Get started for free
Visual Studio Developer Center >
XML Encryption Broken - "How To" Published - Impact on WCF / What should we do?

已答覆 XML Encryption Broken - "How To" Published - Impact on WCF / What should we do?

  • Thursday, November 03, 2011 1:45 PM
     
     
    Sign In to Vote
    1

    A recent academic article in Journal of the ACM (and published also here)   describes an efficient technique for breaking XML Encryption, based on some discovered issues with cipher block chaining (aka CBC).  This looks like the real deal, and notably affects AES-CBC.

    From what I can discern from this posting (http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/99231ca9-75b8-4254-a8a5-278c73901ec3/), the default algorithmSuite for all WCF bindings is Basic256, which uses the AES-CBC encryption algorithm.  

    Thus the default WCF security bindings appear to be compromised by this article.  I'm concerned that any use of message-level security that uses the default bindings is vulnerable to decryption by a man-in-the-middle or other observers.  

    What advice does Microsoft have on limiting the attack surface of WCF default bindings to eliminate this vulnerability?  

    I note that a W3C blog posting indicates that AES-GCM is perhaps a better choice for effecient and safe symmetric encryption.  I believe AES-GCM is available on Windows Vista/7 and Windows Server 2008 / Windows Server 2008 R2 as part of Crypto Next Gen.

    is there a way to configure a .NET 3.x or 4.0 WCF Binding to use AES-GCM or another equally effecient non-CBC encryption algorithm?

     

    Regards, Howard Hoffman
     

All Replies

  • Friday, November 04, 2011 1:47 AM
    Moderator
     
     
    Sign In to Vote
    0
    Hello, thanks for pointing out the latest researches. You can submit a suggestion on http://connect.microsoft.com/wcf. We will evaluate it and see how it will impact our products.
    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    Windows Azure Technical Forum Support Team Blog
     
  • Friday, November 04, 2011 5:48 PM
     
     
    Sign In to Vote
    1

    After further study, it appears that *all* the available WCF algorithmSuites use CBC.  See http://msdn.microsoft.com/en-us/library/system.servicemodel.security.securityalgorithmsuite.aspx

    From reading the original article, it seems that encrypted+signed XML would not be vulnerable.  So a further question: 

    Given that http://msdn.microsoft.com/en-us/library/system.net.security.protectionlevel.aspx has only None, Sign and EncryptAndSign what would WCF do when presented with the type of attack presented in the article -- an encrypted-only message?  It strikes me that WCF must accept such a message since non .NET callers might be sending that, if it's within spec of WS-Security 1.3.

     

    Regards, Howard Hoffman
     
  • Monday, November 28, 2011 7:51 PM
     
     
    Sign In to Vote
    0

    Howard,

    WCF does not have an encryption only mode, encrypted data must be signed. 


     
  • Wednesday, November 30, 2011 5:47 PM
     
     Answered
    Sign In to Vote
    0
    Hi Howard - Brent is correct.  WCF accepts only signed encrypted messages.  I have spoken about this issue with MSRC at length and have concluded that this is not a vulnerability for WCF.
    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    • Marked As Answer by HowardH Wednesday, November 30, 2011 6:41 PM
    •