Software based Acceleration Methods for XML Signature

(Or: is there such a method)

Youjin SongDongGuk University, Korea

Yuliang ZhengUniversity of North Carolina at Charlotte

yzheng@uncc.edu

May 5, 2005

2

Motivations

To examine performance of XML signature and encryption

To investigate feasibility of software based acceleration

To investigate (new) techniques not specified in the XML standards

3

Overview

Introduction Speed of XML Components

Quick survey Hardware based acceleration

Software based acceleration Experimental findings Use “signcryption” in XML Conclusion

4

Computational time of XML Components

Resource intensive operations XML Signing Xml verification XSLT transformation

5

Quick survey

To increase XML processing speed and for XML security, Hardware based solutions Software based solutions

Hardware based solutions: DataPower Sarvega WestBridge

6

Hardware based acceleration: DataPower

XS40 XML Security Gateway wire speed XML processing Good transaction speed with low latency At least 20-30 times faster

XA35 XML Accelerator Secure transactions at wire speed digital signing and verification Protects against XML denial of service attack

7

Hardware based acceleration: Sarvega

Speedway™ XSLT Accelerator decreases the operational costs by 90% 10-30 times the normal XML processing speed

XML Guardian™ Security Digital forensics Can be used as

Public DMZ Offline Signature generation/ verification

8

Hardware based acceleration: WestBridge XML Message Server [XMS] version 3 XMS slashes Web Services deployment, testing

and ongoing administration costs by up to 75%. 13 times faster for XML signatures. 17 times faster for XML encryption. XML Schema validations and the XSLT transformation 12

times and 10 times faster than the speed of XMS 2.0. XMS increases the speed of XML processing:

Streaming of XML versus building trees; Intelligent caching of credentials, schemas and style

sheets; "Only as needed" processing Pre-compiled rule sets.  

9

Hardware v.s. Software

Hardware based

Software based

Cost High Low

Flexibility Low High

Effectiveness High OK

10

Experimental Environment

Machine: Pentium 4 with 2.66GHz processing speed with

512MB RAM. Programming Environment:

Java Simple API for XML [SAX] parsers for XML

processing Java Crypto Extensions & RSA-BSAFE Flexiprovider for creating crypto parameters

11

Software based acceleration

Build an XML Security Library XML Schema validation and

parsing using SAX parser Java to C communication through

Java Native Interface Crypto / Non-crypto operations

Signing a static / dynamic template file

Signing with X509 certificate Verifying a signature with a

single key, X509 certificates or Security Assertions Markup Language [SAML] file.

Verifying a XML document

12

What we’ve learned

Did quite a number of experiments (single doc and bulk of docs) SHA1 with RSA, SHA1 with DSA, …… Obtained a large number of test result sets Considered to tweak the underlying crypto library

Findings Negative ! Not much to be gained by tweaking or re-building

crypto library

13

Consider other techniques

Authenticity + Confidentiality Approach 1

Signature followed encryption Approach 2

Signcryption Does both signature and encryption, but with fewer

exponentiations Cost (signcryption) <<

Cost (signature) + Cost (encryption) “hit 2 birds in 1 stone”

14

In theory:Time -- DL Signcryption v.s. RSA and DL sign-then-encrypt

0

1000

2000

3000

4000

5000

6000

7000

8000

1024 2048 4096 8190

RSA sign-enc

DL Schnorr +ELGamalDL Signcryption

Time -- # of multiplications

DL: Discrete log

Level of security -- |p|=|n|

15

Signcryption test results

• After comparing with data sets for RSA, DSA etc,

• Match theoretical analysis

0

200

400

600

800

1000

1200

1400

1600

1800

1 10 100 200 300 400 500

SigncryptionMs/iteration

UnsigncryptionMs/iteration

LegendXaxis: IterationsY axis: Milliseconds/iteration

16

“Crippled” Signcryption

Turn off the “public key encryption” part of signcryption

Act as signature with designated verifier Especially useful in B2B and C2B, where

typically no 3rd party is involved in verification (Universally verifiable signatures are

good for certificates where verifiers are not fixed, but “over-kill” when no 3rd party is needed.)

17

Conclusion

Performance gain in XML signature/encryption by tweaking crypto library is limited

New techniques (out of the “XML standards” box) are needed

Performance gain of signcryption over sign-then-encrypt is verified

Questions?