Software based Acceleration
Methods for XML Signature
(Or: is there such a method)
Youjin Song
DongGuk University, Korea
Yuliang Zheng
University of North Carolina at Charlotte
yzheng@uncc.edu
May 5, 2005
Motivations



To examine performance of XML signature
and encryption
To investigate feasibility of software based
acceleration
To investigate (new) techniques not specified
in the XML standards
2
Overview

Introduction


Quick survey





Speed of XML Components
Hardware based acceleration
Software based acceleration
Experimental findings
Use “signcryption” in XML
Conclusion
3
Computational time of
XML Components

Resource intensive
operations



XML Signing
Xml verification
XSLT transformation
4
Quick survey

To increase XML processing speed and for
XML security,



Hardware based solutions
Software based solutions
Hardware based solutions:



DataPower
Sarvega
WestBridge
5
Hardware based
acceleration: DataPower
XS40 XML Security Gateway




wire speed XML processing
Good transaction speed with low latency
At least 20-30 times faster
XA35 XML Accelerator




Secure transactions at wire speed
digital signing and verification
Protects against XML denial of service attack
6
Hardware based
acceleration: Sarvega
Speedway™ XSLT Accelerator



decreases the operational costs by 90%
10-30 times the normal XML processing speed
XML Guardian™ Security



Digital forensics
Can be used as


Public DMZ
Offline Signature generation/ verification
7
Hardware based
acceleration: WestBridge
XML Message Server [XMS] version 3
XMS slashes Web Services deployment, testing
and ongoing administration costs by up to 75%.





13 times faster for XML signatures.
17 times faster for XML encryption.
XML Schema validations and the XSLT transformation 12
times and 10 times faster than the speed of XMS 2.0.
XMS increases the speed of XML processing:





Streaming of XML versus building trees;
Intelligent caching of credentials, schemas and style
sheets;
"Only as needed" processing
Pre-compiled rule sets.
8
Hardware v.s. Software
Cost
Hardware
based
High
Software
based
Low
Flexibility
Low
High
Effectiveness
High
OK
9
Experimental
Environment

Machine:


Pentium 4 with 2.66GHz processing speed with
512MB RAM.
Programming Environment:




Java
Simple API for XML [SAX] parsers for XML
processing
Java Crypto Extensions & RSA-BSAFE
Flexiprovider for creating crypto parameters
10
Software based
acceleration

Build an XML Security Library
 XML Schema validation and
parsing using SAX parser
 Java to C communication through
Java Native Interface
 Crypto / Non-crypto operations




Signing a static / dynamic
template file
Signing with X509 certificate
Verifying a signature with a
single key, X509 certificates or
Security Assertions Markup
Language [SAML] file.
Verifying a XML document
11
What we’ve learned

Did quite a number of experiments (single
doc and bulk of docs)




SHA1 with RSA, SHA1 with DSA, ……
Obtained a large number of test result sets
Considered to tweak the underlying crypto library
Findings


Negative !
Not much to be gained by tweaking or re-building
crypto library
12
Consider other
techniques

Authenticity + Confidentiality


Approach 1
 Signature followed encryption
Approach 2
 Signcryption



Does both signature and encryption, but with fewer
exponentiations
Cost (signcryption) <<
Cost (signature) + Cost (encryption)
“hit 2 birds in 1 stone”
13
In theory:
Time -- DL Signcryption v.s.
RSA and DL sign-then-encrypt
Time -- # of multiplications
8000
7000
DL: Discrete log
6000
RSA sign-enc
5000
DL Schnorr +
ELGamal
DL Signcryption
4000
3000
2000
1000
0
1024
2048
4096
8190
Level of security -- |p|=|n| 14
Signcryption test results
1800
1600
1400
1200
Signcryption
Ms/iteration
1000
Unsigncryption
Ms/iteration
800
600
400
200
0
1
•
10
100
200
300
400
500
Legend
Xaxis: Iterations
Y axis:
Milliseconds/iterati
on
After comparing with data sets for RSA, DSA etc,
•
Match theoretical analysis
15
“Crippled” Signcryption



Turn off the “public key encryption” part of
signcryption
Act as signature with designated verifier
Especially useful in B2B and C2B, where
typically no 3rd party is involved in verification

(Universally verifiable signatures are


good for certificates where verifiers are not fixed, but
“over-kill” when no 3rd party is needed.)
16
Conclusion



Performance gain in XML
signature/encryption by tweaking crypto
library is limited
New techniques (out of the “XML standards”
box) are needed
Performance gain of signcryption over signthen-encrypt is verified
17
Questions?