{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T22:40:11Z","timestamp":1750113611602,"version":"3.41.0"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030781194"},{"type":"electronic","value":"9783030781200"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-78120-0_1","type":"book-chapter","created":{"date-parts":[[2021,6,17]],"date-time":"2021-06-17T05:02:49Z","timestamp":1623906169000},"page":"3-18","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["XML Signature Wrapping Still Considered Harmful: A Case Study on\u00a0the\u00a0Personal\u00a0Health\u00a0Record\u00a0in\u00a0Germany"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1049-5794","authenticated-orcid":false,"given":"Paul","family":"H\u00f6ller","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6523-4890","authenticated-orcid":false,"given":"Alexander","family":"Krumeich","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7863-0622","authenticated-orcid":false,"given":"Luigi","family":"Lo Iacono","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,6,15]]},"reference":[{"key":"1_CR1","unstructured":"Bray, T., Paoli, J., Sperberg-McQueen, M., Maler, E., Yergeau, F.: Extensible Markup Language (XML) 1.0 (Fifth Edition). Recommendation, W3C, November 2008"},{"key":"1_CR2","unstructured":"Eastlake, D., Reagle, J., Hirsch, F., Roessler, T.: XML Encryption Syntax and Processing Version 1.1. Recommendation, W3C, April 2013"},{"key":"1_CR3","unstructured":"Eastlake, D., et al.: XML Signature Syntax and Processing Version 1.1. Recommendation, W3C, April 2013"},{"key":"1_CR4","doi-asserted-by":"crossref","unstructured":"Gajek, S., Jensen, M., Liao, L., Schwenk, J.: Analysis of signature wrapping attacks and countermeasures. In: ICWS 2019. IEEE, July 2009","DOI":"10.1109\/ICWS.2009.12"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Gajek, S., Liao, L., Schwenk, J.: Breaking and fixing the inline approach. In: SWS 2007. ACM (2007)","DOI":"10.1145\/1314418.1314425"},{"key":"1_CR6","unstructured":"gematik GmbH: Systemspezifisches Konzept ePA (2019), revision 166371"},{"key":"1_CR7","unstructured":"gematik GmbH: Spezifikation Authentisierung des Versicherten ePA (2020), revision 244633"},{"key":"1_CR8","unstructured":"gematik GmbH: Spezifikation ePA-Aktensystem (2020), revision 245464"},{"key":"1_CR9","unstructured":"gematik GmbH: epa - elektronische patientenakte (2019). https:\/\/www.gematik.de\/fileadmin\/user_upload\/gematik\/files\/Faktenblaetter\/Faktenblatt_ePA_web.pdf"},{"key":"1_CR10","unstructured":"gematik GmbH: API Telematik, June 2020. https:\/\/fachportal.gematik.de\/downloadcenter\/schemata-wsdl-und-andere-dateien"},{"key":"1_CR11","doi-asserted-by":"crossref","unstructured":"Gruschka, N., Lo Iacono, L.: Vulnerable cloud: SOAP message security validation revisited. In: ICWS 2009. IEEE (2009)","DOI":"10.1109\/ICWS.2009.70"},{"key":"1_CR12","series-title":"IFIP International Federation for Information Processing","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/0-387-33406-8_15","volume-title":"Security and Privacy in Dynamic Environments","author":"N Gruschka","year":"2006","unstructured":"Gruschka, N., Luttenberger, N.: Protecting web services from DoS attacks by SOAP message validation. In: Fischer-H\u00fcbner, S., Rannenberg, K., Yngstr\u00f6m, L., Lindskog, S. (eds.) SEC 2006. IIFIP, vol. 201, pp. 171\u2013182. Springer, Boston, MA (2006). https:\/\/doi.org\/10.1007\/0-387-33406-8_15"},{"key":"1_CR13","unstructured":"Gruschka, N., Luttenberger, N., Herkenh\u00f6ner, R.: Event-based soap message validation for WS-securitypolicy-enriched web services. In: SWWS 2016 (2006)"},{"key":"1_CR14","unstructured":"Hill, B.: Complexity as enemy of security (2007). https:\/\/www.w3.org\/2007\/xmlsec\/ws\/papers\/04-hill-isecpartners\/"},{"key":"1_CR15","doi-asserted-by":"crossref","unstructured":"Jensen, M., Gruschka, N., Herkenhoner, R., Luttenberger, N.: Soa and web services: new technologies, new standards - new attacks. In: ECOWS 2007 (2007)","DOI":"10.1109\/ECOWS.2007.9"},{"key":"1_CR16","doi-asserted-by":"crossref","unstructured":"Jensen, M., Gruschka, N.: A survey of attacks in the web services world. In: Electronic Services: Concepts, Methodologies, Tools and Applications (2010)","DOI":"10.4018\/978-1-61520-967-5.ch115"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Jensen, M., Liao, L., Schwenk, J.: The curse of namespaces in the domain of XML signature. In: SWS 2009. ACM (2009)","DOI":"10.1145\/1655121.1655129"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Jensen, M., Meyer, C., Somorovsky, J., Schwenk, J.: On the effectiveness of XML schema validation for countering XML signature wrapping attacks. In: IWSSC 2011 (2011)","DOI":"10.1109\/IWSSCloud.2011.6049019"},{"key":"1_CR19","doi-asserted-by":"crossref","unstructured":"Jensen, M., Schwenk, J., Bohli, J.M., Gruschka, N., Lo Iacono, L.: Security prospects through cloud computing by adopting multiple clouds. In: CLOUD 2011 (2011)","DOI":"10.1109\/CLOUD.2011.85"},{"key":"1_CR20","doi-asserted-by":"crossref","unstructured":"Jensen, M., Schwenk, J., Gruschka, N., Iacono, L.L.: On technical security issues in cloud computing. In: IEEE International Conference on Cloud Computing (2009)","DOI":"10.1109\/CLOUD.2009.60"},{"key":"1_CR21","unstructured":"Mainka, C., Jensen, M., Lo Iacono, L., Schwenk, J.: XSpRES - robust and effective XML signatures for web services. In: CLOSER 2012. SciTePress (2012)"},{"key":"1_CR22","doi-asserted-by":"crossref","unstructured":"McIntosh, M., Austel, P.: XML signature element wrapping attacks and countermeasures. In: SWS 2005. Association for Computing Machinery (2005)","DOI":"10.1145\/1103022.1103026"},{"key":"1_CR23","unstructured":"MITRE: Cwe-345: Insufficient verification of data authenticity (2006)"},{"key":"1_CR24","unstructured":"MITRE: Cwe-347: Improper verification of cryptographic signature (2006)"},{"key":"1_CR25","unstructured":"OASIS: Web services security: Soap message security 1.1 (2004)"},{"key":"1_CR26","unstructured":"Robie, J., Dyck, M., Spiegel, J.: XML Path Language (XPath) 3.1. Recommendation, W3C, March 2017"},{"key":"1_CR27","unstructured":"Slany, D.W.: Sicherheitsanalyse zur Sicherheit der kritischen Komponenten der elektronischen Patientenakte nach \u00a7291a SGB V, March 2020"},{"key":"1_CR28","doi-asserted-by":"crossref","unstructured":"Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., Lo Iacono, L.: All your clouds are belong to us. In: CCSW 2011 (2011)","DOI":"10.1145\/2046660.2046664"},{"key":"1_CR29","unstructured":"Somorovsky, J., Mayer, A., Schwenk, J., Kampmann, M., Jensen, M.: On breaking SAML: be whoever you want to be. In: USENIX Security 2012, August 2012"},{"key":"1_CR30","unstructured":"W3C: SOAP 1.2-Schema (2007)"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-78120-0_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T22:02:50Z","timestamp":1750111370000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-78120-0_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030781194","9783030781200"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-78120-0_1","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"15 June 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Oslo","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 June 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 June 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"36","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.ifipsec.org\/2021\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"112","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"25% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}