Analysis of Signature Wrapping Attacks and Countermeasures

14 years 1 months ago

Download www.nds.rub.de

In recent research it turned out that Boolean veriﬁcation of digital signatures in the context of WSSecurity is likely to fail: If parts of a SOAP message are signed and the signature veriﬁcation applied to the whole document returns true, then nevertheless the document may have been signiﬁcantly altered. In this paper, we provide a detailed analysis on the possible scenarios that enable these signature wrapping attacks. Derived from this analysis, we propose a new solution that uses a subset of XPath instead of ID attributes to point to the signed subtree, and show that this solution is both efﬁcient and secure.

Sebastian Gajek, Meiko Jensen, Lijun Liao, Jö

Real-time Traffic

Computer Science | Document Returns | ICWS 2009 | Possible Scenarios | Signature Wrapping Attacks |

claim paper

» Beyond the Perimeter the Need for Early Detection of Denial of Service Attacks

» Reid et als Distance Bounding Protocol and Mafia Fraud Attacks over Noisy Channels

» ATTENTION ATTackEr Traceback Using MAC Layer AbNormality DetecTION

» Mitigating bandwidthexhaustion attacks using congestion puzzles

» LISABETH automated contentbased signature generator for zeroday polymorphic worms

» Memsherlock an automated debugger for unknown memory corruption vulnerabilities

Post Info
More Details (n/a)

Added	08 Mar 2010
Updated	08 Mar 2010
Type	Conference
Year	2009
Where	ICWS
Authors	Sebastian Gajek, Meiko Jensen, Lijun Liao, Jörg Schwenk

Comments (0)

Sciweavers

Analysis of Signature Wrapping Attacks and Countermeasures

Computer Science | Document Returns | ICWS 2009 | Possible Scenarios | Signature Wrapping Attacks |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers