Efficient Implementation of XML Security for Mobile Devices

The population of mobile devices capable of participating in the Internet has increased dramatically in the last few years. To include this population into the Web service world requires support for the most important features, in particular security at the message level. This paper covers our approach to implement XML security specifications on mobile devices that allows efficient single-pass processing of XML encryption and signatures. Furthermore, we propose extensions to security specifications to better take into account the needs of mobile devices. We demonstrate the performance of our implementation, as well as our proposed extensions, through experiments, carried out in a real mobile environment.

[1]  Andy Clark,et al.  A stream-based implementation of XML encryption , 2002, XMLSEC '02.

[2]  Johannes Helander,et al.  Secure Web services for low-cost devices , 2005, Eighth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC'05).

[3]  Michiaki Tatsubori,et al.  Improving WS-security performance with a template-based approach , 2005, IEEE International Conference on Web Services (ICWS'05).

[4]  Christian Werner,et al.  Compressing SOAP messages by using differential encoding , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[5]  Wei Lu,et al.  A streaming validation model for SOAP digital signature , 2005, HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005..

[6]  W. Kou Wireless Application Protocol , 2006 .

[7]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[8]  Ramesh Karri,et al.  Optimizing the Energy Consumed by Secure Wireless Sessions – Wireless Transport Layer Security Case Study , 2003, Mob. Networks Appl..

[9]  Jonathan Robie,et al.  Editors , 2003 .

[10]  Sasu Tarkoma,et al.  Xebu: A Binary Format with Schema-Based Optimizations for XML Data , 2005, WISE.

[11]  Matjaz B. Juric,et al.  Comparison of performance of Web services, WS-Security, RMI, and RMI-SSL , 2006, J. Syst. Softw..

[12]  Deren Chen,et al.  Generating digital signatures on mobile devices , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[13]  Sasu Tarkoma,et al.  On Encrypting and Signing Binary XML Messages in the Wireless Environment , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[14]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[15]  Blake Ramsdell,et al.  Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification , 2004, RFC.

[16]  J.A. MacDonald,et al.  Using The GSM/UMTS SIM to Secure Web Services , 2005, Second IEEE International Workshop on Mobile Commerce and Services.

[17]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[18]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[19]  Peter Deutsch,et al.  GZIP file format specification version 4.3 , 1996, RFC.

[20]  Steve Anderson,et al.  Web Services Secure Conversation Language (WS-SecureConversation) , 2005 .

[21]  Krste Asanovic,et al.  Energy-aware lossless data compression , 2006, TOCS.

[22]  Dennis Gannon,et al.  Performance comparison of security mechanisms for grid services , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[23]  Michiaki Tatsubori,et al.  An adaptive, fast, and safe XML parser based on byte sequences memorization , 2005, WWW '05.