• DocumentCode
    3010900
  • Title

    Multi-party authentication for Web services: protocols, implementation and evaluation

  • Author

    Zhang, Dacheng ; Xu, Jie

  • Author_Institution
    Sch. of Comput., Leeds Univ.
  • fYear
    2004
  • fDate
    14-14 May 2004
  • Firstpage
    227
  • Lastpage
    234
  • Abstract
    The Web service technology allows the dynamic composition of a workflow (or a business flow) by composing a set of existing Web services scattered across the Internet. While a given Web service may have multiple service instances taking pan in several workflows simultaneously, a workflow often involves a set of service instances that belong to different Web services. In order to establish trust relationships amongst service instances, new security protocols are urgently needed. Hada and Maruyabma [2002] presented a session-oriented, multi-party authentication protocol to resolve this problem. Within a session their protocol provides a commonly shared session secret for all the service instances, thereby distinguishing the instances from those of other sessions. However, individual instances cannot be distinguished and identified using the session secret. This leads to vulnerable session management and poor threat containment. In this paper we present a new protocol design for multiparty authentication in which each service instance of a given session is provided with a unique identifier. The coordinated atomic action scheme is exploited for achieving an improved level of threat containment. We evaluate the scalability of our design by means of both experiments and an analytical model. The result shows that time consumed by the authentication process increases linearly with an increase in the number of session participants
  • Keywords
    Internet; fault tolerance; message authentication; protocols; Internet computing; Web service; analytical model; fault tolerance; multiparty authentication; multiparty authentication protocol; protocol design; session-oriented protocol; Analytical models; Authentication; Automatic control; Fault tolerance; Protocols; Scalability; Scattering; Security; Web and internet services; Web services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Object-Oriented Real-Time Distributed Computing, 2004. Proceedings. Seventh IEEE International Symposium on
  • Conference_Location
    Vienna
  • Print_ISBN
    0-7695-2124-X
  • Type

    conf

  • DOI
    10.1109/ISORC.2004.1300354
  • Filename
    1300354