| Popis: |
XML signature standard defined by IETF/W3C references or identifies signed elements by their unique identities specified by “id” attribute values in the given XML document. Hence, signed XML elements can be shifted from one location to another location in a XML document, and still, it does not have any effect on its ability to verify its signature. This flexibility paves the way for an attacker to tweak original XML message without getting noticed by the receiver. In this paper we propose the concept of “Positional Token” to overcome the attack on XML signatures and demonstrate the same. |
