Achieving secure and flexible M-service through tickets
Wang, Hua and Zhang, Yanchun and Cao, Jinli and Varadharajan, Vijay (2003) Achieving secure and flexible M-service through tickets. IEEE transactions on systems, man and cybernetics part A : Systems and humans, 33 (6). pp. 697-708. ISSN 1083-4427Full text for this resource is not available from the Research Repository.
Web services via wireless technologies, mobile services (M-services), HTTP, and XML have become important for conducting business. W3C XML Protocol Working Group has been developing standard techniques such as Web Services Description Language (WSDL), simple object access protocol (SOAP), universal description discovery and integration (UDDI). However, at this stage, there is no standard technique for access control in M-services. This paper describes a secure and flexible access control scheme and protocol for M-services based on role based access control (RBAC). The access control architecture involves a Trusted Credential Center (TCC), a Trusted Authentication and Registration Center (TARC) and a secure ticket based mechanism for service access. Users and service providers register with the TARC and are authenticated. Based on this, tickets are issued by the TCC to users. Tickets carry authorization information needed for the requested services. In particular, we are able to specify access control polices based on roles. The protocols between the various entities in the model are protected using appropriate security mechanisms such as signatures which are used to verify correctness of the requested service, as well as to direct billing information to the appropriate user. Our architecture supports efficient authentication of users and service providers over different domains and provides a secure access model for services to users. Our model is also able to support anonymity of users. Only the TARC is able to identify misbehaving users. We believe that the proposed architecture forms a good basis for achieving a secure and flexible M-service system.
|Uncontrolled Keywords:||Access control architecture, anonymity, RBAC, secure M-services, ticket based access control|
|Subjects:||Faculty/School/Research Centre/Department > School of Engineering and Science
RFCD Classification > 280000 Information, Computing and Communication Sciences
|Depositing User:||Ms Phung T Tran|
|Date Deposited:||19 Oct 2008 23:19|
|Last Modified:||06 Jul 2011 05:27|
|ePrint Statistics:||View download statistics for this item|
|Citations in Scopus:||24 - View on Scopus|
Repository staff only