Analysis of Signature Wrapping Attacks and Countermeasures

In recent research it turned out that Boolean verification of digital signatures in the context of WS-Security is likely to fail: If parts of a SOAP message are signed and the signature verification applied to the whole document returns true, then nevertheless the document may have been significantly altered.In this paper, we provide a detailed analysis on the possible scenarios that enable these signature wrapping attacks. Derived from this analysis, we propose a new solution that uses a subset of XPath instead of ID attributes to point to the signed subtree, and show that this solution is both efficient and secure.

[1]  Jon Callas,et al.  OpenPGP Message Format , 1998, RFC.

[2]  Steven J. DeRose,et al.  XML Path Language (XPath) Version 1.0 , 1999 .

[3]  Donald E. Eastlake,et al.  XML-Signature Syntax and Processing , 2001, RFC.

[4]  Marcus Fontoura,et al.  Streaming XPath processing with forward and backward axes , 2003, Proceedings 19th International Conference on Data Engineering (Cat. No.03CH37405).

[5]  Mark O'Neill,et al.  Web Services Security , 2003 .

[6]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[7]  Andrew D. Gordon,et al.  Verifying policy-based security for web services , 2004, CCS '04.

[8]  Tim Furche,et al.  An efficient single-pass query evaluator for XML data streams , 2004, SAC '04.

[9]  Michael McIntosh,et al.  XML signature element wrapping attacks and countermeasures , 2005, SWS '05.

[10]  Andreas Schaad,et al.  Towards secure SOAP message exchange in a SOA , 2006, SWS '06.

[11]  Mohammad Ashiqur Rahaman An inline approach for secure SOAP requests and early validation , 2006 .

[12]  Rada Chirkova,et al.  Efficient algorithms for evaluating xpath over streams , 2007, SIGMOD '07.

[13]  Andreas Schaad,et al.  SOAP-based Secure Conversation and Collaboration , 2007, IEEE International Conference on Web Services (ICWS 2007).

[14]  Jörg Schwenk,et al.  Breaking and fixing the inline approach , 2007, SWS '07.

[15]  Edgar R. Weippl,et al.  XML security - A comparative literature review , 2008, J. Syst. Softw..

[16]  Azzedine Benameur,et al.  XML Rewriting Attacks: Existing Solutions and their Limitations , 2008, ArXiv.