Technical Analysis of Countermeasures against Attack on XML Encryption - or - Just Another Motivation for Authenticated Encryption

Juraj Somorovsky, Jörg Schwenk

In Proceedings of the SERVICES Workshop on Security and Privacy Engineering, 2012


At CCS'11 a new chosen-ciphertext attack on XML Encryption has been presented. This attack is of high relevance, since it allows one to decrypt arbitrary encrypted XML payload by issuing 14 server requests per byte on average.

In this paper we discuss several countermeasures against this attack, which have been considered by different framework developers for different scenarios. We analyze the scenarios and show why these countermeasures do not work. Thereby, we motivate for the application of authenticated encryption in the XML Encryption specification.


Tags: Authenticated Encryption, countermeasures, Pad­ding Ora­cle At­tacks, Web Ser­vices, XML En­cryp­ti­on