Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)
| dc.contributor.author | Engelbertz, Nils | |
| dc.contributor.author | Mladenov, Vladislav | |
| dc.contributor.author | Somorovsky, Juraj | |
| dc.contributor.author | Herring, David | |
| dc.contributor.author | Erinola, Nurullah | |
| dc.contributor.author | Schwenk, Jörg | |
| dc.contributor.editor | Roßnagel, Heiko | |
| dc.contributor.editor | Wagner, Sven | |
| dc.contributor.editor | Hühnlein, Detlef | |
| dc.date.accessioned | 2019-03-25T09:22:03Z | |
| dc.date.available | 2019-03-25T09:22:03Z | |
| dc.date.issued | 2019 | |
| dc.description.abstract | Within the European Union (EU), the eIDAS regulation sets legal boundaries for crossborder acceptance of Trust Services (TSs) such as Electronic Signatures. To facilitate compliant implementations, an open source software library to create and validate signed documents is provided by the eSignature building block of the Connecting Europe Facility (CEF). We systematically evaluated the validation logic of this library with regards to XML-based attacks. The discovered vulnerabilities allowed us to read server files and bypass XML Advanced Electronic Signature (XAdES) protections. The seriousness of the vulnerabilities shows that there is an urgent need for security best-practice documents and automatic security evaluation tools to support the development of security-relevant implementations. | en |
| dc.identifier.isbn | 978-3-88579-687-9 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/20997 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik, Bonn | |
| dc.relation.ispartof | Open Identity Summit 2019 | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P293 | |
| dc.subject | XML Signature | |
| dc.subject | XSLT | |
| dc.subject | DTD | |
| dc.subject | Digital Signature Service | |
| dc.subject | Trust Services | |
| dc.title | Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS) | en |
| gi.citation.endPage | 106 | |
| gi.citation.startPage | 95 | |
| gi.conference.date | 28.-29. March 2019 | |
| gi.conference.location | Garmisch-Partenkirchen, Germany | |
| gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1