how to break xml encryption
play

How to Break XML Encryption Automatically Dennis Kupser, Christian - PowerPoint PPT Presentation

Apr 06, 2023 •578 likes •1.24k views

How to Break XML Encryption Automatically Dennis Kupser, Christian Mainka, Jrg Schwenk, Juraj Somorovsky Ruhr University Bochum @jurajsomorovsky 1 How to Break XML Encry rypt ption on Autom omati atical ally ly Juraj

  1. How to Break XML Encryption – Automatically Dennis Kupser, Christian Mainka, Jörg Schwenk, Juraj Somorovsky Ruhr University Bochum @jurajsomorovsky 1 How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 1

  2. About Me and Our Institute • Security Researcher at: – Chair for Network and Data Security • Prof. Dr. Jörg Schwenk • Web Services, Single Sign-On, (Applied) Crypto, SSL, crypto currencies • Provable security, attacks and defenses – Horst Görtz Institute for IT-Security • Further topics: embedded security, malware, crypto … – Ruhr University Bochum • Penetration tests, security analyses, workshops … How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 2 2

  3. Overview 1. What is a Web Service and XML Security 2. XML Signature Wrapping 3. Attacks on XML Encryption 4. Attacks on Symmetric Encryption Scheme 1. Attack Scenario 2. Plaintext Validity 3. Using Web Service for Plaintext Validation 4. Decrypting by Checking Plaintext Validity 5. Countermeasures and Problems 6. WS-Attacker How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 3 3

  4. What is a (SOAP) Web Service? Envelope Body Client getPrime Server Envelope Body thePrime 11 How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 4 4

  5. More complicated scenarios … XML XML Bank XML Client Broker Insurance How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 5 5

  6. Security? • SSL / TLS: Transport-Level Security Bank Client Broker Insurance • Messages are only secured during transport How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 6 6

  7. Motivation – XML Security • Message Level Security Bank Client Broker Insurance • Messages protected directly • XML Security How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 7 7

  8. XML Security • Methods for cryptographic algorithms in XML • XML Signature : authenticity and integrity • XML Encryption : confidentiality • Flexible <PaymentInfo> <Name>John Smith</Name> <CreditCard Limit= '5,000’> <Number>4019 ...5567</Number> <Issuer>Example Bank</Issuer> <Expiration>04/02</Expiration> </CreditCard> </PaymentInfo> 8 How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 8

  9. XML Security Areas • Financial services: – Electronic Banking Internet Communication (EBICS) • Healthcare: – Australian eHealth Technical Specification • Governmental services: – ID cards in Estonia, Germany, Hungary, … • System integration, firewalls How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 10 10

  10. Overview 1. What is a Web Service and XML Security 2. XML Signature Wrapping 3. Attacks on XML Encryption 4. Attacks on Symmetric Encryption Scheme 1. Attack Scenario 2. Plaintext Validity 3. Using Web Service for Plaintext Validation 4. Decrypting by Checking Plaintext Validity 5. Countermeasures and Problems 6. WS-Attacker How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 12 12

  11. XML Signature Envelope Header Security Signature SignedInfo Reference URI=”#body” DigestValue Reference URI=”#Timestamp” DigestValue SignatureValue Timestamp Id =”Timestamp” Body Id =”body” MonitorInstances How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 13

  12. XML Signature Wrapping / Rewriting McIntosh, Austel (2005) Envelope Bhargavan, Fournet , Gordon, O’Shea (2005) Header Security Signature SignedInfo Reference URI=”#body” SignValue Wrapper Body Id =”body” MonitorInstances InstanceId Id Body Id =”attack” Body Id =”body” CreateKeyPair MonitorInstances KeyName attackerKey InstanceId Id How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 14

  13. XML Signature Wrapping Why does the attack work? How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 15 15

  14. XML Signature Wrapping Envelope Header Security Server Application logic  Signature SignedInfo Verification logic  Reference URI=”#body” KeyInfo Wrapper Body Id =”body” MonitorInstances InstanceId Id Body Id =”attack” CreateKeyPair KeyName attackerKey How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 16

  15. XML Signature Wrapping • Attacks on Amazon EC2 / Eucalyptus clouds • Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono: All Your Clouds Are Belong to Us – Security Analysis of Cloud Management Interfaces - CCSW 2011. soap User soap Cloud Controller How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 17 17

  16. Further Attacks: SAML Signature XXE Wrapping Vladislav Mladenov, Christian Mainka, Florian Feldmann, Julian Krautwald, Jörg Schwenk: Your Software at my Service , CCSW 2014 19 How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 19

  17. Overview 1. What is a Web Service and XML Security 2. XML Signature Wrapping 3. Attacks on XML Encryption 4. Attacks on Symmetric Encryption Scheme 1. Attack Scenario 2. Plaintext Validity 3. Using Web Service for Plaintext Validation 4. Decrypting by Checking Plaintext Validity 5. Countermeasures and Problems 6. WS-Attacker How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 20 20

  18. XML Encryption Hybrid encryption scheme Envelope Header Security EncryptedKey EncryptionMethod Algorithm=”…#rsa - 1_5” CipherData 1 Asymmetric encryption / decryption ReferenceList DataReference URI=“#enc” Body EncryptedData Id=“enc” EncryptionMethod Algorithm=“…#aes128 - cbc” CipherData 2 Symmetric encryption / decryption How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 22 22

  19. Attacks on XML Encryption • Attacks on EncryptedKey – Bleichenbacher’s Attack Strikes Again: Breaking PKCS#1 v1.5 in XML Encryption. Tibor Jager, Sebastian Schinzel, Juraj Somorovsky. ESORICS 2012 Envelope Header Security • Attacks on EncryptedData EncryptedKey URI=“#enc” – How to Break XML Encryption. Tibor Jager, Juraj Somorovsky. CCS 2011 Body EncryptedData Id=“enc” Adaptive chosen-ciphertext attacks How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 23 23

  20. Adaptive chosen-ciphertext attack XML Encryption ciphertext C = Enc(M) XML Encryption ciphertext C = Enc(M) Chosen ciphertext C 1 valid/invalid Chosen ciphertext C 2 Web Service Client valid/invalid … M = Dec(C) (repeated several times) CCS 2011 ESORICS 2012 Encryption symmetric asymmetric Server-Queries 14 / plaintext byte 400k to 82M / key How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 24 24

  21. Overview 1. What is a Web Service and XML Security 2. XML Signature Wrapping 3. Attacks on XML Encryption 4. Attacks on Symmetric Encryption Scheme 1. Attack Scenario 2. Plaintext Validity 3. Using Web Service for Plaintext Validation 4. Decrypting by Checking Plaintext Validity 5. Countermeasures and Problems 6. WS-Attacker How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 25 25

  22. Attack Scenario XML Encryption ciphertext C = Enc(M) XML Encryption ciphertext C = Enc(M) Chosen ciphertext C 1 valid/invalid plaintext Chosen ciphertext C 2 Web Service Client valid/invalid plaintext … M = Dec(C) (repeated several times) • What is a “valid” plaintext? • How to use Web Service as “plaintext validity oracle”? • How to use this oracle to decrypt C? How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 26 26

  23. Overview 1. What is a Web Service and XML Security 2. XML Signature Wrapping 3. Attacks on XML Encryption 4. Attacks on Symmetric Encryption Scheme 1. Attack Scenario 2. Plaintext Validity 3. Using Web Service for Plaintext Validation 4. Decrypting by Checking Plaintext Validity 5. Countermeasures and Problems 6. WS-Attacker How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 27 27

  24. Plaintext Validity • XML is a text-based data format • XML parsing • Characters (usually) encoded in ASCII How to Break XML Encry rypt ption on – Autom omati atical ally ly Juraj Somorovsky 28 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Identify the Break-Even Point 1 What does it mean to break-even? 2

Identify the Break-Even Point 1 What does it mean to break-even? 2

Identify the Break-Even Point 1 What does it mean to break-even? 2 What is a break-even point? 3 Calculating the Break-Even Point (BEP) in number of units (items) 4 Calculating Break-Even point for a Lemonade

234 views • 8 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson (recommended) 1 Encryption Principles A cryptosystem has (at least) five ingredients: 1. Plaintext 2. Secret Key 3. Ciphertext 4. Encryption algorithm 5.

657 views • 12 slides
One Time Pad, Block Ciphers, Encryption Modes Ahmet Burak Can Hacettepe University

One Time Pad, Block Ciphers, Encryption Modes Ahmet Burak Can Hacettepe University

One Time Pad, Block Ciphers, Encryption Modes Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Information Security 1 Basic Ciphers Shift Cipher Brute&amp;force attack can easily break Substitution Cipher Frequency

571 views • 35 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
A tentative Summary mon$1 tue$2 wed$3 thu$4 fri$5 Morning 8:15$9:009 registration

A tentative Summary mon$1 tue$2 wed$3 thu$4 fri$5 Morning 8:15$9:009 registration

A tentative Summary mon$1 tue$2 wed$3 thu$4 fri$5 Morning 8:15$9:009 registration 9:00$9:15 welcome 9:15$10:15 Stecker 9:00$10:00 Keating Granot Miller Kelley 10:15$10:45 BREAK 10:00$10:30 BREAK BREAK BREAK BREAK 10:45$11:30

224 views • 8 slides
Goals of Encryption authenticated encryption sender Daniel J. Bernstein

Goals of Encryption authenticated encryption sender Daniel J. Bernstein

Goals of Encryption authenticated encryption sender Daniel J. Bernstein University of Illinois at Chicago &amp; m Technische Universiteit Eindhoven c k More details, credits: competitions.cr.yp.to network

1.33k views • 118 slides
Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption Standard AES - Advanced Encryption Standard US governmental encryption standard Open (world) competition announced January 97 Blocks: 128 bits Keys:

403 views • 39 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
Constrained RESTful Environments WG (core) Chairs: Cullen Jennings &lt;fluffy@cisco.com&gt;

Constrained RESTful Environments WG (core) Chairs: Cullen Jennings &lt;fluffy@cisco.com&gt;

Constrained RESTful Environments WG (core) Chairs: Cullen Jennings &lt;fluffy@cisco.com&gt; Carsten Bormann &lt;cabo@tzi.org&gt; Mailing List: core@ietf.org Jabber: core@jabber.ietf.org http://6lowapp.net core@IETF78, 2010-07-28 1 We

801 views • 76 slides
DATAIR 2008 EGTRRA Document Series DATAIR 2008 EGTRRA Document Series Ethel Myles-Henderson, Esq.

DATAIR 2008 EGTRRA Document Series DATAIR 2008 EGTRRA Document Series Ethel Myles-Henderson, Esq.

EGTRRA Documents Webcast 1 5/20/2008 DATAIR 2008 EGTRRA Document Series DATAIR 2008 EGTRRA Document Series Ethel Myles-Henderson, Esq. Ethel Myles-Henderson, Esq. Gretchen Osborne Gretchen Osborne Whats Ahead Whats Ahead Introduction

716 views • 23 slides
Laws That Affect The Clerk Trey Allen UNC School of Government New Clerks Workshop &amp;

Laws That Affect The Clerk Trey Allen UNC School of Government New Clerks Workshop &amp;

1/27/2016 Laws That Affect The Clerk Trey Allen UNC School of Government New Clerks Workshop &amp; Institute January 20, 2016 1 1/27/2016 2 1/27/2016 Part A: Selected Statutes &amp; Publications Statutes: page 2

604 views • 29 slides
Discourse &amp; Dialogue: Introduction Ling 575 A Topics in NLP March 30, 2011 Roadmap

Discourse &amp; Dialogue: Introduction Ling 575 A Topics in NLP March 30, 2011 Roadmap

Discourse &amp; Dialogue: Introduction Ling 575 A Topics in NLP March 30, 2011 Roadmap Definition(s) of Discourse Different Types of Discourse Goals, Modalities Topics, Tasks in Discourse &amp; Dialogue Course

954 views • 92 slides
Promoting Financial Inclusion: The Roles of Islamic and Sustainable Finance Sim imon Bell ll

Promoting Financial Inclusion: The Roles of Islamic and Sustainable Finance Sim imon Bell ll

Eradicating Extreme Poverty and Promoting Financial Inclusion: The Roles of Islamic and Sustainable Finance Sim imon Bell ll th Ann he 4 th The nnual l Sym ymposiu ium on on Isla Islamic Fina nance Kua uala la Lum umpur Dec

307 views • 12 slides
Behind the Scenes of Research and Innovation Maristella Agosti Information Management Systems

Behind the Scenes of Research and Innovation Maristella Agosti Information Management Systems

Tony Kent Strix Annual Lecture - 20 October 2017 Behind the Scenes of Research and Innovation Maristella Agosti Information Management Systems Research Group (IMS) Department of Information Engineering University of Padua, Italy From Research

714 views • 34 slides
Baby Penguin Slips and Slides (Photo Adventure) Baby Penguin Slips and Slides (Photo Adventure)

Baby Penguin Slips and Slides (Photo Adventure) Baby Penguin Slips and Slides (Photo Adventure)

[PDF] Baby Penguin Slips and Slides (Photo Adventure) Baby Penguin Slips and Slides (Photo Adventure) Baby Penguin Slips and Slides (Photo Adventure) Book Review Book Review A fresh e book with a new viewpoint. It is among the most awesome

423 views • 3 slides
A Publishing Pipeline for Linked Government Data Fadi Maali 1 , Richard Cyganiak 1 , and Vassilios

A Publishing Pipeline for Linked Government Data Fadi Maali 1 , Richard Cyganiak 1 , and Vassilios

A Publishing Pipeline for Linked Government Data Fadi Maali 1 , Richard Cyganiak 1 , and Vassilios Peristeras 2 1 Digital Enterprise Research Institute, NUI Galway, Ireland {fadi.maali,richard.cyganiak}@deri.org 2 European Commission,

156 views • 15 slides

More recommend