A Layered Architecture for Checking Rewriting Attacks in Resource Constrained Networks

A layered architecture is necessary for choosing the level of security in resource constrained networks (RCNs). Depending upon the resource constraints and the required trust level, users can then select any/all of the layers. This paper presents a layered architectural approach for checking the rewriting attacks in RCNs. It consists of two layers. The rewriting attacks are checked using policy specifications in the lower layer where as the checking in the upper layer is done using a modified accounting information. This scheme is based on a format for data representation with reduced number of bytes, derived from the YAML Aint Markup Language (YAML), a light weight data serialization language. The performance of this format is evaluated in comparison with the existing standard formats and the results are encouraging.

[1]  Giovanni Della-Libera,et al.  Web Services Security Policy Language (WS-SecurityPolicy) , 2002 .

[2]  Hui Wang,et al.  Heterogeneous Grid Computing for Energy Constrained Mobile Device , 2004, EUC.

[3]  Andreas Schaad,et al.  SOAP-based Secure Conversation and Collaboration , 2007, IEEE International Conference on Web Services (ICWS 2007).

[4]  Mark Levene,et al.  XCQ: A queriable XML compression system , 2006, Knowledge and Information Systems.

[5]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .

[6]  Donald E. Eastlake,et al.  XML-Signature Syntax and Processing , 2001, RFC.

[7]  M. P. Michael Energy Awareness for Mobile Devices , 2022 .

[8]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[9]  Andrew D. Gordon,et al.  An advisor for web services security policies , 2005, SWS '05.

[10]  Azzedine Benameur,et al.  XML Rewriting Attacks: Existing Solutions and their Limitations , 2008, ArXiv.

[11]  Azzedine Benameur,et al.  A formal solution to rewriting attacks on SOAP messages , 2008, SWS '08.

[12]  Srivaths Ravi,et al.  A study of the energy consumption characteristics of cryptographic algorithms and security protocols , 2006, IEEE Transactions on Mobile Computing.

[13]  Jian Qin,et al.  Vocabulary Use in XML Standards in the Financial Market Domain , 2003, Knowledge and Information Systems.

[14]  Jörg Schwenk,et al.  Breaking and fixing the inline approach , 2007, SWS '07.

[15]  Mohammad Ashiqur Rahaman An inline approach for secure SOAP requests and early validation , 2006 .

[16]  Latifur Khan,et al.  A study of the model and algorithms for handling location-dependent continuous queries , 2005, Knowledge and Information Systems.