XML安全技术研究及在电子商务中的应用
|
摘要
XML技术以其强大的描述性、结构化、易扩展、跨平台等特性,在网络数据存储和交换中发挥的作用越来越大,其安全性也受到广泛的关注。基于Web的XML电子商务订单在Internet开放的环境下传输和存储时,XML文档的明文传输是危险的,所以需要对其应用数据加密,签名等安全技术来保证Web服务的安全。
本文在介绍了网络数据安全技术以及XML的基本知识的基础上,结合分析了包括XML加密、XML数字签名、XML密钥管理、安全性断言标记语言、XML访问控制标记语言等XML安全技术。然后结合XML安全技术标准,提出了一个包括xml文件加密、数字签名、密钥获取和管理控制的电子商务安全平台策略。采取通过底层的DOM对XML文档对象进行解析,并为上层应用提供通用的API接口。
对该平台的加密解密,签名验证模块用.NET框架来实现。对文件资料的加密应用3DES加密算法,为了解决公钥传输问题,应用RSA算法对密钥进行加密实现,最后签名的实现是通过应用SHA-1对文件进行信息摘来完成的。该模块解决了基于Web的XML电子商务订单在Internet上传输和存储时所面临的安全问题。最后对集成XML安全技术的数据交换方案及其实现结果进行了分析。
XML technology becomes popular on data storage and data exchange in a TCP/IP network because of its powerful description, structure, easy expansion, and cross-platform. The security of XML becomes much more important. As Web-based XML e-commerce orders in Open environment may be liable to various security threats on the Internet at transmission and storage, so need apply data encrypt and digital signature to ensure the security of Web service.
Firstly, XML technology and modern security technology based on cryptography is discussed in this paper. Then The XML encryption, XML digital signature, XML Key Management Specification, security assertion markup language and XML Access Control Markup Language are studied. Then,Advanced a e-business security platform including encrypt of XML document, digital signature ,accessing control and management of secret key.This platform provides provides connect port for upper implementation level and parse XML object file through DOM.
In the implementation of this scheme, XML encryption / decryption functions based on 3DES encryption algorithm and RSA-based digital signature / validation function are programmed with .Net platform and C# Language. These modules provide the XML document confidentiality, authentication, non-repudiation, integrity, and other security services. The scheme and its implementation can satisfy the security requirements of Web-based XML e-commerce orders on the Internet transmission and storage. In the end of this paper, the security of this integrated scheme is analyzed.
本文在介绍了网络数据安全技术以及XML的基本知识的基础上,结合分析了包括XML加密、XML数字签名、XML密钥管理、安全性断言标记语言、XML访问控制标记语言等XML安全技术。然后结合XML安全技术标准,提出了一个包括xml文件加密、数字签名、密钥获取和管理控制的电子商务安全平台策略。采取通过底层的DOM对XML文档对象进行解析,并为上层应用提供通用的API接口。
对该平台的加密解密,签名验证模块用.NET框架来实现。对文件资料的加密应用3DES加密算法,为了解决公钥传输问题,应用RSA算法对密钥进行加密实现,最后签名的实现是通过应用SHA-1对文件进行信息摘来完成的。该模块解决了基于Web的XML电子商务订单在Internet上传输和存储时所面临的安全问题。最后对集成XML安全技术的数据交换方案及其实现结果进行了分析。
XML technology becomes popular on data storage and data exchange in a TCP/IP network because of its powerful description, structure, easy expansion, and cross-platform. The security of XML becomes much more important. As Web-based XML e-commerce orders in Open environment may be liable to various security threats on the Internet at transmission and storage, so need apply data encrypt and digital signature to ensure the security of Web service.
Firstly, XML technology and modern security technology based on cryptography is discussed in this paper. Then The XML encryption, XML digital signature, XML Key Management Specification, security assertion markup language and XML Access Control Markup Language are studied. Then,Advanced a e-business security platform including encrypt of XML document, digital signature ,accessing control and management of secret key.This platform provides provides connect port for upper implementation level and parse XML object file through DOM.
In the implementation of this scheme, XML encryption / decryption functions based on 3DES encryption algorithm and RSA-based digital signature / validation function are programmed with .Net platform and C# Language. These modules provide the XML document confidentiality, authentication, non-repudiation, integrity, and other security services. The scheme and its implementation can satisfy the security requirements of Web-based XML e-commerce orders on the Internet transmission and storage. In the end of this paper, the security of this integrated scheme is analyzed.
引文
[1] Charles F.Goldfarb. XML手册[M].张晓晖,王艳斌译.电子工业出版社.2003.
[2] PHallam Baker.XML Key Management Specification(XKMS2.0) [EB/OL]. http://www.w3.org/TR/xkms2/. http://www.oasis-open.org/committees/documents.php?wg_abbrev=security,2003- 09.
[3] Verma M.XML Security:Ensure portable trust with SAML[Z].IBM developer Works,2004.
[4] C.Lim,S.Park,S.H.Son.Access Control of XML Documents considering Update Operations[C]. ACM Workshop on XML Security,2003.
[5] Verma M.XML Security:Control information access with XACML[Z].IBM developer Works,2004.
[6] M Kudo, S Hada.XML document security based on provisional authorization[C]. Proc of the 7th ACM Conf on Computer and Communications Security,2000.
[7]冯登国,裴定一.密码学导引[M].科学出版社,1999.
[8] Dournaee B.XML安全基础[M].周永彬,贺也平,刘娟译.清华大学出版社,2003.
[9] PHallam Baker.XML Key Management Specification(XKMS2.0) [EB/OL]. http://www.w3.org/TR/xkms2/. http://www.oasis-open.org/committees/documents.php?wg_abbrev=security,2003- 09.
[10] Verma M.XML Security:Ensure portable trust with SAML[Z].IBM developer Works,2004.
[11] C.Lim,S.Park,S.H.Son.Access Control of XML Documents considering Update Operations[C]. ACM Workshop on XML Security,2003.
[12] Verma M.XML Security:Control information access with XACML[Z].IBM developer Works,2004.
[13] M Kudo, S Hada.XML document security based on provisional authorization[C]. Proc of the 7th ACM Conf on Computer and Communications Security,2000.
[14] Boyer J.M.Bulletproof,Business Process Automation: Securing XML Forms with Document Subset Signatures[C]. Proceedings of the 2003 ACM workshop on XMLsecurity, ACM Press, 2003: 104-111.
[15] Wu T C,Huang CC,Guan D J.Delegated Multi-signature Scheme with Document Decomposition[J].Journal of Systems and Software,2001,55(3):321-328.
[16] DEastlake,JReagle,DSolo.XML -Signature Syntax and Processing[EB/OL]. http://www.w3.org/TR/xmldsig -core/.
[17] BERTINAE,CARMINATIB,FERRARIE.XMLsecurity[R].Information Security Technical Report,2001,6(2):44-58.
[18]邹青梅.XML安全技术研究及应用[D].武汉理工大学硕士学位论文.2005.
[19] Canonical XML W3C recommendation [EB/OL]. http://www. w3.org/TR/2001/REC-xml-cl4n.
[20] DEastlake,JReagle.XML Encryption Syntax and Processing[EB/OL]. http://www.w3.org/TR/xmlenc core/.
[21] Decryption Transform for XML Signature[EB/OL]. http://www.w3.org/TR/2002/REC-xmlenc-decrypt-20021210
[22]张剑青,刘旭东,怀进鹏.基于XML的密钥管理的研究与实现[J].计算机研究与发展.2003,40(1).
[23] PHallam Baker.XML Key Management Specification(XKMS2.0) [EB/OL]. http://www.w3.org/TR/xkms2/. http://www.oasis-open.org/committees/documents.php?wg_abbrev=security,2003- 09.
[23] Verma M.XML Security:Ensure portable trust with SAML[Z].IBM developer Works,2004.
[24] C.Lim,S.Park,S.H.Son.Access Control of XML Documents considering Update Operations[C]. ACM Workshop on XML Security,2003.
[25]杨刚.傅建明.电子商务安全风险评估中的资产风险计算[J]-阜阳师范学院学报(自然科学版).2006(01)
[26]吴庆涛.基于时间序列数据挖掘的主动入侵检测研究[D]博士2006
[27]吕必俊.基于CIMC PP的PKI安全保护等级评估工具的研究[D]硕士2006
[28]陈慧勤.企业信息安全风险管理的框架研究[D]硕士2006
[29]张先红.数字签名原理及技术[M]北京:机械工业出版社,2004:86-96.
[30]曹学军.网络安全的卫士——数字签名技术[J]国外科技动态,200l(5):196—203.
[31]学军.数字签名技术是网络安全的重要保障[J]电子展望与决策,2000(7):205~208.
[32]范红.数字签名技术及其在网络信息安幸中的应[J]中国科学院研究生院学报,2001(2)
[33]孙燮华.计算机密码学的新进展[J]中国计量学院学报2001,12(1)
[34]曹珍富.基于公钥密码的门限密钥托管方案[J]中国科学E辑2000,30(4)
[35]林德敬,林柏钢.三大密码体制:对称密码、公钥密码和量子密码的理论与技术[J]电讯技术,2003,43(3)
[36]范恒英,何大可,卿铭.公钥密码新方向:椭圆曲线密码学[J]通信技术,2002(7)
[37]徐炜,陶翔,徐国永.税收信息化建设中PKI技术的应用研究[J]计算机工程与设计,2007(09)
[38]华建军.数字签名的发展和前景[J]科技经济市场,2007(03)
[39]陈坚,宋安平.一种电子支付接口的设计和实现[J]计算机应用,2007(z2)
[40]杨爽,方泳泽,游哲丰.数据加密技术在PDM中的应用[J]福建电脑,2007(11)
[41]苏强林,王果,侯志勇.数字签名概述[J]河南机电高等专科学校学报,2007(06)
[42]周为,张志伟.基于椭圆曲线的代理多重数字签名[J]福建电脑,2008(03)
[43]游新娥,李丽娟.一种改进的数字签名方案[J]科学技术与工程,2008(17)
[44]王英.浅析电子商务的安全性[J]通信技术,2008,41(4)
[45]罗芳,陈浩然,熊前兴.EDI系统安全性探讨[J]计算机应用研究,2002,19(1)
[46]孟博,熊丽,陈浩然.基于PKI的电子商务安全研究[J]计算机工程与应用,2002,38(11)
[2] PHallam Baker.XML Key Management Specification(XKMS2.0) [EB/OL]. http://www.w3.org/TR/xkms2/. http://www.oasis-open.org/committees/documents.php?wg_abbrev=security,2003- 09.
[3] Verma M.XML Security:Ensure portable trust with SAML[Z].IBM developer Works,2004.
[4] C.Lim,S.Park,S.H.Son.Access Control of XML Documents considering Update Operations[C]. ACM Workshop on XML Security,2003.
[5] Verma M.XML Security:Control information access with XACML[Z].IBM developer Works,2004.
[6] M Kudo, S Hada.XML document security based on provisional authorization[C]. Proc of the 7th ACM Conf on Computer and Communications Security,2000.
[7]冯登国,裴定一.密码学导引[M].科学出版社,1999.
[8] Dournaee B.XML安全基础[M].周永彬,贺也平,刘娟译.清华大学出版社,2003.
[9] PHallam Baker.XML Key Management Specification(XKMS2.0) [EB/OL]. http://www.w3.org/TR/xkms2/. http://www.oasis-open.org/committees/documents.php?wg_abbrev=security,2003- 09.
[10] Verma M.XML Security:Ensure portable trust with SAML[Z].IBM developer Works,2004.
[11] C.Lim,S.Park,S.H.Son.Access Control of XML Documents considering Update Operations[C]. ACM Workshop on XML Security,2003.
[12] Verma M.XML Security:Control information access with XACML[Z].IBM developer Works,2004.
[13] M Kudo, S Hada.XML document security based on provisional authorization[C]. Proc of the 7th ACM Conf on Computer and Communications Security,2000.
[14] Boyer J.M.Bulletproof,Business Process Automation: Securing XML Forms with Document Subset Signatures[C]. Proceedings of the 2003 ACM workshop on XMLsecurity, ACM Press, 2003: 104-111.
[15] Wu T C,Huang CC,Guan D J.Delegated Multi-signature Scheme with Document Decomposition[J].Journal of Systems and Software,2001,55(3):321-328.
[16] DEastlake,JReagle,DSolo.XML -Signature Syntax and Processing[EB/OL]. http://www.w3.org/TR/xmldsig -core/.
[17] BERTINAE,CARMINATIB,FERRARIE.XMLsecurity[R].Information Security Technical Report,2001,6(2):44-58.
[18]邹青梅.XML安全技术研究及应用[D].武汉理工大学硕士学位论文.2005.
[19] Canonical XML W3C recommendation [EB/OL]. http://www. w3.org/TR/2001/REC-xml-cl4n.
[20] DEastlake,JReagle.XML Encryption Syntax and Processing[EB/OL]. http://www.w3.org/TR/xmlenc core/.
[21] Decryption Transform for XML Signature[EB/OL]. http://www.w3.org/TR/2002/REC-xmlenc-decrypt-20021210
[22]张剑青,刘旭东,怀进鹏.基于XML的密钥管理的研究与实现[J].计算机研究与发展.2003,40(1).
[23] PHallam Baker.XML Key Management Specification(XKMS2.0) [EB/OL]. http://www.w3.org/TR/xkms2/. http://www.oasis-open.org/committees/documents.php?wg_abbrev=security,2003- 09.
[23] Verma M.XML Security:Ensure portable trust with SAML[Z].IBM developer Works,2004.
[24] C.Lim,S.Park,S.H.Son.Access Control of XML Documents considering Update Operations[C]. ACM Workshop on XML Security,2003.
[25]杨刚.傅建明.电子商务安全风险评估中的资产风险计算[J]-阜阳师范学院学报(自然科学版).2006(01)
[26]吴庆涛.基于时间序列数据挖掘的主动入侵检测研究[D]博士2006
[27]吕必俊.基于CIMC PP的PKI安全保护等级评估工具的研究[D]硕士2006
[28]陈慧勤.企业信息安全风险管理的框架研究[D]硕士2006
[29]张先红.数字签名原理及技术[M]北京:机械工业出版社,2004:86-96.
[30]曹学军.网络安全的卫士——数字签名技术[J]国外科技动态,200l(5):196—203.
[31]学军.数字签名技术是网络安全的重要保障[J]电子展望与决策,2000(7):205~208.
[32]范红.数字签名技术及其在网络信息安幸中的应[J]中国科学院研究生院学报,2001(2)
[33]孙燮华.计算机密码学的新进展[J]中国计量学院学报2001,12(1)
[34]曹珍富.基于公钥密码的门限密钥托管方案[J]中国科学E辑2000,30(4)
[35]林德敬,林柏钢.三大密码体制:对称密码、公钥密码和量子密码的理论与技术[J]电讯技术,2003,43(3)
[36]范恒英,何大可,卿铭.公钥密码新方向:椭圆曲线密码学[J]通信技术,2002(7)
[37]徐炜,陶翔,徐国永.税收信息化建设中PKI技术的应用研究[J]计算机工程与设计,2007(09)
[38]华建军.数字签名的发展和前景[J]科技经济市场,2007(03)
[39]陈坚,宋安平.一种电子支付接口的设计和实现[J]计算机应用,2007(z2)
[40]杨爽,方泳泽,游哲丰.数据加密技术在PDM中的应用[J]福建电脑,2007(11)
[41]苏强林,王果,侯志勇.数字签名概述[J]河南机电高等专科学校学报,2007(06)
[42]周为,张志伟.基于椭圆曲线的代理多重数字签名[J]福建电脑,2008(03)
[43]游新娥,李丽娟.一种改进的数字签名方案[J]科学技术与工程,2008(17)
[44]王英.浅析电子商务的安全性[J]通信技术,2008,41(4)
[45]罗芳,陈浩然,熊前兴.EDI系统安全性探讨[J]计算机应用研究,2002,19(1)
[46]孟博,熊丽,陈浩然.基于PKI的电子商务安全研究[J]计算机工程与应用,2002,38(11)