In this paper we present a novel approach for securing financial XML transactions using an effective and intelligent fuzzy classification technique. Our approach defines the process of classifying XML content using a set of fuzzy variables. upon fuzzy classification phase, a unique value is assigned to a defined attribute named "ImportanceLevel". Assigned value indicates the data sensitivity for each XML tag. The framework also defines the process of securing classified financial XML message content by performing element-wise XML encryption on selected parts defined in fuzzy classification phase. Element-wise encryption is performed using symmetric encryption using AES algorithm with different key sizes. Key size of 128-bit is being used on tags classified with "Medium" importance level; a key size of 256-bit is being used on tags classified with "High" importance level.
An implementation has been performed on a real-life environment using online banking system in one of the leading banks in Jordan to demonstrate its flexibility, feasibility, and efficiency. Our experimental results of the new model verified tangible enhancements in encryption efficiency, processing-time reduction, and resulting XML message sizes.
Index Terms –XML Encryption, Fuzzy XML, Fuzzy Classification, XML Security, Banking Security