Security in Web Services

Services. Security is a major concern when implementing mission-critical business transactions and such concern motivated the development of Web Services Security (WS-Security). However, the existing tools for configuring the security properties of Web Services give a technology-oriented view, and only assist in choosing the data to encrypt and selecting an encryption algorithm. The users must construct their own mental models of how the security configurations actually relate to business policies.

Web Services are substantially growing and become vital for businesses and organizations. A major concern, especially for mission-critical applications is Security. This study focuses on developing Scalable Vector Graphics (SVG) as Web services. In particular, we develop a serviceoriented architecture that securely manages SVG Web services using the intermediary design pattern. In the proposed architecture we introduced two kinds of specialized security intermediaries to enforce SVG signature/authentication and encryption/decryption. A prototype of the proposed architecture has been implemented based on Apache Axis.

The web is absolutely necessary part of our lives. It is wide platform which is used for information sharing and service over internet. They are used for the financial, government, healthcare, education and many critical services. Everyday billions of user purchase items, transfer money, retrieve information and communicate over web with each other. Although the web is best friend of users because it provide anytime anywhere access to information and services at the same time. All things are created by human in the world so its reality that the things created by man are little bit problematic. So web applications are also created by human so it contains too many loopholes. The popularity of applications allure hackers towards them. Now a Days Securing and maintaining the websites against attack is very hard and challenging task. Finding loopholes in Web application, Computer system or network and exploiting them called hacking. New approaches for web attacks are invented day to day so the study of detect and prevent against web application attack and finding solution is important part in internet world. In this paper we introduced all web application based attack including two major attacks like XSS (Cross Site Scripting) and SQLI.

Convergence and ubiquity are the key characteristics of tomorrows service provision infrastructures. Cloud architectures will constitute cost-efficient backbones that will support the transmission, storage, and computing of the applications contents. These architectures can be used for business, scientific, and pervasive computing purposes. The diversity of the services delivered through cloud infrastructures increases their vulnerability to security incidents and attacks. The cost and complexity reduction requirements render the design and development of protection mechanisms even more challenging. In addition, key design features such as confidentiality, privacy, authentication, anonymity, survivability, dependability, and faulttolerance are, in some extent, conflicting. The objective of this tutorial is to present the state-of-the-art of security and explore research directions and technology trends to address the protection of cloud communications and networking infrastructures. An emphasis will be made on the collaboration of mobile devices in cloud based infrastructures. The fundamental concepts of cloud computing security will be explored, including cloud security services, cloud security principles, cloud security requirements, and testing techniques.

http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6261019

The 21st century has witnessed an integration of enterprise business process with emerging techniques in a quest to maximize opportunities and organisational strength. In spite of these, vulnerabilities and risks still abound due to the integration for an effective operational mechanism. Militating against these requires strategic techniques for enhancing web services security. It is on this background that this paper has been presented. A critical study of web services architecture and cloud computing model as an emerging technology has been given a succinct digest. Furthermore, an evaluation of recent trends in web services and cloud computing model security issues were x-rayed. The threat to web services application deployed in cloud computing were identified hence presenting strategic techniques for enhancing web services security as a proactive measure to enhancing enterprise success. This paper concludes by re-iterating the need to understanding various security threats and proactively and dynamically reacting to them.

Web service architectures have gained popularity in recent years within the scientific grid research community. One reason for this is that web services allow software and services from various organizations to be combined easily to provide integrated and distributed applications. However, most applications developed and used by scientific communities are not web-service-oriented, and there is a growing need to integrate them into grid applications based on service-oriented architectures. In this paper, we describe a framework that allows scientists to provide a web service interface to their existing applications as web services without having to write extra code or modify their applications in any way. In addition, application providers do not need to be experts in web services standards, such as Web Services Description Language, Web Services Addressing, Web Services Security, or secure authorization, because the framework automatically generates these details. The framework also enables users to discover these application services, interact with them, and compose scientific workflows from the convenience of a grid portal.

WS-Security describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.

Although web services are becoming businesscritical components, they are often deployed with critical software bugs that can be maliciously explored. Web vulnerability scanners allow detecting security vulnerabilities in web services by stressing the service from the point of view of an attacker. However, research and practice show that different scanners have different performance on vulnerabilities detection. In this paper we present an experimental evaluation of security vulnerabilities in 300 publicly available web services. Four well know vulnerability scanners have been used to identify security flaws in web services implementations. A large number of vulnerabilities has been observed (177), which confirms that many services are deployed without proper security testing. Additionally, the differences in the vulnerabilities detected and the high number of false-positives (35% and 40% in two cases) and low coverage (less than 20% for two of the scanners) observed highlight the limitations of web vulnerability scanners on detecting security vulnerabilities in web services.

Security is considered one of the main challenges for software oriented architectures (SOA). For this reason, several standards have been developed around WS-Security. However, these security standards usually hinder interoperability, one of the main pillars of Web service technologies. Software adaptation is a sound solution where an adaptor is deployed in the middle of the communication to overcome signature, behavioural and QoS incompatibilities between services. This is particularly important when dealing with stateful services (such as Windows Workflows or WS-BPEL processes) where any mismatch in the sequence of messages might lead the orchestration to a deadlock situation. We proposed security adaptation contracts as concise and versatile specifications of how such incompatibilities must be solved. Nonetheless, synthesising an adaptor compliant with a given contract is not an easy task where concurrency issues must be kept in mind and security attacks must be analysed and prevented. In this paper, we present an adaptor synthesis, verification and refinement process based on security adaptation contracts which succeeds in overcoming incompatibilities among services and prevents secrecy attacks. We extended the ITACA toolbox for synthesis and deadlock analysis and we integrated it with a variant of CCS, called Crypto-CCS, to verify and refine adaptors based on partial model checking and logical satisfiability techniques.

This work concentrates on proposing a framework to implement the PKI which enables security in XML documents, by defining a common framework and processing rules that can be shared across applications using common tools, avoiding the need for extensive customization of applications to add security. The Framework reuses the concepts, algorithms and core technologies of legacy security systems while introducing changes necessary to support extensible integration with XML. This allows interoperability with a wide range of existing infrastructures and across deployments. Currently no strict security models and mechanisms are available that can provide specification and enforcement of security policies for XML documents. Such models are crucial in order to facilitate a secure dissemination of XML documents, containing information of different sensitivity levels, among (possibly large) user communities.

Although web services are becoming businesscritical components, they are often deployed with critical software bugs that can be maliciously explored. Web vulnerability scanners allow detecting security vulnerabilities in web services by stressing the service from the point of view of an attacker. However, research and practice show that different scanners have different performance on vulnerabilities detection. In this paper we present an experimental evaluation of security vulnerabilities in 300 publicly available web services. Four well know vulnerability scanners have been used to identify security flaws in web services implementations. A large number of vulnerabilities has been observed (177), which confirms that many services are deployed without proper security testing. Additionally, the differences in the vulnerabilities detected and the high number of false-positives (35% and 40% in two cases) and low coverage (less than 20% for two of the scanners) observed highlight the limitations of web vulnerability scanners on detecting security vulnerabilities in web services.

In this paper particular stages are analyzed present in the iris recognition process. First, we shortly describe available acquisition systems and databases of iris images, which can be used for tests. Next, we concentrate on features extraction and coding with the time analysis. Results of average time of loading the image, segmentation, normalization, features encoding, and also recognition accuracy for CASIA and IrisBath databases are presented.

Instrumentation Grids aim at controlling and managing heterogeneous resources & instruments securely, reliably and in near real-time. Within this context, we present a Web Services based Security Architecture that aims at improving security performance maintaining at the same time interoperability with legacy Grid Security Infrastructure (GSI). Our architecture utilizes GSI X.509 Certificates or Proxy Certificates (RFC3820) for the initial authentication of a user. However, it subsequently maps this identity to a Kerberos one and utilizes WS Security Kerberos Token Profile for embedding user credentials within WS exchange mechanisms. It then provides user authorization, thus realizing a complete AAI (Authentication & Authorization Infrastructure). In order to demonstrate and quantify the performance improvement achieved by our approach over a message exchange using X.509 Certificate Token Profile, we present comparative measurements on implementations of the two options. Our results demonstrate that the Kerberos message exchange schema exhibits up to 50% message throughput improvement, under high CPU load on the server. (A. Moralis), [email protected] (V. Pouli), [email protected] (S. Papavassiliou), [email protected] (V. Maglaris).

Wireless Ad-hoc network has become unavoidable for today's communication world. Most of the wireless ad-hoc networks are prone to potential attacks such as sneak attacks, wormhole attack, sink replication attack etc. This paper aims in preventing sneak attacks that disturb the travelling packets form source to destination through intermediate node in the wireless network. The intermediate node may be a malicious node and impresses the neighboring node as the legitimate node. This intermediate node performs the sneak attacks on the packets and causes link failure or network failure. A new protocol have been formulated to monitor the local network which always maintains the information about the source address, destination address and the routing paths in the intermediate nodes of the wireless ad-hoc networks. The protocol results better in mobility and capturing sneak attacks and malicious node when implemented in NS-2. This work attempts in preventing sneak attacks and discover the malicious node in the wireless ad-hoc networks based on the behavioral detection and the new technique proposed.

Due to these immediate benefits, most IT departments are implementing this technol-ogy with the high-priority objective of mak-ing them operable leaving aside, at least ... MAIN WEB SERVICES SECURITY ISSUES The following section describes some of the major security issues ...

Contemporary e-Business applications comprise of dynamic extensible and interoperable collection of services, Web Services and information shared by collaborating entities performing various transactional tasks. Securing these services offerings is therefore of crucial importance. To address security requirements, there has been a plethora of proposed solutions, ranging from hardware devices and security specifications to software applications. Most of these security solutions are largely technology focused with little or no evaluation and integration of policies and procedures of these collaborating entities. This research investigates the use of an approach that integrates documented cross-enterprise policies with current security technology, to enhance the overall security requirements of businesses that decide to use web services. A policy model for enhancing web services security is developed evaluated and presented.

Mobile Ad Hoc Network (MANET) is a collection of wireless mobile nodes with restricted transmission range and resources, no fixed infrastructure and quick and easy setup. Because of special characteristics, wide-spread deployment of MANET faced lots of challenges like security, routing and clustering. The security challenges arise due to MANETs selfconfiguration and self-maintenance capabilities. In this paper, we present an elaborate view of issues in MANET security. We discussed both security services and attacks in detail. Three important parameters in MANET security are defined. Each attack has been analyses briefly based on its own characteristics and behaviour. In addition, defeating approaches against attacks have been evaluated in some important metrics. After analyses and evaluations, future scopes of work have been presented.

RapidSSL updated their website with new RapidSSL brown, orange and yellow and a sleek new look and feel the significance of a brand that embodies SSL super fast and easy. RapidSSL also migrated their roots to the key sizes of 2048 bits to enable up to 256-bit. Now RapidSSL are updating their site seal to match the new brand and the level of encryption.

Smart grid utility provider collects consumers' power consumption data for three main reasons: billing, analysis, and operation. Billing needs coarse-grained data where there are no, or minimal, privacy concerns. While analysis and operation needs fine-grained data which can highly explore consumers' privacy. Hence, consumers might be reluctant to allow for operational metering to protect their privacy.This paper presents detail description of a reliable DNA-based privacy-preserving (DNAPP) scheme in smart grid. DNAPP assures robust authentication, confidentiality, message integrity, and non-repudiation across the smart grid as well as assuring high consumers' privacy. The scheme demonstrates many good security features, such as: high complexity of O(n!), lightweight , scalable, minimum overhead, no cryptography key exchange between the communicating parties as each of them can determine the key locally and independently. This scheme does not require any level of modifications to the existing smart grid infrastructure or smart meter. It only requires some software modifications.

In this paper brightness correction and stereovision impression based methods of the perceived quality improvement of CCTV video sequences are presented. These methods are helpful for the monitoring operator in order to evoke attention during a long time observation. Clearness of picture is increased by using local brightness correction method. Another available option is a 3D visualization that can be used, e.g., to observe important image regions, which require an increased attention. Stereovision impression experiments and a real-time 2D to 3D video conversion tool are described.

Web Services technologies have introduced a new challenge for security protocols. Traditional security protocols cannot handle intermediaries and the flexibility of Web Services bindings. Thus, several proposals for introducing security in Web Services have been presented. One of these is Web Services Security. In this paper we illustrate how this protocol works, with an example, and analyse whether it is a good option guaranteeing the security of Web Services.

In this paper, we investigate the authorisation service provided by Microsoft ® .NET MyServices [1]. We propose modifications and extensions to eXtensible Markup Language (XML) [2] based data structures' schemas to support a range of commonly used access policies in commercial systems. We have developed the modified access evaluation algorithms that take the proposed extensions into account. The extensions proposed in this paper have been used in the specification and analysis of a practical application involving access control to electronic patient records in hospitals.

E-commerce is known as the purchasing and offering of items or administrations over electronic media, for example, the Internet and other PC systems. It is for the most part known as the deals and business capacity of e-business. There has been a gigantic increment in the level of exchange led electronically since the far reaching foundations of the Internet. A wide assortment of exchange is directed through e-business, including Electronic assets transfer(EFT), Supply chain administration, Online promotion, Search motor showcasing, online exchange preparing, electronic information trade and Inventory administration frameworks. These essential sayings of e-commerce are major to the behaviour of secure business on the web. Further to the key adages of e-commerce, Providers must also protect against a number of different external security threats, most notably is Denial of Service (DOS).

The paper provides an overview of available web applications and Web Services security vulnerability models and proposes a classification of the potential Grid and Web Services attacks and vulnerabilities. This is further used to introduce a security model for interacting Grid and Web Services that illustrates how basic security services should interact to provide an attack-resilient multilayer protection in a typical service-oriented architecture. The analysis and the model can be used as a basis for developing countermeasures against known vulnerabilities and proposing security services design recommendations. The paper refers to the ongoing work on middleware and operational security in the framework of the European Grid infrastructure deployment project EGEE and related coordination groups.

WS-Security describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.

Extended Validation (EV) SSL (Secure Sockets Layer) from True BusinessID is an encryption protocol that ensures that traffic, both to and from your website, is secure from prying eyes and hackers. The True BusinessID EV SSL assures the customer that your website payment options and other sensitive information are protected.

Web Services are widely used to provide services and exchange data among business units, customers, partners and suppliers for enterprises. Although Web Services signiflcantly improve the interaction and development of processes in the business world, they raise several security concerns, since they greatly increase the exposure of critical enterprise data. Web Services exchange data using SOAP messages that are based on the interoperable XML language. We have previously introduced XPRIDE as an enhanced security architecture for assuring confldentiality and integrity of SOAP messages. XPRIDE uses contentbased encryption to secure SOAP messages based on their XML content, and depends on security policies to deflne the parts of the SOAP message that need to be encrypted. Security policies are deflned by administrators for each Web Service that needs to be secured. This paper extends XPRIDE using a modular design approach to ensure extensibility, such that new modules can be developed ...

ABTRACT MANET is a kind of Adhoc network with mobile, and wireless nodes. Because of its distinct features like dynamic topology, hop-by-hop communications and easy and quick setup, MANETs encountered lots of challenges allegorically routing, security and clustering. The security challenges arise due to MANET's self configuration and self maintenance capabilities. In this paper, we present an elaborate view of issues in MANET security. Based on MANET's special characteristics, we define three security parameters for MANET. In addition we divided MANET security into two different aspects and discussed each one in detail. A comprehensive analysis in security aspects of MANET and routing approaches is presented. In addition, defeating approaches against attacks have been evaluated in some essential metrics. After analyses and evaluations, future scope of work has been presented.

The majority of key management techniques ignore the adversary's attacking behaviour, making them less practical in the real world. The defender/network designer can effectively and efficiently construct many countermeasures against hostile behaviour by understanding it. The problem of compromise link is investigated in this research, and a secure Hybrid Key Pre-Distribution strategy (HKPS) for wireless sensor networks is proposed (WSN). The robustness of the q-composite system is combined with the threshold resistant polynomial technique in this approach. The suggested approach intends to strengthen the network's resilience to node capture attack

This paper concentrates on proposing a framework to implement the PKI enables security in XML documents, by defining a common framework and processing rules that can be shared across applications using common tools, avoiding the need for extensive customization of applications to add security. The Framework reuses the concepts, algorithms and core technologies of legacy security systems while introducing changes necessary to support extensible integration with XML. This allows interoperability with a wide range of existing infrastructures and across deployments. Currently no strict security models and mechanisms are available that can provide specification and enforcement of security policies for XML documents. Such models are crucial in order to facilitate a secure dissemination of XML documents, containing information of different sensitivity levels, among (possibly large) user communities.

International Journal on Cryptography and Information Security ( IJCIS) is an open access peer reviewed journal that focuses on cutting-edge results in applied cryptography and Information security. It aims to bring together scientists, researchers and students to exchange novel ideas and results in all aspects of cryptography, coding and Information security.