Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Mobile Web services authentication using SAML and 3GPP generic bootstrapping architecture

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

In this paper we present a platform for the direct consumption of web services by a Mobile Station. We give an architectural solution where Mobile Operators play the role of Trusted Third Parties supplying service credentials that allow a co-located 3GPP Network Application Function and Liberty-enabled Identity Provider entity to implement a controlled Shopping Mall service to Mobile Stations from multiple trust domains. We consider both the protocol and the structure and syntax of the various tokens required to minimise service latency over the bandwidth and performance constrained mobile system, whilst providing adequate security services to protect against the perceived threat model. To validate our proposal we have developed code to create a Web Service test scenario using SAML authentication tokens utilising readily available J2ME, Java Card, J2SE and J2EE platforms, Web Services tools from Apache, the KToolBar emulator from Sun, and the JCOPS suite of tools for Java Card applet development.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Access to network application functions using hypertext transfer protocol over transport layer security. Technical report, ETSI European Telecommunications Standards Institution, June 2005. UMTS, Generic Authentication Architecture (2005)

  2. Generic bootstrapping architecture. Technical report, ETSI European Telecommunications Standards Institution, June 2005. UMTS, Generic Authentication Architecture (2005)

  3. Interworking of Liberty Alliance ID-FF, ID-WSF and Generic Authentication Architecture. Technical report, 3GPP 3rd Generation Partnership Project, July 2005. 3GPP TR 33.980; Technical Specification Group Services and System Aspect, Release 4 (2005)

  4. SAML V2.0 Executive Overview. Technical report, OASIS, April 2005. OASIS Standard (2005)

  5. Block C., Wagner A.C.: MIDP 2.0 Style Guide. Addison-Wesley, London (2003)

    Google Scholar 

  6. Ford R.: Managing retail service businesses for the 1990s: Marketing aspects. Eur. Manage. J. 8, 58–66 (1990)

    Article  Google Scholar 

  7. Krishna, S.: Web Services Framework and Assertion exchange using SAML. W3C, http://www.w3.org (2001)

  8. MacDonald, J.A., Sirett, W.G., Mitchell, C.J.: Overcoming channel bandwidth constraints in secure SIM applications. In: Security and Privacy in the Age of Ubiquitous Computing. Springer Science and Business Media (2005)

  9. Snell J., Tidwell D., Kulchenko P.: Programming Web Services with SOAP. O’Reilly, Cambridge (2002)

    Google Scholar 

  10. Sun Microsystems, http://java.sun.com/products. Wireless Toolkit, Version 2.1 (2003)

Download references

Author information

Authors and Affiliations

  1. Mobile Networks Research Group, School of Engineering and Mathematical Sciences, City University, Northampton Square, London, EC1V 0HB, UK

    Kalid Elmufti, Dasun Weerasinghe, M. Rajarajan, Veselin Rakocevic & Sanowar Khan

  2. Information Security Group, Royal Holloway, University of London, Egham, TW20 0EX, UK

    John A. MacDonald

Authors
  1. Kalid Elmufti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dasun Weerasinghe
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. Rajarajan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Veselin Rakocevic
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sanowar Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. John A. MacDonald
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kalid Elmufti.

Additional information

This work was supported by sponsorship funding from City University, London. This work was supported by sponsorship funding from Telefonica Móviles, España.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Elmufti, K., Weerasinghe, D., Rajarajan, M. et al. Mobile Web services authentication using SAML and 3GPP generic bootstrapping architecture. Int. J. Inf. Secur. 8, 77–87 (2009). https://doi.org/10.1007/s10207-008-0065-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-008-0065-y

Keywords

Search

Navigation