Wireless Application Protocol and the Wireless Transport Layer

  • Slides: 16
Download presentation
Wireless Application Protocol and the Wireless Transport Layer Security Mark A. Shaw CS 522

Wireless Application Protocol and the Wireless Transport Layer Security Mark A. Shaw CS 522 Project Presentation Mark A. Shaw mashaw@mail. uccs. edu

Introduction n WAP n n n Sony. Ericsson develop Intelligent Terminal Transfer Protocol (ITTP)

Introduction n WAP n n n Sony. Ericsson develop Intelligent Terminal Transfer Protocol (ITTP) for Value Added Services (VAS) - 1995 Unwired Planet (n. k. a Phone. com) develop Handheld Device Markup Language (HDML) and Handheld Device Transfer Protocol (HDTP) - 1996 Nokia develop Smart Messaging, Timetabling Markup Language (TTML) – 1997 WAP Forum formed in June 1997 WTLS n n 9/2/2021 Security Layer for WAP Based on Transport Layer Security v. 1. 0 (SSL) Optimized Handshaking Long Lasting Secure Sessions Mark A. Shaw mashaw@mail. uccs. edu 2

WAP Architecture 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 3

WAP Architecture 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 3

WAP Development n n n WAP is designed to work on any of the

WAP Development n n n WAP is designed to work on any of the existing wireless services, using standards such as: Short Message Service (SMS) High-Speed Circuit-Switched Data (CSD) General Packet Radio Service (GPRS) Unstructured Supplementary Services Data (USSD) 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 4

WAP Limitations Limited CPU, Memory Limited Bandwidth I’m Popular! Limited Display Limited Keyboard 9/2/2021

WAP Limitations Limited CPU, Memory Limited Bandwidth I’m Popular! Limited Display Limited Keyboard 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 5

WAP Protocol Stack Application Layer (WAE) Session Layer (WSP) Other Services & Applications Transaction

WAP Protocol Stack Application Layer (WAE) Session Layer (WSP) Other Services & Applications Transaction Layer (WTP) Security Layer (WTLS) Transport Layer (WDP) Bearers: GSM CDMA 9/2/2021 CDPD IS-136 Mark A. Shaw mashaw@mail. uccs. edu i. DEN 6

WAP Protocol Stack (‘Cont’) n n n Makes applications independent of bearers and other

WAP Protocol Stack (‘Cont’) n n n Makes applications independent of bearers and other hardware External applications and services may access the layers directly Modified to allow for n n n 9/2/2021 Lower Bandwidth (9. 6 kbps – 14. 4 kbps) Network latency (6 – 10 seconds on SMS) Unreliable connections Mark A. Shaw mashaw@mail. uccs. edu 7

Wireless Transport Layer Security (WTLS) n n n WTLS is an optional layer Privacy

Wireless Transport Layer Security (WTLS) n n n WTLS is an optional layer Privacy thru encryption Authentication & nonrepudiation thru digital certificates Compression Elliptic Curve Cryptography (ECC) 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 8

WTLS ‘Cont’ n WTLS is a variant of TLS optimized for use in wireless

WTLS ‘Cont’ n WTLS is a variant of TLS optimized for use in wireless applications n Authentication: Asymmetric Key Crypto n n n 9/2/2021 Class 1: No Authentication Class 2: Server Authentication Class 3: Mutual Authentication Privacy: Symmetric Key Crypto Data Integrity: MACs Mark A. Shaw mashaw@mail. uccs. edu 9

WTLS Class 1 Authentication Client. Hello Client. Key. Exchange Change. Cipher. Spec Finished ----------->

WTLS Class 1 Authentication Client. Hello Client. Key. Exchange Change. Cipher. Spec Finished -----------> <----------- Application Data<-----> 9/2/2021 Server. Hello. Done Finished Application Data Mark A. Shaw mashaw@mail. uccs. edu 10

WTLS Class 2 Authentication Server Authentication Only Client. Hello ------> <-----Client. Key. Exchange Change.

WTLS Class 2 Authentication Server Authentication Only Client. Hello ------> <-----Client. Key. Exchange Change. Cipher. Spec Finished Application Data 9/2/2021 Server. Hello Certificate Server. Hello. Done ------> <------ Finished <-----> Application Data Mark A. Shaw mashaw@mail. uccs. edu 11

WTLS Class 3 Authentication Mutual Authentication Client Hello ------> <------ Server. Hello Certificate. Request

WTLS Class 3 Authentication Mutual Authentication Client Hello ------> <------ Server. Hello Certificate. Request Server. Hello. Done Certificate Client. Key. Exchange (only for RSA) Certificate. Verify Change. Cipher. Spec Finished ------> Application Data 9/2/2021 <------ Finished <-----> Application Data Mark A. Shaw mashaw@mail. uccs. edu 12

WTLS Security Issues WTLS allows for weak encryption algorithms n n Plain-text data recovery

WTLS Security Issues WTLS allows for weak encryption algorithms n n Plain-text data recovery attack Datagram truncation attack Message forgery attack Exportable key-search shortcut 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 13

WAP Future? n n n Diminishing Popularity Replaced in favor of 802. 11 Outdated

WAP Future? n n n Diminishing Popularity Replaced in favor of 802. 11 Outdated Specifications 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 14

Resources n n n n http: //www. openmobilealliance. org/tech/affiliates/wapindex. html Nokia WAP Developer Forum

Resources n n n n http: //www. openmobilealliance. org/tech/affiliates/wapindex. html Nokia WAP Developer Forum http: //www. forum. nokia. com/main/0, 6566, 033, 00. html WAP-210, Wireless Application Protocol Architecture Specification WAP-191, Wireless Markup Language Specification WAP-193, WMLScript Language Specification WAP-261, Wireless Transport Layer Security Specification WAP-161, WMLScript Crypto API Library WAP-187, WAP Transport Layer E 2 E Security Specification WAP-217, WAP Public Key Infrastructure Definition http: //www. hut. fi/~jtlaine 2/wtls/ Computer Networks, Andrew S. Tanenbaum, 4 th Edition Network Security with Open. SSL, Viega, Messier & Chandra Secure Network Programming Cookbook for C and C++, Viega, Messier, & Spafford 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 15

The End Questions? 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 16

The End Questions? 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 16