article

Security analysis of mobile web service provisioning

Authors:

Satish Narayana Srirama,

Matthias Jarke,

Wolfgang PrinzAuthors Info & Claims

International Journal of Internet Technology and Secured Transactions, Volume 1, Issue 1/2

Pages 151 - 171

https://doi.org/10.1504/IJITST.2007.014839

Published: 01 August 2007 Publication History

Abstract

Mobile data services in combination with profluent web services are seemingly the path breaking domain in current information systems research. Mobile web services have vast application domains and effectively pave the way for exciting performance and security challenges. Though numerous standardised security specifications and implementations exist for web services in general, not much has been analysed and standardised for mobile web services. This paper explores some of the critical challenges in providing security to the mobile web services domain and addresses the realisation of security for mobile web service provisioning with special focus at our Mobile Host.

References

[1]

3GPP (2006) Third Generation Partnership Project, http://www.3gpp.org/.

[2]

4Gpress (2005) World's First 2.5 Gbps Packet Transmission in 4G Field Experiment, 4G Press, http://www.4g.co.uk/PR2006/2056.htm.

[3]

AES (2006) Advanced Encryption Standard, RSA Labs, http://www.rsasecurity.com/rsalabs/node. asp?id=22 34.

[4]

Alonso, G., Casati, F., Kuno, H. and Machiraju, V. (2004) Web Services: Concepts, Architectures and Applications, Springer, http://www.inf.ethz.ch/personal/alonso/WebServicesBook.

[5]

Apache (2006) 'Apache axis', Apache Web Services Project, http://ws.apache.org/axis/.

[6]

Atkinson, B., Della-Libera, G., Hada, S., Hondo, M., Hallam-Baker, P. and Kaler, C. (2002) Web Services Security (WS-Security), in Klein, J., LaMacchia, B., Leach, P., Manferdelli, J., Maruyama, H., Nadalin, A., Nagaratnam, N., Prafullchandra, H., Shewchuk, J. and Simon, D. (Eds.), Technical Report, April, Microsoft, IBM and Verisign, URL: http://www. verisign.com/wss/wss.pdf

[7]

Balani, N. (2003) Deliver Web Services to Mobile Apps, IBM developerWorks, URL: http:// www-128.ibm.com/developerworks/wireless/edu/wi-dw-wiwsvs-i.html.

[8]

Booth, D., Haas, H. and McCabe, F. (2004) Web Service Architecture, W3C Working Group Note, http://www.w3.org/TR/ws-arch/.

[9]

Bouncy Castle (2006) 'Bouncy castle crypto APIs', The Legion of the Bouncy Castle, http://www.bouncycastle.org/.

[10]

Box, D., Ehnebuske, D., Kakivaya, G., Layman, A., Mendelsohn, N., Nielsen, H.F., Thatte, S. and Winer, D. (2000) Simple Object Access Protocol (SOAP), Version 1.1, W3C Note, W3C, http://www.w3.org/TR/soap/.

[11]

Boyer, J. (2001) 'Canonical XML', W3C Recommendation, March, http://www.w3.org/TR/ xml-c14n, http://www.ietf.org/rfc/rfc3076.txt.

[12]

Chiu, K., Govindaraju, M. and Bramley, R. (2002) 'Investigating the limits of SOAP performance for scientific computing', 11th IEEE International Symposium on High Performance Distributed Computing HPDC-11, IEEE Computing Society, July, p.256.

[13]

Christensen, E., Curbera, F., Meredith, G. and Weerawarana, S. (2001) Web Services Description Language (WSDL) 1.1., W3C Working Group Note, http://www.w3.org/TR/wsdl.

[14]

Cokus, M. and Pericas-Geertsen, S. (2005) XML Binary Characterization Use Cases, W3C Working Group Note, March, http://www.w3.org/TR/xbc-use-cases/.

[15]

DSS (2006) Digital Signature Standard, RSA Labs, http://www.rsasecurity.com/rsalabs/node. asp?id=2239.

[16]

Eastlake, D., Reagle, J., Solo, D., Bartel, M., Boyer, J., Fox, B., LaMacchia, B. and Simon, E. (2002) XML-Signature Syntax and Processing, W3C Note, http://www.w3.org/TR/xml dsig-core/.

[17]

Ericsson (2003) Enhanced Data Rates for GSM Evolution (EDGE) - Introduction of High-speed Data in GSM/GPRS Networks, White Paper, Ericsson AB, http://www.ericsson.com/ technology/whitepapers/edge_wp_technical.pdf.

[18]

Farell, S., Maler, E., Mishra, P. and Philpott, R. (2003) Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML), V1.1., Committee Specification, OASIS, July, http://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf.

[19]

FIPS (1999) 'Data encryption standard (DES)', Federal Information Processing Standards Publication, October, FIPS PUB-43, http://csrc.nist.gov/publications/fips/fips46-3/ fips46-3.pdf.

[20]

Holley, K., Channabasavaiah, K. and Tuggle Jr., E.M. (2003) Migrating to a Service-Oriented Architecture, IBM DeveloperWorks, December, http://www.ibm.com/developerworks/library/ ws-migratesoa/

[21]

Hummel, J. and Lechner, U. (2002) 'Business models and system architectures of virtual communities, from a sociological phenomenon to peer-to-peer architectures', International Journal of Electronic Commerce, Vol. 6, No. 3, pp.41-53.

[22]

IBM (2002) Security in a Web Services world: A Proposed Architecture and Roadmap, IBM Developerworks, http://www.ibm.com/developerworks/library/specification/ws-secmap/.

[23]

IBM (2006) WebSphere Studio Device Developer, http://www-306.ibm.com/software/wireless/ wsdd/ (16-08-2006).

[24]

IETF (1996) The SSL Protocol Version 3.0, Internet Draft, IETF, http://www.freesoft.org/CIE/ Topics/ssl-draft/INDEX.HTM.

[25]

IETF (1999) Hypertext Transfer Protocol version 1.1., IETF RFC 2616, http://www.ietf.org/ rfc/rfc2616.txt.

[26]

IETF (2000) HTTP over TLS, IETF RFC 2818, http://www.ietf.org/rfc/rfc2818.txt.

[27]

JSR 118 (2002) 'Mobile Information Device Profile (MIDP) V2.0.', Java Community Process, http://java.sun.com/products/midp/.

[28]

JSR 139 (2002) 'Connected Limited Device Configuration (CLDC)', Java Community Process, http://java.sun.com/products/cldc/.

[29]

kSOAP2 (2006) An Open Source SOAP Implementation for kVM, http://ksoap.org/.

[30]

Lai, X. (1992) 'On the design and security of block ciphers', in Massey, J.L. (Ed.): ETH Series in Information Processing, Vol. 1, Hartung-Gorre Verlag Konstanz, Technische Hochschule (Zurich).

[31]

Liberty Alliance (2006a) The Liberty Alliance Project, http://www.projectliberty.org/.

[32]

Liberty Alliance (2006b) 'Liberty Alliance project whitepaper: personal identity', The Liberty Alliance, March, http://www.projectliberty.org/liberty/content/download/395/2744/file/ Personal_Identity.pdf.

[33]

Lockhart, H. and Parducci, B. (2005) OASIS eXtensible Access Control Markup Language (XACML), OASIS Standard Specification, http://www.oasis-open.org/committees/ tc_home.php?wg_abbrev=xacml.

[34]

Meier, J.D., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R. and Murukan, A. (2003) 'Improving web application security: threats and countermeasures', MSDN, June, Microsoft Corporation, http://msdn2.microsoft.com/en-us/library/ms994921.aspx.

[35]

MicrosoftCorporation (1996) Distributed Component Object Model Protocol-DCOM/1.0, Draft, Microsoft Corporation, November.

[36]

OMA (2004a) Open Mobile Alliance Overview, Open Mobile Alliance Group, http://www. openmobilealliance.org/docs/OMAShortPaper_May2004v.1.doc.

[37]

OMA (2004b) OMA Web Services Enabler (OWSER): Overview, Open Mobile Alliance Group, July, http://www.openmobilealliance.org/release_program/docs/OWSER/V1_0-20040715- A/OMA-OWSER-Overview-V1_0-20040715-A.pdf.

[38]

OMG (2004) Common Object Request Broker Architecture: Core Specification, Object Management Group, http://www.omg.org/docs/formal/04-03-12.pdf.

[39]

Reagle, J. (2001) XML Encryption, W3C Working Group Note, http://www.w3.org/TR/ xml-encryption-req.

[40]

Rivest, R., Shamir, A. and Adleman, L.M. (1978) 'A method for obtaining digital signatures and public-key crypto systems', Communications of the ACM, Vol. 21, No. 2, February, pp.120-126.

Digital Library

[41]

Rollman, R. and Schneider, J. (2004) 'Mobile web services', XML 2004 Proceedings by SchemaSof, http://www.idealliance.org/proceedings/xml04/papers/73/MobileWebServices.pdf.

[42]

RSALabs (2006) Cryptographic Technologies, RSA Labs, http://www.rsasecurity.com/rsalabs/ node.asp?id=2212.

[43]

Rysavy, P. (1998) 'General Packet Radio Service (GPRS)', GSM Data Today Online Journal, http://www.rysavy.com/Articles/GPRS/GPRS.htm.

[44]

Schulte, R. (2002) Predicts 2003: Enterprise Service Buses Emerge, Report, Gartner, December.

[45]

SonyEricsson (2003) 'Java support in SonyEricsson mobile phones P800 and P802', Developer Guidelines from SonyEricsson Mobile CommunicationsAB, January, www.SonyEricsson Mobile.com.

[46]

Srirama, S. (2006) 'Publishing and discovery of mobile web services in peer to peer networks', International Workshop on Mobile Services and Personalized Environments (MSPE'06), November, Aachen, GI, pp.99-112.

[47]

Srirama, S., Jarke, M. and Prinz, W. (2006a) 'Mobile web service provisioning', Int. Conf. on Internet and Web Applications and Services, ICIW06, IEEE Computer Society, pp.120-125.

[48]

Srirama, S., Jarke, M. and Prinz, W. (2006b) 'Mobile host: a feasibility analysis of mobile web Service provisioning', 4th International Workshop on Ubiquitous Mobile Information and Collaboration Systems, UMICS 2006, a CAiSE'06 Workshop, June, pp.942-953, http://www-i5.informatik.rwth-aachen.de/lehrstuhl/staff/srirama/publications/Mobile%20 Host%20Final.pdf.

[49]

Srirama, S., Jarke, M., Prinz, W. and Pendyala, K. (2006d) 'Security aware mobile web service provisioning', Proceedings of the International Conference for Internet Technology and Secured Transactions, ICITST'06, ISBN 0-9546628-2-2, e-Centre for Infonomics, London, UK, pp.48-56.

[50]

Srirama, S.N., Jarke, M. and Prinz, W. (2006c) 'A mediation framework for mobile web service provisioning', EDOCW, 10th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW'06), p.14.

[51]

Sun (2006) Sun Java Wireless Toolkit, http://java.sun.com/products/sjwtoolkit/.

[52]

Thomas, K. (1999) Fourth Generation (4G) Wireless Communications, http://www.4g.co.uk/.

[53]

TRIPLEDES (2006) Triple Digital Encryption Standard, RSA Labs, http://www.rsasecurity.com/ rsalabs/node.asp?id=2231.

[54]

UDDI (2000) Universal Description, Discovery, and Integration (UDDI), Technical Report, UDDI.ORG, September, http://www.uddi.org.

[55]

Umtsworld (2002) 'Overview of the universal mobile telecommunication system', UMTS World, http://www.umtsworld.com/technology/overview.htm.

Cited By

Srirama SJarke MPrinz WGöschka KDustdar SLeymann FTosic V(2007)Mobile web services mediation frameworkProceedings of the 2nd workshop on Middleware for service oriented computing: held at the ACM/IFIP/USENIX International Middleware Conference10.1145/1388336.1388337(6-11)Online publication date: 26-Nov-2007
https://dl.acm.org/doi/10.1145/1388336.1388337

Security analysis of mobile web service provisioning
1. Information systems
  1. World Wide Web

Recommendations

Mobile hosts in enterprise service integration

Mobile data services in combination with profluent web services are seemingly the path-breaking domain in current information systems research. In the Mobile Web Service (MWS) sphere, resource-constrained mobile terminals are used as both web service ...
An efficient asynchronous mobile web service framework

The popularity of web services within the IT industry continuous to grow. Accessing web services from a small device is very com-mon these days. There are number of challenges to access a web services on mobile device due to its limited resources and ...
Security and Performance of Mobile XML Web Services
ICNS '08: Proceedings of the Fourth International Conference on Networking and Services

The development of new mobile services can benefit from adopting XML Web Services technologies, because this can dramatically reduce the time to market for many types of mobile services. However, it is often believed that XML Web Services will become ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image International Journal of Internet Technology and Secured Transactions

International Journal of Internet Technology and Secured Transactions Volume 1, Issue 1/2

August 2007

171 pages

ISSN:1748-569X

EISSN:1748-5703

Issue’s Table of Contents

Publisher

Inderscience Publishers

Geneva 15, Switzerland

Publication History

Published: 01 August 2007

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Srirama SJarke MPrinz WGöschka KDustdar SLeymann FTosic V(2007)Mobile web services mediation frameworkProceedings of the 2nd workshop on Middleware for service oriented computing: held at the ACM/IFIP/USENIX International Middleware Conference10.1145/1388336.1388337(6-11)Online publication date: 26-Nov-2007
https://dl.acm.org/doi/10.1145/1388336.1388337

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents