Countering Wrapping Attack on XML Signature in SOAP Message for Cloud Computing

H. Razzaghi Kouchaksaraei, A.G. Chefranov, International Journal of Computer Science and Information Security 11 (2013) 1–6.

Download
No fulltext has been uploaded.
Journal Article | Published | English
Author
Razzaghi Kouchaksaraei, HadiLibreCat; Chefranov, Alexander G.
Abstract
It is known that the exchange of information between web applications is done by means of the SOAP protocol. Securing this protocol is obviously a vital issue for any computer network. However, when it comes to cloud computing systems, the sensitivity of this issue rises, as the clients of system, release their data to the cloud. XML signature is employed to secure SOAP messages. However, there are also some weak points that have been identified, named as XML signature wrapping attacks, which have been categorized into four major groups; Simple Ancestry Context Attack, Optional element context attacks, Sibling Value Context Attack, Sibling Order Context. In this paper, two existing methods, for referencing the signed part of SOAP Message, named as ID referencing and XPath method, are analyzed and examined. In addition, a new method is proposed and tested, to secure the SOAP message. In the new method, the XML any signature wrapping attack is prevented by employing the concept of XML digital signature on the SOAP message. The results of conducted experiments show that the proposed method is approximately three times faster than the XPath method and even a little faster than ID.
Publishing Year
Journal Title
International Journal of Computer Science and Information Security
Volume
11
Issue
9
Page
1-6
LibreCat-ID

Cite this

Razzaghi Kouchaksaraei H, Chefranov AG. Countering Wrapping Attack on XML Signature in SOAP Message for Cloud  Computing. International Journal of Computer Science and Information Security. 2013;11(9):1-6.
Razzaghi Kouchaksaraei, H., & Chefranov, A. G. (2013). Countering Wrapping Attack on XML Signature in SOAP Message for Cloud  Computing. International Journal of Computer Science and Information Security, 11(9), 1–6.
@article{Razzaghi Kouchaksaraei_Chefranov_2013, title={Countering Wrapping Attack on XML Signature in SOAP Message for Cloud  Computing}, volume={11}, number={9}, journal={International Journal of Computer Science and Information Security}, author={Razzaghi Kouchaksaraei, Hadi and Chefranov, Alexander G.}, year={2013}, pages={1–6} }
Razzaghi Kouchaksaraei, Hadi, and Alexander G. Chefranov. “Countering Wrapping Attack on XML Signature in SOAP Message for Cloud  Computing.” International Journal of Computer Science and Information Security 11, no. 9 (2013): 1–6.
H. Razzaghi Kouchaksaraei and A. G. Chefranov, “Countering Wrapping Attack on XML Signature in SOAP Message for Cloud  Computing,” International Journal of Computer Science and Information Security, vol. 11, no. 9, pp. 1–6, 2013.
Razzaghi Kouchaksaraei, Hadi, and Alexander G. Chefranov. “Countering Wrapping Attack on XML Signature in SOAP Message for Cloud  Computing.” International Journal of Computer Science and Information Security, vol. 11, no. 9, 2013, pp. 1–6.

Export

Marked Publications

Open Data LibreCat

Search this title in

Google Scholar