首页    期刊浏览 2024年12月12日 星期四
登录注册

文章基本信息

  • 标题:A Proposed SOAP Model Against Wrapping Attacks and Insecure Conversation
  • 本地全文:下载
  • 作者:Rajni Mohana ; Deepak Dahiya
  • 期刊名称:International Journal of Computer Science Issues
  • 印刷版ISSN:1694-0784
  • 电子版ISSN:1694-0814
  • 出版年度:2013
  • 卷号:10
  • 期号:2
  • 出版社:IJCSI Press
  • 摘要:The web services in SOA are under the heterogeneous ownership domains, there should be a uniform means to offer, discover and interact with each other. Ensuring interoperatability among the web service which is under various ownership domains is the most important challenge. One of the major interoperatablilty issue is protecting the SOAP message from rewriting attacks and insecure conversation as the contents of a SOAP message protected by an XML Signature as specified in WS-Security can be altered without invalidating the signature. The paper presents a proposed SOAP model avoids rewriting attacks and ensures secure conversation. The model highlighted three possible recommendations namely, using shared key for encrypting timestamp in the message body for generating corresponding signature; Secondly, using value referencing both for signature validation and message processing; and finally encrypting the whole SOAP body instead of sending an open SOAP Message in the network to prevent unauthorized access. The paper at the end concludes that the proposed model not only successfully detects rewriting attacks and establishes secure conversation but it also has less overhead in terms of performance metric time which is an important issue in security.
  • 关键词:Ws;secure conversation; wrapping attacks; SOAP message; rewriting attacks; WS;Security.
国家哲学社会科学文献中心版权所有