Achieving secure and flexible M-services through tickets

Wang, Hua and Zhang, Yanchun and Cao, Jinli and Varadharajan, Vijay (2003) Achieving secure and flexible M-services through tickets. Systems, Man, and Cybernetics. Part A, 33 (6). pp. 697-708. ISSN 1083-4427

[img]
Preview
PDF
Wang_Zhang_Cao_Varadharajan_Publ_Version.pdf

Download (475Kb)

Abstract

Web services via wireless technologies, mobile services (M-services), HTTP, and XML have become important for conducting business. W3C XML Protocol Working Group has been developing standard techniques such as Web Services Description Language (WSDL), simple object access protocol (SOAP), universal description discovery and integration (UDDI). However, at this stage, there is no standard technique for access control in M-services. This paper describes a secure and flexible access control scheme and protocol for M-services based on role based access control (RBAC). The access control architecture involves a Trusted Credential Center (TCC), a Trusted Authentication and Registration Center (TARC) and a secure ticket based mechanism for service access. Users and service providers register with the TARC and are authenticated. Based on this, tickets are issued by the TCC to users. Tickets carry authorization information needed for the requested services. In particular, we are able to specify access control polices based on roles. The protocols between the various entities in the model are protected using appropriate security mechanisms such as signatures which are used to verify correctness of the requested service, as well as to direct billing information to the appropriate user. Our architecture supports efficient authentication of users and service providers over different domains and provides a secure access model for services to users. Our model is also able to support anonymity of users. Only the TARC is able to identify misbehaving users. We believe that the proposed architecture forms a good basis for achieving a secure and flexible M-service system.


Statistics for USQ ePrint 3162
Statistics for this ePrint Item
Item Type: Article (Commonwealth Reporting Category C)
Refereed: Yes
Item Status: Live Archive
Additional Information: Deposited in accordance with the copyright policy of the publisher. ©2003 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Depositing User: Dr Hua Wang
Faculty / Department / School: Historic - Faculty of Sciences - Department of Maths and Computing
Date Deposited: 26 Oct 2007 00:41
Last Modified: 02 Jul 2013 22:50
Uncontrolled Keywords: access control architecture, anonymity, RBAC, secure M-services, ticket based access control
Fields of Research (FOR2008): 15 Commerce, Management, Tourism and Services > 1503 Business and Management > 150301 Business Information Management (incl. Records, Knowledge and Information Management, and Intelligence)
08 Information and Computing Sciences > 0807 Library and Information Studies > 080708 Records and Information Management (excl. Business Records and Information Management)
08 Information and Computing Sciences > 0804 Data Format > 080402 Data Encryption
Identification Number or DOI: doi: 10.1109/TSMCA.2003.819917
URI: http://eprints.usq.edu.au/id/eprint/3162

Actions (login required)

View Item Archive Repository Staff Only