A Proposed SOAP Model Against Wrapping Attacks and Insecure Conversation
The web services in SOA are under the heterogeneous ownership domains, there should be a uniform means to offer, discover and interact with each other. Ensuring interoperatability among the web service which is under various ownership domains is the most important challenge. One of the major interoperatablilty issue is protecting the SOAP message from rewriting attacks and insecure conversation as the contents of a SOAP message protected by an XML Signature as specified in WS-Security can be altered without invalidating the signature. The paper presents a proposed SOAP model avoids rewriting attacks and ensures secure conversation. The model highlighted three possible recommendations namely, using shared key for encrypting timestamp in the message body for generating corresponding signature; Secondly, using value referencing both for signature validation and message processing; and finally encrypting the whole SOAP body instead of sending an open SOAP Message in the network to prevent unauthorized access. The paper at the end concludes that the proposed model not only successfully detects rewriting attacks and establishes secure conversation but it also has less overhead in terms of performance metric time which is an important issue in security.
Keywords: Ws-secure conversation, wrapping attacks, SOAP message, rewriting attacks, WS-Security.
Download Full-Text
ABOUT THE AUTHORS
Rajni Mohana
Rajni Mohana is currently working as a senior lecturer in Department of CSE & IT at Jaypee University of Information Technology (JUIT), Waknaghat, India. She has an academic experience of 9 yrs and is also persuing her Ph.D from Jaypee University of Information Technology (JUIT), Waknaghat, India
Deepak Dahiya
Deepak Dahiya is currently working as Professor in the Department of CSE & IT at Jaypee University of Information Technology (JUIT), Waknaghat, India. He has M.S. and PhD degrees in Computer Science from BITS Pilani, India. His interdisciplinary research interests span over Software Engineering and IT Management. He is also a reviewer for various renowned journals from Elsevier, IET, Taylor Francis and Wiley. Deepak is a Visiting Researcher to RMIT University, Australia, Guest Faculty to Indian Institute of Management (IIM) Rohtak, India, Indian Institute of Management (IIM) Kozhikode, India and LNM Institute of Information Technology (LNMIIT) Jaipur, India. He is a senior member of IEEE and life member of Computer Society of India
Rajni Mohana
Rajni Mohana is currently working as a senior lecturer in Department of CSE & IT at Jaypee University of Information Technology (JUIT), Waknaghat, India. She has an academic experience of 9 yrs and is also persuing her Ph.D from Jaypee University of Information Technology (JUIT), Waknaghat, India
Deepak Dahiya
Deepak Dahiya is currently working as Professor in the Department of CSE & IT at Jaypee University of Information Technology (JUIT), Waknaghat, India. He has M.S. and PhD degrees in Computer Science from BITS Pilani, India. His interdisciplinary research interests span over Software Engineering and IT Management. He is also a reviewer for various renowned journals from Elsevier, IET, Taylor Francis and Wiley. Deepak is a Visiting Researcher to RMIT University, Australia, Guest Faculty to Indian Institute of Management (IIM) Rohtak, India, Indian Institute of Management (IIM) Kozhikode, India and LNM Institute of Information Technology (LNMIIT) Jaipur, India. He is a senior member of IEEE and life member of Computer Society of India