On the insecurity of XML Security

被引：0

作者：

Somorovsky, Juraj ^{[1
]}

机构：

[1] Ruhr Univ Bochum, Horst Gortz Inst IT Secur, D-44801 Bochum, Germany

来源：

IT-INFORMATION TECHNOLOGY | 2014年 / 56卷 / 06期

关键词：

XML Signature; XML Encryption; Web Services; Single Sign-On; Signature Wrapping attacks; Padding Oracle attacks;

D O I：

10.1515/itit-2014-1045

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

XML Encryption and XML Signature describe how to apply encryption and signing algorithms to XML documents. These specifications are implemented in a wide range of systems and frameworks processing sensitive data, including banking, eGovernment, eCommerce, military, and eHealth infrastructures. The article presents practical and highly critical attacks which allow to forge signed XML documents or reveal contents of encrypted XML data.

引用

页码：313 / 317

页数：5

共 50 条

[1] The Insecurity of "Security"
Amster, Randall
[J]. PEACE REVIEW-A JOURNAL OF SOCIAL JUSTICE, 2020, 32 (04): : 521 - 526
[2] XML and security
Selkirk, A
[J]. BT TECHNOLOGY JOURNAL, 2001, 19 (03) : 23 - 34
[3] Security analysis of XML, XML usage and XML parsing
Blyth, A
Cunliffe, D
Sutherland, I
[J]. COMPUTERS & SECURITY, 2003, 22 (06) : 494 - 505
[4] ARCHIVAL SECURITY AND INSECURITY
KINNEY, JM
[J]. AMERICAN ARCHIVIST, 1975, 38 (04): : 493 - 497
[5] Security, insecurity and health
Coupland, Robin
[J]. BULLETIN OF THE WORLD HEALTH ORGANIZATION, 2007, 85 (03) : 181 - 184
[6] INSECURITY ABOUT SECURITY
NEUMANN, PG
[J]. COMMUNICATIONS OF THE ACM, 1990, 33 (08) : 170 - 170
[7] CONCEPTS OF SECURITY AND INSECURITY
Cameron, William Bruce
McCormick, Thomas C.
[J]. AMERICAN JOURNAL OF SOCIOLOGY, 1954, 59 (06) : 556 - 564
[8] SECURITY V INSECURITY
HERNDON, WL
LANTZY, L
[J]. POLICE CHIEF, 1980, 47 (08): : 10 - 11
[9] On priming security and insecurity
Baldwin, Mark W.
[J]. PSYCHOLOGICAL INQUIRY, 2007, 18 (03) : 157 - 162
[10] INSECURITY IN SEARCH OF SECURITY
Karpman, Ben
[J]. AMERICAN JOURNAL OF PSYCHOTHERAPY, 1952, 6 (01) : 23 - 42

← 1 2 3 4 5 →