Scribd
Upload
37 views16 pages

Wap and Wtls

Uploaded by

zekarias
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
37 views16 pages

Wap and Wtls

Uploaded by

zekarias
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 16

Wireless Application Protocol

and the Wireless Transport


Layer Security

Mark A. Shaw
CS 522 Project Presentation
Introduction
 WAP
 SonyEricsson develop Intelligent Terminal Transfer Protocol (ITTP)
for Value Added Services (VAS) - 1995
 Unwired Planet (n.k.a Phone.com) develop Handheld Device
Markup Language (HDML) and Handheld Device Transfer Protocol
(HDTP) - 1996
 Nokia develop Smart Messaging, Timetabling Markup Language
(TTML) – 1997
 WAP Forum formed in June 1997
 WTLS
 Security Layer for WAP
 Based on Transport Layer Security v.1.0 (SSL)
 Optimized Handshaking
 Long Lasting Secure Sessions

05/29/23 Mark A. Shaw mashaw@mail.uccs 2


WAP Architecture

05/29/23 Mark A. Shaw mashaw@mail.uccs 3


WAP Development
 WAP is designed to work on any of the
existing wireless services, using standards
such as:
 Short Message Service (SMS)
 High-Speed Circuit-Switched Data (CSD)
 General Packet Radio Service (GPRS)
 Unstructured Supplementary Services Data
(USSD)
05/29/23 Mark A. Shaw mashaw@mail.uccs 4
WAP Limitations
Limited
Limited CPU, Bandwidth
Memory

I’m
Popular! Limited
Display

Limited
Keyboard

05/29/23 Mark A. Shaw mashaw@mail.uccs 5


WAP Protocol Stack
Application Layer (WAE) Other Services
&
Session Layer (WSP) Applications

Transaction Layer (WTP)

Security Layer (WTLS)

Transport Layer (WDP)

Bearers:
GSM CDMA CDPD IS-136 iDEN

05/29/23 Mark A. Shaw mashaw@mail.uccs 6


WAP Protocol Stack (‘Cont’)
 Makes applications independent of
bearers and other hardware
 External applications and services may
access the layers directly
 Modified to allow for
 Lower Bandwidth (9.6kbps – 14.4kbps)
 Network latency (6 – 10 seconds on SMS)
 Unreliable connections

05/29/23 Mark A. Shaw mashaw@mail.uccs 7


Wireless Transport Layer
Security (WTLS)
 WTLS is an optional layer
 Privacy thru encryption
 Authentication & nonrepudiation thru
digital certificates
 Compression
 Elliptic Curve Cryptography (ECC)

05/29/23 Mark A. Shaw mashaw@mail.uccs 8


WTLS ‘Cont’
 WTLS is a variant of TLS optimized for
use in wireless applications
 Authentication: Asymmetric Key Crypto
 Class 1: No Authentication
 Class 2: Server Authentication
 Class 3: Mutual Authentication
 Privacy: Symmetric Key Crypto
 Data Integrity: MACs

05/29/23 Mark A. Shaw mashaw@mail.uccs 9


WTLS Class 1 Authentication
ClientHello ----------->
ServerHello
<----------- ServerHelloDone
ClientKeyExchange
ChangeCipherSpec
Finished ----------->

<----------- Finished

Application Data <----------> Application Data

05/29/23 Mark A. Shaw mashaw@mail.uccs 10


WTLS Class 2 Authentication
Server Authentication Only

ClientHello ----------->
ServerHello
Certificate
<----------- ServerHelloDone
ClientKeyExchange
ChangeCipherSpec
Finished ----------->

<----------- Finished

Application Data <----------> Application Data

05/29/23 Mark A. Shaw mashaw@mail.uccs 11


WTLS Class 3 Authentication
Mutual Authentication

Client Hello ----------->


ServerHello
Certificate
CertificateRequest
<----------- ServerHelloDone

Certificate
ClientKeyExchange (only for RSA)
CertificateVerify
ChangeCipherSpec
Finished ----------->

<----------- Finished

Application Data <----------> Application Data

05/29/23 Mark A. Shaw mashaw@mail.uccs 12


WTLS Security Issues
WTLS allows for weak encryption algorithms
 Plain-text data recovery attack
 Datagram truncation attack
 Message forgery attack
 Exportable key-search shortcut

05/29/23 Mark A. Shaw mashaw@mail.uccs 13


WAP Future?
 Diminishing Popularity
 Replaced in favor of 802.11
 Outdated Specifications

05/29/23 Mark A. Shaw mashaw@mail.uccs 14


Resources
 http://www.openmobilealliance.org/tech/affiliates/wap/wapindex.html
 Nokia WAP Developer Forum
http://www.forum.nokia.com/main/0,6566,033,00.html
 WAP-210, Wireless Application Protocol Architecture Specification
 WAP-191, Wireless Markup Language Specification
 WAP-193, WMLScript Language Specification
 WAP-261, Wireless Transport Layer Security Specification
 WAP-161, WMLScript Crypto API Library
 WAP-187, WAP Transport Layer E2E Security Specification
 WAP-217, WAP Public Key Infrastructure Definition
 http://www.hut.fi/~jtlaine2/wtls/
 Computer Networks, Andrew S. Tanenbaum, 4th Edition
 Network Security with OpenSSL, Viega, Messier & Chandra
 Secure Network Programming Cookbook for C and C++, Viega,
Messier, & Spafford

05/29/23 Mark A. Shaw mashaw@mail.uccs 15


The End

Questions?

05/29/23 Mark A. Shaw mashaw@mail.uccs 16

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy