Spatial Signature Algorithm (SSA): A New Approach in Countermeasuring XML Signature Wrapping Attack

This paper introduces a new approach in countermeasuring XML signature wrapping attack called the Spatial Signature Algorithm (SSA). The motivation for proposing the SSA approach is due to the limitation of the SOAP (Simple Object Access Protocol) in handling the XML signature wrapping attacks. A different strategy is to be planned in order to deter such attack without extensive computational expense. Spatial Signature Algorithm builds upon the notion of ratio signature that is recommended by a research in biotechnology. The research suggests the possibility of diagnosing a specific disease based on the idea of ratios, specifically on the comparative relationship between elements to detect the emergence of certain threats. Bridging this notion to security, the principle of using space and ratio to detect abnormality is extended to the application of spatial information and digital signature to detect and combat the XML wrapping signature attack.

Spatial Signature Method (SSM) Against XML Signature Wrapping Attacks

Living in cyber world with revolutionizes of Industrial 4.0, most of the users and organisations prefer to sell and buy products or services via website online transaction. This online transaction is done through a messaging protocol (SOAP) and signing entire SOAP (SESOAP) using Extensible Markup Language (XML). XML is implemented to secure the SOAP contents by applying the signing method called as XML Digital signature. However, the XML digital signature has issues related to XML signature wrapping (XSW) attacks specifically on Sibling Value Context and Sibling Order Context attacks. Therefore, this paper proposes an enhanced method called as Spatial Signature Method (SSM) which aims to resolve the limitation of SESOAP from the aspect of XSW attacks. It proposes new parameters for XML digital signature inspired by the concept of ratio and space in biotechnology to detect the XSW attacks. The experiment was conducted in a controlled lab by using the Ubuntu Linux system and PHP programming. Based on the comparison made with SESOAP and ID Referencing method (IDR), SSM has proven to defend against the XSW attacks. For the future work, the spatial signature method can be forged with more extensive spatial information for the digital signature and to integrate it with web services.

A Proposed SOAP Model in WS-Security to Avoid Rewriting Attacks and Ensuring Secure Conversation

Service oriented architecture is a current and popular software engineering paradigm providing agile web services to consumers in a dynamically changing enterprise environment. The SOAP messages are used to establish communication between the web services which are vulnerable to rewriting attacks and insecure conversation. XML Signature as specified in WS-Security provides security to the contents of the SOAP messages but is insufficient. This paper proposes a SOAP model where rewriting attacks can be avoided and a secure conversation can be established as well. This paper recommends three steps, firstly using shared key for encrypting timestamp in the message body for generating corresponding signature; Secondly, using value referencing both for signature validation and message processing; and finally encrypting the whole SOAP body instead of sending an open SOAP Message in the network to prevent unauthorized access. The paper concludes that the proposed model successfully detects rewriting attacks and establishes secure conversation in the to-and-fro message transmission.

On the insecurity of XML Security

XML Encryption and XML Signature describe how to apply encryption and signing algorithms to XML documents. These specifications are implemented in a wide range of systems and frameworks processing sensitive data, including banking, eGovernment, eCommerce, military, and eHealth infrastructures. The article presents practical and highly critical attacks which allow to forge signed XML documents or reveal contents of encrypted XML data.