Related Research Articles
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.
SOAP is a messaging protocol specification for exchanging structured information in the implementation of web services in computer networks. It uses XML Information Set for its message format, and relies on application layer protocols, most often Hypertext Transfer Protocol (HTTP), although some legacy systems communicate over Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.
Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. The World Wide Web Consortium's XML 1.0 Specification of 1998 and several other related specifications—all of them free open standards—define XML.
S/MIME is a standard for public-key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFC 8551. It was originally developed by RSA Data Security, and the original specification used the IETF MIME specification with the de facto industry standard PKCS #7 secure message format. Change control to S/MIME has since been vested in the IETF, and the specification is now layered on Cryptographic Message Syntax (CMS), an IETF specification that is identical in most respects with PKCS #7. S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced digital signature.
Web Services Security is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS.
XML Signature defines an XML syntax for digital signatures and is defined in the W3C recommendation XML Signature Syntax and Processing. Functionally, it has much in common with PKCS #7 but is more extensible and geared towards signing XML documents. It is used by various Web technologies such as SOAP, SAML, and others.
XML Key Management Specification (XKMS) uses the web services framework to make it easier for developers to secure inter-application communication using public key infrastructure (PKI). XML Key Management Specification is a protocol developed by W3C which describes the distribution and registration of public keys. Services can access an XKMS compliant server in order to receive updated key information for encryption and authentication.
Authenticated Encryption (AE) is an encryption scheme which simultaneously assures the data confidentiality and authenticity. Examples of encryption modes that provide AE are GCM, CCM.
The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.
HTML5 is a markup language used for structuring and presenting hypertext documents on the World Wide Web. It was the fifth and final major HTML version that is now a retired World Wide Web Consortium (W3C) recommendation. The current specification is known as the HTML Living Standard. It is maintained by the Web Hypertext Application Technology Working Group (WHATWG), a consortium of the major browser vendors.
Extensible Forms Description Language (XFDL) is a high-level computer language that facilitates defining a form as a single, stand-alone object using elements and attributes from the Extensible Markup Language (XML). Technically, it is a class of XML originally specified in a World Wide Web Consortium (W3C) Note. See Specifications below for links to the current versions of XFDL. XFDL It offers precise control over form layout, permitting replacement of existing business/government forms with electronic documents in a human-readable, open standard.
Extensible HyperText Markup Language (XHTML) is part of the family of XML markup languages which mirrors or extends versions of the widely used HyperText Markup Language (HTML), the language in which Web pages are formulated.
The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. This facilitates data encryption by simplifying encryption key management. Keys may be created on a server and then retrieved, possibly wrapped by other keys. Both symmetric and asymmetric keys are supported, including the ability to sign certificates. KMIP also allows for clients to ask a server to encrypt or decrypt data, without needing direct access to the key.
Joseph Michael Reagle Jr. is an American academic and writer focused on digital technology and culture, including Wikipedia, online comments, geek feminism, and life hacking. He is an associate professor of communication studies at Northeastern University. He was an early member of the World Wide Web Consortium, based at the Massachusetts Institute of Technology, and in 1998 and 2010 he was a fellow at Harvard University's Berkman Klein Center for Internet & Society.
In cryptography, the Double Ratchet Algorithm is a key management algorithm that was developed by Trevor Perrin and Moxie Marlinspike in 2013. It can be used as part of a cryptographic protocol to provide end-to-end encryption for instant messaging. After an initial key exchange it manages the ongoing renewal and maintenance of short-lived session keys. It combines a cryptographic so-called "ratchet" based on the Diffie–Hellman key exchange (DH) and a ratchet based on a key derivation function (KDF), such as a hash function, and is therefore called a double ratchet.
The Web Cryptography API is the World Wide Web Consortium’s (W3C) recommendation for a low-level interface that would increase the security of web applications by allowing them to perform cryptographic functions without having to access raw keying material. This agnostic API would perform basic cryptographic operations, such as hashing, signature generation and verification and encryption as well as decryption from within a web application.
The SAML metadata standard belongs to the family of XML-based standards known as the Security Assertion Markup Language (SAML) published by OASIS in 2005. A SAML metadata document describes a SAML deployment such as a SAML identity provider or a SAML service provider. Deployments share metadata to establish a baseline of trust and interoperability.
Autocrypt is a cryptographic protocol for email clients aiming to simplify key exchange and enabling encryption. Version 1.0 of the Autocrypt specification was released in December 2017 and makes no attempt to protect against MITM attacks. It is implemented on top of OpenPGP replacing its complex key management by fully automated exchange of cryptographic keys between peers.
Efail, also written EFAIL, is a security hole in email systems with which content can be transmitted in encrypted form. This gap allows attackers to access the decrypted content of an email if it contains active content like HTML or JavaScript, or if loading of external content has been enabled in the client. Affected email clients include Gmail, Apple Mail, and Microsoft Outlook.
JSON Web Encryption (JWE) is an IETF standard providing a standardised syntax for the exchange of encrypted data, based on JSON and Base64. It is defined by RFC 7516. Along with JSON Web Signature (JWS), it is one of the two possible formats of a JWT. JWE forms part of the JavaScript Object Signing and Encryption (JOSE) suite of protocols.
References
Citations
- ↑ XMLENC 1.0, section 2.
- ↑ Jager, Paterson & Somorovsky (2013).
- ↑ Kupser et al. (2015).
Sources
- Imamura, T.; Dillaway, B.; Simon, E. (10 December 2002). Eastlake, D.; Reagle, J. (eds.). "XML Encryption Syntax and Processing". W3C.
- Imamura, T.; Dillaway, B.; Simon, E.; Yiu, K.; Nyström, M. (11 April 2013). Eastlake, D.; Reagle, J.; Hirsch, F.; Roessler, T. (eds.). "XML Encryption Syntax and Processing Version 1.1". W3C.
- Jager, T.; Somorovsky, J. (19 October 2011). "How to break XML encryption". Proceedings of the 18th ACM conference on Computer and communications security. New York: Association for Computing Machinery. pp. 413–422. doi:10.1145/2046707.2046756. ISBN 978-1-4503-0948-6.
- Hirsch, F., ed. (11 April 2013). "Functional Explanation of Changes in XML Encryption 1.1". W3C.
- Somorovsky, J.; Schwenk, J. (June 2012). Technical Analysis of Countermeasures against Attack on XML Encryption – or – Just Another Motivation for Authenticated Encryption (PDF). 2012 IEEE Eighth World Congress on Services. IEEE. doi:10.1109/SERVICES.2012.6. ISBN 978-1-4673-3053-4.
- Jager, T.; Paterson, K. G.; Somorovsky, J. (24 April 2013). One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography. NDSS Symposium 2013.
- Kupser, D.; Mainka, C.; Schwenk, J.; Somorovsky, J. (August 2015). How to Break XML Encryption – Automatically. 9th USENIX Workshop on Offensive Technologies (WOOT '15).