OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Minutes for SSTC Telecon (18 Oct 2011)

Hello, 

I read the paper, named ``How to Break XML Encryption'', linked by
http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en
presented at the ACM conference in Swisshotel, Chicago 17-21 October 2011.

and here the public link: 

http://delivery.acm.org/10.1145/2050000/2046756/p413-jager.pdf?ip=150.217.37.224&acc=ACTIVE%20SERVICE&CFID=49995935&CFTOKEN=35019546&__acm__=1319194996_bfab5d800269c9bd3c1d343ceca36a49

Indeed, this paper is interesting. It exploits a well known chosen-ciphertext
attack to a service that is used as an oracle. The setting considered is 
when a service consumer invokes a service provider with a message with some
encrypted data inside, encryption made in CBC mode, as defined in XMLENC. 
The novelty of the paper is how the chosen-ciphertext
attack is performed, i.e., by using characters known by XML, such tags 
opening etc. The error messages returned to the MITM are meaningful so that, 
the MITM, can guess with high probability to have produced a well formed 
ciphertext (w.r.t. their definition of ``well formed''ness). 

It is more or less related to the assumptions to sign before encrypt, 
encrypt-before-sign, sign-before-encrypt-than-sign again. 

What I see very interesting (and I don't see any countermeasures on that)
are the links in the ``countermeasures'' section, to kind of XML Rewrite Attacks[1] 
and what they call XML Encryption wrapping,  in which the MITM can change the 
structure of the soap message to have the signature validation useless. 

As far as I know, there is no trivial way to protect service invocations 
from attacks based on the structure of the message, if not using authenticated channels such
as TLS, that are not following the SOA. 





[1] http://dl.acm.org/citation.cfm?id=1237504

Il giorno 20/ott/2011, alle ore 18:23, Cantor, Scott ha scritto:

> On 10/20/11 12:19 PM, "Brian Campbell" <bcampbell@pingidentity.com> wrote:
> 
>> Is there a link to this doc?
> 
> Not that I've been able to track down yet. It was presented yesterday. I
> don't know how ACM publishes the proceedings or when.
> 
> -- Scott
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: security-services-help@lists.oasis-open.org
> 

--
Massimiliano Masi

Tiani "Spirit" GmbH
Guglgasse 6
Gasometer A
1110 Vienna
Austria/Europe

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]