2-tuple Digital Signature scheme has two elements: a message and a signature. A tempered message can be verified by the decryption of the message digest, encrypted by the secret key of the signer, with the help of its corresponding public key. On the contrary, if the signature element is replaced then it cannot be verified. This is termed as signature replacement attack hitherto not discussed in the literature. In case of signature replacement attack, proof of origin is compromised. In this paper this attack is brought into focus for the first time. A solution for digital signature, resilient to signature replacement attack, is also proposed, where a trusted central arbiter is used as an in-line TTP. However, the central arbiter becomes the main bottleneck of performance. The problem is equally true for XML signature scheme used in Web service security today. This paper also proposes a solution with a BPEL process which acts as a central arbiter in the proposed special protocol.
[1]
Donald E. Eastlake,et al.
XML-Signature Syntax and Processing
,
2001,
RFC.
[2]
Sabbir Ahmed,et al.
Securing Web Services with XML aware Digital Signatures
,
2004,
AISM.
[3]
Azzedine Benameur,et al.
XML Rewriting Attacks: Existing Solutions and their Limitations
,
2008,
ArXiv.
[4]
S. Kumar Sinha,et al.
Limitations of Web Service Security on SOAP Messages in a Document Production Workflow Environment
,
2008,
2008 16th International Conference on Advanced Computing and Communications.
[5]
Azzedine Benameur,et al.
A formal solution to rewriting attacks on SOAP messages
,
2008,
SWS '08.