Secure Web Service Discovery: Overcoming Challenges of Ubiquitous Computing

Dynamic and self-organizing systems like those found in ubiquitous computing or semantic Web based scenarios raise numerous challenges regarding trust and privacy. Service discovery is a basic feature of SOA deployment in such systems, given that entities need to locate services they can describe but that they do not necessarily know. PKI based solutions to securing this mechanism, which require a preliminary key distribution, are therefore rendered awkward and contrived. In contrast, the new concept of attribute based encryption, derived from identity based encryption schemes, makes it possible to create secret communication channels with unknown services based solely on some attributes that are part of their description and in a decentralized fashion, that is, without the introduction of any additional trusted third party like a registry. This paper discusses how such a scalable solution to enabling secure and decentralized discovery protocols can be implemented and put to use. After reviewing the security properties that are expected, the paper then goes on to detail how to extend the WS-discovery Web service protocol with such mechanisms. Preliminary experimental results based on an implementation of this extended protocol are finally presented