Security And Performance Of XML Web Services For Mobile Devices
MetadataVis full innførsel
As more and more sensitive information is entering web based applications, and thus are available through XML Web Services, the security of these systems is of increasing importance. A mobile client that uses a service from an XML Web Service is continuously exposed to threats, and is accessible by anyone who would like to attempt a break-in. These Java 2, Micro Edition clients that use XML Web Service cannot be secure unless the security mechanisms are implemented on the devices. Since the evolution has given the smart phones modern functionality like camera, multimedia, Java etc. the smart phones have become very popular and important way to communicate and process information of different kinds. The mobile application developers have to deal with J2ME’s security weaknesses, because of an increasing number of smart phones that supports J2ME. Although smart phones have more memory, processing power, network bandwidth, and disk space than standard phones, they are still resource-constrained platforms compared to the desktop computers. It means that introducing a security mechanism into a small handheld device like this requires more resource utilization, processing power, network bandwidth and processing time in comparison to the normal desktop. The goal of this project is to investigate security properties of mobile services based on XML Web Services, the implementation of such security solutions and the impact the security enhancements have on performance of the services. Data confidentiality is achieved both using Security and Trust Services API and lightweight Bouncy Castle API, and the symmetric key is used here. A performance evaluation is investigated by measuring different time when a client gets several file sizes from an XML Web Service Server, both with and without data confidentiality. The measurement is done in an emulator by using Wireless Toolkit for CLDC from Sun Microsystems and on real mobile device (Nokia N90). During the specification of the test framework, an overview of security and performance for the system has been at centre of attention. This is also the case in the implementation phase, where the performance and data confidential implementation are provided on the Java platform. The project comes to the conclusion, that the measurement results are useful for the performance evaluation between a real mobile device and on an emulator. It also clarifies us an overview of where different time is used into the system. The test results revealed that the measured result from the emulator is quite different from the mobile phone, and also between SATSA encryption and lightweight BC encryption. Some of the performance and security enhancements have been suggested during the conclusion part and thus can be implemented as a future investigation. The performance can be improved by introducing compression into the system, even though it brings with extra resources for the decompression on the mobile phone. Many security enhancements can be improved such as authentication, authorization, secret storing of keys, etc.