research-article

A holistic anonymity framework for web services

Authors:

Spyridon Papastergiou,

Giorgos Valvis,

Despina PolemiAuthors Info & Claims

PETRA '08: Proceedings of the 1st international conference on PErvasive Technologies Related to Assistive Environments

Article No.: 38, Pages 1 - 8

https://doi.org/10.1145/1389586.1389632

Published: 16 July 2008 Publication History

Abstract

Security and Interoperability has been considered as the main requirements for e/m-business services. Technologies such as XML-security and WS-security were acknowledged as the most appropriate solutions to meet these requirements and Service Oriented Architectures (SOAs), the most appropriate framework design. Anonymity has become lately an additional requirement for various e/m-business services (e.g. e/m-ordering, e/m-ticketing) enabling the execution of unlikable, untraceable and unobservable interactions and enhancing the privacy of these services This paper proposes a holistic SOA meeting the security, interoperability and anonymity requirements.

References

[1]

High, R., Kinder, S., Graham., S.: IBM's SOA Foundation -- An architectural Introduction and Overview. (2005).]]

[2]

G. M. Naedele, "Standards for XML and Web Services Security", IEEE Computer, pp.96-98, 2003.]]

Digital Library

[3]

ETSI TS 101 903 v.1.2.2, "XML Advanced Electronic Signatures (XAdES)", Technical Specification, 2004, http://uri.etsi.org/01903/v1.2.2/ts_101903v010202p.pdf.]]

[4]

A. Pfitzmann, M. Hansen. (2005). Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management -- A Consolidated Proposal for Terminology. Version v0.23 Aug. 25, 2005.]]

[5]

E. Gabber, P. Gibbons, D. Kristol, Y. Matias, and A. Mayer, "Consistent, yet anonymous, Web access with LPWA," Communication ACM, vol.42, no.2, pp.42--47, Feb. 1999.]]

Digital Library

[6]

H. Tillwick, M. Olivier. Towards a framework for connection anonymity. Annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries. ACM International Conference Proceeding Series, vol.150, pp113 -- 122, 2005.]]

Digital Library

[7]

Øverlier, L., and Syverson, P., Valet services: Improving hidden servers with a personal touch. In Proceedings of The 6th Workshop on Privacy Enhancing Technologies, Springer-Verlag, LNCS 4285, Cambridge, UK, June 28--30 (2006).]]

Digital Library

[8]

R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Second-Generation Onion Router," Proc. 13th Usenix Security Symp., Usenix Assoc., 2004, pp. 303--319; http://tor.eff.orgtor-design.pdf.]]

Digital Library

[9]

J. F. Raymond, Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems. In H. Federrath, editor, Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, pages 10--29. Springer-Verlag, LNCS 2009, July 2000.]]

Digital Library

[10]

D. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms", in Communications of the ACM v 24 no 2 (Feb 1981).]]

Digital Library

[11]

U. Moeller et al., Mixmaster protocol version 2, Technical report, Network Working Group, 2004, Internet-Draft.]]

[12]

G. Danezis, R. Dingledine, and N. Mathewson, Mixminion: Design of a type III anonymous remailer protocol, in IEEE Symposium on Security and Privacy, IEEE, Berkeley, CA, 2003.]]

Digital Library

[13]

M. K. Reiter and A. D. Rubin. Crowds: Anonymity for web transactions. ACM Transactions on Information System Security, April 1998.]]

Digital Library

[14]

The Six/Four System. http://sourceforge.net/projects/sixfour/.]]

[15]

Anonymizer, Inc. http://www.anonymizer.com/.]]

[16]

M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Proxies for anonymous routing. In 12th Annual Computer Security Applications Conference, 1996. http://www.onion-router.net/Publications.html.]]

Digital Library

[17]

R. Dingledine and N. Mathewson. Tor rendezvous specification. Technical report, The Free Haven Project, February 2006. http://tor.eff.org/cvs/doc/rend-spec.txt.]]

[18]

M. K. Wright, M. Adler, B. N. Levine, C. Shields. The predecessor attack: An analysis of a threat to anonymous communications systems. ACM Trans. Inf. Syst. Secur. 7 (2004) 489--522.]]

Digital Library

[19]

S. J. Murdoch, G. Danezis. Low-cost traffic analysis of Tor. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, IEEE CS (2005)]]

Digital Library

[20]

L. Øverlier, P. Syverson. Locating hidden servers. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, IEEE CS.]]

Digital Library

[21]

B. Hartman et al., Mastering Web Services Security, Wiley Publishing, 2003.]]

Digital Library

[22]

WS-Trust Specification 1.3, OASIS Standard, 2007, http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.doc.]]

[23]

WS-Security Core Specification 1.1, OASIS Standard 1.1, http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf.]]

[24]

W. Mao. Blind Certification of Public Keys, HP Labs Technical Reports, HPL-96-71, May 16, 1996.]]

[25]

E. Christenssen et al. (2001). "Web Services Description Language (WSDL) 1.1", W3C Note, www.w3.org/TR/wsdl.]]

[26]

Schlimmer J., ed., (2004). "Web Services Policy Framework (WS-Policy)". September 2004. Available http://www-128.ibm.com/developerworks/webservices/library/specification/ws-polfram/]]

[27]

T. Bellwood (editor). (2002). "UDDI version 2.04 API Specification", UDDI Committee Specification, OASIS Standard, www.oasis-open.org/committees/uddi-spec/doc/tcspecs.htm#uddiv2.]]

[28]

Web Services Addressing 1.0 -- Core, W3C Recommendation 9 May 2006, http://www.w3.org/TR/ws-addr-core/]]

[29]

S. Papastergiou, A. Karantjias, D. Polemi, "A Federated Privacy-Enhancing Identity Management System (FPE-IMS)", in The 18th Annual IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, 2007.]]

[30]

Papastergiou S, Kaliontzoglou A., Polemi D., "Targeted SOA-based Identity Management Solutions". Computer Standards and Interfaces, Elsevier (to be accepted).]]

[31]

C. Adams, S. Lloyd, Understanding Public-Key Infrastructure -- Concepts, Standards and Deployment Considerations, 1st Edition, Macmillan Technical Publishing, 1999.]]

Digital Library

[32]

W. Ford et al, "XML Key Management Specification XKMS", W3C note, March 2001, www.w3.org/TR/xkms.]]

[33]

Polemi, D., Papastergiou, S., "A Secure e-Ordering Web Service", Project E-Society: Building Bricks, Springer Boston, Volume 226/2006, ISBN 978-0-387-39226-4, pp. 352--365.]]

[34]

Papastergiou, S., Polemi, D., "A Secure and Trustful e-Ordering Architecture (TOES) for Small and Medium size Enterprises (SMEs)". International Journal of Information Security and Privacy, IdeaGroup Inc., 2007.]]

[35]

A. Serjantov, R. Dingledine, and P. Syverson. From a trickle to a flood: Active attacks on several mix types. In F. Petitcolas, editor, Information Hiding (IH 2002). Springer-Verlag, LNCS (forthcoming), 2002.]]

Digital Library

[36]

M. Papazoglou, W. Heuvel, "Service Oriented Architectures: Approaches, Technologies and Research Issues", The VLDB Journal, Vol. 16, Issue 3, pp. 389--415, 2007]]

Digital Library

[37]

R. M. Needham. Denial of service. In CCS '93:Proceedings of the 1st ACM conference on Computer and communications security, pages 151--153, New York, NY, USA, 1993. ACM Press.]]

Digital Library

Cited By

Lampe UMiede ALusa TSchulte SSteinmetz RDustdar S(2013)An Analysis of Anonymity Side Effects in the Internet of ServicesProceedings of the 2013 Conference on Networked Systems10.1109/NetSys.2013.15(51-58)Online publication date: 11-Mar-2013
https://dl.acm.org/doi/10.1109/NetSys.2013.15
Miede ALampe USchuller DEckert JSteinmetz R(2010)Evaluating the QoS Impact of Web Service AnonymityProceedings of the 2010 Eighth IEEE European Conference on Web Services10.1109/ECOWS.2010.8(75-82)Online publication date: 1-Dec-2010
https://dl.acm.org/doi/10.1109/ECOWS.2010.8

Index Terms

A holistic anonymity framework for web services
1. Applied computing
  1. Electronic commerce
    1. Secure online transactions
2. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

Minimal privacy disclosure for Accessing Web services
INFOS '16: Proceedings of the 10th International Conference on Informatics and Systems

Web services are considered as a powerful solution for information systems integration which is based on the service oriented architecture (SOA). Privacy is a big obstacle when using web services. Therefore, accessing web service with minimal privacy ...
Quality Model for Web Services from Multi-stakeholders' Perspective
ICIME '09: Proceedings of the 2009 International Conference on Information Management and Engineering

In the current implementation of SOA using web services, where different services can provide the same functionality for consumers, QoSs of these services are essential in determining the most suitable services for consumers. Although QoS for web ...
Efficient algorithms for Web services selection with end-to-end QoS constraints

Service-Oriented Architecture (SOA) provides a flexible framework for service composition. Using standard-based protocols (such as SOAP and WSDL), composite services can be constructed by integrating atomic services developed independently. Algorithms ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

PETRA '08: Proceedings of the 1st international conference on PErvasive Technologies Related to Assistive Environments

July 2008

607 pages

ISBN:9781605580678

DOI:10.1145/1389586

Editors:
Fillia Makedon
University of Texas at Arlington
,
Lynne Baillie
Telecom Research Center Vienna (FTW), Austria
,
Grammati Pantziou
TEI of Athens (Department of Informatics), Greece
,
Ilias Maglogiannis
University of Central Greece (Department of Computer Science and Biomedical Informatics), Greece

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Motorola: Motorola
NSF
SERC: SERC
NIST: National Institute of Standards & Technology

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 July 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Sixth Framework Programme

Conference

PETRA '08

Sponsor:

Motorola
SERC
NIST

PETRA '08: The 1st International Conference on PErvasive Technologies Related to Assistive Environments

July 16 - 18, 2008

Athens, Greece

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
266
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lampe UMiede ALusa TSchulte SSteinmetz RDustdar S(2013)An Analysis of Anonymity Side Effects in the Internet of ServicesProceedings of the 2013 Conference on Networked Systems10.1109/NetSys.2013.15(51-58)Online publication date: 11-Mar-2013
https://dl.acm.org/doi/10.1109/NetSys.2013.15
Miede ALampe USchuller DEckert JSteinmetz R(2010)Evaluating the QoS Impact of Web Service AnonymityProceedings of the 2010 Eighth IEEE European Conference on Web Services10.1109/ECOWS.2010.8(75-82)Online publication date: 1-Dec-2010
https://dl.acm.org/doi/10.1109/ECOWS.2010.8

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten