Attack against XML Encryption unveiled

Last Wednesday, two cryptographers at the ACM Conference on Computer and Communications Security demonstrated a successful attack against XML Encryption. XML Encryption is a W3C Standard, which means that for the most part it ought to be well-tested, secure and fairly unbreakable. The W3C name carries no small amount of weight and the fact that XML Encryption is a standard that they endorse means that many companies have implemented it and are using it currently.

XML Encryption is a standard that allows an XML message to contain one or more
elements that can only be read by a trusted party. It is different than Transport Layer Security in that only part of the message is encrypted, not all of the message. The attack that the two researchers, Juraj Somorovsky and Tibor Jager, unveiled involves manipulating the contents of a known cyphertext, passing them to the server, and analyzing the resulting error message enough times to be able to decode the encrypted data. The attack was tested against a number of XML Encryption implementations.

This attack ought to make companies that use XML Encryption as part of their enterprise solution rethink their security methods. It doesn’t seem as though this issue will be “fixed” within the standard any time soon, so companies should be urged to switch to another encryption method.

The press release can be found here.


2 thoughts on “Attack against XML Encryption unveiled

    • A common use case I have heard about for XML Encryption is when sending an XML message through one or more third parties, a company wants the third parties to be able to read the structure of the message but not the content. For instance, if this XML message represented a credit card transaction, they would want the third party to know certain details about the transaction but not the credit card numbers, which would be encrypted. An alternative method would be to send an XML message over a channel secured with Transport Layer Security, and then broadcast extraneous details about the message to third parties. This prevents any possibly malicious third party from gaining access to the encrypted text and being able to decrypt it.

Comments are closed.