Paper Info
Title
Enhancement of Key Derivation in Web Service Security
Abstract
AbstractKey Derivation is an important part of numerous security standards, the importance of using it was discussed throughout the literature and industry standards. On the other hand, web service security is an area that has not seen substantial research and application for Key Derivation techniques. After studying the Key Derivation techniques which are applied in Web Service Security, we find the applied algorithms and current implementations to be very limited in regard to performance and their work-flow. These limitations introduce performance bottlenecks that can limit their applicability to low power machines and mobile systems or lead to designers compromising on security to meet the quality of service desired. Moreover, this issue becomes more relevant when applied to a high performance and demanding systems such as real-time business process monitoring and messaging systems. This paper explores how Key Derivation is implemented in web services and WS-Security engines, their limitations, the performance overhead it produces and proposes an enhanced Key Derivation work-flow that takes into consideration both security and performance and allows for fine tuning them. The performance of the proposal is tested using a series of benchmarks and the security properties are verified using a well-known validation tool.
Year
DOI
Venue
2017
10.1007/s11277-017-4773-3
Periodicals
Keywords
Field
DocType
Web Services, Web Service Security, Key Derivation
Key derivation function,Security testing,Computer science,Computer network,Quality of service,Security service,Implementation,Web application security,Web service,Computer security model
Journal
Volume
Issue
ISSN
97
4
0929-6212
Citations 
PageRank 
References 
0
0.34
7
Authors
4
Name
Order
Citations
PageRank
Abdelrahman AlMahmoud111.06
Maurizio Colombo211.73
Chan Yeob Yeun317025.61
Al-Muhairi, H.442.91