An investigation into interoperable end-to-end mobile web service security

Moyo, T. (2008) An investigation into interoperable end-to-end mobile web service security. Masters thesis, Rhodes University.

[img]
Preview
Text
ThamCorrected.pdf

1530Kb

Abstract

The capacity to engage in web services transactions on smartphones is growing as these devices become increasingly powerful and sophisticated. This capacity for mobile web services is being realised through mobile applications that consume web services hosted on larger computing devices. This thesis investigates the effect that end-to-end web services security has on the interoperability between mobile web services requesters and traditional web services providers. SOAP web services are the preferred web services approach for this investigation. Although WS-Security is recognised as demanding on mobile hardware and network resources, the selection of appropriate WS-Security mechanisms lessens this burden. An attempt to implement such mechanisms on smartphones is carried out via an experiment. Smartphones are selected as the mobile device type used in the experiment. The experiment is conducted on the Java Micro Edition (Java ME) and the .NET Compact Framework (.NET CF) smartphone platforms. The experiment shows that the implementation of interoperable, end-to-end, mobile web services security on both platforms is reliant on third-party libraries. This reliance on third-party libraries results in poor developer support and exposes developers to the complexity of cryptography. The experiment also shows that there are no standard message size optimisation libraries available for both platforms. The implementation carried out on the .NET CF is also shown to rely on the underlying operating system. It is concluded that standard WS-Security APIs must be provided on smartphone platforms to avoid the problems of poor developer support and the additional complexity of cryptography. It is recommended that these APIs include a message optimisation technique. It is further recommended that WS-Security APIs be completely operating system independent when they are implemented in managed code. This thesis contributes by: providing a snapshot of mobile web services security; identifying the smartphone platform state of readiness for end-to-end secure web services; and providing a set of recommendations that may improve this state of readiness. These contributions are of increasing importance as mobile web services evolve from a simple point-to-point environment to the more complex enterprise environment.

Item Type:Thesis (Masters)
Additional Information:M.Sc. (Computer Science)
Uncontrolled Keywords:Java ME, .NET Compact Framework, mobile, web services, WS-Security
Subjects:Y Unknown > Subjects to be assigned
Divisions:Faculty > Faculty of Science > Computer Science
Supervisors:Wright, M. and Irwin, B.
ID Code:1137
Deposited By: Nicolene Mvinjelwa
Deposited On:20 Oct 2008
Last Modified:06 Jan 2012 16:19
927 full-text download(s) since 20 Oct 2008
181 full-text download(s) in the past 12 months
More statistics...

Repository Staff Only: item control page