WAP Overview - PowerPoint PPT Presentation

Wap overview
1 / 63

  • Uploaded on
  • Presentation posted in: General

WAP Overview. CSCI 5939.02 – Independent Study Fall 2002 Yasir Zahur Presentation No 1. Agenda. Background / Motivation Architectural Overview Protocol Layers Push Technology Current WAP Status Security Limitations. Lessons from the World Wide Web. WWW Limitations

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

WAP Overview

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Wap overview

WAP Overview

CSCI 5939.02 – Independent Study

Fall 2002

Yasir Zahur

Presentation No 1



  • Background / Motivation

  • Architectural Overview

  • Protocol Layers

  • Push Technology

  • Current WAP Status

  • Security Limitations

Lessons from the world wide web

Lessons from the World Wide Web

  • WWW Limitations

    • Requires at least some computer skills

    • If you don’t already own a computer, entrance costs are relatively high

  • However it would be foolish on the other extreme to ignore the Internet as a mean of data transportation

Wireless industry before 1998 some serious problems

Wireless Industry Before 1998(Some serious problems)

  • Handheld mobile devices could access network based content but the technologies were incompatible

  • Not much use of existing Internet infrastructure

  • No single global standard for data access for all handheld mobile devices

Searching for the answer

Searching for the answer…

  • Omnipoint issues a tender for the definition of a common standard for the supply of mobile information services, early 1997

  • WAP Forum founded by Ericsson, Nokia, Motorola and Phone.com.

    • Importance of a common technical base was realized

    • Strong belief that existing technology did not meet the needs of the market

Searching for the answer cont

Searching for the answer…(cont)

  • Work started June, 1997

  • Architecture published September, 1997

  • Membership opened in January, 1998

  • Draft specifications published January, 1998

  • WAP 1.0 available April 30, 1998

What is wap

What is WAP?

WAP is an effort, with broad industry support, to define a standard for communicating Internet – type information to devices that have roughly the same form factor and processing power as the average mobile telephone.

What sort of devices is wap designed for

What sort of devices is WAP designed for?

  • Primarily includes mobile phones, pagers and PDAs

  • Low bandwidth and high latency environments

  • Unpredictable stability and availability

  • Limited processing power and battery life

  • Less memory (ROM and RAM)

  • Smaller displays

Wap architectural objectives

WAP Architectural Objectives

  • Create global wireless protocol specifications that work across differing wireless technologies

  • Facilitate network-operator and third party service provisioning

  • Define a layered, scalable and extensible architecture

  • Bring Internet/Intranet information and advanced data services to wireless terminals

  • Optimize for efficient use of device resources

Wap architectural objectives cont

WAP Architectural Objectives (cont)

  • Provide support for secure applications and communication

  • Embrace and extend existing standards where possible

  • Optimize for efficient use of device resources

  • Optimize for narrowband bearers with potentially high latency

  • Enable personalization and customization of the device, the content delivered to it and presentation of the content

The world wide web model

The World – Wide Web Model

  • WWW standards specify many mechanisms to build a general purpose application environment including:

    • Standard naming model

    • Content typing

    • Standard content formats

    • Standard protocols

The world wide web model cont

The World – Wide Web Model (cont)

The wap model

The WAP Model

  • Based on WWW programming model

    • stable architecture

    • ability to embrace and enhance existing tools including web-servers, XML tools etc

  • Enhancements

    • Push technology

    • Telephony Support (WTA)

The wap model cont

The WAP Model (cont)

  • Components that enable communication between mobile terminals and network servers include:

    • Standard naming model

    • Content typing

    • Standard content formats

    • Standard communication protocols

The wap model cont based on version 30 apr 1998

The WAP Model (cont)Based on Version 30-Apr-1998

Wap proxy

WAP Proxy

  • WAP Architectural specification (version 12-July-2001) specifies the term WAP Proxy.

  • WAP utilizes proxy technology to optimize and enhance the connection between wireless domain and WWW. WAP proxy provides various functions including:

Wap proxy cont

WAP Proxy (cont)

  • Protocol Gateway: Translates requests from a wireless protocol stack to the WWW protocols. Also performs DNS look up

  • Content Encoders and Decoders:Translate WAP content into a compact format due to slow underlying wireless link and vice versa

  • User Agent Profile Management:Enable personalization and customization of the device

  • Caching proxy:Improves perceived performance and network utilization by maintaining a cache of frequently accessed resources

Wap client

WAP Client

  • Primarily include wireless phones, PDAs and pagers

  • Beginning to support more memory, faster processing power and longer battery life

  • Contains a user agent or a mini-browser that implements WAE specification and can execute any WAP compliant application.

  • Available in thousands of different models and types. A WAP compliant application written once can reach and be executed on all of theses devices

Application servers

Application Servers

  • Real power of WAP lies in the fact that it leverages existing Internet infrastructure to extend reach of applications to millions of users with wireless devices

  • Application servers typically consist of three tiers:

    • Web Server; understands HTTP protocol and responds to HTTP requests from the clients. E.g. Apache, iPlanet, Microsoft IIS etc

    • Application Server; encodes elements like personalization, commerce, security and data persistence logic. E.g. iPlanet, WebLogic etc

    • Database Server; used for persistence storage of application data. E.g. Oracle, Sybase, Informix etc

The wap model based on version 12 july 2001

The WAP Model Based on Version 12-July-2001

Supporting servers

Supporting Servers

Typical wap network

Typical WAP Network

Wap architecture protocols based on version 30 apr 1998

WAP Architecture (protocols)Based on Version 30-Apr-1998

Comparison between web and wap architectures

Comparison between Web and WAP Architectures

Wap architecture protocols based on version 12 july 2001

WAP Architecture (protocols)Based on Version 12-July-2001

Bearer networks

Bearer Networks

  • WAP specification is air-interface independent

  • WAP specification is intended to sit on top of existing bearer channel standards so that any bearer standard can be used with the WAP protocols to implement complete product solutions

  • WAP operates over different bearer services including short message, circuit-switched data and packet data

  • Since bearers offer service of varying throughput, delays and error rate, WAP protocols are designed to compensate for or tolerate these varying level of services

Bearer networks cont

Bearer Networks (cont)

  • Some of the common bearers are:

    • SMS (Short Message Service); stateless and one of the slowest bearers. Each SMS message is broken down into a short message of maximum 160 characters, no session maintenance

    • CSD (Circuit Switched Data); uses circuit switching to establish connection with WAP gateway at around 9600bps; much faster than SMS

    • USSD (Unstructured supplementary Services Data); messages of maximum 182 characters; session based

    • GPRS (General Packet Radio Service); one of the fastest bearers; uses packet based data transmission with speeds of up to 171.2 kbps

Transport services layer

Transport Services Layer

  • Offers set of consistent services to upper layer protocols and maps those services to available bearer services.

  • Transport services include:

    • Datagrams; provides a connectionless, unreliable datagram service where each datagram is routed independently. WDP and UDP are the two protocols used. WDP is replaced by UDP when used over an IP network layer i.e WDP over IP is UDP/IP

    • Connections; provides data transport service in which communications proceed in three phases: connection establishment, two way reliable data transfer and connection release. TCP (usually profiled) is used to provide connection transport service

Transfer services

Transfer Services

  • Provides for structured transfer of information

  • Transfer services include:

    • Hypermedia Transfer: WSP and WTP provide the hypermedia transfer service over secure and non-secure datagram transports. HTTP provides same service over secure and non-secure connection oriented transports

    • Streaming: provides a mean for transferring isochronous data such as audio and video

    • Message Transfer: provides mean to transfer asynchronous multimedia messages like email or instant messages

Wireless transaction protocol wtp based on version 30 apr 1998

Wireless Transaction Protocol (WTP)Based on Version 30-Apr-1998

  • Three classes of transaction service

    • Unreliable one-way requests,

    • Reliable one-way requests,

    • Reliable two-way request-reply transactions

  • Use of unique transaction identifiers, acknowledgements, duplicate removal and retransmissions

  • PDU concatenation and delayed acknowledgment to reduce the number of messages sent

  • Optional user to user reliability – WTP triggers the confirmation of each received message

  • Asynchronous transactions

Session services

Session Services

  • Provide for the establishment of shared state between network elements that span multiple network requests or data transfers. It includes:

    • Capability Negotiation; includes specifications for describing, transmitting and managing capabilities and preference information about the client, user and network elements

    • Push-OTA; provides for network initiated transactions to be delivered to wireless devices

    • Sync; provides for synchronization of replicated data

    • Cookies; allows applications to establish state on the client or proxy that survives multiple hypermedia transfer transactions

Wireless session protocol wsp based on version 30 apr 1998

Wireless Session Protocol (WSP)Based on Version 30-Apr-1998

  • Provides WAE with a consistent interface for two session services:

    • Connection oriented service over WTP

    • Connectionless service over secure and non-secure WDP

  • Long lived session state

  • Common facility for reliable and unreliable data push

  • HTTP/1.1 functionality and semantics in a compact over-the-air encoding

  • Provides for session suspend/resume

Application framework

Application Framework

  • Primary objective is to establish an interoperable environment that will allow operators and service providers to build applications and services that can reach a wide variety of different wireless platforms in an efficient and useful manner. It includes:

    • WAE/WTA User-Agent; WAE is a micro-browser environment containing WML, XHTML, WML Script, WTA, WTAI all optimized for handheld devices

    • Content Formats; WAE includes support for color, audio, video, images, phone book records, animation etc

Application framework cont

Application Framework (cont)

  • Push; provides a general mechanism for the network to initiate the transmission of data to applications resident on WAP devices

  • Multimedia Messaging; Multimedia Message Service (MMS) provides for the transfer and processing of multimedia messages such as email and instant messages to WAP devices

Security services

Security Services

  • Privacy; to ensure that communication is private and cannot be understood by any eavesdropper

  • Authentication; to establish the authenticity of parties to the communication

  • Integrity; to ensure that communication is unchanged and uncorrupted

  • Non-Repudiation; to ensure that parties cannot

    deny that communication took place

  • Some examples include Authentication, Cryptographic Libraries, Identity, PKI, Secure Transport and Secure Bearer

Service discovery

Service Discovery

  • Services are found at many layers. These include:

    • External Functionality Interface (EFI); allows applications to discover what external functions/services are available on the device

    • Provisioning; allows a device to be provisioned with the parameters necessary to access network services

    • Navigation Discovery; allows a device to discover new network services

    • Service Lookup; provides for the discovery of a service’s parameters through a directory lookup by name

Wap 1 x gateway

WAP 1.x Gateway

WAP 1.x Gateway

Wap overview

WAP HTTP Proxy with Profiled TCP and HTTPwireless profiled versions are interoperable with TCP and HTTP

Wap overview

Direct Accesswireless optimizations as defined by the Wireless Profiles for TCP and HTTP may not be available

Dual stack support useful when a device needs to interoperate with both old and new wap servers

Dual Stack Supportuseful when a device needs to interoperate with both old and new WAP servers

Push architecture

Push Architecture

  • Normal client–server model is ‘pull’ technology. E.g. browsing the world wide web

  • In ‘push’ technology, there is no explicit request from the client before the server transmits its contents. E.g. SMS

  • Extremely beneficial for time and location based services. E.g. to get traffic alerts up ahead on the highway, weather alerts, listing of nearby restaurants etc

Pull vs push

Pull vs. Push

The push framework

The Push Framework

The push framework cont ppg usually needs wap gateway to communicate with cellular network

The Push Framework (cont)PPG usually needs WAP Gateway to communicate with cellular network

Push initiator pi

Push Initiator (PI)

  • Responsible for generating the message to be pushed and passing it on to PPG.

  • Messages are all XML based

  • Commonly HTTP Post mechanism is used for communication between PI and PPG

  • Responsible for authenticating itself with the PPG usually using X.509 based digital client certificates

  • Also responsible for managing the workflow of the push messages

Push proxy gateway ppg

Push Proxy Gateway (PPG)

  • Acts as access point for content pushes from Internet to the mobile network

  • PI identification and authentication

  • Parsing of and error detection in push content

  • Translates client address provided by PI into a format understood by mobile network

  • Store the content if client is currently unavailable

  • Notify PI about final outcome of push a submission

  • Protocol conversion

Push access protocol pap

Push Access Protocol (PAP)

  • XML based communication protocol by which a PI pushes content to mobile network addressing its PPG

  • Can be transported over virtually any protocol that allows MIME types to be transported over the Internet

  • Supports following operations:

    • Push Submission (PI to PPG)

    • Result Notification (PPG to PI)

    • Push Cancellation (PI to PPG)

    • Push Replacement (PI to PPG)

    • Status Query (PI to PPG)

    • Client Capabilities Query (PI to PPG)

Push over the air protocol

Push Over-The-Air Protocol

  • Responsible for transporting content from the PPG to the client and its user agents

  • Provides both connectionless (mandatory) and connection-oriented (optional) services

  • Connectionless service relies upon WSP

  • Connection-oriented service may be provided in conjunction with WSP (OTA-WSP) and HTTP (OTA-HTTP)

Current successes

Current Successes

  • Over 18 million WAP users (Cahners-In-Stat / Gartner Dataquest / Strategis, eTforecasts)

  • Close to 200 carriers deployed or in final testing (Mobile Lifestreams)

  • 50 million WAP-enabled handsets shipped worldwide (International Data Corp)

  • Tens of thousands of developers creating apps and content (WAP Forum)

  • 12,000 WAP sites from 100+ countries (Cellmania.com)

  • 7.8 million WAP-readable pages (Pinpoint Networks

Consumer successes

Consumer Successes

  • Sprint “wireless Web” users reached 1.3 M in 1Q01

  • Telesp Celular - 323,000 out of 623,000 subscribers with WAP-enabled phone accessed WAP services (EYO2000)

  • Digital Bridges – 30 Million hits on WAP game site from 1 Million games played in a six month period

The survey facts

The Survey FACTS

  • Survey of 500+ users in Scandinavia:

    • 61% of WAP users: satisfied with their WAP experience (Strand Consult)

  • Survey of 250 users in UK (on all networks)

    • 71% of WAP users: WAP is meeting or exceeding expectations (Teleconomy)

Wap 2 0 launched july 31 2001

WAP 2.0Launched July 31, 2001

  • What the Developers see:

    • XHTML (fully backwards compatible)

    • TCP

  • Supported User Features:

    • Color Graphics

    • Animation

    • Large File Downloading

    • Location-Smart Services

    • Pop-up/Context Sensitive Menus

    • Data Synchronization with Desktop PIM

Wap roadmap 1999 2001

WAP Roadmap 1999-2001

Secure from day one

Secure From Day One

  • Security meets most extreme demands

    • End-to-end encryption

    • Supports PKI (new in 2.0)

    • Secure proxies in handset and gateway

    • Transactions are as secure as PC sites

A secure foundation for wireless commerce

A Secure Foundation For Wireless Commerce

  • Transactions demanding security already happening over WAP

    • Banking (Citicorp, Deutche, Allied Irish Bank, Schwab)

    • Finance (Abbey National and Halifax Bank mortgages online)

    • M-Commerce (Amazon.com, MySimon)

  • Basing their future mobile commerce plans on WAP:

    • Certicom, VeriSign, Entrust.com

Security loop holes a generic m commerce transaction using wap

Security Loop HolesA generic m-commerce transaction using WAP

Security loop holes cont security zones showing standard security services wtls and tsl

Security Loop Holes (cont)Security zones showing standard security services (WTLS and TSL)

Security loop holes cont

Security Loop Holes (cont)

  • Data flows between WAP device and application server through WAP gateway

  • All TSL/SSL encrypted content is decrypted at the WAP gateway before being re-encrypted using WTLS for transmission over wireless network and vice versa

  • Thus data exists in the memory of gateway for a brief period of time in human-readable plain text format……….SECURITY RISK

  • Conversion between WTLS and TLS is one of the most controversial features of the WAP gateway because it violates the concept of end-to-end security between the WAP client and the application or content server

Proposed solutions

Proposed Solutions

  • Host the gateway within the secure intranet of application server

    • However users need to configure their WAP devices to communicate with the new gateway

  • Application level security on top of WAP

    • Introduce security at a software layer above WAP and consider WAP merely as a potential insecure communication means.

    • Security is solely taken care of by means of dedicated software running at two ends i.e. mobile phone and web server

    • No use of WAP security features neutralizes most of optimizations offered by WAP gateway including data conversion and compression to accommodate for the limited bandwidth

Proposed solutions cont

Proposed Solutions (cont)

  • Enabling Internet on the Mobile Device

    • Proposed by WAP Forum for WAP 2.0

    • Re-design the WAP protocol to not to use a gateway

    • Employ the existing Internet standards, including TCP for entire wired and wireless part of a connection

    • Disregarding WAP gateway makes it possible to attain same high level of security for an m-commerce transaction as an e-commerce transaction on ordinary web using end-to-end encryption

    • However this change will cause compatibility problems and will neutralize optimizations offered by WAP gateway

Proposed solutions cont hosting the gateway within the secure intranet of application server

Proposed Solutions (cont)Hosting the gateway within the secure intranet of application server

Proposed solutions cont application level security on top of wap

Proposed Solutions (cont)Application Level Security on Top of WAP



[1] Technical specifications and presentations by Scott Goldman


[2] Damon Hougland, Khurram Zafar.2001. essential WAP FOR WEB PROFESSIONALS. Upper Saddle River (NJ): Prentice Hall; 234 p.

[3] Wei Meng, Soo Mee, Karli Watson, Ted Wugofski. 2000. Beginning WAP, WML & WMLScript. Birmigham (UK): Wrox Press; 650p

[4] Niels Christian Juul and Niels Jorgensen

“Security Limitations in the WAP Architecture”

Position Paper

[5] Presentation by Bruce Martin


[6] Presentation by Owen Sullivan


  • Login