Design Issues of a Hybrid Wrapping Attack Protecting Scheme in Cloud Computing Environment

Yang, Shin-Jer; Huang, Yu-Hsuan

doi:10.1007/978-3-030-34986-8_8

Shin-Jer Yang⁷ &
Yu-Hsuan Huang⁷

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 41))

Included in the following conference series:

International Conference on e-Business Engineering

1086 Accesses

Abstract

In the cloud era, cloud security and user privacy have become important issues. Since cloud users often use web browsers to request services from the cloud service providers, when a signed message request is sent to the service receiver from the service provider, attackers can use wrapping attacks to tamper with the SOAP message transferred through the internet in order to avoid legal verifications and access web services without being detected to implement wrapping attacks. This paper is to integrate and improve Node Counting mechanism to propose a hybrid wrapping attack protection scheme called HWRAP.

This HWRAP is a continuation on the Node Counting method and the determining conditions were improved and divided into three modules interception, detection and logging; it performs analysis to the incoming SOAP requests. Not only does it compare the number of times the child node appears, it also performs detection to the elements on the path between the root node to the final node in order to enhance the verification procedure on the detection module. The simulation results of KPIs indicate that the Detection rate can be increased by 2%, 3.8%, 3.7%, and 2.8%; the Accuracy rate can be increased by 8%, 7%, 10.5%, and 9.5% in 50, 100, 200, and 500 packet requests, respectively. Consequently, the HWRAP scheme has a higher detection rate and better accuracy rate than Node Counting for detecting wrapping attacks. The final results show that the proposed HWRAP can identify attackers more accurately and enhance the security and quality of cloud services.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 129.00; Price excludes VAT (USA)

Softcover Book: USD 169.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Mell, P., Grance, T.: The NIST Definition of Cloud Computing. National Institute of Standards and Technology (2011)
Google Scholar
Top Threats Working Group: The Notorious Nine: Cloud Computing Top Threats in 2013. Cloud Security Alliance (2013)
Google Scholar
XML Signature. https://zh.wikipedia.org/wiki/XML_Signature
XML Signature Wrapping. http://www.ws-attacks.org/XML_Signature_Wrapping
XML Signature Syntax and Processing Version 2.0, https://wwww.3.org/TR/xmldsig-core2/
Simple Object Access Protocol. https://en.wikipedia.org/wiki/SOAP
McIntosh, M., Austel, P.: XML signature element wrapping attacks and countermeasures. In: Proceedings of the 2005 Workshop on Secure Web Services, pp. 20–27 (2005)
Google Scholar
Somorovsky, J., et al.: All your clouds are belong to us: security analysis o cloud management interfaces. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, pp. 3–14 (2011)
Google Scholar
Gajek, S., et al.: Analysis of signature wrapping attacks and countermeasures. In: Proceedings of IEEE International Conference on Web Services, pp. 575–582 (2009)
Google Scholar
Jensen, M., et al.: On the effectiveness of XML schema validation for countering XML signature wrapping attacks. In: Proceedings of 1st International Workshop on Securing Services on the Cloud, pp. 7–13 (2011)
Google Scholar
Kouchaksaraei, H.R., Chefranov, A.G.: Countering wrapping attack on XML signature in SOAP message for cloud computing. (IJCSIS) Int. J. Comput. Sci. Inf. Secur. 16, 1310–0441 (2013)
Google Scholar
Gupta, A.N., Thilagam, P.S.: Detection of XML signature wrapping attack using node counting. In: Proceedings of the 3rd International Symposium on Big Data and Cloud Computing Challenge (ISBCC–2016), pp. 57–63 (2016)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science and Information Management, Soochow University, Taipei, Taiwan
Shin-Jer Yang & Yu-Hsuan Huang

Authors

Shin-Jer Yang
View author publications
You can also search for this author in PubMed Google Scholar
Yu-Hsuan Huang
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shin-Jer Yang .

Editor information

Editors and Affiliations

ECB, Faculty of Engineering and Computing, Coventry University, Coventry, UK
Kuo-Ming Chao
School of Software, Shanghai Jiaotong University, Shanghai, China
Lihong Jiang
School of Business, University of New South Wales, Canberra, ACT, Australia
Omar Khadeer Hussain
National Taiwan Ocean University, Keelung City, Taiwan
Shang-Pin Ma
Faculty of Engineering and Computing, Coventry University, Coventry, UK
Xiang Fei

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Yang, SJ., Huang, YH. (2020). Design Issues of a Hybrid Wrapping Attack Protecting Scheme in Cloud Computing Environment. In: Chao, KM., Jiang, L., Hussain, O., Ma, SP., Fei, X. (eds) Advances in E-Business Engineering for Ubiquitous Computing. ICEBE 2019. Lecture Notes on Data Engineering and Communications Technologies, vol 41. Springer, Cham. https://doi.org/10.1007/978-3-030-34986-8_8

Download citation

DOI: https://doi.org/10.1007/978-3-030-34986-8_8
Published: 28 November 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34985-1
Online ISBN: 978-3-030-34986-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)

Publish with us

Policies and ethics