Enhanced XML Digital Signature Algorithm to Mitigate Wrapping Attacks
C-DAC Bangalore
C-DAC Bangalore
C-DAC Bangalore
XML signature standard as described in [RFC3275] and defined by IETF/ W3C references or identifies signed elements by their unique identities in the given XML document. Hence, signed XML elements can be shifted from one location to another location in a XML document,and still, it does not have any effect on its ability to verify its signature. This flexibility paves the way for an attacker to tweak original XML message without getting noticed by the receiver. This document proposes to use absolute XPath as an "Positional Token" and modifies existing XML Digital Signature algorithm to overcome the XML Signature wrapping/rewriting attacks on XML ignatures.