Achieving Secure and Flexible M-Services through Tickets

IEEE Transactions on Systems, Man, and Cybernetics Part A:Systems and Humans.

Volumn 33, Issue 6, 2003, Pages 697-708

  Wang, Hua ^a   Zhang, Yanchun ^b   Cao, Jinli ^c   Varadharajan, Vijay ^d  

^a UNIVERSITY OF SOUTHERN QUEENSLAND   (Australia)

^b VICTORIA UNIVERSITY   (Australia)

^c LA TROBE UNIVERSITY   (Australia)

^d MACQUARIE UNIVERSITY   (Australia)

Author keywords

Access control architecture; Anonymity; RBAC; Secure M services; Ticket based access control

Indexed keywords

COMPUTATIONAL COMPLEXITY; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; FUNCTIONS; LARGE SCALE SYSTEMS; NETWORK PROTOCOLS; PUBLIC KEY CRYPTOGRAPHY; SECURITY OF DATA; TELECOMMUNICATION SERVICES; VECTORS; WIRELESS TELECOMMUNICATION SYSTEMS; WORLD WIDE WEB; XML;

ACCESS CONTROL ARCHITECTURE; HASH FUNCTIONS; TICKET BASED ACCESS CONTROL;

MOBILE TELECOMMUNICATION SYSTEMS;

EID: 0347337934     PISSN: 10834427     EISSN: None     Source Type: Journal    
DOI: 10.1109/TSMCA.2003.819917     Document Type: Article

References (34)

1. A. Mehrotra, GSM System Engineering. Norwood, MA: Artech House, 1997.
2. T. Bray, J. Paoli, C. Sperberg-McQeen, and E. Maler, Extensible Markup Language (XML) 1.1 (Second Edition). Cambridge, MA: World Wide Web Consortium (W3C), 2000.
3. D. Box, Simple Object Access Protocol (SOAP) 1.1. Cambridge, MA: World Wide Web Consortium (W3C), 2000.
4. R. Chinnici, M. Gudgin, J. Moreau, and S. Weerawarana, Web Services Description Language (WSDL) 1.2. Cambridge, MA: World Wide Web Consortium (W3C), 2002.
5. (2002) Excellent e-Service. [Online] Available: http://www.excellente-service.com/
6. C. Paul. (2002) Migrate With Red Hat Linux Advanced Server. [Online] Available: http://www.redhat.com/solutions/migration/
7. A. Mehrotra and L. Golding, "Mobility and security management in the GSM system and some proposed future improvements," Proc. IEEE, vol. 86, pp. 1480-1496, July 1998.
8. H. Wang and Y. Zhang, "Untraceable off-line electronic cash flow in e-commerce," in Proc. 24th Australian Computer Science Conf.,. Gold-Coast, Australia, Feb. 2001, pp. 191-198.
9. K. Martin, B. Preneel, C. Mitchell, H. Hitz, A. Poliakova, and P. Howard, "Secure billing for mobile information services in UMTS," in Proc. 5th Int. Conf. Intelligence Services Networks Technology for Ubiquitous Telecom Services. Antwerp, Belgium, May 1998, pp. 535-548.
10. H. Wang, J. Cao, and Y. Zhang, "A consumer anonymity scalable payment scheme with role based access control," in Proc. 2nd Int. Conf. Web Information Systems Engineering, Kyoto, Japan, Dec. 2001, pp. 53-62.
11. M. Bellare, R. Canetti, and H. Krawczyk, "Pseudorandom functions revisited: the cascade construction and its concrete security. Extended abstract," in Proc. 37th Annu. Symp. Foundations Computer Science, Burlington, VT, Oct. 1996, pp. 514-523.
12. D. Waleffe and J. J. Quisquater, "Better login protocols for computer networks," in Proc. Eur. Symp. Research Computer Security, Toulouse, France, Oct. 1990, pp. 163-172.
13. R. L. Rivest, A. Shamir, and L. M. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Commun. ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978.
14. D. R. Stinson, Cryptography: Theory and Practice. Boca Raton, FL: CRC, 1995.
15. H. Wang, J. Cao, and Y. Zhang, "Formal authorization allocation approaches for role-based access control based on relational algebra operations," in Proc. 3nd Int. Conf. Web Information Systems Engineering, Singapore, Dec. 2002, pp. 301-312.
16. H. Feinstein, "Final Report: NIST Small Business Innovative Research (SBIR) Grant: Role Based Access Control: Phase 1. Tech. Rep.," SETA Corp., McLean, VA, Jan 1995.
17. D. Ferraiolo and D. Kuhn, "Role based access control," in Proc. 15th Natl. Computer Security Conf., Washington, DC, Oct. 1992, pp. 544-563.
18. J. Barkley, K. Beznosov, and J. Uppal, "Supporting relationships in access control using role based access control," in Proc. 3rd ACM Workshop RoleBased Access Control, Fairfax, VA, Oct. 1998, pp. 55-65.
19. D. Ferraiolo, J. Barkley, and D. Kuhn, "Role-based access control model and reference implementation within a corporate intranet," ACM Trans. Inform. Syst. Security, vol. 2, no. 1, pp. 34-64, 1999.
20. R. Sandhu, "Future directions in role-based access control models," in Proc. Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security, International Workshop. St. Petersburg, Russia,: Lecture Notes in Computer Science, May 2001, vol. 2052, pp. 67-73.
21. L. Buttyan and J. Hubaux, "Accountable anonymous access to services in mobile communication systems," in Proc. 18th Symp. Reliable Distributed Systems. Lausanne, Switzerland, Oct. 1999, pp. 384-389.
22. B. Pratel and J. Crowcroft, "Ticket based service access for the mobile user," in Proc. MobiCom: Int. Conf. Mobile Computing Networking, Budapest, Hungary, Sept. 1997, pp. 223-232.
23. R. Housley, W. Ford, W. Polk, and D. Solo. (1999, Jan) Internet X.509 Public Key Infrastructure Certificate and CRL Profile. [Online] Available: http://www.ietf.org/rfc/rfc2459.txt.
24. M. Burrows, M. Abadi, and R. Needham, "A logic of authentication, from proceedings of the royal society, volume 426, number 1871, 1989," in William Stallings, Practical Cryptography for Data Internetworks. Los Alamitos, CA: IEEE Comput. Soc. Press, 1996.
25. E. Damiani, S. D. Capitani, and P. Samarati, "Toward securing xml web services," in Proc. ACM Workshop XML Security, Washington, DC, Nov. 2002, pp. 90-96.
26. A. Lubinski, "Security issues in mobile database access," in Proc. IFIP WG 11.3 12th Int. Conf. Database Security. Chalkidiki, Greece, 1999, pp. 223-234.
27. _, "Database security meets mobile requirements," in Proc. Int. Symp. Database Technology Software Engineering. WEB Cooperative Systems, Baden, Germany, Aug. 2000, pp. 110-121.
28. Y. Frankel, A. Herzberg, P. Karger, H. Krawczyk, C. Kunzinger, and M. Yung, "Security issues in a CDPD wireless network," IEEE Pers. Commun., vol. 2, pp. 16-27, Aug. 1995.
29. H. Wang, J. Cao, and Y. Kambayashi, "Building a consumer anonymity scalable payment protocol for the internet purchases," in Proc. 12th Int. Workshop Research Issues Data Engineering: Engineering E-Commerce/E-Business Systems, San Jose, CA, Feb. 2002, pp. 159-168.
30. D. Chaum, "Untraceable electronic mail, return addresses, and digital pseudonyms," Commun. ACM, vol. 24, no. 2, pp. 84-88, 1981.
31. E. Damiani, S. D. Capitani, S. Paraboschi, and P. Samarati, "Design and implementation of an access control processor for XML documents," Comput. Netw., vol. 33, no. 1-6, pp. 59-75, Jun. 2000.
32. _, "Securing SOAP e-services," Int. J. Inform. Security, vol. 1, no. 2, pp. 100-115, Feb. 2002.
33. _, "A fine-grained access control system for XML documents," ACM Trans. Inform. Syst. Security, vol. 5, no. 2, pp. 169-202, May 2002.
34. U. Wilhelm, S. Staamann, and L. Buttyan, "On the problem of trust in mobile agent systems," in Proc. IEEE Network Distributed Systems Security Symp., San Diego, CA, 1998, pp. 11-13.