Paper Info
Title
Making XML Signatures Immune to XML Signature Wrapping Attacks
Abstract
The increased usage of XML in distributed systems and platforms increases the demand for robust and effective security mechanisms likewise. Recent research work discovered, however, substantial vulnerabilities in the XML Signature standard as well as in the vast majority of the available implementations. Amongst them, the so-called XML Signature Wrapping (XSW) attack belongs to the most relevant ones. With the many possible instances of the XSW attack class, it is feasible to annul security systems relying on XML Signature and to gain access to protected resources as has been successfully demonstrated lately for various Cloud services. This work introduces a comprehensive approach to robust and effective XML Signatures for SOAP-based Web Services denoted as XSpRES. An architecture is presented, which integrates the required enhancements to ensure a fail-safe and sound signature generation and verification. Following this architecture, a hardened XML Signature library has been implemented. The obtained evaluation results show that the developed concept and library provide the targeted robustness against all kinds of known XSW attacks. Moreover, the empirical results underline that these security merits are obtained at low efficiency and performance costs as well as remain compliant with the underlying standards.
Year
DOI
Venue
2012
10.1007/978-3-319-04519-1_10
Communications in Computer and Information Science
Keywords
Field
DocType
XML Signature,XML Signature Wrapping,Web Services,SOAP,WS-Security,XSpRES,SOA,Cloud
XML Encryption,XML,Computer security,Computer science,Implementation,SOAP,Web service,WS-Security,Database,Cloud computing,XML Signature
Conference
Volume
ISSN
Citations 
367
1865-0929
6
PageRank 
References 
Authors
0.48
12
4
Name
Order
Citations
PageRank
christian mainka16610.80
Meiko Jensen256743.93
Luigi Lo Iacono338650.08
Jörg Schwenk489988.54