How to Break XML Encryption – Automatically ∗ Dennis Kupser, Christian Mainka, Jorg¨ Schwenk, Juraj Somorovsky Horst Gortz¨ Institute for IT Security Ruhr University Bochum [email protected], [email protected] [email protected], [email protected] Abstract 1 Introduction The W3C standard XML Encryption ensures confiden- In the recent years, XML Encryption became a target of tiality of XML data, directly on the message level. It is several new attacks [18, 17, 16]. These attacks belong to used in security-critical scenarios like business and gov- the family of adaptive chosen-ciphertext attacks, and al- ernmental applications, banking systems or healthcare low an adversary to decrypt symmetric and asymmetric services. Given the importance of the scenarios XML XML ciphertexts, without knowing the secret keys. In Encryption is deployed, its security becomes a crucial order to protect XML Encryption implementations, the point. World Wide Web Consortium (W3C) published an up- XML Encryption is mainly used with two encryption dated version of the standard. algorithms: AES-CBC and RSA-PKCS#1 v1.5.1 These Unfortunately, most of the current XML Encryption two standards recently became targets of attacks in many implementations do not support the newest XML En- practical scenarios ranging from IPSec [7, 8] and TLS [2] cryption specification and offer different XML Security to web applications and Captchas [25]. In 2011, it was configurations to protect confidentiality of the exchanged shown that the XML Encryption standard is also vul- messages. Resulting from the attack complexity, evalu- nerable to attacks affecting confidentiality of symmetric ation of the security configuration correctness becomes ciphertexts [18]. One year later, further attacks affect- tedious and error prone. Validation of the applied coun- ing public key encryption in XML Encryption were de- termeasures can typically be made with numerous XML scribed [17]. The attacks belong to the family of adaptive messages provoking incorrect behavior by decrypting chosen-ciphertext attacks. They are applicable when the XML content. Up to now, this validation was only man- attacker is able to modify an inspected ciphertext (i.e., ually possible. the ciphertext is not authenticated), send it to the server for processing, and observe the server’s response. Based In this paper, we systematically analyze the chosen- on this response, the attacker can decide whether the de- ciphertext attacks on XML Encryption and design an al- crypted request was valid or invalid. To distinguish valid gorithm to perform a vulnerability scan on arbitrary en- from invalid requests, he can use side channels, for ex- crypted XML messages. The algorithm can automati- ample, by observing response error message or measur- cally detect a vulnerability and exploit it to retrieve the ing response times. plaintext of a message protected by XML Encryption. To In order to protect the servers against these attacks the assess practicability of our approach, we implemented newest XML Encryption specification proposes to use an open source attack plugin for Web Service attacking encryption schemes that are not vulnerable to adaptive tool called WS-Attacker. With the plugin, we discovered chosen-ciphertext attacks: AES-GCM and RSA-OAEP. new security problems in four out of five analyzed Web However, these schemes are not widely deployed in to- Service implementations, including IBM Datapower or day’s XML Security frameworks and different measures Apache CXF. have to be applied to vulnerable servers. Typically, XML Encryption is deployed together with ∗The full version of this paper is available at 1In addition, the PKCS#1 standard contains version 2.1, also called http://nds.rub.de/research/publications/ RSA-OAEP. In our paper, with PKCS#1 we refer to version 1.5, unless how-to-break-xml-encryption-automatically defined otherwise. 1 XML Signatures, which can be used to protect data in- secure cryptography and prevent future specification vul- tegrity and authenticity. Nevertheless, in many cases, the nerabilities. XML Signature protection can be circumvented using Even though our library is currently embedded in the XML Signature Wrapping and XML Encryption Wrap- WS-Attacker framework, the implemented algorithms ping techniques [29]. The idea behind these techniques is are of general importance and can be used to analyze fur- very simple: the attacker moves the signed or encrypted ther XML Security standards (e.g., SAML) as well. data to a different document part so that the encrypted data becomes unprotected. However, the complexity of Responsible Disclosure. We communicated our find- the XML structure and XML processing makes it diffi- ings to the Web Services developers. Vulnerabilities cult to prevent from these attacks, which is underlined in Apache CXF are summarized under CVE-2015-0226 by a large body of research [28, 21, 29, 27, 20, 23]. This and CVE-2015-0227. Security best practices resulting allows the attacker to force the server to decrypt unpro- from our discussions with IBM Datapower developers tected elements, and thus practically execute the chosen- are addressed in their Flash alert [1]. Problems reported ciphertext attacks. to the Axway security team are still under investigation. Contribution. In this paper, we first summarize possi- 2 Foundations ble countermeasures against the attacks on XML Encryp- tion. We present problems connected with various con- In the following, we assume the reader is familiar with figurations XML Encryption is deployed with, and how basic concepts behind symmetric and asymmetric cryp- to circumvent these countermeasures. We present a sys- tography. Details behind the concrete cryptographic tematic methodology on verifying interfaces using XML algorithms (RSA-PKCS#1 [19], AES-CBC [9], AES- Encryption. Based on this methodology, we implement GCM [10]) are not needed to understand this paper. We an automatic plugin for the WS-Attacker Web Service stress again that with RSA-PKCS#1, we refer to version penetration testing framework [22] that allows one to au- 1.5, unless defined otherwise. tomatically analyze Web Services interfaces and execute attacks on XML Encryption. 2.1 SOAP-based Web Services We use our new plugin to analyze different Web Ser- vices frameworks and their application of XML En- The SOAP standard describes the message exchange cryption. One could think that widely used Web ser- with a Web Service [14]. Listing 1 depicts a SOAP vice frameworks and commercially used XML Secu- message example consisting of an Envelope element rity Gateways are aware of the threat to XML Encryp- with two child elements named Header and Body. The tion. However, our evaluation shows that it is possi- SOAP Header element can contain meta information, ble to attack frameworks like Apache CXF,2 IBM Dat- for example, timestamps, signatures or encryption de- apower3 (if not configured correctly) and Axway Gate- tails. The SOAP Body element stores the payload that is way4. All these frameworks implemented several meth- processed by the Web Service operation. ods to protect Web Services from the attacks. The protec- <soapenv:Envelope> tion mechanisms by Apache CXF could be successfully <soapenv:Header/> circumvented using XML Encryption and XML Signa- <soapenv:Body> ture Wrapping techniques. Axway Gateway and IBM <addUser><name>Bob</ name></ addUser> </soapenv:Body> Datapower offer several security configurations. How- </soapenv:Envelope> ever, only a few of them could be successfully applied to Listing 1: Exemplary SOAP message. prevent the attacks. Our paper once again shows that usage of insecure cryptographic algorithms (AES-CBC, RSA-PKCS#1) in complex scenarios can lead to sustainable and se- 2.2 XML Signature vere consequences (e.g., backward compatibility at- XML Signature is a W3C recommendation that de- tacks [16]), which can be used to expose confidential data fines a syntax for using digital signatures in XML mes- even if specific countermeasures are applied. We thus en- sages [15]. It is used for ensuring integrity and authentic- courage protocol and standard designers to use provably ity of XML message fragments or even the whole XML messages. 2http://cxf.apache.org 3http://www-03.ibm.com/software/products/en/ The signing process undertakes the following flow: datapower-gateway For each XML fragment to be signed, a Reference el- 4http://www.axway.com ement is created and the DigestValue of the element 2 soap:Envelope soap:Envelope soap:Header soap:Header wsse:Security wsse:Security ds:Signature EncryptedKey EncryptionMethod Algorithm=”rsa-1 5” ds:SignedInfo KeyInfo ds:SignatureMethod CipherData ds:Reference URI=”#body” CipherValue ds:DigestMethod ReferenceList ds:DigestValue Reference URI=”#EncData” Protected by SignatureValue Asymmetric decryption ds:SignatureValue soap:Body soap:Body wsu:Id=”body” EncryptedData wsu:Id=”EncData” ns1:addUser EncryptionMethod Algorithm=”aes128-cbc” CipherData ns1:name CipherValue Protected by DigestValue Symmetric decryption Figure 1: Simplified signed SOAP message. Figure 2: Simplified encrypted SOAP message. referenced by the URI attribute is computed using the al- gorithm specified in the DigestMethod element. Af- element using RSA-PKCS#1 [19]. After successful terwards, the SignedInfo element is signed using the decryption, the content is further used as a session key k. algorithm defined in the SignatureMethod element. Afterwards, the server searches for the For embedding an XML Signature into a SOAP mes- EncryptedData elements