Advertisement

Trustworthy Verification and Visualisation of Multiple XML-Signatures

  • Wolfgang Kubbilun
  • Sebastian Gajek
  • Michael Psarros
  • Jörg Schwenk
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3677)

Abstract

The digital signature is one of the most important cryptographic primitives. It provides data integrity, message authentication and non-repudiation, which are required attributes in security critical services, such as electronic commerce, voting or health care. Whereas previous data formats for digital signatures concentrated on signing the entire document, the XML signature standard is feasible to secure complex workflows on a document with multiple signatures.

In a proof of concept implementation we demonstrate that verifying and trustworthily displaying of signed documents is realizable in standard Web browsers. The focus of our work are multisigned XML documents that introduce new requirements particularly in the field of presentation.

Keywords

Visualisation WYSIWYS XML XML Signature XPath XSL Transformation Web Browser 

References

  1. 1.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefzbMATHGoogle Scholar
  2. 2.
    European Parliament and Council: Directive 1999/93/ec of the european parliament and of the council of 13 december 1999 on a community framework for electronic signatures. Official Journal of the European Communities (2000)Google Scholar
  3. 3.
    The W3C: XML-Signature Syntax and Processing, W3C Recommendation (2002), http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
  4. 4.
    The W3C: XSL Transformations (XSLT), W3C Recommendation, Version 1.0 (1999), http://www.w3.org/TR/1999/REC-xslt-19991116
  5. 5.
    The Apache Software Foundation: Apache XML Security API, Version 1.1.0 (2004), http://xml.apache.org/security
  6. 6.
    Pordesch, U.: Die elektronische Form und das Präsentationsproblem. Nomos Verlagsgesellschaft (2002)Google Scholar
  7. 7.
    Weber, A.: See what you sign: Secure Implementations of Digital Signatures. In: International Conference on Intelligence and Services in Networks (1998)Google Scholar
  8. 8.
    Scheibelhofer, K.: What You See Is What You Sign - Trustworthy Display of XML Documents for Signing and Verification. In: Communications and Multimedia Security (2001)Google Scholar
  9. 9.
    Spalka, A., Cremers, A., Langweg, H.: The fairy tale of ‘what you see is what you sign‘ - Trojan Horse Attacks on Software for Digital Signature. In: IFIP WG 9.6/11.7 Working Conference (2001)Google Scholar
  10. 10.
    Kain, K., Smith, S., Asokan, R.: Digital Signatures and Electronic Documents: A Cautionary Tale. In: Communications and Multimedia Security (2002)Google Scholar
  11. 11.
    Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP Message Format. Network Working Group (1998) Request for Comment 2440Google Scholar
  12. 12.
    Hoffman, P.: Enhanced Security Services for S/MIME. Network Working Group (1999) Request for Comment 2634Google Scholar
  13. 13.
    Housley, R.: Cryptographic Message Syntax. Network Working Group (1999) Request for Comments 2630Google Scholar
  14. 14.
    Kaliski, B.: PKCS #7: Cryptographic Message Syntax Version 1.5. Network Working Group (1998) Request for Comment 2315Google Scholar
  15. 15.
    Utimaco AG: WYSIWYS - What you see is what you sign (2003), http://www.utimaco.com/eng/content_pdf/wysiwys.pdf
  16. 16.
    Scheibelhofer, K.: Signing XML Documents and the Concept of ”What You See Is What You Sign”. Institute for Applied Information Processing and Communications, Graz University of Technology (2001)Google Scholar
  17. 17.
    The W3C: XML Path Language (XPath), W3C Recommendation, Version 1.0 (1999), http://www.w3.org/TR/1999/REC-xpath-19991116
  18. 18.
    The Apache Software Foundation: Apache Xalan-Java, Version 2.6.0 (2004), http://xml.apache.org/xalan-j/

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Wolfgang Kubbilun
    • 1
  • Sebastian Gajek
    • 2
  • Michael Psarros
    • 2
  • Jörg Schwenk
    • 2
  1. 1.MediaSec Technologies GmbHEssenGermany
  2. 2.Horst Görtz Institute for IT SecurityRuhr-University BochumGermany

Personalised recommendations