Secure sessions for Web services

WS-Security provides basic means to secure SOAP traffic, one envelope at a time. For typical web services, however, using WS-Security independently for each message is rather inefficient; besides, it is often important to secure the integrity of a whole session, as well as each message. To these ends, recent specifications provide further SOAP-level mechanisms. WS-SecureConversation introduces security contexts, which can be used to secure sessions between two parties. WS-Trust specifies how security contexts are issued and obtained.We develop a semantics for the main mechanisms of WS-Trust and WS-SecureConversation, expressed as a library for TulaFale, a formal scripting language for security protocols. We model typical protocols relying on these mechanisms, and automatically prove their main security properties. We also informally discuss some limitations of these specifications.

[1]  Jonathan K. Millen,et al.  Three systems for cryptographic protocol analysis , 1994, Journal of Cryptology.

[2]  Peter Y. A. Ryan,et al.  The modelling and analysis of security protocols: the csp approach , 2000 .

[3]  Andrew D. Gordon,et al.  Verified Interoperable Implementations of Security Protocols , 2006, CSFW.

[4]  Donald F. Ferguson,et al.  Web Services Addressing (WS- Addressing) , 2004 .

[5]  Birgit Pfitzmann,et al.  Proving a WS-Federation passive requestor profile , 2004, SWS '04.

[6]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[7]  Giovanni Della-Libera,et al.  Web Services Trust Language (WS-Trust) , 2002 .

[8]  Davide Sangiorgi,et al.  Communicating and Mobile Systems: the π-calculus, , 2000 .

[9]  Andrew D. Gordon,et al.  Verifying policy-based security for web services , 2004, CCS '04.

[10]  G. Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol using CSP and FDR , 1996 .

[11]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[12]  Lawrence C. Paulson,et al.  Inductive analysis of the Internet protocol TLS , 1999, TSEC.

[13]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Joshua D. Guttman,et al.  Strand Spaces: Proving Security Protocols Correct , 1999, J. Comput. Secur..

[15]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[16]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[17]  John C. Mitchell,et al.  A Compositional Logic for Proving Security Properties of Protocols , 2003, J. Comput. Secur..

[18]  Ernie Cohen TAPS: A First-Order Verifier for Cryptographic Protocols , 2000, CAV.

[19]  Ernesto Damiani,et al.  Securing SOAP e-services , 2002, International Journal of Information Security.

[20]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[21]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[22]  Sebastian Mödersheim,et al.  Symbolic and Cryptographic Analysis of the Secure WS-ReliableMessaging Scenario , 2006, IACR Cryptol. ePrint Arch..

[23]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[24]  Werner Vogels,et al.  Web Services Are Not Distributed Objects , 2003, Int. CMG Conference.

[25]  Andrew D. Gordon,et al.  Validating a web service security abstraction by typing , 2002, XMLSEC '02.

[26]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[27]  Dieter Gollmann Authentication by correspondence , 2003, IEEE J. Sel. Areas Commun..

[28]  Andrew D. Gordon,et al.  A semantics for web services authentication , 2004, Theor. Comput. Sci..

[29]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .

[30]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[31]  Bill Roscoe,et al.  Web Services Security: a preliminary study using Casper and FDR , 2004 .

[32]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[33]  A. W. Roscoe,et al.  On the Relationship Between Web Services Security and Traditional Protocols , 2005, MFPS.

[34]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[35]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[36]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[37]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[38]  Siddharth Bajaj,et al.  Web Services Federation Language (WS- Federation) , 2003 .

[39]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[40]  Gavin Lowe,et al.  Fault-Preserving Simplifying Transformations for Security Protocols or Not Just the Needham Schroede , 2000 .

[41]  Steve Anderson,et al.  Web Services Secure Conversation Language (WS-SecureConversation) , 2005 .

[42]  Andrew D. Gordon,et al.  TulaFale: A Security Tool for Web Services , 2003, FMCO.

[43]  Gavin Lowe,et al.  Fault-Preserving Simplifying Transformations for Security Protocols , 2001, J. Comput. Secur..

[44]  Birgit Pfitzmann,et al.  A composable cryptographic library with nested operations , 2003, CCS '03.

[45]  Bruno Blanchet,et al.  From Secrecy to Authenticity in Security Protocols , 2002, SAS.

[46]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.