WAP-Wireless application Protocol. WAP is a universal open standard developed by WAP Forum to provide mobile users, pagers and PDA’s access to Internet. WAP is designed to work with all wireless network technologies (GSM,TDMA,CDMA).
WAP is a universal open standard developed by WAP Forum to provide mobile users, pagers and PDA’s access to Internet.
WAP is designed to work with all wireless network technologies (GSM,TDMA,CDMA).
WAP is based on existing Internet standards (TCP/IP,XML,HTML,HTTP)
A WAP Gateway is an intermediary between the Internet and the mobile network. It converts our "WAP' request into a "Web' request when we send information from a mobile phone to the Internet. On the flip side, a WAP Gateway also converts a "Web' to a "WAP' request when sending information from the Internet back to a mobile phone.
WML was designed to describe content and format for presenting data on devices
with limited bandwidth,limited screen size and limited user input capability
Text and Image support
Deck/card organizational metaphor
support for navigation
Elements: WAE user agent, Content generators, standard content encoding, Wireless telephony applications.
WSP-Establish a reliable session from client to server, similar to HTTP
WTP-Manages transaction by conveying requests and responses between a user agent and an application server and similar to TCP/IP
WTLS-Provides security services between the mobile device and the WAP gateway.
WDP-provides an interface to the bearers
Wireless transport Layer Security devices.
WTLS is based on TLS,which is an refinement of Secure Socket Layer(SSL)
WTLS Features devices.
Authentication- Authentication is a technique to ensure that the stated identity of the user is correct
Privacy-Ensures that the data cannot be read by a third party, using encryption.
Data Integrity- Ensures that the data sent between the client and the gateway are not modified, using message authentication
Authorization- Process of determining whether a particular party has the right to perform a particular action.
Denial-of-service protection- Detects and rejects messages that are replayed or not successfully verified.
WTLS Record Protocol
WTLS RP-provides basic security services to higher layer protocols
2.A MAC is computed over the compressed data,using HMAC.HMAC is a keyed hash code
algorithm.One of the several hash algorithm can be used with HMAC, MD-5 and SHA-1
The MAC is added after the compressed data.
3.The compressed message plus the MAC code are encrypted using a symmetric encryption
4.The record protocol prepends a header to the encrypted payload.
MAC (0,16or 20 bytes)WTLS Record Format
- takes care of integrity and authentication
R = reserved C=cipher spec indicator S=sequence number field indicator
L=record length field indicator MAC=message authentication code
MAC is added after the compressed data to verify that received message are authentic
MAC is computed using HMAC, a keyed Hash code (one way hash function)
It verify the content of the message have not been altered and the source is authentic.
M || MDm
1.MDm=H(Sab || M)
MAC code is encrypted using symmetric encryption algorithm
DES-The Data Encryption Standard is a mathematical algorithm in the encrypting and decrypting of binary information. The system consists of an algorithm and a key.
Key-64 bits (of this 6 bits are parity)
Even with just fifty six bits there are over seventy quadrillion possible keys (simply 2^56). The digits in the key must be independently determined to take full advantage of seventy quadrillion possible keys.
The government claims that short of trying all seventy quadrillion combinations there is no way to break the DES algorithm.
RC5-RC5 encrypts blocks of plain text of length 32,64,or 128 bits into blocks of ciphertext of the same length.It is a variable length key and intented to provide high security
IDEA-a block cipher that uses 128-bit key to encrypt data in blocks of 64 bits.
Alert Protocol is used to convey WTLS-related alerts to the peer entity.As with other
applications,alert messages are compressed and encrypted as specified
by the current state
consists of two bytes.
1st byte- warning or critical or fatal
2st byte- specific alerts
fatal alerts- If the level is fatal, WTLS immediately terminates the connection.
Ex: unexpected_message, bad_record_mac, decompression_failure,
Nonfatal alerts- bad_certificate,unsupported_certificate,certificate_revoked..etc.,
Hand shake protocol algorithm.
This protocol allows the server and the client to authenticate each other and to negotiate an
encryption and MAC algorithm and cryptographic keys to be used to protect data sent in a
I Phase- Used to initiate logical function and establish security capabilities.
II phase-Used for server authentication and key exchange
III phase-Used for client authentication and key exchange
IV phase- Completes the secure connection.
The WAP architecture is based on a wireless gateway (WAP gateway) that translates data
from the wireless formats defined by WAP (such as WML) to the Internet formats used by
Web servers (e.g. HTML).To make the translation, the WAP gateway needs access to the unsecured, plaintext data being
transmitted. While many WAP gateways don't do any data translation, the deployed security
protocols are defined on the basis that they do. Therefore, the WAP gateway still accesses the
plaintext data. The resulting architecture does secure all transport. The WAP WTLS specification provides strong security between a WAP client and the gateway,
and the gateway uses some other secure mechanism (e.g. SSL) to connect to the content server.
In between those two connections, for a very brief time (milliseconds), the data is (temporarily)
This is the so-called "WAP gap." Solution: Have the company’s own gateway
End-to-end security will be an option in the next version of WAP.