Namespace Injection in DSig 2.0

I took a close look at the new set of specs we published on August 31st,
to see whether the Namespace Injection attack technique still works.

The bad news: it does.

The good news: but only if the developer did not use the new QNameAware
parameter properly.

The details:
The Namespace Injection technique worked by exploiting the fact that
namespace prefixes used in XPath expressions were not "visibly utilized"
in the sense of Exclusive Canonicalization, hence their namespace
declaration was not protected with the digest over "SignedInfo". Thus,
an attacker was allowed to redefine the namespace urls those prefixes
were mapping to, which was then used for performing signature wrapping.

In the new specs, the proper use of the QNameAware parameter leads to
explicit declaration of exactly those mappings. Hence they are covered
by the digest over "SignedInfo", hence they can not be tampered with.
The obvious drawback is that people have to use this parameter properly.
The less obvious drawback is that support for this parameter by now is
optional, according to the spec.

The conclusion:
The threat remains, but now there is a standardized way to fend it
within the XML Signature specs themselves. It might be a good idea to
have this issue being explained in the Best Practices, though.

This should close my Action-538 (finally).

cheers

Meiko

-- 
Dipl.-Inf. Meiko Jensen
Chair for Network and Data Security 
Horst Görtz Institute for IT-Security 
Ruhr University Bochum, Germany
_____________________________
Universitätsstr. 150, Geb. ID 2/411
D-44801 Bochum, Germany
Phone: +49 (0) 234 / 32-26796
Telefax: +49 (0) 234 / 32-14347
http:// www.nds.rub.de

Received on Thursday, 2 September 2010 13:56:01 UTC