Partial Data Protection via Structure-Preserving Document Partitioning

The application of cryptographic primitives to structured and semi-structured data in a fine-grained manner is constantly increasing in importance. The encryption and signature of selective parts of a document while retaining the underlying data format characteristics dates back to XML and XML security. The specification of the data portions to be protected is conceptually based on referencing mechanisms inherent to XML. Adopting such schemes to data formats not containing any referencing mechanism natively is henceforth not feasible in a straightforward manner. Moreover, the application of referencing approaches showed to be error-prone in practice, leading to vulnerabilities such as XML Signature Wrapping attacks. This paper introduces a scheme for encrypting and signing selective parts of an hierarchical data structure based on a document partitioning that preserves the document structure. This facilitates the merging of the parts allowing the reconstruction of the originating document in the process of reverting the protection means. Besides according theoretical constructions, a proof of concept implementation is introduced based on the structured data format JSON, which offers a suitable evaluation target due to the lacking native referencing capabilities and the evolving JSON Object Signing and Encryption (JOSE) data security standard not considering selective data protection so far.