DocumentCode :
3135600
Title :
KEAML - Key Exchange and Authentication Markup Language
Author :
Qing, Xuebing ; Adams, Carlisle
Author_Institution :
SITE, Ottawa Univ., Ont.
fYear :
2006
fDate :
38838
Firstpage :
634
Lastpage :
638
Abstract :
It is not uncommon that an enterprise application-level business entity in one security domain needs to be engaged in protected information exchanges across unsecured public networks with a number of other entities from separate security domains in an ad-hoc fashion. Neither having a trusted central authority to manage this activity nor a proprietary security handshake protocol designed for particular applications works; the former is often impractical while the latter lacks interoperability and typically cannot be massively deployed. Experience has also shown that proprietary protocols are usually very weak and vulnerable to a variety of attacks. It is desirable to have a standardized protocol for mutual key exchange and authentication that is resistant to a variety of attacks, scalable, and sufficiently flexible to be deployed in a number of different application environments. Unfortunately, no such standard has been developed for enterprise-level applications and services. This paper defines an XML-based key exchange and authentication framework along with a protocol, with concepts such as two-phase negotiation, standardized key exchange templates that resist attack, and public components for Diffie-Hellman exchange borrowed from ISAKMP/IKE (the layer 3 security framework and protocol for VPN). The proposed protocol also leverages the W3C XML encryption and XML signature specifications to allow field-level encryption and signing of KEAML protocol messages, where required
Keywords :
Internet; XML; cryptographic protocols; digital signatures; formal specification; public key cryptography; Diffie-Hellman exchange; Extensible Markup Language; KEAML protocol messages; W3C XML encryption; XML signature specifications; XML-based key exchange; authentication framework; enterprise application-level business entity; field-level encryption; key exchange and authentication markup language; protected information exchanges; security domain; standardized proprietary protocols; unsecured public networks; Authentication; Cryptography; Information security; Markup languages; Protection; Protocols; Resists; Standards development; Virtual private networks; XML; KEAML/KEAML-KE; Key exchange and authentication; XML; standard security handshake protocol;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Electrical and Computer Engineering, 2006. CCECE '06. Canadian Conference on
Conference_Location :
Ottawa, Ont.
Print_ISBN :
1-4244-0038-4
Electronic_ISBN :
1-4244-0038-4
Type :
conf
DOI :
10.1109/CCECE.2006.277583
Filename :
4054621
Link To Document :
بازگشت