Authors:   Iñigo León Samaniego, Mercedes Pérez de la Parte, Eduardo Martínez Camara, Juan Carlos Sáenz-Díez Muro

Abstract

The aim of this paper is double. On the one hand, to provide a standard way to hide all or part of a Petri net that could contain sensitive information, such as a company that represents a secret production process through Petri nets (privacy). On the other hand also as standard ensure that Petri net has not been altered (integrity) and that who sends or firm that Petri net is who he say he is (non-repudiation). To ensure the privacy of an entire Petri net (or a part of it) the best solution is not to prevent access to such information, such as hiding in a safe or behind a firewall, but encrypt that information, even being to view. Today it is easier to open a safe or circumvent a firewall than to break an encryption standard algorithm (which, incidentally, is impossible nowadays). As for the integrity and non-repudiation, the solution again is not to deliver the Petri net 'in hand' to avoid disruptions and to know who delivers it (since we are in the Internet age). The solution is to digitally sign all or part of a Petri net so that reliably to know who has performed the firm, and be able to detect any unauthorized modification of any of the signed data. The aim of this paper is to show how to encrypt the selected part of the graph and to sign the Petri net, so that the obtained file compliances with the desired signature and encryption. So, in this final file, all the information (and only that) referred to the shaded part is encrypted and will not be interpretable. In particular, anything will be know about the nodes p1 and p2 or transitions t1 and t3 their constitute a secret process. In addition, this file will contain additional information that will verify the integrity of the file to prevent anyone to modify and information about who has signed this Petri net. The solution we propose is to use PNML representation of Petri nets and XMLEncryption standards for encryption and for signing XMLSignature.