Design of a security mechanism for RESTful Web Service communication through mobile clients

Author

De Backere, Femke ; Hanssens, Brecht ; Heynssens, Ruben ; Houthooft, Rein ; Zuliani, Alexander ; Verstichel, Stijn ; Dhoedt, Bart ; De Turck, Filip

Author_Institution

Inf. Technol. Dept. (INTEC), Ghent Univ. - iMinds, Ghent, Belgium

fYear

2014

fDate

5-9 May 2014

Firstpage

1

Lastpage

6

Abstract

Security is not taken into account by default in the Representational State Transfer (REST) architecture, but its layered architecture provides many opportunities for implementing it. In this paper, a security mechanism for Web Service communication through mobile clients devices is proposed, that conforms to the REST architecture as much as possible. This approach has been inspired by some known security mechanisms, but implemented in such a way that it focusses on statelessness and aims to be lightweight. Results indicate that the custom security mechanism outperforms the Transport Layered Security (TLS) based system. Because of the genericness of REST, the proposed security mechanism can be adopted by a wide variety of other RESTful Web Services.

Keywords

Web services; mobile computing; security of data; REST architecture; RESTful Web service communication; TLS based system; mobile clients devices; representational state transfer; security mechanism design; transport layered security; Authentication; Cryptography; Databases; Protocols; Servers; Web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Network Operations and Management Symposium (NOMS), 2014 IEEE

Conference_Location

Krakow

Type

conf

DOI

10.1109/NOMS.2014.6838308

Filename

6838308