DocumentCode :
3051779
Title :
Technical Analysis of Countermeasures against Attack on XML Encryption -- or -- Just Another Motivation for Authenticated Encryption
Author :
Somorovsky, Juraj ; Schwenk, Jörg
Author_Institution :
Horst Gortz Inst. for IT Security, Ruhr Univ., Bochum, Germany
fYear :
2012
fDate :
24-29 June 2012
Firstpage :
171
Lastpage :
178
Abstract :
At CCS´11 a new chosen-ciphertext attack on XML Encryption [13] has been presented. This attack is of high relevance, since it allows one to decrypt arbitrary encrypted XML payload by issuing 14 server requests per byte on average. In this paper we discuss several countermeasures against this attack, which have been considered by different framework developers for different scenarios. We analyze the scenarios and show why these countermeasures do not work. Thereby, we motivate for the application of authenticated encryption in the XML Encryption specification.
Keywords :
Web services; XML; cryptography; formal specification; Web services; XML encryption specification; arbitrary encrypted XML payload; authenticated encryption; ciphertext attack; technical analysis; Encryption; Servers; Simple object access protocol; XML; CBC; Padding oracle attacks; XML Encryption;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Services (SERVICES), 2012 IEEE Eighth World Congress on
Conference_Location :
Honolulu, HI
Print_ISBN :
978-1-4673-3053-4
Type :
conf
DOI :
10.1109/SERVICES.2012.6
Filename :
6274047
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3051779
بازگشت