Title: Blueprint Key: A Tool for a Novel Layer of XML Encryption

Issue Number: Vol. 9, No. 2
Year of Publication: Jun - 2020
Page Numbers: 102-112
Authors: Jason Meza , Paolina Centonze
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002655

Abstract:


In this paper, we expand upon the robust security mechanisms of XML data. There are many methodologies for XML security, such as XML encryption and XML signature, which are W3C recommendations. Although these methods meet the XML security standard, they do not signify that any XML data is secure or unbreachable. XML vulnerabilities are among OWASP's top-ten security risks by XML External Entity or XXE attacks. Therefore, many researchers have devised their mechanisms to increase protection for XML data, by either improving known methods or creating their own to improve XML security from attackers. Combining methods is also an option, creating layers of protection. Even if an attacker can penetrate one layer, another layer creates a stricter barrier for the attacker to achieve any malicious attack. Blueprint Key (BK) is our novel XML method to provide that extra layer of protection. BK separates XML data from structure, making the structure as important as the content. What makes BK so unique is the fact that the key itself is another XML file. Results show that encryption and decryption speed are very minimal and that adding it to any process increases security for XML data.