On the insecurity of XML Security

被引:0
|
作者
Somorovsky, Juraj [1 ]
机构
[1] Ruhr Univ Bochum, Horst Gortz Inst IT Secur, D-44801 Bochum, Germany
来源
IT-INFORMATION TECHNOLOGY | 2014年 / 56卷 / 06期
关键词
XML Signature; XML Encryption; Web Services; Single Sign-On; Signature Wrapping attacks; Padding Oracle attacks;
D O I
10.1515/itit-2014-1045
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
XML Encryption and XML Signature describe how to apply encryption and signing algorithms to XML documents. These specifications are implemented in a wide range of systems and frameworks processing sensitive data, including banking, eGovernment, eCommerce, military, and eHealth infrastructures. The article presents practical and highly critical attacks which allow to forge signed XML documents or reveal contents of encrypted XML data.
引用
收藏
页码:313 / 317
页数:5
相关论文
共 50 条
  • [31] SECURITY, INSECURITY AND MIGRATION IN EUROPE
    Macpherson, Robert
    [J]. POPULATION SPACE AND PLACE, 2011, 17 (05) : 704 - 706
  • [32] THE INSECURITY OF FAIRNESS IN SECURITY CASES
    Groves, Matthew
    [J]. PUBLIC LAW REVIEW, 2013, 24 (03): : 155 - 160
  • [33] Generalized XML security views
    Kuper, Gabriel
    Massacci, Fabio
    Rassadko, Nataliya
    [J]. INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2009, 8 (03) : 173 - 203
  • [34] Security model for XML data
    Ilioudis, C
    Pangalos, G
    Vakali, A
    [J]. IC'2001: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON INTERNET COMPUTING, VOLS I AND II, 2001, : 400 - 406
  • [35] XML security beyond XSLT
    Farzaneh, Kayvan
    Doroodchi, Mahmood
    [J]. 2006 INNOVATIONS IN INFORMATION TECHNOLOGY, 2006, : 396 - +
  • [36] XML and Web services security
    Sun, Lili
    Li, Yan
    [J]. PROCEEDINGS OF THE 2008 12TH INTERNATIONAL CONFERENCE ON COMPUTER SUPPORTED COOPERATIVE WORK IN DESIGN, VOLS I AND II, 2008, : 765 - 770
  • [37] Generalized XML security views
    Gabriel Kuper
    Fabio Massacci
    Nataliya Rassadko
    [J]. International Journal of Information Security, 2009, 8 : 173 - 203
  • [38] Security for XML Data Binding
    Gruschka, Nils
    Lo Iacono, Luigi
    [J]. COMMUNICATIONS AND MULTIMEDIA SECURITY, PROCEEDINGS, 2010, 6109 : 53 - +
  • [39] XML Security Views Revisited
    Groz, Benoit
    Staworko, Slawomir
    Caron, Anne-Cecile
    Roos, Yves
    Tison, Sophie
    [J]. DATABASE PROGRAMMING LANGUAGES, 2009, 5708 : 52 - 67
  • [40] Using XML security mechanisms
    Selkirk, A
    [J]. BT TECHNOLOGY JOURNAL, 2001, 19 (03) : 35 - 43
12345