[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Minutes for SSTC Telecon (18 Oct 2011)
Hello, I read the paper, named ``How to Break XML Encryption'', linked by http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en presented at the ACM conference in Swisshotel, Chicago 17-21 October 2011. and here the public link: http://delivery.acm.org/10.1145/2050000/2046756/p413-jager.pdf?ip=150.217.37.224&acc=ACTIVE%20SERVICE&CFID=49995935&CFTOKEN=35019546&__acm__=1319194996_bfab5d800269c9bd3c1d343ceca36a49 Indeed, this paper is interesting. It exploits a well known chosen-ciphertext attack to a service that is used as an oracle. The setting considered is when a service consumer invokes a service provider with a message with some encrypted data inside, encryption made in CBC mode, as defined in XMLENC. The novelty of the paper is how the chosen-ciphertext attack is performed, i.e., by using characters known by XML, such tags opening etc. The error messages returned to the MITM are meaningful so that, the MITM, can guess with high probability to have produced a well formed ciphertext (w.r.t. their definition of ``well formed''ness). It is more or less related to the assumptions to sign before encrypt, encrypt-before-sign, sign-before-encrypt-than-sign again. What I see very interesting (and I don't see any countermeasures on that) are the links in the ``countermeasures'' section, to kind of XML Rewrite Attacks[1] and what they call XML Encryption wrapping, in which the MITM can change the structure of the soap message to have the signature validation useless. As far as I know, there is no trivial way to protect service invocations from attacks based on the structure of the message, if not using authenticated channels such as TLS, that are not following the SOA. [1] http://dl.acm.org/citation.cfm?id=1237504 Il giorno 20/ott/2011, alle ore 18:23, Cantor, Scott ha scritto: > On 10/20/11 12:19 PM, "Brian Campbell" <bcampbell@pingidentity.com> wrote: > >> Is there a link to this doc? > > Not that I've been able to track down yet. It was presented yesterday. I > don't know how ACM publishes the proceedings or when. > > -- Scott > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: security-services-help@lists.oasis-open.org > -- Massimiliano Masi Tiani "Spirit" GmbH Guglgasse 6 Gasometer A 1110 Vienna Austria/Europe
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]