Professional Documents
Culture Documents
Pervasive Web Services and Security 2010
Pervasive Web Services and Security 2010
AND WEB-DRIVEN
APPLICATION SYSTEMS
Conclusion
ELEMENTS OF PERVASIVE WEB
Pervasive Computing Infrastructure involving:
Internetwork of computing nodes (local / global: private
/ public or a combination)
HTTP support enabled atop the Internetwork-in-
question with w3c recommendations in place
Support for the transparency in spite of heterogeneity
of devices, platforms, languages, services
Provision for Web Service Description, Web Service
Deployment, Web Service Publication, Web Service
Discovery, Web Service Access / Usage, Web Service
Monitoring / Security
Applications (client, middleware, server side) which
could exploit the above referred provisions on respective
devices / device clusters.
ENABLING WEB-BASED APPLICATIONS FOR
PERVASIVE COMPUTING DEVICES
Goal: Efficient transformation of input formats to
required output format for delivery and use by pervasive
computing devices OR dynamically generating data in
required format
The respective mechanisms used to accomplish the task:
„Transcoding‟ and „Device-specific Content Generation‟
Example: HTML to WML transcoding
Best suited to structured documents written in mark-up
languages like XML, XHTML etc.
Involves post-processing of Server-generated web-based
content
Transcoding can happen at: Application Servers (full or
selective), Application Proxies (full) <former is a better
choice in most cases>
In many cases, Transcoders come with their own sets of
APIs.
MERITS AND DEMERITS OF TRANSCODING IN
THE APPLICATION SERVER VERSUS
APPLICATION PROXY
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/1999/XMLSchema">
<SOAP-ENV:Header> </SOAP-ENV:Header>
<SOAP-ENV:Body>
<ns1:sayHelloTo xmlns:ns1="Hello"
SOAP-ENV:encodingStyle="
http://schemas.xmlsoap.org/soap/encoding/">
<name xsi:type="xsd:string">John</name>
</ns1:sayHelloTo>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
AND, AN ACTUAL SOAP RESPONSE LOOKS LIKE …
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/1999/XMLSchema">
<SOAP-ENV:Body>
<ns1:sayHelloToResponse xmlns:ns1="Hello"
SOAP-ENV:encodingStyle="
http://schemas.xmlsoap.org/soap/encoding/">
<return xsi:type="xsd:string">
Hello John, How are you doing?
</return>
</ns1:sayHelloToResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
SOAP HEADER SECTION
•Note: Put application in a package. Create a jar file from the package and
put the package in <tomcat_home>/lib, so that it will be in Tomcat's
classpath
DEPLOYING THE WEB SERVICE
Note that the last argument is the URI of the web service
to be removed
WHAT MUST THE CLIENT DO: A SUMMARY NOTE
Configuration service
administration
service
Preferences service
Package
administration
service
CLIENT AUTHENTICATION OVER THE
INTERNETWORKS
There exist four possibilities:
No Authentication
Basic Authentication
Moderate Authentication
Advanced Authentication
This
clearly is as insecure as the default
Telnet authentication scheme.
Middleware-specific Issues
Server-side Issues
ROLE OF NETWORK SECURITY IN
PERVASIVE COMPUTING ENVIRONMENTS
INTERACTION POINTS
Brief introduction to Network and internetwork
Security Principles
Various forms and mechanisms of security
Masquerade attacks
Non-monitoring approaches
Model-based
Experimental Replication-based
It is capable of verification;
(c) http://www.cs.hut.fi/Opinnot/Tik-86.174/Bluetooth_Security.pdf
IEEE 802.11 ARCHITECTURE
WARDRIVING / BOATING
(sometimes intentionally)
open access to the Internet
http://www.catalina42.org/war-sail/
802.11 SECURITY OVERVIEW
Good setup depends on network topology
There are a few choices
WEP is broken and IPsec should be used
instead as much as possible (probably in
tunnel mode)
TLS should then be used wherever sensible above
IPsec (e.g. IMAP over SSL)
Thensecure applications should be used
where possible
Probably based on proprietary protocols (which
may make use of standard constructs like PKCS#7)
WEP ENCAPSULATION
802.11 Hdr Data
Encapsulate Decapsulate
Pseudo-random
Encryption Key K number
generator
Random byte b
c1 = p1 b c2 = p2 b
Then:
c1 c2 = (p1 b) (p2 b) = p1 p2
•By the Birthday Paradox, probability Pn two packets will share same IV
after n packets is P2 = 1/224 after two frames and Pn = Pn–1 + (n–1)(1–Pn–1)/
224 for n > 2.
• 50% chance of a collision exists already after only 4823 packets!!!
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
WLAN TOPOLOGIES
Sensible network topologies
Corporate (small WLAN)
Corporate (widespread WLAN)
Service provider
Volunteerism
Network topology issues
Network access
Address allocation (DHCP)
NAT/private addresses
Firewall location and rulesets
SOME INTERESTING NETWORKS
Mobile Ad-hoc networks:
Idea is that a network emerges from nodes which just
happen to be in the vicinity (AODV)
Delay tolerant networks
Sensor networks
Issues:
Mainly academic at the moment
Security not really thought all the way through for these yet
PERVASIVE / UBIQUITOUS COMPUTING
What if loads and loads of things (doors, TVs,
couches) were nodes on a network?
Hot topic
How do you secure these systems?
Thank you!
Thank you!