Enhancing Web Services Security in E-business(EWSSE)

Iehab Alrassan  , Maha Alrashed

Computer Science department

King Saud University

Riyadh, Saudi Arabia

Abstract—  Nowadays, most of enterprises are using Web Services as a new wave for exchanging information in their e-business integration. Security is a major concern when Web Services are emerged. Web Services are  based on SOAP(Simple Object Access Protocol) message for exchanging information. In e- business, this information may be sensitive and there is a huge possibility that SOAP message is intercepted and modified by eavesdroppers.

In this research, we discuss the significant impact of adoption Web Services in e-business, whereas Web Services support application-to-application interactions. However, security still the biggest challenge that  faces Web Services. We also highlight the web services security standards that may be used to ensure Web Services security.

Any proposed security model must consider the securities’ goals which are integrity, authorization, authentication, confidentiality and non- repudiation. In this research, we focus on SOAP message and how to ensure its security, since the SOAP message is the transmission unit in Web Services. We proposed a security model to enhance security of e-business. This model is based on XML signature and XML encryption to sign and encrypt SOAP message.

Moreover, SAML will be used to provide the Single Sign On.

We also implemented this model by building a Book Store Web Service using WCF, and applied our proposed model (EWSSE) on it. We found from our experimental results that EWSSE provides a good performance with accepted performance.

Keywords-Web Services, SOAP, e-business, XML encryption, XML signature, SAML, XKMS

Introduction

Today, Web Services is widely adopted in e-business. Web Service is a huge revolution in e-business, it changes the concept of application interactions from human-centric where client plays the main roles in interaction to application-centric which means application to application interaction.

Web Service is a key technology that supports easy integration, reusability, and dynamic e-business. In fact the major concern when Web Service is used in e-business is security. Web Service is related to many technology such as SOAP, WSDL, and UDDI. It uses SOAP message to transmit information, WSDL for describing the services , and UDDI for discovering services.

Web Service is based on SOAP (Simple Object Access Protocol) to exchanging messages between entities. SOAP protocol specification does not mention any security. Therefore, Web Services are vulnerable to various attacks. E-business Web Services security is mainly based on SOAP message. It uses SOAP message as a standard way to exchange XML data. Therefore, SAOP messages support the enterprise which uses e-business Web Services applications by making these applications accessible to other companies.

The  challenge of  the e-business Web Services is finding  an appropriate mechanism to satisfy security requirements of e-business. For example, based on only SSL(Secure Socket Layer)  cannot provide enough security because SSL is unable to achieve end-to-end security.

Secure SOAP message is one of the  main goals of Web Services security. Attacker can be intercepted or modified the message.  There are many standards to secure Web Services XML signature, XML encryption, WS-Security(Web Services-Security) ,SAML(Security Assertion Markup Language) and XKMS(XML Key Management System).

 

Click here to View / Download Full Paper

Volume -01, Issue -05 , December 2013.

Leave a Reply