使用位置令牌的XML包装攻击缓解

2017 International Conference on Public Key Infrastructure and its Applications (PKIA) Pub Date : 2017-11-01 DOI:10.1109/PKIA.2017.8278958

J. Kumar, B. Rajendran, B. Bindhumadhava, N. S. C. Babu

{"title":"使用位置令牌的XML包装攻击缓解","authors":"J. Kumar, B. Rajendran, B. Bindhumadhava, N. S. C. Babu","doi":"10.1109/PKIA.2017.8278958","DOIUrl":null,"url":null,"abstract":"XML signature standard defined by IETF/W3C references or identifies signed elements by their unique identities specified by “id” attribute values in the given XML document. Hence, signed XML elements can be shifted from one location to another location in a XML document, and still, it does not have any effect on its ability to verify its signature. This flexibility paves the way for an attacker to tweak original XML message without getting noticed by the receiver. In this paper we propose the concept of “Positional Token” to overcome the attack on XML signatures and demonstrate the same.","PeriodicalId":393622,"journal":{"name":"2017 International Conference on Public Key Infrastructure and its Applications (PKIA)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"XML wrapping attack mitigation using positional token\",\"authors\":\"J. Kumar, B. Rajendran, B. Bindhumadhava, N. S. C. Babu\",\"doi\":\"10.1109/PKIA.2017.8278958\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"XML signature standard defined by IETF/W3C references or identifies signed elements by their unique identities specified by “id” attribute values in the given XML document. Hence, signed XML elements can be shifted from one location to another location in a XML document, and still, it does not have any effect on its ability to verify its signature. This flexibility paves the way for an attacker to tweak original XML message without getting noticed by the receiver. In this paper we propose the concept of “Positional Token” to overcome the attack on XML signatures and demonstrate the same.\",\"PeriodicalId\":393622,\"journal\":{\"name\":\"2017 International Conference on Public Key Infrastructure and its Applications (PKIA)\",\"volume\":\"28 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on Public Key Infrastructure and its Applications (PKIA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PKIA.2017.8278958\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Public Key Infrastructure and its Applications (PKIA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PKIA.2017.8278958","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

摘要

由IETF/W3C引用定义的XML签名标准，或通过给定XML文档中由“id”属性值指定的惟一标识标识签名元素。因此，签名的XML元素可以在XML文档中从一个位置移动到另一个位置，但仍然不会对其验证签名的能力产生任何影响。这种灵活性为攻击者在不被接收方注意的情况下调整原始XML消息铺平了道路。在本文中，我们提出了“位置令牌”的概念来克服对XML签名的攻击，并进行了演示。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

XML wrapping attack mitigation using positional token

XML signature standard defined by IETF/W3C references or identifies signed elements by their unique identities specified by “id” attribute values in the given XML document. Hence, signed XML elements can be shifted from one location to another location in a XML document, and still, it does not have any effect on its ability to verify its signature. This flexibility paves the way for an attacker to tweak original XML message without getting noticed by the receiver. In this paper we propose the concept of “Positional Token” to overcome the attack on XML signatures and demonstrate the same.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 International Conference on Public Key Infrastructure and its Applications (PKIA)

自引率

0.00%

发文量