XML Signature Wrapping Still Considered Harmful: A Case Study on the Personal Health Record in Germany
- XML Signature Wrapping (XSW) has been a relevant threat to web services for 15 years until today. Using the Personal Health Record (PHR), which is currently under development in Germany, we investigate a current SOAP-based web services system as a case study. In doing so, we highlight several deficiencies in defending against XSW. Using this real-world contemporary example as motivation, we introduce a guideline for more secure XML signature processing that provides practitioners with easier access to the effective countermeasures identified in the current state of research.
Document Type: | Conference Object |
---|---|
Language: | English |
Author: | Paul HöllerORCiD, Alexander KrumeichORCiD, Luigi Lo IaconoORCiD |
Parent Title (English): | Jøsang, Futcher et al. (Eds.): ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, Vol 625 |
Number of pages: | 16 |
First Page: | 3 |
Last Page: | 18 |
ISBN: | 978-3-030-78119-4 |
ISBN: | 978-3-030-78120-0 |
URN: | urn:nbn:de:hbz:1044-opus-55487 |
DOI: | https://doi.org/10.1007/978-3-030-78120-0_1 |
ArXiv Id: | http://arxiv.org/abs/2106.10460 |
Publisher: | Springer |
Place of publication: | Cham |
Publishing Institution: | Hochschule Bonn-Rhein-Sieg |
Date of first publication: | 2021/06/18 |
Copyright: | © IFIP International Federation for Information Processing 2021 |
Keyword: | E-Health; PHR; Personal Health Record; SAML; SOAP; XML Signature; XML Signature Wrapping |
Departments, institutes and facilities: | Fachbereich Informatik |
Institut für Cyber Security & Privacy (ICSP) | |
Dewey Decimal Classification (DDC): | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 005 Computerprogrammierung, Programme, Daten |
Entry in this database: | 2021/06/18 |
Licence (Multiple languages): | In Copyright (Urheberrechtsschutz) |