The Forger's Art: Exploiting XML Digital Signature Implementations presented at Breakpoint 2013

by James Forshaw,

Summary : Many security critical systems rely on the correct implementation of the XML Digital Signature standard for the purposes of verification and identity management. Technologies such as SAML and Web Service Security use the standard, and its sibling XML Encryption, to manage the security of these technologies. Being a standard there is, unsurprisingly, no canonical implementation for any platform or language, with so many different developments there are likely to be differences in how the standard is interpreted.

While a fair amount research has been done into the effects of the standard such as it allowing signature wrapping attacks, these tend to be exposed due to poor usages of the XML Digital Signature libraries. Comparatively little research has been undertaken in the implementations themselves, how they diverge from the standard, how they ensure security and whether there are any vulnerabilities in the implementations themselves.

This presentation is about research done against the main open and closed source implementations of XML Digital Signatures, how they can be exploited to gain remote code execution, signature verification bypass, file stealing or denial of service. It will show some of the more nasty vulnerabilities found during the research including a novel attack against the built-in Java and .NET libraries which allow for trivial signature spoofing exposing any user of those implementations into accepting an invalid signature which is independent of their usage.

The presentation will be broken out into the following sections.

Quick overview of XML Digital Signature Standard:
The standard itself
Uses of XML Digital Signatures in the real world, e.g. WSS, SAML
History of XML Digital Signature Attacks:
HMAC Truncation
Signature Wrapping
Current Implementations:
Overview of where you will find each one in the real world
Type of things to go looking for
Approach to investigation, manual review, fuzzing
Vulnerabilities Identified:
Remote Code Execution, including from unauthenticated perspective
Parsing inconsistencies, blended attacks against systems using multiple implementations
Denial of service
Signature Spoofing
Demos of vulnerabilities