Optimizing secure communication standards for disadvantaged networks

Abstract : We present methods for optimizing standardized cryptographic message protocols for use on disadvantaged network links. We first provide an assessment of current secure communication message packing standards and their relevance to disadvantaged networks. Then we offer methods to reduce message overhead in packing Cryptographic Message Syntax (CMS) structures by using ZLIB compression and using a Lite version of CMS. Finally, we offer a few extensions to the Extensible Messaging and Presence Protocol (XMPP) to wrap secure group messages for chat on disadvantaged networks and to reduce XMPP message overhead in secure group transmissions. We present the design and implementation of these optimizations and the results that these optimizations have on message overhead, extensibility, and usability of both CMS and XMPP. We have developed these methods to extend CMS and XMPP with the ultimate goal of establishing standards for securing communications in disadvantaged networks.

[1]  Russ Housley Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages , 2005, RFC.

[2]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[3]  Scott O. Bradner,et al.  The Internet Standards Process - Revision 3 , 1996, RFC.

[4]  Peter Deutsch,et al.  DEFLATE Compressed Data Format Specification version 1.3 , 1996, RFC.

[5]  John Linn,et al.  Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures , 1987, RFC.

[6]  Nathaniel S. Borenstein,et al.  Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies , 1996, RFC.

[7]  Blake Ramsdell,et al.  S/MIME Version 3 Message Specification , 1999, RFC.

[8]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[9]  Abraham Lempel,et al.  A universal algorithm for sequential data compression , 1977, IEEE Trans. Inf. Theory.

[10]  Russ Housley,et al.  Guidelines for Cryptographic Key Management , 2005, RFC.

[11]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.

[12]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[13]  R. Perlman,et al.  An overview of PKI trust models , 1999, IEEE Netw..

[14]  Matthew MacDonald,et al.  Web Services Architecture , 2004 .

[15]  Jim Schaad,et al.  Certificate Management over CMS (CMC): Transport Protocols , 2008, RFC.

[16]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures , 1989, RFC.

[17]  Tim Polk,et al.  Internet X.509 Public Key Infrastructure Representation of Elliptic Curve Digital Signature Algorithm (ECDSA) Keys and Signatures in Internet X.509 Public Key Infrastructure Certificates , 1999 .

[18]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[19]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[20]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[21]  Peter Deutsch,et al.  ZLIB Compressed Data Format Specification version 3.3 , 1996, RFC.

[22]  Sean Turner CMS Symmetric Key Management and Distribution , 2008, RFC.

[23]  Russ Housley,et al.  Cryptographic Message Syntax (CMS) , 2002, RFC.

[24]  Jim Schaad,et al.  Certificate Management Messages over CMS , 2000, RFC.

[25]  Greg Goth Key Management Standards Hit the Fast Track , 2007, IEEE Distributed Systems Online.

[26]  조영섭,et al.  OASIS SAML(Security Assertion Markup Language) v2.0 고찰 및 활용 , 2006 .

[27]  Jim Schaad,et al.  Certificate Management over CMS (CMC) , 2008, RFC.

[28]  Burton S. Kaliski,et al.  PKCS #7: Cryptographic Message Syntax Version 1.5 , 1998, RFC.

[29]  Peter Saint-Andre,et al.  End-to-End Signing and Object Encryption for the Extensible Messaging and Presence Protocol (XMPP) , 2004, RFC.

[30]  Peter Saint-Andre,et al.  Extensible Messaging and Presence Protocol (XMPP): Core , 2004, RFC.

[31]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[32]  Mark O'Neill,et al.  Web Services Security , 2003 .

[33]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[34]  David A. Huffman,et al.  A method for the construction of minimum-redundancy codes , 1952, Proceedings of the IRE.