Exploiting XML Digital Signature Implementations
28 April 2014
There are a number of XML uses which would benefit from a mechanism of cryptographically signing content. For example, Simple Object Access Protocol (SOAP) which is a specification for building Web Services that makes extensive use of XML could apply signatures to authenticate the identity of the caller. This is where the XML Digital Signature specification comes in, as it defines a process to sign arbitrary XML content such as SOAP requests.
A reasonable amount of research has been undertaken on the uses of the specification and its flaws, however comparatively little has been done on the underlying libraries and implementations of the specification. Making the assumption that there are likely to be bugs in XML digital signature implementations, a program of research was undertaken to look at widely available implementations. This whitepaper describes the findings of that research including descriptions of some of the serious issues identified.
One of the purposes of signing XML content is to ensure that data has not been tampered with and that the signer is known to the signature processor. This could easily lead to XML digital signatures being used in unauthenticated scenarios where the signature processor has no other way of verifying the identity of the sender. For example, XML content sent over a clear text protocol such as HTTP could easily be tampered with during transmission, but signing the content allows the receiver to verify that no modification has been performed. Therefore, any significant bugs in the implementations of these libraries could expose systems to attack.