Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

XML Encryption is insecure: RUB Researchers break W3C standard

19.10.2011
XML Encryption is insecure: Large companies affected

Standards are supposed to guarantee security, especially in the WWW. The World Wide Web Consortium (W3C) is the main force behind standards like HTML, XML, and XML Encryption. But implementing a W3C standard does not mean that a system is secure. Researchers from the chair of network and data security have found a serious attack against XML Encryption. “Everything is insecure”, is the uncomfortable message from Bochum.

Standard for large integration projects

XML stands for “eXtensible Markup Language”, and is the industry standard for platform-independent data exchange. Companies like IBM, Microsoft and Redhat Linux use XML standards for integrating Webservice projects for large customers. XML Encryption was designed to protect the confidentiality of the exchanged data. Reason enough to have a closer look at its security.

Weak chaining of ciphertext blocks

Juraj Somorovsky and Tibor Jager exploited a weakness in the CBC mode for the chaining of different ciphertext blocks. “We were able to decrypt data by sending modified ciphertexts to the server, by gathering information from the received error messages.” The attack was tested against a popular open source implementation of XML Encrytion, and against the implementations of companies that responded to the responsible disclosure – in all cases the result was the same: the attack works, XML Encryption is not secure. Details of the attack are presented at this year’s ACM Conference on Computer and Communications Security (http://www.sigsac.org/ccs/CCS2011/techprogram.shtml).

No simple solution available

„There is no simple patch for this problem”, states Somorovsky. “We therefore propose to change the standard as soon as possible.” The researchers informed all possibly affected companies through the mailing list of W3C, following a clear responsible disclosure process. With some companies there were intensive discussions on workarounds.

Further information

Prof. Dr. Jörg Schwenk, Faculty of Electrical Engineering and Information Sciences at the RUB, Chair for Network and Data Security, Tel. +49 234 32 26692

joerg.schwenk@rub.de

Dr. Josef König | idw
Further information:
http://www.ruhr-uni-bochum.de/
http://www.sigsac.org/ccs/CCS2011/techprogram.shtml

More articles from Information Technology:

nachricht Bursting the clouds for better communication
18.10.2018 | Université de Genève

nachricht Research on light-matter interaction could improve electronic and optoelectronic devices
11.10.2018 | Rensselaer Polytechnic Institute

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Goodbye, silicon? On the way to new electronic materials with metal-organic networks

Scientists at the Max Planck Institute for Polymer Research (MPI-P) in Mainz (Germany) together with scientists from Dresden, Leipzig, Sofia (Bulgaria) and Madrid (Spain) have now developed and characterized a novel, metal-organic material which displays electrical properties mimicking those of highly crystalline silicon. The material which can easily be fabricated at room temperature could serve as a replacement for expensive conventional inorganic materials used in optoelectronics.

Silicon, a so called semiconductor, is currently widely employed for the development of components such as solar cells, LEDs or computer chips. High purity...

Im Focus: Storage & Transport of highly volatile Gases made safer & cheaper by the use of “Kinetic Trapping"

Augsburg chemists present a new technology for compressing, storing and transporting highly volatile gases in porous frameworks/New prospects for gas-powered vehicles

Storage of highly volatile gases has always been a major technological challenge, not least for use in the automotive sector, for, for example, methane or...

Im Focus: Disrupting crystalline order to restore superfluidity

When we put water in a freezer, water molecules crystallize and form ice. This change from one phase of matter to another is called a phase transition. While this transition, and countless others that occur in nature, typically takes place at the same fixed conditions, such as the freezing point, one can ask how it can be influenced in a controlled way.

We are all familiar with such control of the freezing transition, as it is an essential ingredient in the art of making a sorbet or a slushy. To make a cold...

Im Focus: Micro energy harvesters for the Internet of Things

Fraunhofer IWS Dresden scientists print electronic layers with polymer ink

Thin organic layers provide machines and equipment with new functions. They enable, for example, tiny energy recuperators. In future, these will be installed...

Im Focus: Dynamik einzelner Proteine

Neue Messmethode erlaubt es Forschenden, die Bewegung von Molekülen lange und genau zu verfolgen

Das Zusammenspiel aus Struktur und Dynamik bestimmt die Funktion von Proteinen, den molekularen Werkzeugen der Zelle. Durch Fortschritte in der...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

Conference to pave the way for new therapies

17.10.2018 | Event News

Berlin5GWeek: Private industrial networks and temporary 5G connectivity islands

16.10.2018 | Event News

5th International Conference on Cellular Materials (CellMAT), Scientific Programme online

02.10.2018 | Event News

 
Latest News

RUDN chemist tested a new nanocatalyst for obtaining hydrogen

18.10.2018 | Life Sciences

Massive organism is crashing on our watch

18.10.2018 | Earth Sciences

Electrical enhancement: Engineers speed up electrons in semiconductors

18.10.2018 | Life Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>