1 / 13

Wireless Web Services Security

Wireless Web Services Security. Christopher Lo. Overview. Main differences between wired and wireless web services Network connection method Format supported on mobile devices Size of screen on mobile devices Mobile Devices PDAs – Wireless LAN Mobile phones – WAP & WML. Wireless LAN.

gil
Download Presentation

Wireless Web Services Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Web Services Security Christopher Lo

  2. Overview • Main differences between wired and wireless web services • Network connection method • Format supported on mobile devices • Size of screen on mobile devices • Mobile Devices • PDAs – Wireless LAN • Mobile phones – WAP & WML

  3. Wireless LAN • Most PDAs can handle 802.11i technology allowing them to access web services through wireless LAN • Issues with Wireless LAN • Uncontrolled range with radio signal • Exposed setup allows for drive by hacking • Constantly Changing IPs

  4. Wireless LAN Encryption Standards • WEP - Wired Equivalent Privacy • WPA - WiFi Protected Access • RSN - Robust Security Network

  5. WEP • The most problematic of the three • UC Berkley’s study has shown the RC4 stream cipher can be broken using a series of computation. • Small keys and need to manually change keys poses maintenance problems • Dictionary attacks can find keys

  6. WPA • Compatible with existing 802.11i • Temporal Key Integrity Protocol (TKIP) • Uses a master key to create encryption values which are then changed and automatically distributed. • Key mixing for each packet • A 64-bit message integrity code • Offers the means to re-key the packet.

  7. RSN • Encrypts with AES-CCMP (AES Counter-Mode Cipher Block Chaining Message Authentication Code Protocol) • TKIP is used to handle the older systems • User authentication and key management is handled using the IEEE 802.1x Port Based Network Authentication • Authentication system is based on Extensible Authentication Protocol (EAP). • The authentication server is located on the wired network and may also be the same as the Remote Authentication Dial-In User Service (RADIUS).

  8. WML • Mobile phones are primarily restricted to WAP for accessing web services • Older mobile phones are mostly restricted to black and white screens. • Size restrictions even with colored screens • WML is the primary format for wireless web services • WML is an XML application but with much less the processing power • Limited user input available

  9. XML to WML • Most companies write their own WML versions of the web service • Translation should be moved to the portal/web server (Phone.com, SprintPCS, etc) • IBM WebSphere currently supports translation to WML

  10. WAP • Wireless Application Protocol • WAP Gateway – translates WTLS to SSL

  11. WAP Server The WTLS support is built into the web server

  12. Issues with XML • Size is generally too large for mobile devices • Increased size = Increased airtime • Problem with constantly changing IPs • Need for compression before encryption

  13. Other Concerns: Tracking Web Services • FollowUs, Fleetstar-Online, & Kids OK • Rely on tracking GSM or GPS • A cell ID must first be registered with a service in order to be tracked. • GPS tracking relies on 24 civilian usable satellites that circle the earth. • Assisted GPS system (AGPS) • GSM - the SIM card is tracked instead of the actual phone. • The legal stipulations are mapped out in a set of Code of Practices.

More Related