Secure web services using two-way authentication and three-party key establishment for service delivery

Authors:
Song Han;Tharam Dillon;Elizabeth Chang;Biming Tian
Affiliations:
DEBII, CBS, Curtin University of Technology, GPO Box U1987, Perth, WA 6845, Australia;DEBII, CBS, Curtin University of Technology, GPO Box U1987, Perth, WA 6845, Australia;DEBII, CBS, Curtin University of Technology, GPO Box U1987, Perth, WA 6845, Australia;DEBII, CBS, Curtin University of Technology, GPO Box U1987, Perth, WA 6845, Australia
Venue:
Journal of Systems Architecture: the EUROMICRO Journal
Year:
2009

Citing 27
Cited 2

Efficient and timely mutual authentication

ACM SIGOPS Operating Systems Review
A note on the use of timestamps as nonces

ACM SIGOPS Operating Systems Review
A lesson on authentication protocol design

ACM SIGOPS Operating Systems Review
Cryptanalysis and protocol failures

Communications of the ACM
On key distribution and authentication in mobile radio networks

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Two attacks on Neuman-Stubblebine authentication protocols

Information Processing Letters
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C

Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Security on the move: indirect authentication using Kerberos

MobiCom '96 Proceedings of the 2nd annual international conference on Mobile computing and networking
An architecture for a secure service discovery service

MobiCom '99 Proceedings of the 5th annual ACM/IEEE international conference on Mobile computing and networking
Timestamps in key distribution protocols

Communications of the ACM
Using encryption for authentication in large networks of computers

Communications of the ACM
The quest for security in mobile ad hoc networks

MobiHoc '01 Proceedings of the 2nd ACM international symposium on Mobile ad hoc networking & computing
Cryptography and Network Security: Principles and Practice

Cryptography and Network Security: Principles and Practice
New Key Agreement Protocols in Braid Group Cryptography

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Key Distribution Protocol for Digital Mobile Communication Systems

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Potential Weaknesses of the Commutator Key Agreement Protocol Based on Braid Groups

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Some new attacks upon security protocols

CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Trust Relationships in Secure Systems-A Distributed Authentication Perspective

SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Decentralized Trust Management

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Authenticated key agreement in dynamic peer groups

Theoretical Computer Science
Secure Web Services for Low-Cost Devices

ISORC '05 Proceedings of the Eighth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing
A Practical Approach to Secure Web Services

ISORC '06 Proceedings of the Ninth IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing
Secure Web Service Discovery: Overcoming Challenges of Ubiquitous Computing

ECOWS '06 Proceedings of the European Conference on Web Services
A Secure Web Service for Electricity Prepayment Vending in South Africa: A Case Study and Industry Specification

ICIW '07 Proceedings of the Second International Conference on Internet and Web Applications and Services
Web Services Security: Challenges and Techniques

POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Enabling Wide-Area Service Oriented Architecture through the p2pWeb Model

WETICE '06 Proceedings of the 15th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Situational Secure Web Services Design Methods

ICSEA '07 Proceedings of the International Conference on Software Engineering Advances

Security against DOS attack in mobile IP communication

Proceedings of the 2nd international conference on Security of information and networks
Enhancing distributed web security based on Kerberos authentication service

WISM'10 Proceedings of the 2010 international conference on Web information systems and mining

Quantified Score

Hi-index	0.00

Visualization

Abstract

With the advance of web technologies, a large quantity of transactions have been processed through web services. Service Provider needs encryption via public communication channel in order that web services can be delivered to Service Requester. Such encryptions can be realized using secure session keys. Traditional approaches which can enable such transactions are based on peer-to-peer architecture or hierarchical group architecture. The former method resides on two-party communications while the latter resides on hierarchical group communications. In this paper, we will use three-party key establishment to enable secure communications for Service Requester and Service Provider. The proposed protocol supports Service Requester, Service Broker, and Service Provider with a shared secret key established among them. Compared with peer-to-peer architecture and hierarchical group architecture, our method aims at reducing communication and computation overheads.