RE: [ACTION-412][Fwd: Re: namespace wrapping attacks against XML Signature?]

I read the paper, very interesting. 
The crux of the attack is that the XPath expression is considered a text node, so Exclusive Canonicalization does not consider any of the namespaces prefixes inside that as visibly utilized, hence it doesn't include them.

Apart from the three solutions mentioned in the paper, there is another one. Some XML signature libraries (e.g. Oracle's) provide an API to resolve the references of signature. This API takes in signature and returns all the DOM nodes , subtrees, binary objects etc that are included in this signature. I.e. in this example it will return the DOM node for the attack wsa:Reply element. The calling application can now compare this DOM node with the DOM node of the expected wsa:Reply element. DOM provides an isSameNode API (http://www.w3.org/TR/DOM-Level-3-Core/core.html#Node3-isSameNode) to check if two DOM nodes are the same.

In XML Signature 2.0, we have separated the Selection and Canonicalization, to deal with these kinds of wrapping attacks. XML Signature 2.0 libraries should be able to evaluate the Selection part only and return the exact list of "things" that are included in the Signature.

Canonicalization 2.0 defines a namespace prefix rewriting option with sequential prefixes. This is very similar to the "Prefix Free Canonicalization" proposed in this paper.

Canonicalization 2.0 also looks at some prefixes that are embedded in content. Currently it only looks at prefixes in xsi:type attribute. We might consider extending it to prefixes in the IncludedXPath and ExcludedXPath elements.

Pratik




-----Original Message-----
From: Ed Simon [mailto:edsimon@xmlsec.com] 
Sent: Tuesday, December 01, 2009 1:09 PM
To: XMLSec WG Public List
Cc: Meiko Jensen; Jörg Schwenk
Subject: [ACTION-412][Fwd: Re: namespace wrapping attacks against XML Signature?]

The attached paper (attached with permission of its authors) describes in detail the attack vector described in my 2009 April [1] post and subsequent discussions (looks like we independently became concerned about the same issue). Please review it so that we discuss whether there is general agreement that we need to address it.

Thanks,
Ed

[1] http://lists.w3.org/Archives/Public/public-xmlsec/2009Apr/0025.html

-------- Forwarded Message --------
From: Meiko Jensen <Meiko.Jensen@ruhr-uni-bochum.de>
To: edsimon@xmlsec.com, Meiko Jensen <Meiko.Jensen@rub.de>, Jörg Schwenk <joerg.schwenk@rub.de>, 'Thomas Roessler' <tlr@w3.org>, 'Frederick Hirsch' <Frederick.Hirsch@nokia.com>
Subject: Re: namespace wrapping attacks against XML Signature?
Date: Tue, 24 Nov 2009 10:51:42 +0100 (CET)

Hi Ed, see below...

Ed Simon schrieb am 2009-11-23:
> Thanks Meiko,

...

> Is the W3C allowed to post your paper to the W3C public archive list?

Feel free to do so :)

best regards from Bochum, Germany

Meiko

> Regards,
> Ed









--
========================================
Ed Simon
613-726-9645
edsimon@xmlsec.com 

Received on Monday, 7 December 2009 18:41:57 UTC