Abstract
Service oriented architecture is a current and popular software engineering paradigm providing agile web services to consumers in a dynamically changing enterprise environment. The SOAP messages are used to establish communication between the web services which are vulnerable to rewriting attacks and insecure conversation. XML Signature as specified in WS-Security provides security to the contents of the SOAP messages but is insufficient. This paper proposes a SOAP model where rewriting attacks can be avoided and a secure conversation can be established as well. This paper recommends three steps, firstly using shared key for encrypting timestamp in the message body for generating corresponding signature; Secondly, using value referencing both for signature validation and message processing; and finally encrypting the whole SOAP body instead of sending an open SOAP Message in the network to prevent unauthorized access. The paper concludes that the proposed model successfully detects rewriting attacks and establishes secure conversation in the to-and-fro message transmission.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Information Security and Privacy
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
