Wireless Application Protocol and the Wireless Transport Layer
















- Slides: 16
Wireless Application Protocol and the Wireless Transport Layer Security Mark A. Shaw CS 522 Project Presentation Mark A. Shaw mashaw@mail. uccs. edu
Introduction n WAP n n n Sony. Ericsson develop Intelligent Terminal Transfer Protocol (ITTP) for Value Added Services (VAS) - 1995 Unwired Planet (n. k. a Phone. com) develop Handheld Device Markup Language (HDML) and Handheld Device Transfer Protocol (HDTP) - 1996 Nokia develop Smart Messaging, Timetabling Markup Language (TTML) – 1997 WAP Forum formed in June 1997 WTLS n n 9/2/2021 Security Layer for WAP Based on Transport Layer Security v. 1. 0 (SSL) Optimized Handshaking Long Lasting Secure Sessions Mark A. Shaw mashaw@mail. uccs. edu 2
WAP Architecture 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 3
WAP Development n n n WAP is designed to work on any of the existing wireless services, using standards such as: Short Message Service (SMS) High-Speed Circuit-Switched Data (CSD) General Packet Radio Service (GPRS) Unstructured Supplementary Services Data (USSD) 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 4
WAP Limitations Limited CPU, Memory Limited Bandwidth I’m Popular! Limited Display Limited Keyboard 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 5
WAP Protocol Stack Application Layer (WAE) Session Layer (WSP) Other Services & Applications Transaction Layer (WTP) Security Layer (WTLS) Transport Layer (WDP) Bearers: GSM CDMA 9/2/2021 CDPD IS-136 Mark A. Shaw mashaw@mail. uccs. edu i. DEN 6
WAP Protocol Stack (‘Cont’) n n n Makes applications independent of bearers and other hardware External applications and services may access the layers directly Modified to allow for n n n 9/2/2021 Lower Bandwidth (9. 6 kbps – 14. 4 kbps) Network latency (6 – 10 seconds on SMS) Unreliable connections Mark A. Shaw mashaw@mail. uccs. edu 7
Wireless Transport Layer Security (WTLS) n n n WTLS is an optional layer Privacy thru encryption Authentication & nonrepudiation thru digital certificates Compression Elliptic Curve Cryptography (ECC) 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 8
WTLS ‘Cont’ n WTLS is a variant of TLS optimized for use in wireless applications n Authentication: Asymmetric Key Crypto n n n 9/2/2021 Class 1: No Authentication Class 2: Server Authentication Class 3: Mutual Authentication Privacy: Symmetric Key Crypto Data Integrity: MACs Mark A. Shaw mashaw@mail. uccs. edu 9
WTLS Class 1 Authentication Client. Hello Client. Key. Exchange Change. Cipher. Spec Finished -----------> <----------- Application Data<-----> 9/2/2021 Server. Hello. Done Finished Application Data Mark A. Shaw mashaw@mail. uccs. edu 10
WTLS Class 2 Authentication Server Authentication Only Client. Hello ------> <-----Client. Key. Exchange Change. Cipher. Spec Finished Application Data 9/2/2021 Server. Hello Certificate Server. Hello. Done ------> <------ Finished <-----> Application Data Mark A. Shaw mashaw@mail. uccs. edu 11
WTLS Class 3 Authentication Mutual Authentication Client Hello ------> <------ Server. Hello Certificate. Request Server. Hello. Done Certificate Client. Key. Exchange (only for RSA) Certificate. Verify Change. Cipher. Spec Finished ------> Application Data 9/2/2021 <------ Finished <-----> Application Data Mark A. Shaw mashaw@mail. uccs. edu 12
WTLS Security Issues WTLS allows for weak encryption algorithms n n Plain-text data recovery attack Datagram truncation attack Message forgery attack Exportable key-search shortcut 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 13
WAP Future? n n n Diminishing Popularity Replaced in favor of 802. 11 Outdated Specifications 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 14
Resources n n n n http: //www. openmobilealliance. org/tech/affiliates/wapindex. html Nokia WAP Developer Forum http: //www. forum. nokia. com/main/0, 6566, 033, 00. html WAP-210, Wireless Application Protocol Architecture Specification WAP-191, Wireless Markup Language Specification WAP-193, WMLScript Language Specification WAP-261, Wireless Transport Layer Security Specification WAP-161, WMLScript Crypto API Library WAP-187, WAP Transport Layer E 2 E Security Specification WAP-217, WAP Public Key Infrastructure Definition http: //www. hut. fi/~jtlaine 2/wtls/ Computer Networks, Andrew S. Tanenbaum, 4 th Edition Network Security with Open. SSL, Viega, Messier & Chandra Secure Network Programming Cookbook for C and C++, Viega, Messier, & Spafford 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 15
The End Questions? 9/2/2021 Mark A. Shaw mashaw@mail. uccs. edu 16