• DocumentCode
    2696186
  • Title

    Analysis of Signature Wrapping Attacks and Countermeasures

  • Author

    Gajek, Sebastian ; Jensen, Meiko ; Liao, Lijun ; Schwenk, Jörg

  • Author_Institution
    Horst Gortz Inst. for IT Security, Ruhr Univ. Bochum, Bochum, Germany
  • fYear
    2009
  • fDate
    6-10 July 2009
  • Firstpage
    575
  • Lastpage
    582
  • Abstract
    In recent research it turned out that Boolean verification of digital signatures in the context of WS-Security is likely to fail: If parts of a SOAP message are signed and the signature verification applied to the whole document returns true, then nevertheless the document may have been significantly altered.In this paper, we provide a detailed analysis on the possible scenarios that enable these signature wrapping attacks. Derived from this analysis, we propose a new solution that uses a subset of XPath instead of ID attributes to point to the signed subtree, and show that this solution is both efficient and secure.
  • Keywords
    Boolean algebra; XML; digital signatures; Boolean verification; SOAP message; WS-Security; XML rewriting attack; XPath; digital signatures; signature verification; signature wrapping attacks; Failure analysis; Filtering; Filters; Handwriting recognition; Protection; Security; Simple object access protocol; Web services; Wrapping; XML; FastXPath; XML Signature; XML referencing; XML rewriting attacks; wrapping attacks;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Web Services, 2009. ICWS 2009. IEEE International Conference on
  • Conference_Location
    Los Angeles, CA
  • Print_ISBN
    978-0-7695-3709-2
  • Type

    conf

  • DOI
    10.1109/ICWS.2009.12
  • Filename
    5175871
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2696186