High-Assurance Cryptography for Web-Based Enterprises

  • William R. Simpson
  • Coimbatore Chandersekaran
Conference paper


Each web service and each infrastructure service has a need for symmetric and asymmetric encryption, as well as signature processing and other cryptographic processes. A number of specialized cryptographic functions have been developed for hardware and network operations. Their use is appropriate for network level operations. For purposes of this chapter, the discussion is limited to IP enabled communications and similar algorithms. Cryptography is used by most of the services in an enterprise. Asymmetric encryption is performed in suitably security hardened stores and symmetric encryption is performed in most bi-lateral operations. Signatures for integrity and trust use are pervasive. Key management is required throughout the enterprise. The crypto services may be used through all of the Open Systems Interconnection (OSI) model layers, however, this document concentrates on layers 4 and above. The pace of development of computer systems has led to a need for greater and greater key lengths to insure that keys used for encryption cannot be easily discovered. The chapter reviews many of the cryptographic algorithms in use and recommends those that will provide high assurance systems with adequate protection. The chapter also reviews the computational losses in bit effectiveness and provides an algorithm for computing the bits required for levels of protection.


Cryptographic hash Cryptography Electronic signature Key discovery Parallel processing Public key infrastructure Transport layer security Web services 


  1. 1.
    Coimbatore Chandersekaran, W.R. Simpson, Cryptography for a high-assurance web-based enterprise, lecture notes in engineering and computer science, in Proceedings World Congress on Engineering and Computer Science, WCECS2013, pp. 23–28, San Francisco (2013) Google Scholar
  2. 2.
    OASIS Open Set of Standards, WS-Security Specification 1.1, OASIS, Nov 2006Google Scholar
  3. 3.
    World Wide Web Consortium (W3C), Canonical XML version 1, March 2001Google Scholar
  4. 4.
    National Institute of Standards, FIPS PUB 180-3. Secure Hash Standard, Gaithersburg, Aug 2002Google Scholar
  5. 5.
    National Institute of Standards, FIPS PUB 140-2, Security Requirements for Cryptographic Modules, Gaithersburg, 25 May 2001Google Scholar
  6. 6.
    Internet Engineering Task Force (IETF) Standards, RFC 5246 The Transport Layer Security Protocol 1.2, 2008Google Scholar
  7. 7.
    Internet Engineering Task Force (IETF) Standards, RFC 2459 Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Jan 1999Google Scholar
  8. 8.
    National Institute of Standards, FIPS PUB 186-3, Digital Signature Standard, Gaithersburg, June 2009Google Scholar
  9. 9.
    S.K. Miller, Fiber Optic Networks Vulnerable to Attack, Information Security Magazine, 15 Nov 2006Google Scholar
  10. 10.
    PKCS #1, RSA Cryptography Standard,
  11. 11.
  12. 12.
    National Institute of Standards, FIPS 197, Advanced Encryption Standard (AES), Gaithersburg, Nov 2001Google Scholar
  13. 13.
    J.R.C. Cruz, Dobb’s, Keccak: The New SHA-3 Encryption Standard, The World of Software Development, see May 2013
  14. 14.
    World Wide Web Consortium (W3C), XML Encryption Syntax and Processing 10 Dec 2002Google Scholar
  15. 15.
    Internet Engineering Task Force (IETF) Standards, RFC 5751 Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification, July 2010Google Scholar
  16. 16.
    W.R. Simpson, Coimbatore Chandersekaran, A. Trice, A persona-based framework for flexible delegation and least privilege, Electronic Digest of the 2008 System and Software Technology Conference, Las Vegas, Nevada, May 2008Google Scholar
  17. 17.
    Coimbatore Chandersekaran, W.R. Simpson, The case for bi-lateral end-to-end strong authentication, World Wide Web Consortium (W3C) Workshop on Security Models for Device APIs, 4 pp, London, Dec 2008Google Scholar
  18. 18.
    W.R. Simpson, Coimbatore Chandersekaran, Information sharing and federation, in The 2nd International Multi-Conference on Engineering and Technological Innovation, IMETI2009, Orlando, vol. I, pp. 300–305, July 2009Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2014

Authors and Affiliations

  • William R. Simpson
    • 1
  • Coimbatore Chandersekaran
    • 1
  1. 1.Institute for Defense AnalysesAlexandriaUSA

Personalised recommendations