Standards are supposed to guarantee security, especially in the WWW. The World Wide Web Consortium (W3C) is the main force behind standards like HTML, XML, and XML Encryption. But implementing a W3C standard does not mean that a system is secure. Researchers from the chair of network and data security have found a serious attack against XML Encryption. “Everything is insecure”, is the uncomfortable message from Bochum.
Standard for large integration projects
XML stands for “eXtensible Markup Language”, and is the industry standard for platform-independent data exchange. Companies like IBM, Microsoft and Redhat Linux use XML standards for integrating Webservice projects for large customers. XML Encryption was designed to protect the confidentiality of the exchanged data. Reason enough to have a closer look at its security.
Weak chaining of ciphertext blocks
Juraj Somorovsky and Tibor Jager exploited a weakness in the CBC mode for the chaining of different ciphertext blocks. “We were able to decrypt data by sending modified ciphertexts to the server, by gathering information from the received error messages.” The attack was tested against a popular open source implementation of XML Encrytion, and against the implementations of companies that responded to the responsible disclosure – in all cases the result was the same: the attack works, XML Encryption is not secure. Details of the attack are presented at this year’s ACM Conference on Computer and Communications Security (http://www.sigsac.org/ccs/CCS2011/techprogram.shtml).
No simple solution available
„There is no simple patch for this problem”, states Somorovsky. “We therefore propose to change the standard as soon as possible.” The researchers informed all possibly affected companies through the mailing list of W3C, following a clear responsible disclosure process. With some companies there were intensive discussions on workarounds.
Further informationProf. Dr. Jörg Schwenk, Faculty of Electrical Engineering and Information Sciences at the RUB, Chair for Network and Data Security, Tel. +49 234 32 26692
Dr. Josef König | idw
‘Time Machine’ heralds new era
25.03.2019 | Technische Universität Dresden
Open source software helps researchers extract key insights from huge sensor datasets
22.03.2019 | Universität des Saarlandes
DESY and MPSD scientists create high-order harmonics from solids with controlled polarization states, taking advantage of both crystal symmetry and attosecond electronic dynamics. The newly demonstrated technique might find intriguing applications in petahertz electronics and for spectroscopic studies of novel quantum materials.
The nonlinear process of high-order harmonic generation (HHG) in gases is one of the cornerstones of attosecond science (an attosecond is a billionth of a...
Nano- and microtechnology are promising candidates not only for medical applications such as drug delivery but also for the creation of little robots or flexible integrated sensors. Scientists from the Max Planck Institute for Polymer Research (MPI-P) have created magnetic microparticles, with a newly developed method, that could pave the way for building micro-motors or guiding drugs in the human body to a target, like a tumor. The preparation of such structures as well as their remote-control can be regulated using magnetic fields and therefore can find application in an array of domains.
The magnetic properties of a material control how this material responds to the presence of a magnetic field. Iron oxide is the main component of rust but also...
Due to the special arrangement of its molecules, a new coating made of corn starch is able to repair small scratches by itself through heat: The cross-linking via ring-shaped molecules makes the material mobile, so that it compensates for the scratches and these disappear again.
Superficial micro-scratches on the car body or on other high-gloss surfaces are harmless, but annoying. Especially in the luxury segment such surfaces are...
The Potsdam Echelle Polarimetric and Spectroscopic Instrument (PEPSI) at the Large Binocular Telescope (LBT) in Arizona released its first image of the surface magnetic field of another star. In a paper in the European journal Astronomy & Astrophysics, the PEPSI team presents a Zeeman- Doppler-Image of the surface of the magnetically active star II Pegasi.
A special technique allows astronomers to resolve the surfaces of faraway stars. Those are otherwise only seen as point sources, even in the largest telescopes...
Researchers at Chalmers University of Technology and the University of Gothenburg, Sweden, have proposed a way to create a completely new source of radiation. Ultra-intense light pulses consist of the motion of a single wave and can be described as a tsunami of light. The strong wave can be used to study interactions between matter and light in a unique way. Their research is now published in the scientific journal Physical Review Letters.
"This source of radiation lets us look at reality through a new angle - it is like twisting a mirror and discovering something completely different," says...
11.03.2019 | Event News
01.03.2019 | Event News
28.02.2019 | Event News
25.03.2019 | Trade Fair News
25.03.2019 | Life Sciences
25.03.2019 | Information Technology