WEB SERVICES SECURITY IN PERVASIVE ENVIRONMENT

Abstract

Several security solutions including open source protocols and specifications have been proposed in Pervasive Environment. Most of these schemes rely on intermediate servers for authentication and security provision for end to end secure communications between devices. This might be suitable for certain scenarios but broad range of users are not comfortable with it. End to end secure communication is among the most important requirement in pervasive environment. Due to heterogeneous nature of the pervasive operating environment and ubiquity of communication devices, service adaptation is required at run time by inferring environment state. Dealing with security issues in such diverse conditions becomes a real challenge. In the pervasive environment, the security framework needs to be contextsensitive and services being provided in the pervasive environment also needs secure mechanisms for access control. So every single service need secure channel or some mechanism to provide scalable and efficient environment to operate in. There are four security features that should be provided by any system called, Confidentiality, Integrity, Authentication, and Non repudiation. In the scheme we have chosen available secret key algorithms for confidentiality, PKC for authentication and non repudiation, and one way encryption schemes (Hash Functions) for integrity provision among communicating entities. In this work, we have aim to provide security mechanism for end to end users without intervention of intermediate servers using secret key and public key cryptography with REST services. We will provide a comparison study of security algorithms already being used in industry in this environment too.