Evaluating the QoS Impact of Web Service Anonymity

Web services enable the collaboration across organizational boundaries and, thus, are a powerful technology for implementing global Service-oriented Architectures, i.e., the Internet of Services. Despite typical security mechanisms such as message encryption, attackers can create detailed profiles of service consumers, providers, and market places by merely monitoring communication endpoints. In a business context, this traffic analysis threatens the relationship anonymity of the participants and can reveal sensitive information about an organization’s underlying business processes or a provider’s client base. In this paper, we evaluate the impact of using established standard anonymity mechanisms on selected Quality of Service (QoS) parameters for Web services in real networks. The obtained results aim at quantifying side-effects of using state-of-the-art countermeasures for service-specific attacks in cross-organizational collaboration.

[1]  Ralf Steinmetz,et al.  Attacks on the Internet of Services , 2010, MKWI.

[2]  Marcel-Catalin Rosu,et al.  A survey of public web services , 2004, WWW Alt. '04.

[3]  Ray Jain,et al.  The art of computer systems performance analysis - techniques for experimental design, measurement, simulation, and modeling , 1991, Wiley professional computing.

[4]  I. V. Ramakrishnan,et al.  A Framework for Building Privacy-Conscious Composite Web Services , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[5]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[6]  Daniel A. Menascé,et al.  QoS Issues in Web Services , 2002, IEEE Internet Comput..

[7]  Barbara Carminati,et al.  Towards standardized Web services privacy technologies , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[8]  Despina Polemi,et al.  A holistic anonymity framework for web services , 2008, PETRA '08.

[9]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[10]  Ralf Steinmetz,et al.  Cross-Organizational Security - The Service-Oriented Difference , 2009, ICSOC/ServiceWave Workshops.

[11]  Ralf Steinmetz,et al.  Attacks on the Internet of Services – The Security Impact of Cross-organizational Service-based Collaboration , 2010 .

[12]  Mike P. Papazoglou,et al.  Service-oriented computing: concepts, characteristics and directions , 2003, Proceedings of the Fourth International Conference on Web Information Systems Engineering, 2003. WISE 2003..

[13]  George Yee,et al.  Privacy policy compliance for Web services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[14]  Nicolas Repp,et al.  Überwachung und Steuerung dienstbasierter Architekturen: Verteilungsstrategien und deren Umsetzung , 2009 .

[15]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[16]  Jorge S. Cardoso,et al.  Service Engineering for the Internet of Services , 2008, ICEIS.

[17]  Marcel-Catalin Rosu,et al.  A Survey of Public Web Services , 2004, EC-Web.

[18]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[19]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[20]  George Danezis,et al.  Systems for Anonymous Communication , 2010, FC 2010.

[21]  Raj Jain,et al.  The art of computer systems performance analysis - techniques for experimental design, measurement, simulation, and modeling , 1991, Wiley professional computing.

[22]  Burton Rosenberg,et al.  Handbook of Financial Cryptography and Security , 2010 .

[23]  Jothy Rosenberg,et al.  Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption , 2004 .

[24]  Albert Benveniste,et al.  Probabilistic QoS and Soft Contracts for Transaction-Based Web Services Orchestrations , 2008, IEEE Transactions on Services Computing.

[25]  Dieter Schuller,et al.  QoS-Aware Service Composition for Complex Workflows , 2010, 2010 Fifth International Conference on Internet and Web Applications and Services.

[26]  Prasad A. Chodavarapu,et al.  SOA SECURITY , 2008 .

[27]  Christoph Schroth The internet of services: Global industrialization of information intensive services , 2007, 2007 2nd International Conference on Digital Information Management.