A Kerberos security architecture for web services based instrumentation grids

Moralis, Athanasios; Pouli, Vassiliki; Papavassiliou, Symeon; Maglaris, Vasilis

doi:10.1016/j.future.2008.11.004

Cited by 10 publications

(7 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These tests also showed that Kerberos displayed up to a 28% packet throughput improvement over X.509 under full load conditions on the server. Further studies by Moralis et al (2009) demonstrated that Kerberos consistently exhibited up to 50% message throughput improvement over X.509. However, it was shown by Van Engelen and Zhang (2008) that WS-Security message encryption and signing using HMAC symmetric keys can be an order of magnitude faster than using Kerberos, assuming the X.509 token profile is used.…”

Section: Ws Security and Soap Messaging Performancementioning

confidence: 99%

“…Web service messaging has the capability to traverse multiple applications and intermediary nodes before reaching an end point. TLS/SSL prevents message re-routing because the addressing information cannot be read within the message header at the intermediary nodes (Moralis et al, 2009). WS-Security on the other hand can provide end-to-end message level security (Web Services Security, 2006) and also allows cryptography to be applied to separate parts of the SOAP message.…”

Section: Web Service Securitymentioning

confidence: 99%

“…Based on similar experiments in the past (Moralis et al, 2009;Tang et al, 2006;Liu et al, 2005) it was decided that the use of a simple web service and client was the best option for this research. This approach meant that other processing overheads that might distort the performance measurements could be ignored.…”

Section: Performance Frameworkmentioning

confidence: 99%

“…For example the results measured by Liu et al (2005) were achieved using Java 1.4.2. Apache Axis 1.3 and Java 1.5 were used by Moralis et al (2007Moralis et al ( , 2009.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

WS-I* compliant web service SOAP message security performance

McHale

O'Raw

Curran

2012

IJWS

View full text Add to dashboard Cite

The OASIS web services security (WSS) standard has been developed to provide encryption and digital signing for SOAP messaging to ensure the information in the message is confidential and that the sender and receiver are who they say they are. It has also introduced interoperability and performance problems. Interoperability has been improved with the introduction of the WS-I* Basic and Basic Security Profiles. New web stacks such as Apache CXF have attempted to address performance issues. The purpose of this research is to investigate the performance impacts of securing WS-I* compliant SOAP messages when using the Apache CXF web service framework. We measured the performance impact of WS-Security and WS-SecureConversation under different conditions and using various WS-I* compliant cryptographic algorithms. We found that WS-SecureConversation is the better option when sending a large number of messages but for a small number of large messages WS-Security can sometimes be the better option.

show abstract

Section: Ws Security and Soap Messaging Performancementioning

confidence: 99%

Section: Web Service Securitymentioning

confidence: 99%

Section: Performance Frameworkmentioning

confidence: 99%

“…For example the results measured by Liu et al (2005) were achieved using Java 1.4.2. Apache Axis 1.3 and Java 1.5 were used by Moralis et al (2007Moralis et al ( , 2009.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

WS-I* compliant web service SOAP message security performance

McHale

O'Raw

Curran

2012

IJWS

View full text Add to dashboard Cite

show abstract

“…As the user information and keys are stored on the smart card but processed on the host computer for intended applications, consequently, this leads to high risk of identity theft. This problem has been solved by smart token [3] [4] [12] through developing API allowing applications to use a smart token that can process the key operations on its own rather than on the host computer.…”

Section: Introductionmentioning

confidence: 99%

SAFEST: Secure Actions for FTP Environment with Smart Token

Sobh

Khalil

EPiC Series in Computing

View full text Add to dashboard Cite

Nowadays, with the wide applications of distributed systems, web-based applications, and communications systems over the Internet for carrying data between users such as terminal client and computer/server or communications between different devices using a computer network, network security has become crucial requirement to ensure authentic received data during transmission. Authentication and encryption are basic procedures to ensure secure communications over a public network due to tamper-resistance and convenience in dealing with a password file. Most of the used protocols; HTTP, FTP, and SMTP of the Internet applications use text stream that is more and more vulnerable to attacks. Encryption represents the main security for the most computer applications.This work proposes enhanced secure actions for transferring data using FTP protocol by using a smart token. A smart token has the capabilities of the smart card, but more secured beside some interesting operations. A practical and secure user scheme, based on a smart token device, is proposed. A Secure Platform has been developed using implemented APIs and PKCS#11 as RSA standard interface. The proposed API is called SAFEST (Secure Actions for FTP Environment with Smart Token). SAFEST API wraps a standard protocol for implementing the communication between a token and the application using it. This API is a platform independent, scalable to support more functionality, optimizing token usage and adding more security for accessing token objects. The smart token can process the cryptographic key operations on its own rather than on the host computer, which supports high-level platform independence. In addition, through the proposed SAFEST API, standard interfacing to such token devices from any vendor can be implemented through using PKCS#11 interfaces, developed by RSA labs.

show abstract