vol. 547, pp 257–265. Springer, Berlin (1991)
Chiou, G.H., Chen, W.T.: Secure broadcasting using the secure lock. IEEE Trans. Softw. Eng. 15(8) (1989)
Desmedt Y. and Frankel Y. (1989). Threshold cryptosystems. Cryptology Crypto 89: 307–315
Deutsch, A., Fernandez, M., Florescu, D., Levy, A., Suciu, D.: A query language for xml. In: Int’l Conference on World Wide Web. (1999) Available at: http://www.research.att.com/suciu
Devanbu P.T., Gertz M. and Kwong A. (2004). Flexible authentication of xml documents. J. Compu. Secur. 12(6): 841–864
Devanbu, P.T., Gertz, M., Martel, C.U., Stubblebine, S.G. Authentic third-party data publication. In: DBSec, pp 101–112 (2000)
ElGamal T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Info. Theory 31: 469–472
eXcelon Corporation: eXcelon XML Platform (2001). Available at http://www.exln.com
Ferraiolo D.F., Sandhu R.S., Gavrila S.I., Kuhn D.R. and Chandramouli R. (2001). Proposed nist standard for role-based access control. TISSEC 4(3): 224–274
Fiat A., Noar M. (1994) Broadcast encryption. Advances in Cryptology (Crypto 93) LNCS (773):480–491
Gladney H., Lotspiech J. (1997) Safeguarding digital library contents and users. D-Lib Magazine. (1997) Available at http://www.dlib.org/dlib/may97/ibm/05gladney.html
Hacigümüs H., Iyer B.R., Li C., Mehrotra S.: Executing sql over encrypted data in the database-service-provider model. In: SIGMOD Conference, pp 216–227 (2002)
Hacigümüs H., Mehrotra S., Iyer B.R.: Providing database as a service. In: ICDE, pp 29–38 (2002)
IBM: CryptolopeTM (1996). Available at http://domino.research.ibm.com/comm/wwwr_thinkresearch.nsf/pages/packinginfo396.html
List, X.D.M.: Simple API for XML (SAX). (1998) Under the coordination of David Megginson. Available at http://www.saxproject.org/
M., B., C., N.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. ASIACRYPT 5(3), 290–331 (2000)
Malone-Lee, J., Mao, W.: Signcryption using RSA. CT-RSA LNCS (2612), 211–225 (2003)
Martel C.U., Nuckolls G., Devanbu P.T., Gertz M., Kwong A. and Stubblebine S.G. (2004). A general model for authenticated data structures.. Algorithmica 39(1): 21–41
Merkle, R.C.: A certified digital signature. Advances in Cryptology-Crypto ’89 (1989)
Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures. In: ACM Conference on Computer and Communications Security, pp 245–254. ACM Press, New York (2001)
Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and integrity in outsourced databases. In: NDSS (2004)
Narasimha, M., Tsudik, G.: Dsac: integrity for outsourced databases with signature aggregation and chaining. In: CIKM, pp 235–236 (2005)
Pang, H., Jain, A., Ramamritham, K., Tan, K.L.: Verifying completeness of relational query results in data publishing. In: SIGMOD Conference, pp 407–418 (2005)
Pang, H., Tan, K.L.: Authenticating query results in edge computing. In: ICDE, pp 560–571 (2004)
Pollmann, C.G.: The XML security page. Available at http://www.nue.et-inf.uni-siegen.de/g̃euer-poll-mann/xml_security.html
Rivest R.L., Shamir A. and Adleman L.M. (1978). A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21: 120–126
Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: ASIACRYPT 2001, vol. 2248, pp 552–565. Springer, Berlin (2001)
Shamir A. (1979). How to share a secret.. Commun. ACM 22: 612–613
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy, pp 44–55 (2000)
Stallings, W.: Network Security Essentials: Applications and Standards. Prentice Hall, Englewood Cliff (2000)
W3C: Document Object Model (DOM) (1998) Available at http://www.w3.org/DOM
W3C: XML Path Language (XPath). (1999) Available at http://www.w3.org/TR/xpath/
W3C: XML-Encryption Syntax and Processing (2000). Available at http://lists.w3.org/Archives/Public/xml-encryption/2000Aug/att-0001/01-xmlencoverview.html
W3C: XML-Signature Syntax and Processing (2002). Available at http://www.w3.org/TR/xmldsig-core/
Zhang, J., Varadharajan, V., Mu, I.: Securing XML document sources and their distribution. In: Proceedings of the 18th international conference on advanced information networking and application (AINA’04) (2004)
Zheng, Y.: Digital signcryption or how to achieve cost (signature & encryption) < < cost (signature) + cost (encryption). CRYPTO’97 LNCS (1294), 165–179 (1997)
Zheng, Y.: Identification, signature and signcryption using high order residues modulo an rsa composite. Public Key Cryptography (PKC 2001) LNCS (1992), 48–63 (2001)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bertino, E., Ferrari, E., Paci, F. et al. A system for securing push-based distribution of XML documents. Int. J. Inf. Secur. 6, 255–284 (2007). https://doi.org/10.1007/s10207-007-0020-3
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-007-0020-3