Title :
Analysis of Signature Wrapping Attacks and Countermeasures
Author :
Gajek, Sebastian ; Jensen, Meiko ; Liao, Lijun ; Schwenk, Jörg
Author_Institution :
Horst Gortz Inst. for IT Security, Ruhr Univ. Bochum, Bochum, Germany
Abstract :
In recent research it turned out that Boolean verification of digital signatures in the context of WS-Security is likely to fail: If parts of a SOAP message are signed and the signature verification applied to the whole document returns true, then nevertheless the document may have been significantly altered.In this paper, we provide a detailed analysis on the possible scenarios that enable these signature wrapping attacks. Derived from this analysis, we propose a new solution that uses a subset of XPath instead of ID attributes to point to the signed subtree, and show that this solution is both efficient and secure.
Keywords :
Boolean algebra; XML; digital signatures; Boolean verification; SOAP message; WS-Security; XML rewriting attack; XPath; digital signatures; signature verification; signature wrapping attacks; Failure analysis; Filtering; Filters; Handwriting recognition; Protection; Security; Simple object access protocol; Web services; Wrapping; XML; FastXPath; XML Signature; XML referencing; XML rewriting attacks; wrapping attacks;
Conference_Titel :
Web Services, 2009. ICWS 2009. IEEE International Conference on
Conference_Location :
Los Angeles, CA
Print_ISBN :
978-0-7695-3709-2
DOI :
10.1109/ICWS.2009.12
