Spatial Signature Method (SSM) Against XML Signature Wrapping Attacks

Abstract

Living in cyber world with revolutionizes of Industrial 4.0, most of the users and organisations prefer to sell and buy products or services via website online transaction. This online transaction is done through a messaging protocol (SOAP) and signing entire SOAP (SESOAP) using Extensible Markup Language (XML). XML is implemented to secure the SOAP contents by applying the signing method called as XML Digital signature. However, the XML digital signature has issues related to XML signature wrapping (XSW) attacks specifically on Sibling Value Context and Sibling Order Context attacks. Therefore, this paper proposes an enhanced method called as Spatial Signature Method (SSM) which aims to resolve the limitation of SESOAP from the aspect of XSW attacks. It proposes new parameters for XML digital signature inspired by the concept of ratio and space in biotechnology to detect the XSW attacks. The experiment was conducted in a controlled lab by using the Ubuntu Linux system and PHP programming. Based on the comparison made with SESOAP and ID Referencing method (IDR), SSM has proven to defend against the XSW attacks. For the future work, the spatial signature method can be forged with more extensive spatial information for the digital signature and to integrate it with web services.