On the insecurity of XML Security
-
Juraj Somorovsky
Juraj Somorovsky is a postdoctoral researcher at the Ruhr University Bochum, where he continues his research on security and cryptographic protocols. In addition, he is a co-founder of 3curity GmbH, a penetration testing company for Web, Web Services, and Single Sign-On. Before starting his PhD studies, Juraj studied Informatics at the Slovak University of Technology (2003–2006), and IT-Security at the Ruhr University Bochum (2006–2009). In parallel, he worked for Nokia (2007–2008) and Anasoft Technology (2008–2010).
Horst-Görtz Institute for IT-Security, Ruhr University Bochum, D-44801 Bochum
Abstract
XML Encryption and XML Signature describe how to apply encryption and signing algorithms to XML documents. These specifications are implemented in a wide range of systems and frameworks processing sensitive data, including banking, eGovernment, eCommerce, military, and eHealth infrastructures. The article presents practical and highly critical attacks which allow to forge signed XML documents or reveal contents of encrypted XML data.
About the author
Juraj Somorovsky is a postdoctoral researcher at the Ruhr University Bochum, where he continues his research on security and cryptographic protocols. In addition, he is a co-founder of 3curity GmbH, a penetration testing company for Web, Web Services, and Single Sign-On. Before starting his PhD studies, Juraj studied Informatics at the Slovak University of Technology (2003–2006), and IT-Security at the Ruhr University Bochum (2006–2009). In parallel, he worked for Nokia (2007–2008) and Anasoft Technology (2008–2010).
Horst-Görtz Institute for IT-Security, Ruhr University Bochum, D-44801 Bochum
©2014 Walter de Gruyter Berlin/Boston
Articles in the same Issue
- Frontmatter
- Editorial
- Reliably secure software systems
- Special Issue
- Making security type systems less ad hoc
- The linear-hyper-branching spectrum of temporal logics
- Checking probabilistic noninterference using JOANA
- Confidentiality for Android apps: Specification and verification
- Information flow control for workflow management systems
- Security in e-voting
- Self-Portrayals of GI Junior Fellows
- Designing networks for challenging applications
- Theory for processing data on the Web
- Distinguished Dissertations
- On the insecurity of XML Security
Articles in the same Issue
- Frontmatter
- Editorial
- Reliably secure software systems
- Special Issue
- Making security type systems less ad hoc
- The linear-hyper-branching spectrum of temporal logics
- Checking probabilistic noninterference using JOANA
- Confidentiality for Android apps: Specification and verification
- Information flow control for workflow management systems
- Security in e-voting
- Self-Portrayals of GI Junior Fellows
- Designing networks for challenging applications
- Theory for processing data on the Web
- Distinguished Dissertations
- On the insecurity of XML Security
