Analysis of signature wrapping attacks and countermeasures

Sebastian Gajek*, Meiko Jensen, Lijun Liao, Jörg Schwenk

*Kontaktforfatter for dette arbejde

Publikation: Kapitel i bog/rapport/konference-proceedingKonferencebidrag i proceedingsForskningpeer review

Abstrakt

In recent research it turned out that Boolean verification, of digital signatures in the context of WSSecurity, is likely to fail: If parts of a SOAP message, are signed and the signature verification applied to, the whole document returns true, then nevertheless the, document may have been significantly altered., In this paper, we provide a detailed analysis on the, possible scenarios that enable these signature wrapping, attacks. Derived from this analysis, we propose, a new solution that uses a subset of XPath instead of, ID attributes to point to the signed subtree, and show, that this solution is both efficient and secure.

OriginalsprogEngelsk
Titel2009 IEEE International Conference on Web Services, ICWS 2009
Antal sider8
Publikationsdato19. nov. 2009
Sider575-582
Artikelnummer5175871
ISBN (Trykt)9780769537092
DOI
StatusUdgivet - 19. nov. 2009

Fingeraftryk

Dyk ned i forskningsemnerne om 'Analysis of signature wrapping attacks and countermeasures'. Sammen danner de et unikt fingeraftryk.

Citationsformater