1 / 26

WAP-Wireless application Protocol

WAP-Wireless application Protocol. WAP is a universal open standard developed by WAP Forum to provide mobile users, pagers and PDA’s access to Internet. WAP is designed to work with all wireless network technologies (GSM,TDMA,CDMA).

elle
Télécharger la présentation

WAP-Wireless application Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WAP-Wireless application Protocol WAP is a universal open standard developed by WAP Forum to provide mobile users, pagers and PDA’s access to Internet. WAP is designed to work with all wireless network technologies (GSM,TDMA,CDMA). WAP is based on existing Internet standards (TCP/IP,XML,HTML,HTTP) WAP Gateway A WAP Gateway is an intermediary between the Internet and the mobile network. It converts our "WAP' request into a "Web' request when we send information from a mobile phone to the Internet. On the flip side, a WAP Gateway also converts a "Web' to a "WAP' request when sending information from the Internet back to a mobile phone.

  2. WAP Architecture

  3. How it works • Using WAP the mobile users can browse web content on a ordinary web server.The web provides content on an ordinary web server. • The web server provides content in the form of HTML code pages that are transmitted using the standard web protocol stack. • The HTML content must go through an HTML filter which converts HTML content into WML content. • If the filter is separate from proxy,HTTP is used to deliver the WML to the proxy. • The proxy converts the WML to a more compact form known as binary WML and delivers it to the mobile user over a wireless network using the WAP protocol stack.

  4. WAP Infrastructure Fig 12.10

  5. Wireless Markup Language(WML) WML was designed to describe content and format for presenting data on devices with limited bandwidth,limited screen size and limited user input capability Features: Text and Image support Deck/card organizational metaphor support for navigation WML script

  6. References http://www.devx.com/wireless/articles/WAP/WAPIntro.asp http://wp.netscape.com/eng/ssl3/3-SPEC.HTM#7-2

  7. WAP Protocol stack

  8. WAE-WAE specifies an application framework for wireless devices. Elements: WAE user agent, Content generators, standard content encoding, Wireless telephony applications. WSP-Establish a reliable session from client to server, similar to HTTP WTP-Manages transaction by conveying requests and responses between a user agent and an application server and similar to TCP/IP WTLS-Provides security services between the mobile device and the WAP gateway. WDP-provides an interface to the bearers

  9. Wireless transport Layer Security WTLS is based on TLS,which is an refinement of Secure Socket Layer(SSL)

  10. WTLS Features Authentication- Authentication is a technique to ensure that the stated identity of the user is correct Privacy-Ensures that the data cannot be read by a third party, using encryption. Data Integrity- Ensures that the data sent between the client and the gateway are not modified, using message authentication Authorization- Process of determining whether a particular party has the right to perform a particular action. Denial-of-service protection- Detects and rejects messages that are replayed or not successfully verified.

  11. WTLS protocol stack WTLS Record Protocol WTLS Handshake protocol WTLS change Cipher protocol WTLS Alert protocol WTP WTLS RP-provides basic security services to higher layer protocols

  12. WTLS Record Protocol Operation User data Compress Add MAC Encrypt Append WTLS record header

  13. 1.The payload is compressed using a lossless compression algorithm. 2.A MAC is computed over the compressed data,using HMAC.HMAC is a keyed hash code algorithm.One of the several hash algorithm can be used with HMAC, MD-5 and SHA-1 The MAC is added after the compressed data. 3.The compressed message plus the MAC code are encrypted using a symmetric encryption algorithm 4.The record protocol prepends a header to the encrypted payload.

  14. R c s Content type L Sequence number Record length Plain text (optionally compressed) MAC (0,16or 20 bytes) WTLS Record Format - takes care of integrity and authentication encrypted R = reserved C=cipher spec indicator S=sequence number field indicator L=record length field indicator MAC=message authentication code

  15. MAC-Message Authentication Code MAC is added after the compressed data to verify that received message are authentic MAC is computed using HMAC, a keyed Hash code (one way hash function) It verify the content of the message have not been altered and the source is authentic. Secret key M || MDm H message message MDm message compare H 1.MDm=H(Sab || M) MDm Hash code(MDm)

  16. Encryption MAC code is encrypted using symmetric encryption algorithm -DES,RC5,IDEA DES-The Data Encryption Standard is a mathematical algorithm in the encrypting and decrypting of binary information. The system consists of an algorithm and a key. Key-64 bits (of this 6 bits are parity) Even with just fifty six bits there are over seventy quadrillion possible keys (simply 2^56). The digits in the key must be independently determined to take full advantage of seventy quadrillion possible keys. The government claims that short of trying all seventy quadrillion combinations there is no way to break the DES algorithm. RC5-RC5 encrypts blocks of plain text of length 32,64,or 128 bits into blocks of ciphertext of the same length.It is a variable length key and intented to provide high security IDEA-a block cipher that uses 128-bit key to encrypt data in blocks of 64 bits.

  17. Change Cipher Spec protocol • The change cipher spec message is sent by both the client and server to notify the receiving • party that subsequent records will be protected under the just-negotiated CipherSpec and keys. • The protocol consists of a single message, which is encrypted and compressed under • the current CipherSpec. The message consists of a single byte of value 1. • Separate read and write states are maintained by both the SSL client and server. • When the client or server receives a change cipher spec message, it copies the pending read • state into the current read state. When the client or server writes a change cipher spec message, • it copies the pending write state into the current write state. • The client sends a change cipher spec message following handshake key exchange • and the server sends one after successfully processing the key exchange message it received • from the client.

  18. Alert Protocol Alert Protocol is used to convey WTLS-related alerts to the peer entity.As with other applications,alert messages are compressed and encrypted as specified by the current state consists of two bytes. 1st byte- warning or critical or fatal 2st byte- specific alerts fatal alerts- If the level is fatal, WTLS immediately terminates the connection. Ex: unexpected_message, bad_record_mac, decompression_failure, handshake_failure..etc., Nonfatal alerts- bad_certificate,unsupported_certificate,certificate_revoked..etc.,

  19. Hand shake protocol

  20. Hand shake Protocol This protocol allows the server and the client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in a WTLS record. I Phase- Used to initiate logical function and establish security capabilities. II phase-Used for server authentication and key exchange III phase-Used for client authentication and key exchange IV phase- Completes the secure connection.

  21. WAP security architecture

  22. WAP GAP The WAP architecture is based on a wireless gateway (WAP gateway) that translates data from the wireless formats defined by WAP (such as WML) to the Internet formats used by Web servers (e.g. HTML).To make the translation, the WAP gateway needs access to the unsecured, plaintext data being transmitted. While many WAP gateways don't do any data translation, the deployed security protocols are defined on the basis that they do. Therefore, the WAP gateway still accesses the plaintext data. The resulting architecture does secure all transport. The WAP WTLS specification provides strong security between a WAP client and the gateway, and the gateway uses some other secure mechanism (e.g. SSL) to connect to the content server. In between those two connections, for a very brief time (milliseconds), the data is (temporarily) unsecured. This is the so-called "WAP gap." Solution: Have the company’s own gateway End-to-end security will be an option in the next version of WAP.

  23. End to End security-filling the gap

  24. WIM (WAP Identity Module) • In order to provide the user of the WML browser a secure and unique identity, the • WAP specification has added a identity Module.(used for bank transaction) • The WAP Identity Module (WIM) is used to store the cryptographic keys used in WTLS • and in the application layer. • Furthermore, all operations using these keys should be performed within the WIM so • that the keys are never exposed outside the secure environment. • These operations include: • Signing in the application layer. • Decryption when setting up a shared key as part of a secure session in WTLS. • MAC computation and verification as part of securing messages in WTLS. • Conventional encryption and decryption as part of securing messages in WTLS. • Ideally, the WIM should be implemented as an additional application on the GSM SIM card. • Such enhanced SIM cards are expected on the market in the near future.

More Related