A vulnerabilities analysis and corresponding middleware security extensions for securing NGN applications

摘要

International standard bodies such as the Parlay Group, 3GPP (Third Generation Partnership Project), and ETSI TISPAN describe an applications middleware in the form of open service access (OSA)/Parlay Application Programming Interfaces and Parlay X Web Services which allow multimedia applications to be implemented on top of different fixed and mobile network types. These established middleware services are also applicable to the new IP Multimedia Subsystem (IMS) forming the heart of emerging next generation networks. The main objective of this kind of middleware services is to simplify and unify service creation and - as applications are realized in so-called application servers which can be flexibly connected to dedicated network gateways - also to expose available network capabilities to third parties. This results in an inherent increase of security threats and increases the risk of attacks on network resources. This article describes the security requirements and challenges to Web services-based NGN middleware. Based on this analysis the paper presents the middleware security mechanisms at application level providing end-to-end security based on standard such as XML Digital Signatures, XML Encryption and SAML (Security Assertion Markup Language). Furthermore, we propose additional security means in the form of intrusion detection and prevention (IDP) system protecting applications middleware against SQL injection attacks which are not mitigated by existing solutions.