Scribd Logo
Upload

Welcome to Scribd!

  • Wap and Wtls

    Uploaded by

    zekarias
    7 views16 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views16 pages

    Wap and Wtls

    Uploaded by

    zekarias

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Wireless Application Protocol

    and the Wireless Transport


    Layer Security

    Mark A. Shaw
    CS 522 Project Presentation
    Introduction
     WAP
     SonyEricsson develop Intelligent Terminal Transfer Protocol (ITTP)
    for Value Added Services (VAS) - 1995
     Unwired Planet (n.k.a Phone.com) develop Handheld Device
    Markup Language (HDML) and Handheld Device Transfer Protocol
    (HDTP) - 1996
     Nokia develop Smart Messaging, Timetabling Markup Language
    (TTML) – 1997
     WAP Forum formed in June 1997
     WTLS
     Security Layer for WAP
     Based on Transport Layer Security v.1.0 (SSL)
     Optimized Handshaking
     Long Lasting Secure Sessions

    05/29/23 Mark A. Shaw mashaw@mail.uccs 2


    WAP Architecture

    05/29/23 Mark A. Shaw mashaw@mail.uccs 3


    WAP Development
     WAP is designed to work on any of the
    existing wireless services, using standards
    such as:
     Short Message Service (SMS)
     High-Speed Circuit-Switched Data (CSD)
     General Packet Radio Service (GPRS)
     Unstructured Supplementary Services Data
    (USSD)
    05/29/23 Mark A. Shaw mashaw@mail.uccs 4
    WAP Limitations
    Limited
    Limited CPU, Bandwidth
    Memory

    I’m
    Popular! Limited
    Display

    Limited
    Keyboard

    05/29/23 Mark A. Shaw mashaw@mail.uccs 5


    WAP Protocol Stack
    Application Layer (WAE) Other Services
    &
    Session Layer (WSP) Applications

    Transaction Layer (WTP)

    Security Layer (WTLS)

    Transport Layer (WDP)

    Bearers:
    GSM CDMA CDPD IS-136 iDEN

    05/29/23 Mark A. Shaw mashaw@mail.uccs 6


    WAP Protocol Stack (‘Cont’)
     Makes applications independent of
    bearers and other hardware
     External applications and services may
    access the layers directly
     Modified to allow for
     Lower Bandwidth (9.6kbps – 14.4kbps)
     Network latency (6 – 10 seconds on SMS)
     Unreliable connections

    05/29/23 Mark A. Shaw mashaw@mail.uccs 7


    Wireless Transport Layer
    Security (WTLS)
     WTLS is an optional layer
     Privacy thru encryption
     Authentication & nonrepudiation thru
    digital certificates
     Compression
     Elliptic Curve Cryptography (ECC)

    05/29/23 Mark A. Shaw mashaw@mail.uccs 8


    WTLS ‘Cont’
     WTLS is a variant of TLS optimized for
    use in wireless applications
     Authentication: Asymmetric Key Crypto
     Class 1: No Authentication
     Class 2: Server Authentication
     Class 3: Mutual Authentication
     Privacy: Symmetric Key Crypto
     Data Integrity: MACs

    05/29/23 Mark A. Shaw mashaw@mail.uccs 9


    WTLS Class 1 Authentication
    ClientHello ----------->
    ServerHello
    <----------- ServerHelloDone
    ClientKeyExchange
    ChangeCipherSpec
    Finished ----------->

    <----------- Finished

    Application Data <----------> Application Data

    05/29/23 Mark A. Shaw mashaw@mail.uccs 10


    WTLS Class 2 Authentication
    Server Authentication Only

    ClientHello ----------->
    ServerHello
    Certificate
    <----------- ServerHelloDone
    ClientKeyExchange
    ChangeCipherSpec
    Finished ----------->

    <----------- Finished

    Application Data <----------> Application Data

    05/29/23 Mark A. Shaw mashaw@mail.uccs 11


    WTLS Class 3 Authentication
    Mutual Authentication

    Client Hello ----------->


    ServerHello
    Certificate
    CertificateRequest
    <----------- ServerHelloDone

    Certificate
    ClientKeyExchange (only for RSA)
    CertificateVerify
    ChangeCipherSpec
    Finished ----------->

    <----------- Finished

    Application Data <----------> Application Data

    05/29/23 Mark A. Shaw mashaw@mail.uccs 12


    WTLS Security Issues
    WTLS allows for weak encryption algorithms
     Plain-text data recovery attack
     Datagram truncation attack
     Message forgery attack
     Exportable key-search shortcut

    05/29/23 Mark A. Shaw mashaw@mail.uccs 13


    WAP Future?
     Diminishing Popularity
     Replaced in favor of 802.11
     Outdated Specifications

    05/29/23 Mark A. Shaw mashaw@mail.uccs 14


    Resources
     http://www.openmobilealliance.org/tech/affiliates/wap/wapindex.html
     Nokia WAP Developer Forum
    http://www.forum.nokia.com/main/0,6566,033,00.html
     WAP-210, Wireless Application Protocol Architecture Specification
     WAP-191, Wireless Markup Language Specification
     WAP-193, WMLScript Language Specification
     WAP-261, Wireless Transport Layer Security Specification
     WAP-161, WMLScript Crypto API Library
     WAP-187, WAP Transport Layer E2E Security Specification
     WAP-217, WAP Public Key Infrastructure Definition
     http://www.hut.fi/~jtlaine2/wtls/
     Computer Networks, Andrew S. Tanenbaum, 4th Edition
     Network Security with OpenSSL, Viega, Messier & Chandra
     Secure Network Programming Cookbook for C and C++, Viega,
    Messier, & Spafford

    05/29/23 Mark A. Shaw mashaw@mail.uccs 15


    The End

    Questions?

    05/29/23 Mark A. Shaw mashaw@mail.uccs 16

    You might also like