网络安全-16-无线网络安全.ppt

Authentication in the WTLS is carried out with certificates. Authentication can occur between the client and the server or the client only authenticates the server. The latter procedure can happen only if the server allows it to occur. The server can require the client to authenticate itself to the server. However, the WTLS specification defines that authentication is an optional procedure. Currently, X.509v3, X9.68 and WTLS certificates are supported. The WTLS certificate is optimized for size. The purpose of the WTLS protocol is for the client and server to generate a mutually shared pre-master key. This key is then used to generate as master key. A number of key exchange protocols are supported by WTLS. They can be grouped into those protocols that include a server_key_exchange message as part of the handshake protocol (see Figure 17.18 on previous slide) and those that dont. The server_key_exchange message is sent by the server only when the server certificate message (if sent) does not contain enough data to allow the client to exchange a pre-master secret, including for conventional Diffie-Hellman performed anonymously, elliptic curve Diffie-Hellman, or RSA key exchange without authentication. The server key exchange message is not sent for Elliptic curve Diffie-Hellman key exchange with ECDSA-based certificate, or for RSA key exchange with RSA based certificates. * The WTLS Pseudorandom Function (PRF) is used for a number of purposes. The PRF takes as input a secret value, a seed, and an identifying label, and produces an output of arbitrary length. WTLS PRF is implemented using only one hash algorithm (unlike TLS). Which hash algorithm is actually used, is agreed during the handshake as a part of the cipher spec. The PRF is based on a HMAC based data expansion function. See text for details. Master Key Generation of the shared master secret, a one-time 20-byte value (160 bits) generated for this session by means of secure key exchange. First, a pre_master_se