Countering Wrapping Attack on XML Signature in SOAP Message for Cloud Computing
This addresses security vulnerabilities in cloud computing systems where clients release sensitive data, though it appears incremental as it builds on existing referencing methods.
The paper tackled the problem of XML signature wrapping attacks in SOAP messages for cloud computing by proposing a new method that uses XML digital signatures, resulting in a method approximately three times faster than the XPath method and slightly faster than ID referencing.
It is known that the exchange of information between web applications is done by means of the SOAP protocol. Securing this protocol is obviously a vital issue for any computer network. However, when it comes to cloud computing systems, the sensitivity of this issue rises, as the clients of system, release their data to the cloud. XML signature is employed to secure SOAP messages. However, there are also some weak points that have been identified, named as XML signature wrapping attacks, which have been categorized into four major groups; Simple Ancestry Context Attack, Optional element context attacks, Sibling Value Context Attack, Sibling Order Context. In this paper, two existing methods, for referencing the signed part of SOAP Message, named as ID referencing and XPath method, are analyzed and examined. In addition, a new method is proposed and tested, to secure the SOAP message. In the new method, the XML any signature wrapping attack is prevented by employing the concept of XML digital signature on the SOAP message. The results of conducted experiments show that the proposed method is approximately three times faster than the XPath method and even a little faster than ID.