How to Break XML Encryption - Automatically

Explore the vulnerabilities in XML Encryption and learn how to automatically detect and exploit them in this 43-minute Black Hat conference talk. Gain insights into adaptive chosen-ciphertext attacks that allow decryption of symmetric and asymmetric XML ciphertexts without knowing secret keys. Discover the challenges in implementing the updated W3C XML Encryption standard and the complexities in evaluating security configuration correctness. Follow the development of an algorithm for vulnerability scanning of encrypted XML messages and its implementation as an open-source attack plugin for the WS-Attacker tool. Examine real-world vulnerabilities found in major Web Service implementations, including IBM Datapower and Apache CXF. Delve into topics such as hybrid encryption, symmetric encryption, plaintext validation, and secure cryptography to enhance your understanding of XML Encryption security.

Intro
About me
Presentation
The Problem
Hybrid Encryption
Symmetric Encryption
Plain Text Validation
Flipping ASCII
What could go wrong
How to analyze this automatically
Secure Cryptography
Conclusion
Questions