I have been involved in a discussion the other day regarding the implementation of backend-to-backend authentication. The communications between each backend happen via SOAP (XML) message protocol.
Objective:
Authenticate calls originating from Backend A <> Backend B. All communications can be considered to go through TLS tunneling first
Their proposed solution:
Append a Signature in a XML Header which is computed using only certain parts of the request body and a timestamp, encrypted with AES-ECB
The secrets are shared in an external channel and maintained at each end.
My concerns / own solution:
From my perspective, this problem calls for a MAC-type of authentication that would guarantee message integrity and authenticity.
I would recommend them to use HMAC-SHA256 instead, with a nonce-timestamp to prevent replay attacks, and pass that it in a custom XML Header which would be validated by each backend.
I do not understand the need of using encryption here, especially since they do not cipher the request body (confidentiality). However, I do not really have strong enough arguments as to why their solution is insecure/unsuitable
NB: I reckon that the ECB cipher mode can also have oracle problems, and generally CBC would be preferred over it?
