Today, XML is the most used data interchange format for business-to-business applications. Indeed, an increasing amount of data in XML format is created and published over the Internet every day. Moreover, organizations need more and more to share sets of XML documents usually managed via a common XML repository. XML integrity and authenticity have become strong requirements for applications like web services that exchange messages in such format. XML signature aims to guarantee these properties but it cannot avoid attackers to intercept and change the structure of the XML message. A very common attack to XML Signature called XML Signature Wrapping(XSW) attack represents a big issue in web services security as SOAP messages –which are XML signed files- could be corrupted. In this paper, we propose a countermeasure to the XML Signature wrapping attack that makes use of XML watermarking techniques. In our proposal we express constraints on the schema of the XML document and fix its structure using an absolute coordinate system whose values are embedded within the file as a watermark.
Ensuring XML integrity using watermarking techniques / R. Tchokpon, S. Cimato, N. Bennani - In: The 8th International conference on signal image technology & Internet based sytems, SITIS 2012 : November 25th – November 29th 2012, Sorrento, Italy : proceedings / [a cura di] K. Yetongnon, R. Chbeir, A. Dipanda, L. Gallo. - Los Alamitos : Institute of electrical and electronics engineers, 2012. - ISBN 9781467351522. - pp. 668-674 (( Intervento presentato al 8. convegno International Conference on Signal Image Technology and Internet Based Systems (SITIS) tenutosi a Sorrento, Italy nel 2012.
Ensuring XML integrity using watermarking techniques
R. TchokponPrimo
;S. CimatoSecondo
;
2012
Abstract
Today, XML is the most used data interchange format for business-to-business applications. Indeed, an increasing amount of data in XML format is created and published over the Internet every day. Moreover, organizations need more and more to share sets of XML documents usually managed via a common XML repository. XML integrity and authenticity have become strong requirements for applications like web services that exchange messages in such format. XML signature aims to guarantee these properties but it cannot avoid attackers to intercept and change the structure of the XML message. A very common attack to XML Signature called XML Signature Wrapping(XSW) attack represents a big issue in web services security as SOAP messages –which are XML signed files- could be corrupted. In this paper, we propose a countermeasure to the XML Signature wrapping attack that makes use of XML watermarking techniques. In our proposal we express constraints on the schema of the XML document and fix its structure using an absolute coordinate system whose values are embedded within the file as a watermark.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
