Publikation: Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)
Lade...
Dateien
Zu diesem Dokument gibt es keine Dateien.
Datum
2019
Autor:innen
Engelbertz, Nils
Somorovsky, Juraj
Herring, David
Erinola, Nurullah
Schwenk, Jörg
Herausgeber:innen
ISSN der Zeitschrift
Electronic ISSN
ISBN
Bibliografische Daten
Verlag
Schriftenreihe
Auflagebezeichnung
Internationale Patentnummer
Angaben zur Forschungsförderung
Projekt
Open Access-Veröffentlichung
Core Facility der Universität Konstanz
Titel in einer weiteren Sprache
Publikationstyp
Beitrag zu einem Konferenzband
Publikationsstatus
Published
Erschienen in
Open Identity Summit 2019. Bonn: Gesellschaft für Informatik, 2019, pp. 95-106. ISSN 1617-5468. ISBN 978-3-88579-687-9
Zusammenfassung
Within the European Union (EU), the eIDAS regulation sets legal boundaries for crossborder acceptance of Trust Services (TSs) such as Electronic Signatures. To facilitate compliant implementations, an open source software library to create and validate signed documents is provided by the eSignature building block of the Connecting Europe Facility (CEF). We systematically evaluated the validation logic of this library with regards to XML-based attacks. The discovered vulnerabilities allowed us to read server files and bypass XML Advanced Electronic Signature (XAdES) protections. The seriousness of the vulnerabilities shows that there is an urgent need for security best-practice documents and automatic security evaluation tools to support the development of security-relevant implementations.
Zusammenfassung in einer weiteren Sprache
Fachgebiet (DDC)
004 Informatik
Schlagwörter
XML Signature; XSLT; DTD; Digital Signature Service; Trust Services
Konferenz
Open Identity Summit 2019, 28. März 2019 - 29. März 2019, Garmisch-Partenkirchen
Rezension
undefined / . - undefined, undefined
Zitieren
ISO 690
ENGELBERTZ, Nils, Vladislav MLADENOV, Juraj SOMOROVSKY, David HERRING, Nurullah ERINOLA, Jörg SCHWENK, 2019. Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS). Open Identity Summit 2019. Garmisch-Partenkirchen, 28. März 2019 - 29. März 2019. In: Open Identity Summit 2019. Bonn: Gesellschaft für Informatik, 2019, pp. 95-106. ISSN 1617-5468. ISBN 978-3-88579-687-9BibTex
@inproceedings{Engelbertz2019Secur-50362,
year={2019},
title={Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)},
isbn={978-3-88579-687-9},
issn={1617-5468},
publisher={Gesellschaft für Informatik},
address={Bonn},
booktitle={Open Identity Summit 2019},
pages={95--106},
author={Engelbertz, Nils and Mladenov, Vladislav and Somorovsky, Juraj and Herring, David and Erinola, Nurullah and Schwenk, Jörg}
}RDF
<rdf:RDF
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:bibo="http://purl.org/ontology/bibo/"
xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
xmlns:foaf="http://xmlns.com/foaf/0.1/"
xmlns:void="http://rdfs.org/ns/void#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema#" >
<rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/50362">
<dcterms:title>Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)</dcterms:title>
<dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
<dc:contributor>Schwenk, Jörg</dc:contributor>
<dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2020-07-23T10:16:11Z</dc:date>
<dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2020-07-23T10:16:11Z</dcterms:available>
<dc:creator>Mladenov, Vladislav</dc:creator>
<dc:language>eng</dc:language>
<dcterms:abstract xml:lang="eng">Within the European Union (EU), the eIDAS regulation sets legal boundaries for crossborder acceptance of Trust Services (TSs) such as Electronic Signatures. To facilitate compliant implementations, an open source software library to create and validate signed documents is provided by the eSignature building block of the Connecting Europe Facility (CEF). We systematically evaluated the validation logic of this library with regards to XML-based attacks. The discovered vulnerabilities allowed us to read server files and bypass XML Advanced Electronic Signature (XAdES) protections. The seriousness of the vulnerabilities shows that there is an urgent need for security best-practice documents and automatic security evaluation tools to support the development of security-relevant implementations.</dcterms:abstract>
<dc:creator>Somorovsky, Juraj</dc:creator>
<foaf:homepage rdf:resource="http://localhost:8080/"/>
<dc:creator>Erinola, Nurullah</dc:creator>
<dc:contributor>Engelbertz, Nils</dc:contributor>
<dcterms:issued>2019</dcterms:issued>
<dc:contributor>Erinola, Nurullah</dc:contributor>
<dc:contributor>Herring, David</dc:contributor>
<dc:rights>terms-of-use</dc:rights>
<dc:creator>Engelbertz, Nils</dc:creator>
<dc:contributor>Mladenov, Vladislav</dc:contributor>
<void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
<dc:creator>Herring, David</dc:creator>
<bibo:uri rdf:resource="https://kops.uni-konstanz.de/handle/123456789/50362"/>
<dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
<dc:creator>Schwenk, Jörg</dc:creator>
<dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
<dc:contributor>Somorovsky, Juraj</dc:contributor>
</rdf:Description>
</rdf:RDF>
