Achieving secure and flexible M-service through tickets

Full text for this resource is not available from the Research Repository.

Wang, Hua, Zhang, Yanchun, Cao, Jinli and Varadharajan, Vijay (2003) Achieving secure and flexible M-service through tickets. IEEE transactions on systems, man and cybernetics part A : Systems and humans, 33 (6). pp. 697-708. ISSN 1083-4427

Abstract

Web services via wireless technologies, mobile services (M-services), HTTP, and XML have become important for conducting business. W3C XML Protocol Working Group has been developing standard techniques such as Web Services Description Language (WSDL), simple object access protocol (SOAP), universal description discovery and integration (UDDI). However, at this stage, there is no standard technique for access control in M-services. This paper describes a secure and flexible access control scheme and protocol for M-services based on role based access control (RBAC). The access control architecture involves a Trusted Credential Center (TCC), a Trusted Authentication and Registration Center (TARC) and a secure ticket based mechanism for service access. Users and service providers register with the TARC and are authenticated. Based on this, tickets are issued by the TCC to users. Tickets carry authorization information needed for the requested services. In particular, we are able to specify access control polices based on roles. The protocols between the various entities in the model are protected using appropriate security mechanisms such as signatures which are used to verify correctness of the requested service, as well as to direct billing information to the appropriate user. Our architecture supports efficient authentication of users and service providers over different domains and provides a secure access model for services to users. Our model is also able to support anonymity of users. Only the TARC is able to identify misbehaving users. We believe that the proposed architecture forms a good basis for achieving a secure and flexible M-service system.

Dimensions Badge

Altmetric Badge

Item type Article
URI https://vuir.vu.edu.au/id/eprint/1074
DOI https://doi.org/10.1109/TSMCA.2003.819917
Official URL http://dx.doi.org/10.1109/TSMCA.2003.819917
Subjects Historical > Faculty/School/Research Centre/Department > School of Engineering and Science
Historical > RFCD Classification > 280000 Information, Computing and Communication Sciences
Keywords Access control architecture, anonymity, RBAC, secure M-services, ticket based access control
Citations in Scopus 32 - View on Scopus
Download/View statistics View download statistics for this item

Search Google Scholar

Repository staff login