Abstract
In this paper, we describe a possible model of secure m-government system based on secure JAVA mobile application and SOA-Based m-government platform. The proposed model consists of additional external entities/servers, such as: PKI, XKMS, STS, UDDI and TSA. The main parts of the proposed model are secure JAVA mobile application and secure Web Service implemented on the SOA-based platform. One example of the possible mobile government online services is particularly emphasized: sending m-residence certificate request and obtaining the m-residence electronic document (m-residence certificate) as a government’s response. This scenario could serve as a model of any m-government online services consisting of sending some requests to the m-government platforms and obtaining responses as corresponding governmental electronic messages or documents.
Keywords: Java based mobile phone application, m-government platform, Web Service, SOAP protocol, XML-Security, WS-Security, XKMS protocol, SAML, Timestamp.
Introduction
This work is related to the consideration of some possible SOA-based m-government online systems, i.e. about secure communication between citizens and companies with the small and medium governmental organizations, such as municipalities, or other governmental organizations and/or agencies. We have considered a general model of such systems consisting of three main parts:
■ Secure JAVA mobile client application,
■ SOA-Based m-government platform, and
■ External entities: PKI (Public Key Infrastructure), STS (Security Token Service), XKMS (XML Key Management Service), TSA (Time Stamping Authority), and UDDI (Universal Description Discovery and Integration).
Although the generic m-government model is proposed and considered, and although the model supports the usage of desktop JAVA web service application too, a main emphasis and contribution of the paper is the Secure JAVA Mobile Web Service application communicating with the Web Service of the proposed m-government platform. In a process of development the secure JAVA Mobile Application we have used the J2ME development environment [1].
The work presented and examples described are included in the general framework of the EU IST FP6 SWEB project (Secure, interoperable cross border m-services contributing towards a trustful European cooperation with the non-EU member Western Balkan countries, SWEB) [2].
The paper is organized as follows. A consideration of security in mobile communication is given in topic 2 whike description of the possible m-Governmental architecture is given in topic 3. Topic 4 is dedicated to the consideration about secure JAVA mobile Web Service application. Conclusions are given in topic 5.
Security in Mobile Communication
This paper mainly identifies the need for security in mobile communications, such as mentioned in [3], and presents a secure mobile framework that is based on widely used XML-based standards and technologies such as XML-Security (XML-Signature, and XML-Encryption) and Web Services Security (WS-Security).
Besides security aspects of the XML communication, a possible Federation ID system based on security token service is considered too. In this work, SAML (Security Assertion Markup Language) tokens/assertions have a role of security tokens. Communication between JAVA mobile application, or the SOA-Based platform itself, and STS server is realized by using WS-Secured SOAP communication.
We have also used XKMS protocol [3] in the proposed m-government system. It enables the integration of keys and certificates into mobile applications as well as the implementation of PKI X.509v3 digital certificate registration, revocation, validation and update mechanisms.
Besides STS and XKMS, the client applications and the platform used also the time stamping functionalities in order to create timely valid electronic documents with digital signatures of long-term validities. In this sense, a suitable TSA also represents an important part of the proposed model.
Regarding security needs in m-government online systems, the proposed model addresses main security functionalities (business security needs) in a following way:
■ User authentication - the Secure JAVA Mobile application needs the user password based authentication to launch the application itself. This prevents accessing the application from non-authorized persons. In fact, there is a two-step user authentication procedure since the user needs to present another password (passphrase) to enable application access to its asymmetric private key stored in the JAVA key store inside the application for the functions that needs the user’s electronic signature.
■ User identity – as reliable electronic identities of different users and entities in the proposed system, PKI X.509v3 electronic certificates are used issued by corresponding Certification Authorities (CA).
■ Federation Identity - in the proposed model, we used SAML token as the federation ID. SAML token is issued to users, government civil servants or platforms itselves after proper entity’s authentication to the STS server. The STS server issues the SAML token to the users after successful entity’s authentication based on the entity’s electronic certificate.
■ User authorization to the proposed platform - a process of the user authorization to the platform is based on the obtained SAML token carrying the user’s role which is presented to the m-government platform together with the signed m-governmental service request. The SAML token could also serve as the Federation ID to access any other Web service-based governmental platform without a need for the user to be authenticated again.
■ Authenticity, Integrity and Non-repudiation of transactions – the user applies digital signature (XML Signature) on each request sending to different entities (STS server, m-government platform) based on RSA algorithm.
■ Confidentiality - in the proposed model, the WS-Security mechanism (WS-Encryption) is used to encrypt all communication between the Secure JAVA Mobile application and STS server and/or m-government platform. This request-response application protocol is much more suitable for the mobile communication system compared to session-based SSL/TLS protocols, proposed in [4], since it does not need much more expensive session establishment between the user and the server side.
■ Electronic signature verification on the user’s side - Secure JAVA mobile application has functions of electronic signature verification of transactions (Web service responses from different entities) including electronic certificate validation function. The latter function is implemented by applying communication with XKMS server which is more natural solution to SOAP based request-response Web service systems than using CRL (Certificate Revocation List) validation or other techniques described in [4].
■ Long-term validity of transactions – in order to justify reliable time of creating m-government requests and documents, we used time stamping in order to include reliable and signed time stamps both to the user’s requests and governmental responses (m-government documents). This enables a more reliable proof of time when requests/documents are created as well as a fact if that signer’s electronic certificates were valid in the moment of signing. Besides, implemented time stamping functionality enables possibility to realize functions of long-term validity of stored requests/documents.
Possible m-Government Architecture
The proposed m-government model is presented on Fig. 1 [2], [3] and consists of:
■ Mobile users (citizen, companies) who send some Web Services requests to m-government platform for a purpose of receiving some governmental documents (e.g. residence certificate, birth or marriage certificates, etc.). These users use secure JAVA mobile Web Service application for such a purpose.
■ Fixed/Desktop users connecting to the proposed Web Service governmental platform through some desktop secure Web Service application (could be JAVA-based too).
Fig. 1. Proposed m-government model
■ Web Service endpoint implementation on the platform’s side that implements a complete set of security features. Well processed requests with all security features positively verified, the Web Service platform’s application proceeds to other application parts of the proposed SOA-Based platform, including the governmental Legacy system for issuing actual governmental certificates requested. In fact, the proposed platform could change completely the application platform of some governmental organization or could serve as the Web Service „add-on" to the existing Legacy system implementation. In the latter case, the Legacy system will not be touched and only a corresponding Web Service interface should be developped in order to interconnect the proposed SOA-Based platform and the Legacy governmental system.
■ External entities, such as: PKI server with XKMS server as a front end, STS, UDDI and TSA.
Functions of the proposed external entities are following:
■ STS server – is responsible for strong user authentication and authorization based on PKI X.509v3 electronic certificate issued to users and other entities in the proposed model. Communication between STS server and the user’s JAVA mobile application is SOAP-based and secured by using WS-Security features. After the succesful user authentication and authorization, the STS server issues a SAML token to the user which will be subsequently used for the user authentication and authorization to the Web Service of the proposed m-government platform. The SAML token is signed by the STS server and could consist of the user role for platform’s user authentication and authorization.
• UDDI server – is a platform-independent, XML based registry for businesses worldwide to list themselves on the Internet. In this paper, UDDI server is used to store information about SWEB-enabled municipal organizations including WSDLs and URLs defining a way to access these SWEB platforms.
■ PKI server - is responsible for issuing PKI X.509v3 electronic certificates for all users/entities in the proposed m-governmental model (users, civil servants, administrators, servers, platforms, etc.). Since some certificate processing functions could be too heavy for mobile users, the PKI services are exposed by the XKMS server which could register users, as well as locate or validate certificates on behalf of the mobile user. This is of particular interests in all processes that request signature verification on mobile user side.
■ TSA server - is responsible for issuing time stamps for user’s requests as well as for platform’s responses (signed m-documents).
Secure JAVA Mobile Web Service Application
In this topic, we give a functional description of the secure JAVA mobile Web Service application for a purpose of secure communication with the described m-government SOA-based platform [2].
The assumption is that the user already has the JAVA application on his mobile phone/terminal and thus a procedure of downloading and activating the application is beyond a scope of this document. Possible usages are described in [5].
This client application comprises of following functionalities objects:
■ Graphical User Interface (GUI) for presenting business functionalities to the end user. The GUI object of the proposed JAVA mobile web service application is responsible to show user interface that enable calling of function for authentication of the end user and presenting the core functionalities to the end user.
■ Business functionalities object is responsible for implementation of the core SWEB client-base functionalities:
Secure requesting and receiving the m-residence certificate from the corresponding municipality SOA-based platform, receiving a notification and delivering the obtained certificate to some interested party. o Secure sending of other kind of predefined message (for example m-invoice) to the corresponding municipality platform and receiving the notification from the platform.
■ The Security object of the considered JAVA mobile application is responsible for overall application-level security functionalities.
■ Communication object.
The Java mobile client used for communication with the platform is developed by using J2ME CDC1.1 platform. There are forms (screens) on mobile phone application used to perform communication with the platform.
The first form is ‘Logon form’. The user should enter its username and password after which verification will be passed to the next form. Also, the language that will be used in the whole application can be chosen on this form. After successful verification of username and password, ‘Functions form’ will be passed to the user where a task that needs to be done can be chosen. The available tasks are:
1. Change Password - used for changing login password in order to access the mobile application.
2. mResidence Certificate Request - used for sending request for mResidence certificate to the municipality (to the Web service of the m-government platform).
3. Download mResidence Certificate – used for downloading prepared mResidence certificate from the municipality.
4. Send m-Invoice - used for preparing and sending m-invoices to the municipality.
The change of logon password can be done via ‘New Password’ simple form. By pressing button for sending of mResidence Certificate Request, user will jump to ‘Residence Cert’ form where the receiving municipality should be chosen from the list that appears on the form.
The next step is entering PIN used for reading user private key that is stored in KeyStore on the file system on the user mobile device. This should be done on the ‘PIN’ form. The result of request processing (error or success) is displayed on the ‘Final’ form. All communications between client and servers are here synchronous. It means that each request produces response.
After successful processing of user’s mResidence Certificate Request, the platform prepares the required mResidence Certificate and sends the SMS message to the user mobile device as an approval that the m-government document is ready for this user. This part of communication between user and the platform is asynchronous.
Received SMS message is a signal for the user to perform download of mResidence Certificate via option of Download certificate. On the ‘Doc ID’ form, the Task ID should be chosen from the list. The Task ID uniquely identifies the mRCertificate that should be downloaded. The result of download will also be displayed on the ‘Final’ form (see Fig 2).
Fig. 2. mResidence Scenario details
In order to realize the abovementioned functionalities, the mobile JAVA application communicates with following external entities:
■ STS server,
■ XKMS server,
■ TSA server,
■ M-government platform - Web service exposed for the SOAP based m-government platform.
The communication between JAVA mobile application and STS server is realized by using WS-Secured SOAP communication. According to the scenarios, the JAVA mobile application sends the RST (Request for Security Token) to the STS server and, if everything is ok, receives back the RSTR (RST Response) which consist of URL of the municipality and the SAML token with the user’s role on the SWEB platform.
The communication between the JAVA mobile application and the Web service of the platform is realized as WS-Encrypted SOAP communication. According to the scenarios, the JAVA mobile application sends the signed mRCertificate request or m-invoice (signing is done by using XML signature mechanisms) to the Web service platform of the municipality. Before sending it to the municipality, signed mResidence Certificate request or m-invoice must be timestamped. In order to accomplish this, the JAVA mobile application communicates with TSA server via HTTP communication. In this sense, the JAVA mobile application sends a hash of the signature of the mResidence Certificate or m-invoice to the TSA server and receives back a timestamp (signed hash with added time information) which is signed by the private key of the TSA server.
Only in the mResidence Certificate scenario, when the mResidence Certificate is ready for delivery at the platform, the platform sends a SMS to the mobile user informing him that the mResidence Certificate with the given TaskID is ready for download. After that, the JAVA mobile application will send a request for mResidence Certificate download also as a signed and timestamped request in a body of the WS-Encrypted SOAP message to the platfom’s Web service.
During the abovementioned communication, in order to verify signatures and validate different X.509v3 certificates, the JAVA mobile application needs to communicate with XKMS server which outsources a part of the time and resource consuming PKI functionalities from the JAVA mobile application. Namely, the JAVA mobile application could obtain a suitable certificate from the XKMS server (by using LocateRequest XKMS function) and, more importantly, could validate certificate of some party (by using ValidateRequest XKMS function). This way, the most time consuming PKI operations, like certificate validation, will be excluded from the mobile phone. The communication with the XKMS server is SOAP communication without applying security features. Only, the XKMS server’s response is always digitally signed by using the XML signature mechanism.
Conclusions
In this paper, we present a possible model of secure SOA-Based m-government system based on JAVA mobile Web service application. In fact, this work is related to the consideration about secure mobile communication between citizens and companies with the small and medium governmental organizations, such as municipalities.
We elaborated some m-government framework which is based on secure JAVA mobile application, PKI certificates, SOA-based platform, XML-security, WS-Security, SAML, Time Stamping and XKMS. The work presented and examples described are included in the general framework of the EU IST FP6 SWEB project. Future work could include implementation of SIM-based security solution into the proposed global (SWEB-like) m-governmental model and create a secure environment for additional m-governmental services, such as: sending electronic document with qualified signature through JAVA mobile application, etc.
Having in mind the above mentioned text, main contributions of the paper are:
■ Proposal of a possible secure m-government model based on JAVA mobile/desktop application and SOA-based m-government platform.
■ Usage of secure JAVA mobile application in which all modern security techniques are implemented (XML-security, WS-Security, SAML, Time Stamping, PKI, XKMS) which are used in optimum way in order to cope with majority of security issues of the mobile Web Service communication.
■ Usage of SOA-based request-response m-government platform (Web Services) which is far more suitable in the mobile communication systems instead of session-based Web application platform.
■ Usage of XKMS service which is more suitable for mobile PKI system since it outsources complex operations such as PKI validation services to the external entity – the XKMS server, compared to usages of other techniques [4].
