Security-in- W- A- P-and- W- T- S- L- By- Yun- Zhou课件.pptVIP

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security in WAP and WTSL By Yun Zhou * 。 Overview of WAP (Wireless Application Protocol) Proposed by the WAP Forum (P, Ericsson, Nokia, Motorola) in 1997. A wireless communication model, similar to the ISO OSI model An application environment for deploying wireless services regardless of different types of services, wireless bearers, and devices. WAP provides a series of security measures However, there are still various security loopholes in WAP. * 。 WAP Architecture Components: WAP device (cell phone), WAP client/browser, User agent, Network operator (companies that provides bearer services), Bearer services (SMS, CDMA…), Application server * 。 WAP Protocols Recall the ISO OSI model: WAE (Wireless Application Environment): WML, WMLScript WSP (Wireless Session Protocol) and WTP (Wireless Transaction Protocol): together provide session layer services connection oriented sessions or connectionless sessions. Reliable sessions can be resumed. WTLS (Wireless Transport Layer Security) (Optional) * 。 Overview of WTLS Based on TLS Provides client-server mutual authentication, privacy, data integrity, non-repudiation But not the same as TLS Modifications due to Narrow-bandwidth communication channel Much less processing power Much less memory High loss ratio Unexpected disconnections Restrictions on exported encryption algorithms Built on top of WDP and UDP (unreliable data transfer) More security problems * 。 WTLS Sub-Protocols WTLS contains four sub-protocols: Handshake protocol: Client and server negotiate over the security parameters to be used for later message exchanges Alert protocol: Specifies the types of alerts and how to handle them. warning, critical, fatal Alerts can be sent by either the client or the server. Application protocol: interface for the upper layer Change Cipher Spec Protocol: Usually used towards the end of the handshake when the negotiat