Analysis of Signature Wrapping Attacks and Countermeasures

被引：14

作者：

Gajek, Sebastian ^{[1
]}

Jensen, Meiko ^{[1
]}

Liao, Lijun ^{[1
]}

Schwenk, Joerg ^{[1
]}

机构：

[1] Ruhr Univ Bochum, Horst Gortz Inst IT Secur, Bochum, Germany

来源：

2009 IEEE INTERNATIONAL CONFERENCE ON WEB SERVICES, VOLS 1 AND 2 | 2009年

关键词：

D O I：

10.1109/ICWS.2009.12

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

In recent research it turned out that Boolean verification of digital signatures in the context of WS-Security is likely to fail: If parts of a SOAP message are signed and the signature verification applied to the whole document returns true, then nevertheless the document may have been significantly altered. In this paper, we provide a detailed analysis on the possible scenarios that enable these signature wrapping attacks. Derived from this analysis, we propose a new solution that uses a subset of XPath instead of ID attributes to point to the signed subtree, and show that this solution is both efficient and secure.

引用

页码：575 / 582

页数：8

共 50 条

[1] Spatial Signature Method (SSM) Against XML Signature Wrapping Attacks
Saudi, Madihah Mohd
Zaizi, Nurzi Juana Mohd
Sweese, Khaled Juma Ahmed
Abu Bakar, Azreena
[J]. ENGINEERING APPLICATION OF ARTIFICIAL INTELLIGENCE CONFERENCE 2018 (EAAIC 2018), 2019, 255
[2] Making XML Signatures Immune to XML Signature Wrapping Attacks
Mainka, Christian
Jensen, Meiko
Lo Iacono, Luigi
Schwenk, Joerg
[J]. CLOUD COMPUTING AND SERVICES SCIENCE, CLOSER 2012, 2013, 367 : 151 - 167
[3] Power analysis attacks and countermeasures
Popp, Thomas
Mangard, Stefan
Oswald, Elisabeth
[J]. IEEE DESIGN & TEST OF COMPUTERS, 2007, 24 (06): : 535 - 543
[4] Analysis of phishing attacks and countermeasures
Issac, Biju
Chiong, Raymond
Jacob, Seibu Mary
[J]. MANAGING INFORMATION IN THE DIGITAL ECONOMY: ISSUES & SOLUTIONS, 2006, : 339 - +
[5] On countermeasures to traffic analysis attacks
Fu, XW
Graham, B
Bettati, R
Zhao, W
[J]. IEEE SYSTEMS, MAN AND CYBERNETICS SOCIETY INFORMATION ASSURANCE WORKSHOP, 2003, : 188 - 195
[6] Analysis of Cloud Computing Attacks and Countermeasures
Jabir, Raja Mohamed
Khanji, Salam Ismail Rasheed
Ahmad, Liza Abdallah
Alfandi, Omar
Said, Huwida
[J]. 2016 18TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATIONS TECHNOLOGY (ICACT) - INFORMATION AND COMMUNICATIONS FOR SAFE AND SECURE LIFE, 2016, : 117 - 123
[7] BEARZ Attack FALCON: Implementation Attacks with Countermeasures on the FALCON Signature Scheme
McCarthy, Sarah
Howe, James
Smyth, Neil
Brannigan, Seamus
O'Neill, Maire
[J]. PROCEEDINGS OF THE 16TH INTERNATIONAL JOINT CONFERENCE ON E-BUSINESS AND TELECOMMUNICATIONS, VOL 2: SECRYPT, 2019, : 61 - 71
[8] An Analysis of DHCP Vulnerabilities, Attacks, and Countermeasures
AbdulGhaffar, AbdulAziz
Paul, Sumit Kumar
Matrawy, Ashraf
[J]. 2023 BIENNIAL SYMPOSIUM ON COMMUNICATIONS, BSC, 2023, : 119 - 124
[9] Active traffic analysis attacks and countermeasures
Fu, XW
Graham, B
Bettati, R
Zhao, W
[J]. 2003 INTERNATIONAL CONFERENCE ON COMPUTER NETWORKS AND MOBILE COMPUTING, PROCEEDINGS, 2003, : 31 - 39
[10] Attacks and Countermeasures on 802.16: Analysis and Assessment
Kolias, Constantinos
Kambourakis, Georgios
Gritzalis, Stefanos
[J]. IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2013, 15 (01): : 487 - 514

← 1 2 3 4 5 →