Secure Communication and Access Control for Mobile Web Service Provisioning
Satish Narayana Srirama1, Anton Naumenko2 1
RWTH Aachen University, Informatik V (Information Systems) Ahornstr 55, 52056 Aachen, Germany 2 Industrial Ontologies Group, Department of Mathematical Information Technology, P.O. Box 35, 40014 University of Jyväskylä, Finland
[email protected],
[email protected]
Abstract. It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. While the applications are quite welcoming, the ability to provide secure and reliable communication in the vulnerable and volatile mobile ad-hoc topologies is vastly becoming necessary. The paper mainly addresses the details and issues in providing secured communication and access control for the mobile web service provisioning domain. While the basic message-level security can be provided, providing proper access control mechanisms for the Mobile Host still poses a great challenge. This paper discusses details of secure communication and proposes the distributed semantics-based authorization mechanism. Keywords: Access Control, Communication system security, Mobile Communication, Mobile web services.
1 Introduction The high-end mobile phones and PDAs are becoming pervasive and are being used in variety of applications like location based services, banking services, ubiquitous computing etc. The higher data transmission rates achieved with 3G and 4G technologies also boosted this growth in the wireless market. The situation brings out a large scope and demand for software applications for such high-end mobile devices. To meet this demand and to reap the benefits of the fast growing web services domain and standards, the scope of the mobile terminals as both web services clients and providers is being observed. While mobile web service clients are common these days, we have studied the scope of mobile web service provisioning, in one of our previous projects. [5] Mobile web service provisioning offers many of its applications in domains like collaborative learning, social systems, mobile community support etc. While the
applications are quite welcoming, the ability to provide secure and reliable communication in the vulnerable and volatile mobile ad-hoc topologies is vastly becoming necessary. Moreover with the easily readable mobile web services, the complexity to realize security increases further. Secure provisioning of mobile web services needs proper identification mechanism, access control, data integrity and confidentiality. In our current research, we are trying to provide proper security for the mobile web service provider (“Mobile Host”) realized by us. The security analysis suggests that proper message-level security can be provided in mobile web service provisioning with reasonable performance penalties on the Mobile Host. While the basic messagelevel security can be provided, the end-point security comprising proper identity and access control mechanisms, still poses a great challenge for the Mobile Host. Here we propose to utilize distributed architectures of semantics-based authorization mechanism to ensure pro-active context-aware access control to mobile web services. The rest of the paper is organized as follows: Section 2 discusses the concept and analysis of mobile web service provisioning domain. Section 3 addresses the issues of securing the communication for mobile web services. Section 4 presents our research ideas towards implementation of semantics-based access control for mobile web services and section 5 concludes the paper with future research directions.
2 Pervasive Mobile Web Service Provisioning Traditionally, the hand-held cellular devices have many resource limitations like limited storage capacities, low computational capacities, and small display screens with poor rendering potential. Most recently, the capabilities of these wireless devices like smart phones, PDAs are expanding quite fast. This is resulting in quick adoption of these devices in domains like mobile banking, location based services, social networks, e-learning etc. The situation also brings out a large scope and demand for software applications for such high-end wireless devices. Mobile Infrastructure Mobile Host WS
Internet GPRS / UMTS
Web Service Provider
WS Client
Fig. 1. Mobile terminals as both web service providers and clients
Moreover, with the achieved high data transmission rates in cellular domain, with interim and third generation mobile communication technologies like GPRS, EDGE and UMTS [2], mobile phones are also being used as Web Service clients and providers, bridging the gap between the wireless networks and the stationery IP networks. Combining these two domains brings us a new trend and lead to manifold
opportunities to mobile operators, wireless equipment vendors, third-party application developers, and end users [4, 5]. While mobile web service clients are quite common these days, and many development tools are available from major vendors, the research with mobile web service provisioning is still sparse [3, 4]. During one of our previous projects, a small mobile web service provider (“Mobile Host”) has been developed for resource constrained smart phones. Figure 1 shows the scenario with mobile terminal as both web service provider and client. Mobile Host is a light weight web service provider built for resource constrained devices like cellular phones. It has been developed as a web service handler built on top of a normal web server. The web service requests sent by HTTP tunneling are diverted and handled by the web service handler. The Mobile Host was developed in PersonalJava [7] on a SonyEricsson P800 smart phone. The footprint of our fully functional prototype is only 130 KB. Open source kSOAP2 [8] was used for creating and handling the SOAP messages. The detailed evaluation of the Mobile Host clearly showed that service delivery as well as service administration can be performed with reasonable ergonomic quality by normal mobile phone users. As the most important result, it turns out that the total WS processing time at the Mobile Host is only a small fraction of the total requestresponse invocation cycle time (
