Design of a security mechanism for RESTful Web Service communication through mobile clients

Backere, Femke De; Hanssens, Brecht; Heynssens, Ruben; Houthooft, Rein; Zuliani, Alexander; Verstichel, Stijn; Dhoedt, Bart; Turck, Filip De

doi:10.1109/noms.2014.6838308

Cited by 10 publications

(7 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…De Backere et al [40] present security mechanisms for REST-based web services focusing on mobile clients. Their protection scheme requires the client to authenticate with the username and the password before retrieving any resources.…”

Section: De Backere Et Almentioning

confidence: 99%

On the Need for a General REST-Security Framework

2019

View full text Add to dashboard Cite

Contemporary software is inherently distributed. The principles guiding the design of such software have been mainly manifested by the service-oriented architecture (SOA) concept. In a SOA, applications are orchestrated by software services generally operated by distinct entities. Due to the latter fact, service security has been of importance in such systems ever since. A dominant protocol for implementing SOA-based systems is SOAP, which comes with a well-elaborated security framework. As an alternative to SOAP, the architectural style representational state transfer (REST) is gaining traction as a simple, lightweight and flexible guideline for designing distributed service systems that scale at large. This paper starts by introducing the basic constraints representing REST. Based on these foundations, the focus is afterwards drawn on the security needs of REST-based service systems. The limitations of transport-oriented protection means are emphasized and the demand for specific message-oriented safeguards is assessed. The paper then reviews the current activities in respect to REST-security and finds that the available schemes are mostly HTTP-centered and very heterogeneous. More importantly, all of the analyzed schemes contain vulnerabilities. The paper contributes a methodology on how to establish REST-security as a general security framework for protecting REST-based service systems of any kind by consistent and comprehensive protection means. First adoptions of the introduced approach are presented in relation to REST message authentication with instantiations for REST-ful HTTP (web/cloud services) and REST-ful constraint application protocol (CoAP) (internet of things (IoT) services).

show abstract

Section: De Backere Et Almentioning

confidence: 99%

On the Need for a General REST-Security Framework

2019

View full text Add to dashboard Cite

show abstract

“…A key concern in designing secure web services observed by [6] is that the limitations of mobile devices need to be taken into account when designing secure web services. These limitations include lower processing power of mobile devices, limited battery power and the ability to function in changing network conditions.…”

Section: Mobile Device Limitationsmentioning

confidence: 99%

“…A good mobile web-app developer needs to be cautious and thoughtful as to how they develop and implement security in their mobile web applications lest their applications become compromised. According to [6], malicious activities that need to be taken into account when designing web services include:…”

Section: Web Service Securitymentioning

confidence: 99%

“…These mechanisms identified by [6] include Open Authorization (OAuth), OpenID, Transport Layer Security (TLS/SSL), Token Based Authentication (sessions) and HTTP Digest Authentication Scheme (DAS). These authentication methods all have their advantages and disadvantages.…”

Section: Web Service Securitymentioning

confidence: 99%

“…One performance concern that was noted by [6] is that since RESTful web services are stateless i.e., the web servers to not keep the state of a communication with a host, "data tends to be sent in a rather repetitive way, because no history is saved, possibly resulting in a larger overhead than typical state-full alternatives." It can also be noted that given that mobile devices web applications are the topic of discussion, it is important to note that since mobile devices generally have the option of using metered connections to the internet, JSON based web-services are recommended over XML based web services because JSON web services use a smaller amount of text to represent the same data as an XML based service which is important in cases where end users may have to pay for their internet connectivity per megabyte.…”

Section: Web Service Performancementioning

confidence: 99%

See 2 more Smart Citations

An Analysis of Security and Performance Concerns in Mobile Web Application Development: Challenges and Open Issues

Kunda

Chishimba

Mulenga

et al. 2017

Int. J. Recent Contrib. Eng. Sci. IT

View full text Add to dashboard Cite

Abstract-The paper focuses on security and performance concerns in mobile web development. The approach used in the study involved surveying journal publications to identify security and performance concerns. The paper highlights some of the contemporary issues currently being faced by application developers as they create, update and maintain mobile web applications including Cross-Site Scripting, Cookie hijacking/theft, location hijacking, history theft, behavior analysis, session hijacking, API design, security and the type of web server used considered.

show abstract