XML security protection scheme based on Kerberos authentication and polynomials authorization

Lihong Guo; Jian Wang; Haitao Wu; Najla Al-Nabhan; Lihong Guo; Jian Wang; Haitao Wu; Najla Al-Nabhan

doi:10.3934/mbe.2020254

Mathematical Biosciences and Engineering

2020, Volume 17, Issue 5: 4609-4630. doi: 10.3934/mbe.2020254

Previous Article Next Article

Research article Special Issues

XML security protection scheme based on Kerberos authentication and polynomials authorization

1.
College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 210016, China
2.
Department of Information and Communications Engineering, Nanjing Institute of Technology, Nanjing 211167, China
3.
Department of Computer Science, King Saud University, Riyadh 11564, KSA

Received: 19 April 2020 Accepted: 23 June 2020 Published: 02 July 2020

With XML becoming a promising standard for data storage, describing, transferring and exchanging information on the Internet, data security and privacy protection of XML become the focus of research in recent years. In order to achieve the authorization of legitimate user and ensure the secure access to sensitive information, in this paper, in the context of cloud storage, with the purpose of sharing sensitive XML information, a polynomial authorization scheme with Kerberos authentication was proposed, which was based on the users' access purpose and privacy policy. In this scheme, first, Kerberos authentication was used to identify the user, and then the polynomial whose coefficients were from the leaf node address was used to complete the authorization of user. For the legitimate user, under the interaction of authorization polynomials and the global structure view, authorization matrix is generated dynamically, its temporary and dynamic characteristics greatly improves the security of the system. Finally, with the help of authorization matrix and auxiliary information tables, security queries were successfully completed. The experimental results show that the scheme not only effectively protects XML sensitive data, but also reduces the server's storage pressure, at the same time it is beneficial to the rapid search and information positioning.
- privacy,
- data security,
- authentication,
- authorization,
- polynomial
Citation: Lihong Guo, Jian Wang, Haitao Wu, Najla Al-Nabhan. XML security protection scheme based on Kerberos authentication and polynomials authorization[J]. Mathematical Biosciences and Engineering, 2020, 17(5): 4609-4630. doi: 10.3934/mbe.2020254

Related Papers:

Abstract

With XML becoming a promising standard for data storage, describing, transferring and exchanging information on the Internet, data security and privacy protection of XML become the focus of research in recent years. In order to achieve the authorization of legitimate user and ensure the secure access to sensitive information, in this paper, in the context of cloud storage, with the purpose of sharing sensitive XML information, a polynomial authorization scheme with Kerberos authentication was proposed, which was based on the users' access purpose and privacy policy. In this scheme, first, Kerberos authentication was used to identify the user, and then the polynomial whose coefficients were from the leaf node address was used to complete the authorization of user. For the legitimate user, under the interaction of authorization polynomials and the global structure view, authorization matrix is generated dynamically, its temporary and dynamic characteristics greatly improves the security of the system. Finally, with the help of authorization matrix and auxiliary information tables, security queries were successfully completed. The experimental results show that the scheme not only effectively protects XML sensitive data, but also reduces the server's storage pressure, at the same time it is beneficial to the rapid search and information positioning.

References

[1]	A. Moller, M. Schwartzbach, XML graphs in program analysis, Sci. Comput. Program., 76 (2011), 492-515.
[2]	F. Zhang, Z. M. Ma, L. Yan, Construction of fuzzy ontologies from fuzzy XML models, Knowl. Based Syst., 43 (2013), 20-39.
[3]	G. Sun, S. Su, Formal analysis of the Kerberos authentication protocol with PVS, in the Proceedings of 2013 AASRI Winter International Conference on Engineering and Technology, 2013, 202-206. Available from: https://www.atlantis-press.com/proceedings/aasri-wiet-13/10915.
[4]	P. Shen, X. Ding, W. Ren, Research on Kerberos technology based on hadoop cluster security, in Proceedings of the 2018 2nd International Conference on Advances in Energy, Environment and Chemical Science, 2018, 238-243. Available from: https://www.atlantis-press.com/proceedings/aeecs-18/25892275.
[5]	J. Sun, Z. Gao, Improved mobile application security mechanism based on Kerberos, in Proceedings of 2019 4th international workshop on materials engineering and computer sciences, (2019), 108-112. Available from: https://www.webofproceedings.org/proceedings_series/ESR/IWMECS%202019/IWMECS19017.pdf.
[6]	A. Ekelhart, S. Fenz, G. Goluch, M. Steinkellner, E. Weippl, XML security-a comparative literature review, J. Syst. Software, 81 (2008), 1715-1724.
[7]	H. Zhu, K. Lv, R. Jin, A practical mandatory access control model for XML databases, Inf. Sci., 179 (2009), 1116-1133.
[8]	M. Smithamol, R. Sridhar, PECS: Privacy enhanced conjunctive search over encrypted data in the cloud supporting parallel search, Comput. Commun., 126 (2018), 50-63.
[9]	W. Song, B. Wang, Q. Wang, Z. Peng, W. Lou^, Y. Cui A privacy-preserved full-text retrieval algorithm over encrypted data for cloud storage applications, J. Parallel Distrib. Comput., 99 (2017), 14-27.
[10]	S. Li, C. Xu, Y. Zhang, CSED: Client-side encrypted deduplication scheme based on proofs of ownership for cloud storage, J. Inf. Secur. Appl., 46 (2019), 250-258.
[11]	G. Kalpana, P. V. Kumar, S. Aljawarneh, R. V. Krishnaiah, Shifted adaption homomorphism encryption for mobile and cloud learning, Comput. Electr. Eng., 65 (2018), 178-195.
[12]	S. Ullah, X. Y. Li, M. T. Hussain, Z. Lan, Kernel homomorphic encryption protocol, J. Inf. Secur. Appl., 48 (2019), 102366.
[13]	M. Alloghani, M. M. Alani, D. Al-Jumeily, T. Baker, J. Mustafina, A. Hussain, A systematic review on the status and progress of homomorphic encryption technologies, J. Inf. Secur. Appl., 48 (2019), 102362.
[14]	T. Imamura, B. Dillaway, E. Simon, K. Yiu, M. Nyström, XML encryption syntax and processing, W3C Candidate recommendation, 2013. Available from: https://www.w3.org/TR/xmlenc-core1/.
[15]	M. Bartel, J. Boyer, B. Fox, B. LaMacchia, E. Simon, XML Signature Syntax and Processing, W3C Candidate Recommendation, 2013. Available from: https://www.w3.org/TR/xmldsig-core1/.
[16]	Z. Li, C. Chu, W. Yao, A semantic authorization model for pervasive healthcare, J. Network Comput. Appl., 38 (2014), 76-87.
[17]	S. Shafeeq, M. Alam, A. Khan, Privacy aware decentralized access control system, Future Gener. Comput. Syst., 101 (2019), 420-433.
[18]	L. Aliane, M. Adda, HoBAC: Toward a higher-order attribute-based access control model, Procedia Comput. Sci., 155 (2019), 303-310.
[19]	C. Geuer-Pollmann, XML pool encryption, in Proceedings of the 2002 ACM Workshop on XML Security, 2003, 1-9. Available from: https://dl.acm.org/doi/abs/10.1145/764792.764794.
[20]	J. Lee, K. Y. Whang, W. S. Han, Y. Song, The dynamic predicate: Integrating access control with query processing in XML databases, VLDB J., 16 (2007), 371-387.
[21]	E. Damiani, S. De Capitani, S. Paraboschi, P. Samarati, A fine-grained access control system for XML documents, ACM Trans. Inf. Syst. Secur., 5 (2002), 169-202.
[22]	A. C. Duta, K. Barker, P4A: A new privacy model for XML, in Proceedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, 2008, 65-80. https://link.springer.com/chapter/10.1007/978-3-540-70567-3_6.
[23]	L. Guo, J. Wang, H. Wu, Application of Secret Sharing in XML Protection Mechanism, Procedia Comput. Sci., 107 (2017), 21-26.
[24]	M. Wang, J. Wang, L. Guo, L. Harn, Inverted XML access control model based on ontology semantic dependency, Comput. Mater. Continua, 55 (2018), 465-482.
[25]	J. Sun, Z. Gao, Improved mobile application security mechanism based on Kerberos, Improved mobile application security mechanism based on Kerberos, 2019. Available from: https://www.webofproceedings.org/proceedings_series/ESR/IWMECS%202019/IWMECS19017.pdf.
[26]	H. Kaffel-Ben Ayed, B. Zaghdoudi, A generic Kerberos-based access control system for the cloud, Ann. Telecommun., 71 (2016), 555-567.
[27]	R. Marin-Lopez, F. Pereñiguez-Garcia, Y. Ohba, F. Bernal-Hidalgo, A. F. Gomez, A Kerberized architecture for fast re-authentication in heterogeneous wireless networks, Mobile Netw Appl, 15 (2010), 392-412.
[28]	K. Juneja, An XML transformed method to improve effectiveness of graphical password authentication, J. King Saud Univ. Comput. Inf. Sci., 32 (2020), 11-23.
[29]	F. Pereñíguez-García, R. Marín-López, G. Kambourakis, A. Ruiz-Martínez, S. Gritzalis, A. F. Skarmeta-Gómez, KAMU: Providing advanced user privacy in Kerberos multi-domain scenarios, Int. J. Inf. Secur., 12 (2013), 505-525.
[30]	L. Guo, J. Wang, H. Wu, H. Du, eXtensible Markup Language access control model with filtering privacy based on matrix storage, IET Commun., 8 (2014), 1919-1927. doi: 10.1049/iet-com.2013.0570
[31]	L. Guo, J. Wang, H. Du, XML privacy protection model based on cloud storage, Comput. Stand. Interfaces, 36 (2014), 454-464.
[32]	R. Goldman, J. Widom, DataGuides: Enabling query formulation and optimization in semi structured databases, in Proceedings of the 23rd International Conference on Very Large Data Bases, San Francisco, 1997. Available from: https://www.researchgate.net/publication/2487373_DataGuides_Enabling_Query_Formulation_and_Optimization_in_Semistructured_Databases.
[33]	XML Path Language, 1998, Available from: http://en.wikipedia.org/wiki/XPath.
[34]	XML DOM Tutorial, W3C school, Available from: https://www.w3schools.com/XML/dom_intro.asp.
[35]	G. Miklau, XML data Repository, University of Washington, Available from: http://www.cs.washington.edu/research/xmldatasets/.
[36]	H. Rong, T. Ma, J. Cao, Y. Tian, A. Al-Dhelaan, M. Al-Rodhaan, Deep Rolling: A novel emotion prediction model for a multi-participant communication context, Inf. Sci., 488 (2019), 158-180.
[37]	B. Al-Otibi, N. Al-Nabhan, Y. Tian, Privacy-preserving vehicular rogue node detection scheme for fog computing, Sensors, 19 (2019), 965-972.
[38]	Z. Pan, C. N. Yang, V. S. Sheng, N. Xiong, W. Meng, Machine learning for wireless multimedia data security, Secur. Commun. Networks, 2019 (2019), 7682306.
[39]	T. Ma, H. Rong, Y. Hao, J. Cao, Y. Tian, M. Al-Rodhaan, A novel sentiment polarity detection framework for Chinese, IEEE Trans. Affect. Comput., 8 (2019), 61174-61182.
[40]	Y. Tian, M. M. Kaleemullah, M. A.Rodhaan, B. Song, A. Al-Dhelaan, T. Ma. A privacy preserving location service for cloud-of-Things system, J. Parallel Distrib. Comput., 123 (2019), 215-222.
[41]	H. Yin, Z. Qin, J. Zhang, L. Ou, F. Li, K. Li, Secure conjunctive multi-keyword ranked search over encrypted cloud data for multiple data owners, Future Gener. Comput. Syst., 100 (2019), 689-700.

Reader Comments

Your name:*

Email:*
© 2020 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)