ORIGINAL RESEARCH Security framework for RESTful mobile cloud computing Web services Feda AlShahwan 1 • Maha Faisal 2 • Godwin Ansa 3 Received: 22 January 2015 / Accepted: 20 July 2015 Ó Springer-Verlag Berlin Heidelberg 2015 Abstract Providing Web services from the mobile cloud is a current research topic. The mobile cloud provides the computing resources and infrastructure to support the seamless provision of Web services in a lightweight man- ner. Security has become a major concern with the emer- gence of mobile cloud Web services. In this paper, we investigate the security aspects of a system for complex mobile Web service provisioning. We characterize the security requirements of the individual components and present a security framework to provide authentication and confidentiality between clients and mobile hosts. Our solution is based on the use of existing security protocols between clients and the mobile hosts as well as a key management protocol between the individual mobile hosts implementing an out-of-band key exchange that is simple in practice, flexible and secure. We examine the perfor- mance of this approach by evaluating a prototype imple- mentation of our security framework. Keywords Mobile cloud Web services Á RESTful-based mobile Web services Á Secure mobile cloud Web service framework 1 Introduction Advances in the manufacturing of mobile devices, the rapid growth of Web services development and the progression of wireless communication with the widespread use of Internet applications are recent trends in distributed infor- mation systems. The evolution of these trends has yielded mobile Web services technology (MWS). MWS includes self-contained modular applications that are defined, pub- lished and accessed across the Internet in a mobile com- munications environment using standard protocols. This technology has allowed a range of useful resource-based applications for most aspects of real life. For example, embedding mobile hosts (MHs) with global positioning system (GPS) receivers allows for tracking of the current location of a fleet or high value goods and their delivery. Moreover, mobile Web services can be implemented for agricultural applications. For instance, crop farmers can have access to timely information that can aid them in making decisions on pesticide information control (Lo- motey and Deters 2014). Another application area for mobile Web services is in the health care domain (Ong 2006). Some of these location-based services require non- interrupted reliable provisioning from mobile devices to provide the latest information before it becomes obsolete. For instance, providing the latest updated news and scene snapshots for a specific location in a predefined format requires portable devices with built-in GPS and cameras that are capable of moving to the actual location of the event. Furthermore, mobile hosts must be aware of their & Feda AlShahwan fa.alShahwan@paaet.edu.kw; fa.alshahwan@gmail.com Maha Faisal maha.faisal@ku.edu.kw Godwin Ansa godwin_unique@yahoo.com 1 College of Technological Studies, Public Authority for Applied Education, Kuwait, Kuwait 2 Faculty of Computer Engineering Department, Kuwait University, Kuwait, Kuwait 3 Faculty of Computer Science Department, Akwa Ibom State University, Mkpat-Enin, Nigeria 123 J Ambient Intell Human Comput DOI 10.1007/s12652-015-0308-5