An investigation into interoperable end-to-end mobile web service security
- Authors: Moyo, Thamsanqa
- Date: 2008
- Subjects: Web services , Mobile computing , Smartphones , Internetworking (Telecommunication) , Computer networks -- Security measures , XML (Document markup language) , Microsoft .NET Framework , Java (Computer program language)
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4595 , http://hdl.handle.net/10962/d1004838 , Web services , Mobile computing , Smartphones , Internetworking (Telecommunication) , Computer networks -- Security measures , XML (Document markup language) , Microsoft .NET Framework , Java (Computer program language)
- Description: The capacity to engage in web services transactions on smartphones is growing as these devices become increasingly powerful and sophisticated. This capacity for mobile web services is being realised through mobile applications that consume web services hosted on larger computing devices. This thesis investigates the effect that end-to-end web services security has on the interoperability between mobile web services requesters and traditional web services providers. SOAP web services are the preferred web services approach for this investigation. Although WS-Security is recognised as demanding on mobile hardware and network resources, the selection of appropriate WS-Security mechanisms lessens this burden. An attempt to implement such mechanisms on smartphones is carried out via an experiment. Smartphones are selected as the mobile device type used in the experiment. The experiment is conducted on the Java Micro Edition (Java ME) and the .NET Compact Framework (.NET CF) smartphone platforms. The experiment shows that the implementation of interoperable, end-to-end, mobile web services security on both platforms is reliant on third-party libraries. This reliance on third-party libraries results in poor developer support and exposes developers to the complexity of cryptography. The experiment also shows that there are no standard message size optimisation libraries available for both platforms. The implementation carried out on the .NET CF is also shown to rely on the underlying operating system. It is concluded that standard WS-Security APIs must be provided on smartphone platforms to avoid the problems of poor developer support and the additional complexity of cryptography. It is recommended that these APIs include a message optimisation technique. It is further recommended that WS-Security APIs be completely operating system independent when they are implemented in managed code. This thesis contributes by: providing a snapshot of mobile web services security; identifying the smartphone platform state of readiness for end-to-end secure web services; and providing a set of recommendations that may improve this state of readiness. These contributions are of increasing importance as mobile web services evolve from a simple point-to-point environment to the more complex enterprise environment.
- Full Text:
- Date Issued: 2008
Bridging the gap for Next Generation Services: Presence Services on Legacy Devices
- Authors: Moyo, Thamsanqa , Thinyane, Mamello , Wright, Madeleine , Irwin, Barry V W , Clayton, Peter G , Terzoli, Alfredo
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428177 , vital:72491 , https://d1wqtxts1xzle7.cloudfront.net/49665432/Paper_2063_20-_20Moyo-libre.pdf?1476717366=andresponse-content-disposi-tion=inline%3B+filename%3DBridging_the_gap_for_Next_Generation_Ser.pdfandEx-pires=1714737455andSignature=RRbr9pzIYSYX8v7FG6FzV4tu3dFXm9qmmqq5WirOhuYdt--mjOfcDHQNLPYZHCmtgYZWdVk6bVFxfGOVJxgXrvkTe2QN2AZV3XfFTZ3mi1s3A5gw2jIXOVHrYUnaf~POgdijdY85mqWhco3vL6Qk3sOZgYjIlTF5ZGAKg1S54W978Nom01cT2~oqRA0Et6mTNmydWfF5MhFxQIq~LNmYqEqmEESKkkWQFwg6xJJUu0uGffbaZXXBA6oDI2cpfkz1FleKyKaRDRJvdfnuTHPoJJ4TzfO6DDVCWKvJ45jaxIzaGmK-03Ai29I-DPyy-c557kZh~kF3rmDg3zrXVNaL8A__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Next generation services are provided by applications that leverage packet-based domains. A challenge faced by such services is the support for multiple devices, including legacy devices. Our paper examines a strategy for the pro-vision of next generation services on legacy cellular network devices. We ad-vocate that the provision of next generation services via applications on the SIM card allows for the deployment of such services on legacy devices. We demonstrate this assertion through a proof of concept application, SIMPre, that resides on a SIM card. SIMPre implements a presence service by leveraging Java Card, the SIM Application Toolkit and the OMA IMPS standard. We show that it is possible to provide a next generation service on the SIM card such that it ubiquitously integrates with the functionality of a legacy device. We con-clude through this demonstration that the SIM card is a viable option for provid-ing backward compatibility to legacy devices in the implementation of next generation services.
- Full Text:
- Date Issued: 2007
Bridging the gap for Next Generation Services: Presence Services on Legacy Devices
- Authors: Moyo, Thamsanqa , Thinyane, Mamello , Wright, Madeleine , Irwin, Barry V W , Clayton, Peter G , Terzoli, Alfredo
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428176 , vital:72492 , https://d1wqtxts1xzle7.cloudfront.net/49665432/Paper_2063_20-_20Moyo-libre.pdf?1476717366=andresponse-content-disposi-tion=inline%3B+filename%3DBridging_the_gap_for_Next_Generation_Ser.pdfandEx-pires=1714737455andSignature=RRbr9pzIYSYX8v7FG6FzV4tu3dFXm9qmmqq5WirOhuYdt--mjOfcDHQNLPYZHCmtgYZWdVk6bVFxfGOVJxgXrvkTe2QN2AZV3XfFTZ3mi1s3A5gw2jIXOVHrYUnaf~POgdijdY85mqWhco3vL6Qk3sOZgYjIlTF5ZGAKg1S54W978Nom01cT2~oqRA0Et6mTNmydWfF5MhFxQIq~LNmYqEqmEESKkkWQFwg6xJJUu0uGffbaZXXBA6oDI2cpfkz1FleKyKaRDRJvdfnuTHPoJJ4TzfO6DDVCWKvJ45jaxIzaGmK-03Ai29I-DPyy-c557kZh~kF3rmDg3zrXVNaL8A__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Next generation services are provided by applications that leverage packet-based domains. A challenge faced by such services is the support for multiple devices, including legacy devices. Our paper examines a strategy for the pro-vision of next generation services on legacy cellular network devices. We ad-vocate that the provision of next generation services via applications on the SIM card allows for the deployment of such services on legacy devices. We demonstrate this assertion through a proof of concept application, SIMPre, that resides on a SIM card. SIMPre implements a presence service by leveraging Java Card, the SIM Application Toolkit and the OMA IMPS standard. We show that it is possible to provide a next generation service on the SIM card such that it ubiquitously integrates with the functionality of a legacy device. We con-clude through this demonstration that the SIM card is a viable option for provid-ing backward compatibility to legacy devices in the implementation of next generation services.
- Full Text:
- Date Issued: 2007
Towards Central Vulnerability Management By Mobile Phone Operators
- Authors: Moyo, Thamsanqa , Irwin, Barry V W , Wright, Madeleine
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428787 , vital:72536 , https://www.researchgate.net/profile/Barry-Ir-win/publication/237107512_Securing_mobile_commerce_interactions_through_secure_mobile_web_services/links/5b9a5898a6fdccd3cb4ff6cf/Securing-mobile-commerce-interactions-through-secure-mobile-web-services.pdf
- Description: The application of XML-based approaches in passing vulnerability in-formation between vulnerability management devices or software resid-ing on wired networks has been demonstrated. We propose a proof of concept framework for mobile operators that extends this use of XML into the area of vulnerability management on public land mobile net-works. Our proposed framework allows for a pro-active central man-agement of vulnerabilities found on mobile stations such as mobile phones. Despite the relatively limited number of reported vulnerabilities on mobile stations, such a pre-emptive approach from mobile operators is necessary to acquire the confidence of early adopters in Mobile Commerce. Given the diverse collection of devices and software that exist on a public land mobile network, XML-based approaches are best able to providing the inter-operability required for vulnerability manage-ment on such a network. Our proposed framework leverages web ser-vices by using the Open Vulnerability Assessment Language (OVAL) to provide vulnerability descriptions, and by securing these descriptions in SOAP messages conforming to the OASIS Web Services Security (WSS) standard. We contribute in three areas: firstly, through this framework we show that mobile operators can carry out centralized vul-nerability management on their public land mobile networks comprising of a wide variety of devices and software. Secondly, the assurance of integrity, confidentiality and non-repudiation inherently lacking in OVAL vulnerability descriptions is achieved through their encapsulation in SOAP messages conforming to the OASIS WSS standard. Thirdly, SOAP-based web service implementations allow for integration with vulnerability management tools and devices that do not conform to OVAL.
- Full Text:
- Date Issued: 2006