SOAP Security Expansion Based On Double Time-Stamps

As the core technology of the next generation of e-commerce, Web Services have been widely applied, therefore their security become increasingly obvious. SOAP as a core protocol within Web Services bears most responsibility for the security of Web Services, however, in the development of SOAP specification, not too much safety requirements have been account for.This paper outlines the SOAP related knowledge. Then, research will focus on the SOAP security framework. In this security framework, PKI, SSL and XML security technology to some extent has been able to meet the security needs of SOAP. However, in some specific areas, the framework is still unsatisfactory. For example SSL is to ensure the safety of the transmission process, however when data go through different SOAP nodes, there will be a temporary non-encrypted; XML-Encryption and XML-Signature can guarantee data integrity, confidentiality and non-deniability of security needs, but they are not sufficient for validity of digital certificate, key management or anti-replay attacks.Digital electronic time-stamp is a technology which used to determine when the document was signed and created, and used to compare the two controversial electronic files related to the succession of time. It's very important for those of technology patents, confidential documents, online transactions because they are time-aware. Therefore the concept of time is introduced to the exchange of the SOAP message in order to meet the time confirmation in e-commerce. Time-stamp provides evidence for the existence of the data for a particular moment, it's also characterized the uniqueness, this paper also use this feature to prevent replay attacks, so as to make the concept of double time-stamps. By means of the expansion of SOAP Header, double time-stamps have been applied to the exchange of SOAP message.In the following section.of this paper, a double time-stamps system was designed in accordance with the proposal. In the system, the sender issue a Time-stamp request to the TSA authority in order to provide evidence of the existence of the message in a particular moment, after the stamp was authorized by the TSA, a second time-stamp, which identify the moment of the sending message, was attached to the message again. This stamp would effectively prevent replay attacks. The system exists in the form of network services, the entire service system adopts MVC framework and has been implemented with Perl Template Toolkit technologies on the Linux platform. The test results of the system show that the system achieves the expectation of the design, enhancing the SOAP security framework from playback and denial.