29-08-2017, 12:31 PM
In the recent years, XML Encryption became the target of several new attacks . These attacks belong to the family of adaptive chosen-ciphertext attacks, and allow an adversary to decrypt symmetric and asymmetric XML ciphertexts, without knowing the secret keys. In order to protect XML Encryption implementations, the World Wide Web Consortium (W3C) published an updated version of the standard. Unfortunately, most of the current XML Encryption implementations do not support the new XML Encryption specification and offer different XML Security configurations to protect confidentiality of the exchanged messages. Resulting from the attack complexity, evaluation of the security configuration correctness becomes tedious and error prone. Validation of the applied countermeasures can be made with numerous XML messages provoking incorrect behavior by decrypting XML content. Up to now, this validation was only manually possible.
Following video is better to understand the How to Break XML Encryption :
Following video is better to understand the How to Break XML Encryption :