PERSEC: um middleware para multicriptografia em web services (versão SDN).
Autor(a) principal: | |
---|---|
Data de Publicação: | 2015 |
Tipo de documento: | Dissertação |
Idioma: | por |
Título da fonte: | Biblioteca Digital de Teses e Dissertações da UNIFACS |
Texto Completo: | http://teste.tede.unifacs.br:8080/tede/handle/tede/541 |
Resumo: | Web services are a way to share data and should be treated as a solution to interoperability between heterogeneous systems. However, by having a public infrastructure subject to attacks, security concerns have become challenging. To ensure the security of these applications, some security specifications are used to promote the confidentiality and integrity of information, such as the XML Signature and XML Encryption. However, the encryption process performed by the XML encryption specification degrades the performance of Web Services. Nevertheless, this XML security specification has been widely used to ensure the safety message-level (safety end-to-end), Web Services applications. This is justified because if this type of security is not established, SOAP messages, shared between the client application and the Web service, would be exposed from one point to another of communication between applications, revealing unduly confidential data. Considering this background, there was this work a literature review in order to detect scientific evidence that guide the proposal for a new security solution for Web services, message-level, aiming to reduce the degradation impact caused by the encryption process. Accordingly, the main scientific evidence detected to treat the problem in question was the suggestion to use different cryptographic algorithms for encrypting the data of a SOAP message. This hypothesis has been implemented by means of a middleware, based on an XML Schema for structuring data in a SOAP message confidentiality levels so that, in this way, the middleware was able to encrypt each level by a specific cryptographic algorithm - taking into account the robustness of these cryptographic algorithms in terms of safety, i.e., levels lower confidentiality are encrypted using less secure algorithms, while the highest levels of confidentiality are encrypted using safer algorithms (such as the cryptographic algorithms have fees separate computer, if reasoned that this technique would result in better performance in comparison with the usual procedure to apply only a cryptographic algorithm that eventually could be the most expensive computationally to accomplish this task). Therefore, in order to prove the effectiveness of this technique has been proposed an experimental evaluation, based on the main middleware usage scenarios (which allow encrypting the data of a SOAP message via one, two or three cryptographic algorithms), to see if, in fact, the possibility of applying different cryptographic algorithms, to encrypt a SOAP message, would improve the performance of Web Services that implement the security end-to-end. The results obtained with the execution of the experiments showed that the encryption process, as well as the decryption, the experiments using two or three cryptographic algorithms to encrypt a particular SOAP message, had its processing time significantly reduced from experiments only a cryptographic algorithm employed for the same purpose. This finding served to validate the hypothesis supported this work. |
id |
UNIF_e1559099c2ba2f8189ce11eaeffd84a7 |
---|---|
oai_identifier_str |
oai:teste.tede.unifacs.br:tede/541 |
network_acronym_str |
UNIF |
network_name_str |
Biblioteca Digital de Teses e Dissertações da UNIFACS |
repository_id_str |
|
spelling |
SILVA, Paulo Caetano daTRINDADE, Roque Mendes PradoMASSA, ErnestoARAÚJO, Allan Delon Barbosa2017-07-13T22:14:48Z2015-10-31ARAÚJO, Allan Delon Barbosa. PERSEC: um middleware para multicriptografia em web services (versão SDN).. 2015. 117p. Dissertação (Sistemas e Computação) - UNIFACS Universidade Salvador, Salvador, 2015.http://teste.tede.unifacs.br:8080/tede/handle/tede/541Web services are a way to share data and should be treated as a solution to interoperability between heterogeneous systems. However, by having a public infrastructure subject to attacks, security concerns have become challenging. To ensure the security of these applications, some security specifications are used to promote the confidentiality and integrity of information, such as the XML Signature and XML Encryption. However, the encryption process performed by the XML encryption specification degrades the performance of Web Services. Nevertheless, this XML security specification has been widely used to ensure the safety message-level (safety end-to-end), Web Services applications. This is justified because if this type of security is not established, SOAP messages, shared between the client application and the Web service, would be exposed from one point to another of communication between applications, revealing unduly confidential data. Considering this background, there was this work a literature review in order to detect scientific evidence that guide the proposal for a new security solution for Web services, message-level, aiming to reduce the degradation impact caused by the encryption process. Accordingly, the main scientific evidence detected to treat the problem in question was the suggestion to use different cryptographic algorithms for encrypting the data of a SOAP message. This hypothesis has been implemented by means of a middleware, based on an XML Schema for structuring data in a SOAP message confidentiality levels so that, in this way, the middleware was able to encrypt each level by a specific cryptographic algorithm - taking into account the robustness of these cryptographic algorithms in terms of safety, i.e., levels lower confidentiality are encrypted using less secure algorithms, while the highest levels of confidentiality are encrypted using safer algorithms (such as the cryptographic algorithms have fees separate computer, if reasoned that this technique would result in better performance in comparison with the usual procedure to apply only a cryptographic algorithm that eventually could be the most expensive computationally to accomplish this task). Therefore, in order to prove the effectiveness of this technique has been proposed an experimental evaluation, based on the main middleware usage scenarios (which allow encrypting the data of a SOAP message via one, two or three cryptographic algorithms), to see if, in fact, the possibility of applying different cryptographic algorithms, to encrypt a SOAP message, would improve the performance of Web Services that implement the security end-to-end. The results obtained with the execution of the experiments showed that the encryption process, as well as the decryption, the experiments using two or three cryptographic algorithms to encrypt a particular SOAP message, had its processing time significantly reduced from experiments only a cryptographic algorithm employed for the same purpose. This finding served to validate the hypothesis supported this work.Os Web Services representam uma maneira de compartilhar dados e devem ser tratados como uma solução para a interoperabilidade entre sistemas heterogêneos. No entanto, por terem uma infraestrutura pública, sujeitos a ataques, problemas de segurança, tornaram-se desafiadores. Para garantir o uso seguro dessas aplicações, algumas especificações de segurança são utilizadas para promover a confidencialidade e integridade das informações, tais como: a XML Signature e XML Encryption. Não obstante, o processo de criptografia realizado por meio da especificação XML Encryption degrada o desempenho dos Web Services. Apesar disso, essa especificação de segurança XML tem sido amplamente utilizada para garantir a segurança ao nível de mensagem (segurança fim a fim) em aplicações Web Services. Isso se justifica porque, se esse tipo de segurança não for estabelecido, as mensagens SOAP, compartilhadas entre a aplicação cliente e o Web Service, ficariam expostas entre um ponto e outro da comunicação em meio às aplicações, revelando, indevidamente, dados de caráter confidencial. Considerando-se esse panorama, foi realizada neste trabalho uma revisão bibliográfica a fim de se detectarem evidências científicas que norteassem a proposta de uma nova solução de segurança para Web Services, a nível de mensagem, objetivando reduzir o impacto degradativo ocasionado pelo processo de criptografia. Neste sentido, a principal evidência científica detectada para tratar o problema em questão consistiu na hipótese de serem utilizados diversos algoritmos criptográficos para criptografar os dados de uma mensagem SOAP. Tal hipótese foi implementada por meio de um middleware, cuja base é um XML Schema para estruturar os dados de uma mensagem SOAP em níveis de confidencialidade. Dessa maneira, o middleware criptografaria cada nível por meio de um algoritmo criptográfico específico – levando em consideração a robustez destes algoritmos criptográficos em termos de segurança, ou seja, os níveis de mais baixa confidencialidade são criptografados por meio de algoritmos menos seguros, enquanto os níveis de mais alta confidencialidade são criptografados por meio de algoritmos mais seguros (como os algoritmos criptográficos possuem custos computacionais distintos, ponderou-se que esta técnica resultaria em uma melhor performance em comparação com o procedimento usual de se aplicar apenas um algoritmo criptográfico que, eventualmente, poderia ser o mais custoso computacionalmente para se realizar essa tarefa). Assim, com o intuito de se comprovar a efetividade de tal técnica, propôs-se uma avaliação experimental, com base nos principais cenários de uso do middleware (que permitem criptografar os dados de uma mensagem SOAP por meio de um, dois ou três algoritmos criptográficos), para averiguar se, de fato, a possibilidade de se aplicar diversos algoritmos criptográficos, para se criptografar uma mensagem SOAP aprimoraria o desempenho dos Web Services que implementam a segurança fim a fim. Os resultados obtidos com a execução dos experimentos comprovaram que o processo da criptografia, como também da decriptação, dos experimentos que utilizaram dois ou três algoritmos criptográficos para codificar uma determinada mensagem SOAP tiveram seu tempo de processamento significativamente reduzido em relação aos experimentos que empregaram apenas um algoritmo criptográfico para a mesma finalidade. Tal constatação serviu para validar a hipótese sustentada neste trabalho.Submitted by Roseli Araujo (roseli.araujo@unifacs.br) on 2017-07-13T22:14:48Z No. of bitstreams: 1 Dissertacao ALLAN DELON BARBOSA ARAUJO.pdf: 3536990 bytes, checksum: 3e78d50d48b69dc987e93e58d6db48e7 (MD5)Made available in DSpace on 2017-07-13T22:14:48Z (GMT). No. of bitstreams: 1 Dissertacao ALLAN DELON BARBOSA ARAUJO.pdf: 3536990 bytes, checksum: 3e78d50d48b69dc987e93e58d6db48e7 (MD5) Previous issue date: 2015-10-31application/pdfporUniversidade SalvadorSistemas e ComputaçãoUNIFACSBrasilSistemas e ComputaçãoSOAPWeb ServicesEspecificação de segurança XML EncryptionPerformanceXML SchemaAlgoritmos criptográficosCiências Exatas e da TerraPERSEC: um middleware para multicriptografia em web services (versão SDN).info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisinfo:eu-repo/semantics/openAccessreponame:Biblioteca Digital de Teses e Dissertações da UNIFACSinstname:Universidade Salvador (UNIFACS)instacron:UNIFACSLICENSElicense.txtlicense.txttext/plain; charset=utf-82165http://teste.tede.unifacs.br:8080/tede/bitstream/tede/541/1/license.txtbd3efa91386c1718a7f26a329fdcb468MD51ORIGINALDissertacao ALLAN DELON BARBOSA ARAUJO.pdfDissertacao ALLAN DELON BARBOSA ARAUJO.pdfapplication/pdf3536990http://teste.tede.unifacs.br:8080/tede/bitstream/tede/541/2/Dissertacao+ALLAN+DELON+BARBOSA++ARAUJO.pdf3e78d50d48b69dc987e93e58d6db48e7MD52tede/5412017-07-13 19:14:48.83oai:teste.tede.unifacs.br:tede/541Tk9UQTogQ09MT1FVRSBBUVVJIEEgU1VBIFBSw5NQUklBIExJQ0VOw4dBCkVzdGEgbGljZW7Dp2EgZGUgZXhlbXBsbyDDqSBmb3JuZWNpZGEgYXBlbmFzIHBhcmEgZmlucyBpbmZvcm1hdGl2b3MuCgpMSUNFTsOHQSBERSBESVNUUklCVUnDh8ODTyBOw4NPLUVYQ0xVU0lWQQoKQ29tIGEgYXByZXNlbnRhw6fDo28gZGVzdGEgbGljZW7Dp2EsIHZvY8OqIChvIGF1dG9yIChlcykgb3UgbyB0aXR1bGFyIGRvcyBkaXJlaXRvcyBkZSBhdXRvcikgY29uY2VkZSDDoCBVbml2ZXJzaWRhZGUgClhYWCAoU2lnbGEgZGEgVW5pdmVyc2lkYWRlKSBvIGRpcmVpdG8gbsOjby1leGNsdXNpdm8gZGUgcmVwcm9kdXppciwgIHRyYWR1emlyIChjb25mb3JtZSBkZWZpbmlkbyBhYmFpeG8pLCBlL291IApkaXN0cmlidWlyIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyAoaW5jbHVpbmRvIG8gcmVzdW1vKSBwb3IgdG9kbyBvIG11bmRvIG5vIGZvcm1hdG8gaW1wcmVzc28gZSBlbGV0csO0bmljbyBlIAplbSBxdWFscXVlciBtZWlvLCBpbmNsdWluZG8gb3MgZm9ybWF0b3Mgw6F1ZGlvIG91IHbDrWRlby4KClZvY8OqIGNvbmNvcmRhIHF1ZSBhIFNpZ2xhIGRlIFVuaXZlcnNpZGFkZSBwb2RlLCBzZW0gYWx0ZXJhciBvIGNvbnRlw7pkbywgdHJhbnNwb3IgYSBzdWEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvIApwYXJhIHF1YWxxdWVyIG1laW8gb3UgZm9ybWF0byBwYXJhIGZpbnMgZGUgcHJlc2VydmHDp8Ojby4KClZvY8OqIHRhbWLDqW0gY29uY29yZGEgcXVlIGEgU2lnbGEgZGUgVW5pdmVyc2lkYWRlIHBvZGUgbWFudGVyIG1haXMgZGUgdW1hIGPDs3BpYSBhIHN1YSB0ZXNlIG91IApkaXNzZXJ0YcOnw6NvIHBhcmEgZmlucyBkZSBzZWd1cmFuw6dhLCBiYWNrLXVwIGUgcHJlc2VydmHDp8Ojby4KClZvY8OqIGRlY2xhcmEgcXVlIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyDDqSBvcmlnaW5hbCBlIHF1ZSB2b2PDqiB0ZW0gbyBwb2RlciBkZSBjb25jZWRlciBvcyBkaXJlaXRvcyBjb250aWRvcyAKbmVzdGEgbGljZW7Dp2EuIFZvY8OqIHRhbWLDqW0gZGVjbGFyYSBxdWUgbyBkZXDDs3NpdG8gZGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyBuw6NvLCBxdWUgc2VqYSBkZSBzZXUgCmNvbmhlY2ltZW50bywgaW5mcmluZ2UgZGlyZWl0b3MgYXV0b3JhaXMgZGUgbmluZ3XDqW0uCgpDYXNvIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyBjb250ZW5oYSBtYXRlcmlhbCBxdWUgdm9jw6ogbsOjbyBwb3NzdWkgYSB0aXR1bGFyaWRhZGUgZG9zIGRpcmVpdG9zIGF1dG9yYWlzLCB2b2PDqiAKZGVjbGFyYSBxdWUgb2J0ZXZlIGEgcGVybWlzc8OjbyBpcnJlc3RyaXRhIGRvIGRldGVudG9yIGRvcyBkaXJlaXRvcyBhdXRvcmFpcyBwYXJhIGNvbmNlZGVyIMOgIFNpZ2xhIGRlIFVuaXZlcnNpZGFkZSAKb3MgZGlyZWl0b3MgYXByZXNlbnRhZG9zIG5lc3RhIGxpY2Vuw6dhLCBlIHF1ZSBlc3NlIG1hdGVyaWFsIGRlIHByb3ByaWVkYWRlIGRlIHRlcmNlaXJvcyBlc3TDoSBjbGFyYW1lbnRlIAppZGVudGlmaWNhZG8gZSByZWNvbmhlY2lkbyBubyB0ZXh0byBvdSBubyBjb250ZcO6ZG8gZGEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvIG9yYSBkZXBvc2l0YWRhLgoKQ0FTTyBBIFRFU0UgT1UgRElTU0VSVEHDh8ODTyBPUkEgREVQT1NJVEFEQSBURU5IQSBTSURPIFJFU1VMVEFETyBERSBVTSBQQVRST0PDjU5JTyBPVSAKQVBPSU8gREUgVU1BIEFHw4pOQ0lBIERFIEZPTUVOVE8gT1UgT1VUUk8gT1JHQU5JU01PIFFVRSBOw4NPIFNFSkEgQSBTSUdMQSBERSAKVU5JVkVSU0lEQURFLCBWT0PDiiBERUNMQVJBIFFVRSBSRVNQRUlUT1UgVE9ET1MgRSBRVUFJU1FVRVIgRElSRUlUT1MgREUgUkVWSVPDg08gQ09NTyAKVEFNQsOJTSBBUyBERU1BSVMgT0JSSUdBw4fDlUVTIEVYSUdJREFTIFBPUiBDT05UUkFUTyBPVSBBQ09SRE8uCgpBIFNpZ2xhIGRlIFVuaXZlcnNpZGFkZSBzZSBjb21wcm9tZXRlIGEgaWRlbnRpZmljYXIgY2xhcmFtZW50ZSBvIHNldSBub21lIChzKSBvdSBvKHMpIG5vbWUocykgZG8ocykgCmRldGVudG9yKGVzKSBkb3MgZGlyZWl0b3MgYXV0b3JhaXMgZGEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvLCBlIG7Do28gZmFyw6EgcXVhbHF1ZXIgYWx0ZXJhw6fDo28sIGFsw6ltIGRhcXVlbGFzIApjb25jZWRpZGFzIHBvciBlc3RhIGxpY2Vuw6dhLgo=Biblioteca Digital de Teses e Dissertaçõeshttp://tede.unifacs.br/http://tede.unifacs.br:8080/oai/requestbibliotecadigital@unifacs.br||bibliotecadigital@unifacs.bropendoar:2017-07-13T22:14:48Biblioteca Digital de Teses e Dissertações da UNIFACS - Universidade Salvador (UNIFACS)false |
dc.title.por.fl_str_mv |
PERSEC: um middleware para multicriptografia em web services (versão SDN). |
title |
PERSEC: um middleware para multicriptografia em web services (versão SDN). |
spellingShingle |
PERSEC: um middleware para multicriptografia em web services (versão SDN). ARAÚJO, Allan Delon Barbosa SOAP Web Services Especificação de segurança XML Encryption Performance XML Schema Algoritmos criptográficos Ciências Exatas e da Terra |
title_short |
PERSEC: um middleware para multicriptografia em web services (versão SDN). |
title_full |
PERSEC: um middleware para multicriptografia em web services (versão SDN). |
title_fullStr |
PERSEC: um middleware para multicriptografia em web services (versão SDN). |
title_full_unstemmed |
PERSEC: um middleware para multicriptografia em web services (versão SDN). |
title_sort |
PERSEC: um middleware para multicriptografia em web services (versão SDN). |
author |
ARAÚJO, Allan Delon Barbosa |
author_facet |
ARAÚJO, Allan Delon Barbosa |
author_role |
author |
dc.contributor.advisor1.fl_str_mv |
SILVA, Paulo Caetano da |
dc.contributor.referee1.fl_str_mv |
TRINDADE, Roque Mendes Prado |
dc.contributor.referee2.fl_str_mv |
MASSA, Ernesto |
dc.contributor.author.fl_str_mv |
ARAÚJO, Allan Delon Barbosa |
contributor_str_mv |
SILVA, Paulo Caetano da TRINDADE, Roque Mendes Prado MASSA, Ernesto |
dc.subject.por.fl_str_mv |
SOAP Web Services Especificação de segurança XML Encryption Performance XML Schema Algoritmos criptográficos |
topic |
SOAP Web Services Especificação de segurança XML Encryption Performance XML Schema Algoritmos criptográficos Ciências Exatas e da Terra |
dc.subject.cnpq.fl_str_mv |
Ciências Exatas e da Terra |
description |
Web services are a way to share data and should be treated as a solution to interoperability between heterogeneous systems. However, by having a public infrastructure subject to attacks, security concerns have become challenging. To ensure the security of these applications, some security specifications are used to promote the confidentiality and integrity of information, such as the XML Signature and XML Encryption. However, the encryption process performed by the XML encryption specification degrades the performance of Web Services. Nevertheless, this XML security specification has been widely used to ensure the safety message-level (safety end-to-end), Web Services applications. This is justified because if this type of security is not established, SOAP messages, shared between the client application and the Web service, would be exposed from one point to another of communication between applications, revealing unduly confidential data. Considering this background, there was this work a literature review in order to detect scientific evidence that guide the proposal for a new security solution for Web services, message-level, aiming to reduce the degradation impact caused by the encryption process. Accordingly, the main scientific evidence detected to treat the problem in question was the suggestion to use different cryptographic algorithms for encrypting the data of a SOAP message. This hypothesis has been implemented by means of a middleware, based on an XML Schema for structuring data in a SOAP message confidentiality levels so that, in this way, the middleware was able to encrypt each level by a specific cryptographic algorithm - taking into account the robustness of these cryptographic algorithms in terms of safety, i.e., levels lower confidentiality are encrypted using less secure algorithms, while the highest levels of confidentiality are encrypted using safer algorithms (such as the cryptographic algorithms have fees separate computer, if reasoned that this technique would result in better performance in comparison with the usual procedure to apply only a cryptographic algorithm that eventually could be the most expensive computationally to accomplish this task). Therefore, in order to prove the effectiveness of this technique has been proposed an experimental evaluation, based on the main middleware usage scenarios (which allow encrypting the data of a SOAP message via one, two or three cryptographic algorithms), to see if, in fact, the possibility of applying different cryptographic algorithms, to encrypt a SOAP message, would improve the performance of Web Services that implement the security end-to-end. The results obtained with the execution of the experiments showed that the encryption process, as well as the decryption, the experiments using two or three cryptographic algorithms to encrypt a particular SOAP message, had its processing time significantly reduced from experiments only a cryptographic algorithm employed for the same purpose. This finding served to validate the hypothesis supported this work. |
publishDate |
2015 |
dc.date.issued.fl_str_mv |
2015-10-31 |
dc.date.accessioned.fl_str_mv |
2017-07-13T22:14:48Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.citation.fl_str_mv |
ARAÚJO, Allan Delon Barbosa. PERSEC: um middleware para multicriptografia em web services (versão SDN).. 2015. 117p. Dissertação (Sistemas e Computação) - UNIFACS Universidade Salvador, Salvador, 2015. |
dc.identifier.uri.fl_str_mv |
http://teste.tede.unifacs.br:8080/tede/handle/tede/541 |
identifier_str_mv |
ARAÚJO, Allan Delon Barbosa. PERSEC: um middleware para multicriptografia em web services (versão SDN).. 2015. 117p. Dissertação (Sistemas e Computação) - UNIFACS Universidade Salvador, Salvador, 2015. |
url |
http://teste.tede.unifacs.br:8080/tede/handle/tede/541 |
dc.language.iso.fl_str_mv |
por |
language |
por |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Universidade Salvador |
dc.publisher.program.fl_str_mv |
Sistemas e Computação |
dc.publisher.initials.fl_str_mv |
UNIFACS |
dc.publisher.country.fl_str_mv |
Brasil |
dc.publisher.department.fl_str_mv |
Sistemas e Computação |
publisher.none.fl_str_mv |
Universidade Salvador |
dc.source.none.fl_str_mv |
reponame:Biblioteca Digital de Teses e Dissertações da UNIFACS instname:Universidade Salvador (UNIFACS) instacron:UNIFACS |
instname_str |
Universidade Salvador (UNIFACS) |
instacron_str |
UNIFACS |
institution |
UNIFACS |
reponame_str |
Biblioteca Digital de Teses e Dissertações da UNIFACS |
collection |
Biblioteca Digital de Teses e Dissertações da UNIFACS |
bitstream.url.fl_str_mv |
http://teste.tede.unifacs.br:8080/tede/bitstream/tede/541/1/license.txt http://teste.tede.unifacs.br:8080/tede/bitstream/tede/541/2/Dissertacao+ALLAN+DELON+BARBOSA++ARAUJO.pdf |
bitstream.checksum.fl_str_mv |
bd3efa91386c1718a7f26a329fdcb468 3e78d50d48b69dc987e93e58d6db48e7 |
bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 |
repository.name.fl_str_mv |
Biblioteca Digital de Teses e Dissertações da UNIFACS - Universidade Salvador (UNIFACS) |
repository.mail.fl_str_mv |
bibliotecadigital@unifacs.br||bibliotecadigital@unifacs.br |
_version_ |
1800393065530130432 |