Software based Acceleration Methods for XML Signature
(Or: is there such a method)
Youjin SongDongGuk University, Korea
Yuliang ZhengUniversity of North Carolina at Charlotte
May 5, 2005
2
Motivations
To examine performance of XML signature and encryption
To investigate feasibility of software based acceleration
To investigate (new) techniques not specified in the XML standards
3
Overview
Introduction Speed of XML Components
Quick survey Hardware based acceleration
Software based acceleration Experimental findings Use “signcryption” in XML Conclusion
4
Computational time of XML Components
Resource intensive operations XML Signing Xml verification XSLT transformation
5
Quick survey
To increase XML processing speed and for XML security, Hardware based solutions Software based solutions
Hardware based solutions: DataPower Sarvega WestBridge
6
Hardware based acceleration: DataPower
XS40 XML Security Gateway wire speed XML processing Good transaction speed with low latency At least 20-30 times faster
XA35 XML Accelerator Secure transactions at wire speed digital signing and verification Protects against XML denial of service attack
7
Hardware based acceleration: Sarvega
Speedway™ XSLT Accelerator decreases the operational costs by 90% 10-30 times the normal XML processing speed
XML Guardian™ Security Digital forensics Can be used as
Public DMZ Offline Signature generation/ verification
8
Hardware based acceleration: WestBridge XML Message Server [XMS] version 3 XMS slashes Web Services deployment, testing
and ongoing administration costs by up to 75%. 13 times faster for XML signatures. 17 times faster for XML encryption. XML Schema validations and the XSLT transformation 12
times and 10 times faster than the speed of XMS 2.0. XMS increases the speed of XML processing:
Streaming of XML versus building trees; Intelligent caching of credentials, schemas and style
sheets; "Only as needed" processing Pre-compiled rule sets.
9
Hardware v.s. Software
Hardware based
Software based
Cost High Low
Flexibility Low High
Effectiveness High OK
10
Experimental Environment
Machine: Pentium 4 with 2.66GHz processing speed with
512MB RAM. Programming Environment:
Java Simple API for XML [SAX] parsers for XML
processing Java Crypto Extensions & RSA-BSAFE Flexiprovider for creating crypto parameters
11
Software based acceleration
Build an XML Security Library XML Schema validation and
parsing using SAX parser Java to C communication through
Java Native Interface Crypto / Non-crypto operations
Signing a static / dynamic template file
Signing with X509 certificate Verifying a signature with a
single key, X509 certificates or Security Assertions Markup Language [SAML] file.
Verifying a XML document
12
What we’ve learned
Did quite a number of experiments (single doc and bulk of docs) SHA1 with RSA, SHA1 with DSA, …… Obtained a large number of test result sets Considered to tweak the underlying crypto library
Findings Negative ! Not much to be gained by tweaking or re-building
crypto library
13
Consider other techniques
Authenticity + Confidentiality Approach 1
Signature followed encryption Approach 2
Signcryption Does both signature and encryption, but with fewer
exponentiations Cost (signcryption) <<
Cost (signature) + Cost (encryption) “hit 2 birds in 1 stone”
14
In theory:Time -- DL Signcryption v.s. RSA and DL sign-then-encrypt
0
1000
2000
3000
4000
5000
6000
7000
8000
1024 2048 4096 8190
RSA sign-enc
DL Schnorr +ELGamalDL Signcryption
Time -- # of multiplications
DL: Discrete log
Level of security -- |p|=|n|
15
Signcryption test results
• After comparing with data sets for RSA, DSA etc,
• Match theoretical analysis
0
200
400
600
800
1000
1200
1400
1600
1800
1 10 100 200 300 400 500
SigncryptionMs/iteration
UnsigncryptionMs/iteration
LegendXaxis: IterationsY axis: Milliseconds/iteration
16
“Crippled” Signcryption
Turn off the “public key encryption” part of signcryption
Act as signature with designated verifier Especially useful in B2B and C2B, where
typically no 3rd party is involved in verification (Universally verifiable signatures are
good for certificates where verifiers are not fixed, but “over-kill” when no 3rd party is needed.)
17
Conclusion
Performance gain in XML signature/encryption by tweaking crypto library is limited
New techniques (out of the “XML standards” box) are needed
Performance gain of signcryption over sign-then-encrypt is verified