Title :
Signature replacement attack and its counter-measures
Author :
Sinha, Subrata ; Sinha, Smriti Kumar
Author_Institution :
Dept. of Comput. Sci., Assam Univ., Silchar, India
Abstract :
2-tuple Digital Signature scheme has two elements: a message and a signature. A tempered message can be verified by the decryption of the message digest, encrypted by the secret key of the signer, with the help of its corresponding public key. On the contrary, if the signature element is replaced then it cannot be verified. This is termed as signature replacement attack hitherto not discussed in the literature. In case of signature replacement attack, proof of origin is compromised. In this paper this attack is brought into focus for the first time. A solution for digital signature, resilient to signature replacement attack, is also proposed, where a trusted central arbiter is used as an in-line TTP. However, the central arbiter becomes the main bottleneck of performance. The problem is equally true for XML signature scheme used in Web service security today. This paper also proposes a solution with a BPEL process which acts as a central arbiter in the proposed special protocol.
Keywords :
Web services; XML; digital signatures; electronic countermeasures; private key cryptography; public key cryptography; 2-tuple digital signature scheme; BPEL process; TTP; Web service security; central arbiter; countermeasure; encryption; message decryption; public key; signature replacement attack; signer secret key; tempered message; Authentication; Banking; Computer science; Cryptography; Digital signatures; Public key; Security; Simple object access protocol; Web services; XML; BPEL; Digital Signature; SOAP; SWOT; TTP; XML Security;
Conference_Titel :
Advance Computing Conference (IACC), 2010 IEEE 2nd International
Conference_Location :
Patiala
Print_ISBN :
978-1-4244-4790-9
Electronic_ISBN :
978-1-4244-4791-6
DOI :
10.1109/IADCC.2010.5423006
