ISC 2009: Information Security pp 491-506 | Cite as

F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services

  • Matthew Burnside
  • Angelos D. Keromytis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5735)

Abstract

The frequency and severity of a number of recent intrusions involving data theft and leakages has shown that online users’ trust, voluntary or not, in the ability of third parties to protect their sensitive data is often unfounded. Data may be exposed anywhere along a corporation’s web pipeline, from the outward-facing web servers to the back-end databases. The problem is exacerbated in service-oriented architectures (SOAs) where data may also be exposed as they transit between SOAs. For example, credit card numbers may be leaked during transmission to or handling by transaction-clearing intermediaries.

We present F3ildCrypt, a system that provides end-to-end protection of data across a web pipeline and between SOAs. Sensitive data are protected from their origin (the user’s browser) to their legitimate final destination. To that end, F3ildCrypt exploits browser scripting to enable application- and merchant-aware handling of sensitive data. Such techniques have traditionally been considered a security risk; to our knowledge, this is one of the first uses of web scripting that enhances overall security.Our approach scales well in the number of public key operations required for web clients and does not reveal proprietary details of the logical enterprise network. We evaluate F3ildCrypt and show an additional cost of 40 to 150 ms when making sensitive transactions from the web browser, and a processing rate of 100 to 140 protected fields/second on the server. We believe such costs to be a reasonable tradeoff for increased sensitive-data confidentiality.

Keywords

Credit Card Sensitive Data Business Logic Credit Card Number Logical Architecture 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Lemos, R.: TJX theft tops 45.6 million card numbers (March 2008), http://www.securityfocus.com/news/11455
  2. 2.
    Card data stolen from grocery chain (March 2008), http://www.securityfocus.com/brief/704
  3. 3.
    Institute, T.P.: 2007 Annual Study: Cost of a Data Breach(November 2007), http://www.ponemon.org/press/PR_Ponemon_2007-COB_071126_F.pdf
  4. 4.
    Saltzer, J.H., Reed, D.P., Clark, D.D.: End-to-end arguments in system design. ACM Transactions on Computer Systems (TOCS) 2(4), 277–288 (1984)CrossRefGoogle Scholar
  5. 5.
    Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000. Official Journal of the European Communities (December 2001)Google Scholar
  6. 6.
    Cai, L., Yang, X.: A reference model and system architecture for database firewall. In: Proceedings of IEEE SMC 2005, pp. 504–509 (2005)Google Scholar
  7. 7.
    Bai, K., Wang, H., Liu, P.: Towards Database Firewall: Mining the Damage Spreading Patterns. In: Proceedings of ACSAC 2006, pp. 178–192 (2006)Google Scholar
  8. 8.
    Garrett, J.J.: Ajax: A New Approach to Web Applications (February 2005), http://www.adaptivepath.com/ideas/essays/archives/000385.php
  9. 9.
    Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)CrossRefGoogle Scholar
  10. 10.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. In: Proceedings of the 12th Annual Network and Distributed Systems Security Symposium, NDSS 2005 (2005)Google Scholar
  11. 11.
    Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  12. 12.
    JHU-MIT Proxy Re-cryptography Library (March 2008), http://spar.isi.jhu.edu/~mgreen/prl/
  13. 13.
    Maruyama, H., Imamura, T.: Element-Wise XML Encryption(April 2000), http://lists.w3.org/Archives/Public/xml-encryption/2000Apr/att-0005/01-xmlenc
  14. 14.
    Cisco ACE XML Gateway (March 2008), http://www.cisco.com/en/US/products/ps7314/index.html
  15. 15.
    WebSphere DataPower XML Security Gateway XS40 (March 2008), http://www-306.ibm.com/software/integration/datapower/xs40/
  16. 16.
    Damiani, E., di Vimercati, S.D.C., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transactions on Information and System Security (TISSEC) 5(2), 169–202 (2002)CrossRefGoogle Scholar
  17. 17.
    Luo, B., Lee, D., Lee, W.C., Liu, P.: QFilter: fine-grained run-time XML access control via NFA-based query rewriting. In: The Thirteenth ACM International Conference on Information and Knowledge Management, pp. 543–552 (2004)Google Scholar
  18. 18.
    Fundulaki, I., Marx, M.: Specifying access control policies for XML documents with XPath. In: Proceedings of the ninth ACM symposium on Access control models and technologies, pp. 61–69 (2004)Google Scholar
  19. 19.
    OASIS eXtensible Access Control Markup Language (XACML) (2005), http://www.oasis-open.org/committees/security/
  20. 20.
    Stavrou, A., Locasto, M., Keromytis, A.: W3bcrypt: Encryption as a stylesheet. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 349–364. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Li, F., Luo, B., Liu, P., Lee, D., Chu, C.H.: Automaton segmentation: A new approach to preserve privacy in XML information brokering. In: Proceedings of the 14th ACM conference on Computer and Communications Security (CCS) (2007)Google Scholar
  22. 22.
    Mahmoud, Q.H.: Securing Web Services and the Java WSDP 1.5 XWS-Security Framework (March 2005), http://java.sun.com/developer/technicalArticles/WebServices/security/
  23. 23.
    Singaravelu, L., Pu, C.: Fine-grain, end-to-end security for web service compositions. In: IEEE International Conference on Services Computing (SCC 2007), pp. 212–219 (2007)Google Scholar
  24. 24.
    Chafle, G., Chandra, S., Mann, V., Nanda, M.G.: Orchestrating composite web services under data flow constraints. In: Proceedings of the IEEE International Conference on Web Services, pp. 211–218 (2005)Google Scholar
  25. 25.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil Pairing. SIAM Journal of Computing 32(2), 586–615 (2003)MathSciNetCrossRefMATHGoogle Scholar
  26. 26.
    Keromytis, A.D., Wright, J.L., de Raadt, T.: The Design of the OpenBSD Cryptographic Framework. In: Proceedings of the USENIX Annual Technical Conference, June 2003, pp. 181–196 (2003)Google Scholar
  27. 27.
    Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The Platform for Privacy Preferences 1.0 (P3P1.0) Specifcation (April 2002)Google Scholar
  28. 28.
    Jackson, C., Boneh, D., Mitchell, J.: Transaction generators: Root kits for the web. In: Proceedings of the 2nd USENIX Workshop on Hot Topics in Security (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Matthew Burnside
    • 1
  • Angelos D. Keromytis
    • 1
  1. 1.Department of Computer ScienceColumbia University in the City of New YorkUSA

Personalised recommendations