WAP-Wireless application Protocol
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

WAP-Wireless application Protocol PowerPoint PPT Presentation


  • 122 Views
  • Uploaded on
  • Presentation posted in: General

WAP-Wireless application Protocol. WAP is a universal open standard developed by WAP Forum to provide mobile users, pagers and PDA’s access to Internet. WAP is designed to work with all wireless network technologies (GSM,TDMA,CDMA).

Download Presentation

WAP-Wireless application Protocol

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Wap wireless application protocol

WAP-Wireless application Protocol

WAP is a universal open standard developed by WAP Forum to provide mobile users, pagers and PDA’s access to Internet.

WAP is designed to work with all wireless network technologies (GSM,TDMA,CDMA).

WAP is based on existing Internet standards (TCP/IP,XML,HTML,HTTP)

WAP Gateway

A WAP Gateway is an intermediary between the Internet and the mobile network. It converts our "WAP' request into a "Web' request when we send information from a mobile phone to the Internet. On the flip side, a WAP Gateway also converts a "Web' to a "WAP' request when sending information from the Internet back to a mobile phone.


Wap architecture

WAP Architecture


How it works

How it works

  • Using WAP the mobile users can browse web content on a ordinary web server.The web provides content on an ordinary web server.

  • The web server provides content in the form of HTML code pages that are transmitted using the standard web protocol stack.

  • The HTML content must go through an HTML filter which converts HTML content into WML content.

  • If the filter is separate from proxy,HTTP is used to deliver the WML to the proxy.

  • The proxy converts the WML to a more compact form known as binary WML and delivers it to the mobile user over a wireless network using the WAP protocol stack.


Wap infrastructure

WAP Infrastructure

Fig 12.10


Wireless markup language wml

Wireless Markup Language(WML)

WML was designed to describe content and format for presenting data on devices

with limited bandwidth,limited screen size and limited user input capability

Features:

Text and Image support

Deck/card organizational metaphor

support for navigation

WML script


References

References

http://www.devx.com/wireless/articles/WAP/WAPIntro.asp

http://wp.netscape.com/eng/ssl3/3-SPEC.HTM#7-2


Wap protocol stack

WAP Protocol stack


Wap wireless application protocol

WAE-WAE specifies an application framework for wireless devices.

Elements: WAE user agent, Content generators, standard content encoding, Wireless telephony applications.

WSP-Establish a reliable session from client to server, similar to HTTP

WTP-Manages transaction by conveying requests and responses between a user agent and an application server and similar to TCP/IP

WTLS-Provides security services between the mobile device and the WAP gateway.

WDP-provides an interface to the bearers


Wap wireless application protocol

Wireless transport Layer Security

WTLS is based on TLS,which is an refinement of Secure Socket Layer(SSL)


Wap wireless application protocol

WTLS Features

Authentication- Authentication is a technique to ensure that the stated identity of the user is correct

Privacy-Ensures that the data cannot be read by a third party, using encryption.

Data Integrity-Ensures that the data sent between the client and the gateway are not modified, using message authentication

Authorization-Process of determining whether a particular party has the right to perform a particular action.

Denial-of-service protection- Detects and rejects messages that are replayed or not successfully verified.


Wtls protocol stack

WTLS protocol stack

WTLS Record Protocol

WTLS

Handshake protocol

WTLS change

Cipher protocol

WTLS Alert

protocol

WTP

WTLS RP-provides basic security services to higher layer protocols


Wtls record protocol operation

WTLS Record Protocol Operation

User data

Compress

Add MAC

Encrypt

Append WTLS

record header


Wap wireless application protocol

1.The payload is compressed using a lossless compression algorithm.

2.A MAC is computed over the compressed data,using HMAC.HMAC is a keyed hash code

algorithm.One of the several hash algorithm can be used with HMAC, MD-5 and SHA-1

The MAC is added after the compressed data.

3.The compressed message plus the MAC code are encrypted using a symmetric encryption

algorithm

4.The record protocol prepends a header to the encrypted payload.


Wtls record format

R

c

s

Content type

L

Sequence number

Record length

Plain text

(optionally compressed)

MAC (0,16or 20 bytes)

WTLS Record Format

- takes care of integrity and authentication

encrypted

R = reserved C=cipher spec indicator S=sequence number field indicator

L=record length field indicatorMAC=message authentication code


Mac message authentication code

MAC-Message Authentication Code

MAC is added after the compressed data to verify that received message are authentic

MAC is computed using HMAC, a keyed Hash code (one way hash function)

It verify the content of the message have not been altered and the source is authentic.

Secret key

M || MDm

H

message

message

MDm

message

compare

H

1.MDm=H(Sab || M)

MDm

Hash code(MDm)


Encryption

Encryption

MAC code is encrypted using symmetric encryption algorithm

-DES,RC5,IDEA

DES-The Data Encryption Standard is a mathematical algorithm in the encrypting and decrypting of binary information. The system consists of an algorithm and a key.

Key-64 bits (of this 6 bits are parity)

Even with just fifty six bits there are over seventy quadrillion possible keys (simply 2^56). The digits in the key must be independently determined to take full advantage of seventy quadrillion possible keys.

The government claims that short of trying all seventy quadrillion combinations there is no way to break the DES algorithm.

RC5-RC5 encrypts blocks of plain text of length 32,64,or 128 bits into blocks of ciphertext of the same length.It is a variable length key and intented to provide high security

IDEA-a block cipher that uses 128-bit key to encrypt data in blocks of 64 bits.


Change cipher spec protocol

Change Cipher Spec protocol

  • The change cipher spec message is sent by both the client and server to notify the receiving

  • party that subsequent records will be protected under the just-negotiated CipherSpec and keys.

  • The protocol consists of a single message, which is encrypted and compressed under

  • the current CipherSpec. The message consists of a single byte of value 1.

  • Separate read and write states are maintained by both the SSL client and server.

  • When the client or server receives a change cipher spec message, it copies the pending read

  • state into the current read state. When the client or server writes a change cipher spec message,

  • it copies the pending write state into the current write state.

  • The client sends a change cipher spec message following handshake key exchange

  • and the server sends one after successfully processing the key exchange message it received

  • from the client.


Alert protocol

Alert Protocol

Alert Protocol is used to convey WTLS-related alerts to the peer entity.As with other

applications,alert messages are compressed and encrypted as specified

by the current state

consists of two bytes.

1st byte- warning or critical or fatal

2st byte- specific alerts

fatal alerts- If the level is fatal, WTLS immediately terminates the connection.

Ex: unexpected_message, bad_record_mac, decompression_failure,

handshake_failure..etc.,

Nonfatal alerts- bad_certificate,unsupported_certificate,certificate_revoked..etc.,


Wap wireless application protocol

Hand shake protocol


Hand shake protocol

Hand shake Protocol

This protocol allows the server and the client to authenticate each other and to negotiate an

encryption and MAC algorithm and cryptographic keys to be used to protect data sent in a

WTLS record.

I Phase- Used to initiate logical function and establish security capabilities.

II phase-Used for server authentication and key exchange

III phase-Used for client authentication and key exchange

IV phase- Completes the secure connection.


Wap security architecture

WAP security architecture


Wap gap

WAP GAP

The WAP architecture is based on a wireless gateway (WAP gateway) that translates data

from the wireless formats defined by WAP (such as WML) to the Internet formats used by

Web servers (e.g. HTML).To make the translation, the WAP gateway needs access to the unsecured, plaintext data being

transmitted. While many WAP gateways don't do any data translation, the deployed security

protocols are defined on the basis that they do. Therefore, the WAP gateway still accesses the

plaintext data. The resulting architecture does secure all transport. The WAP WTLS specification provides strong security between a WAP client and the gateway,

and the gateway uses some other secure mechanism (e.g. SSL) to connect to the content server.

In between those two connections, for a very brief time (milliseconds), the data is (temporarily)

unsecured.

This is the so-called "WAP gap." Solution: Have the company’s own gateway

End-to-end security will be an option in the next version of WAP.


End to end security filling the gap

End to End security-filling the gap


Wim wap identity module

WIM (WAP Identity Module)

  • In order to provide the user of the WML browser a secure and unique identity, the

  • WAP specification has added a identity Module.(used for bank transaction)

  • The WAP Identity Module (WIM) is used to store the cryptographic keys used in WTLS

  • and in the application layer.

  • Furthermore, all operations using these keys should be performed within the WIM so

  • that the keys are never exposed outside the secure environment.

  • These operations include:

    • Signing in the application layer.

    • Decryption when setting up a shared key as part of a secure session in WTLS.

    • MAC computation and verification as part of securing messages in WTLS.

    • Conventional encryption and decryption as part of securing messages in WTLS.

  • Ideally, the WIM should be implemented as an additional application on the GSM SIM card.

  • Such enhanced SIM cards are expected on the market in the near future.


  • Login