Spatial Signature Method (SSM) Against XML Signature Wrapping Attacks

Living in cyber world with revolutionizes of Industrial 4.0, most of the users and organisations prefer to sell and buy products or services via website online transaction. This online transaction is done through a messaging protocol (SOAP) and signing entire SOAP (SESOAP) using Extensible Markup Language (XML). XML is implemented to secure the SOAP contents by applying the signing method called as XML Digital signature. However, the XML digital signature has issues related to XML signature wrapping (XSW) attacks specifically on Sibling Value Context and Sibling Order Context attacks. Therefore, this paper proposes an enhanced method called as Spatial Signature Method (SSM) which aims to resolve the limitation of SESOAP from the aspect of XSW attacks. It proposes new parameters for XML digital signature inspired by the concept of ratio and space in biotechnology to detect the XSW attacks. The experiment was conducted in a controlled lab by using the Ubuntu Linux system and PHP programming. Based on the comparison made with SESOAP and ID Referencing method (IDR), SSM has proven to defend against the XSW attacks. For the future work, the spatial signature method can be forged with more extensive spatial information for the digital signature and to integrate it with web services.

Download Full-text

An Introduction to XBRL through the Use of Research and Technical Assignments

Journal of Information Systems ◽

10.2308/jis.2006.20.1.161 ◽

2006 ◽

Vol 20 (1) ◽

pp. 161-185 ◽

Cited By ~ 14

Author(s):

Stephanie M. Farewell

Keyword(s):

Significant Role ◽

The Other ◽

Extensible Markup Language ◽

Markup Language ◽

Basic Skill ◽

Reading Research ◽

Business Reporting ◽

Basic Understanding ◽

The Future ◽

Extensible Markup

This project is designed to facilitate an understanding of eXtensible Business Reporting Language (XBRL). The materials are structured so that each can be used independently of the other components. The materials consist of a reading, research assignments, and two technical assignments. The reading is written to provide a background on XBRL. After obtaining a basic understanding of XBRL, research and technical assignments are used to increase the student's skill-set. The research assignments look at the evolution of XBRL. The first technical assignment modifies and styles eXtensible Markup Language (XML) tagged data. In the second technical assignment an industry extension is developed to the promulgated Commercial and Industrial (C-I) taxonomy. The second technical assignment concludes with the creation of an instance document and viewing of the instance document with a style sheet. Through an understanding of XBRL, students will possess an important basic skill-set for a technology that will likely play a significant role in the future of accounting. In addition, they should have an appreciation for the purpose of XBRL, including the nature of the technology and the inherent challenges.

Download Full-text

Web Services Security

Cryptography and Security Services ◽

10.4018/978-1-59904-837-6.ch013 ◽

2008 ◽

pp. 334-408

Author(s):

Manuel Mogollon

Keyword(s):

Web Services ◽

Key Management ◽

Markup Language ◽

Access Protocol ◽

Xml Encryption ◽

Extensible Markup ◽

Xml Signature ◽

Web Services Security ◽

Open Standards ◽

Security Assertion Markup Language

A service is an application offered by an organization that can be accessed through a programmable interface. Web services allow computers running on different operating platforms to access and share each other’s databases by using open standards, such as extensible markup language (XML) and simple object access protocol (SOAP). In this chapter, the following Web services mechanisms are discussed: (1) XML encryption, XML signature, and XML key management specification (XKMS); (2) security assertion markup language (SAML); and (3) Web services security (WS-security).

Download Full-text