The Application Of Hash Collision Research To XML Digital Signature

The high development of computer scinence brought many safe challenges. Because of the weakness that the traditional technique made in information protection,data are vulnerable both in transmission and storage,as a result, the need of information security raises increasingly. The cipher technique is the basic method in information security application, as one of its important branch, the hash function has been extensively applied in many fileds of computer security,and become their theory foundation. However, with the development of the attacks to hash function, many computer technique which using hash function in their design has to face huge security threat.In this paper, we introduce hash function firstly, including properties, applications,design principles and several attacks on hash functions, espicially the thought and attack result of modular differential method[5, 6] presented by Xiaoyun Wang et al. resent years. Later, we detailedly analyze the mainly influence of the hash function collision research on the security of XML digital signature[8].XML digital signature system was produced by the IETF/W3C XML Signature Working Group. It is the combination of digital signature and XML[9, 10, 11 ], not just apply digital signature to XML document. XML Signature provides integrity, Authentication and nonrepudiation services the same as the traditional digital signature. Besides, XML Signature can achieve the certain granularity which the traditional digital signature could not do, showing powerful advantage both in function and technique. XML Signature can be applied to data of any type, and fulfill various signature forms such as enveloped signature,enveloping signature and detached signature. XML Signature keeps the structure of the XML document available,and various enveloping forms make it easy to save and manage.Moreover,the XML signature expression is legible in syntax,which enhances the transplantation and validation capability of the signature,therefore, this technique becomes the component of various applications.Hash function has been used in the design of the XML signature. Therefore, the security of XML signature is based on the the security of the hash function to a large extent. The development of attacks to hash function has post a large threat to the security of XML signature. In this paper, we use the attack technique of hash function, especially the collision analysis result of the MD5 [20] functions, to construct two kinds of XML signature collisions as follows:1. To construct the XML signature collisions of the ELF [14] format files. We first pad some dummy information to the section data while keeping the data structure compliant to ELF file format .Then we use the method of finding MD5 collision to build the collision data,and construct two ELF format files which have the same XML signature value,but entirely different output.2. To construct the XML signature collisions of the XML note sets. Here, we analyse the system which stores the IDs and their passwords hash values. We first build the system model and analyse its secutity capability. Then we create a pair of note sets with identical XML signature.In conclusion, this paper carry out the practical attacks to computer security technique designed on the hash function. This work has directional meaning in the evaluation of the security influence made by hash function attacks in practice.