wap overview n.
Skip this Video
Download Presentation
WAP Overview

Loading in 2 Seconds...

play fullscreen
1 / 63

WAP Overview - PowerPoint PPT Presentation

  • Uploaded on

WAP Overview. CSCI 5939.02 – Independent Study Fall 2002 Yasir Zahur Presentation No 1. Agenda. Background / Motivation Architectural Overview Protocol Layers Push Technology Current WAP Status Security Limitations. Lessons from the World Wide Web. WWW Limitations

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'WAP Overview' - zia-wells

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
wap overview
WAP Overview

CSCI 5939.02 – Independent Study

Fall 2002

Yasir Zahur

Presentation No 1

  • Background / Motivation
  • Architectural Overview
  • Protocol Layers
  • Push Technology
  • Current WAP Status
  • Security Limitations
lessons from the world wide web
Lessons from the World Wide Web
  • WWW Limitations
    • Requires at least some computer skills
    • If you don’t already own a computer, entrance costs are relatively high
  • However it would be foolish on the other extreme to ignore the Internet as a mean of data transportation
wireless industry before 1998 some serious problems
Wireless Industry Before 1998(Some serious problems)
  • Handheld mobile devices could access network based content but the technologies were incompatible
  • Not much use of existing Internet infrastructure
  • No single global standard for data access for all handheld mobile devices
searching for the answer
Searching for the answer…
  • Omnipoint issues a tender for the definition of a common standard for the supply of mobile information services, early 1997
  • WAP Forum founded by Ericsson, Nokia, Motorola and Phone.com.
    • Importance of a common technical base was realized
    • Strong belief that existing technology did not meet the needs of the market
searching for the answer cont
Searching for the answer…(cont)
  • Work started June, 1997
  • Architecture published September, 1997
  • Membership opened in January, 1998
  • Draft specifications published January, 1998
  • WAP 1.0 available April 30, 1998
what is wap
What is WAP?

WAP is an effort, with broad industry support, to define a standard for communicating Internet – type information to devices that have roughly the same form factor and processing power as the average mobile telephone.

what sort of devices is wap designed for
What sort of devices is WAP designed for?
  • Primarily includes mobile phones, pagers and PDAs
  • Low bandwidth and high latency environments
  • Unpredictable stability and availability
  • Limited processing power and battery life
  • Less memory (ROM and RAM)
  • Smaller displays
wap architectural objectives
WAP Architectural Objectives
  • Create global wireless protocol specifications that work across differing wireless technologies
  • Facilitate network-operator and third party service provisioning
  • Define a layered, scalable and extensible architecture
  • Bring Internet/Intranet information and advanced data services to wireless terminals
  • Optimize for efficient use of device resources
wap architectural objectives cont
WAP Architectural Objectives (cont)
  • Provide support for secure applications and communication
  • Embrace and extend existing standards where possible
  • Optimize for efficient use of device resources
  • Optimize for narrowband bearers with potentially high latency
  • Enable personalization and customization of the device, the content delivered to it and presentation of the content
the world wide web model
The World – Wide Web Model
  • WWW standards specify many mechanisms to build a general purpose application environment including:
    • Standard naming model
    • Content typing
    • Standard content formats
    • Standard protocols
the wap model
The WAP Model
  • Based on WWW programming model
    • stable architecture
    • ability to embrace and enhance existing tools including web-servers, XML tools etc
  • Enhancements
    • Push technology
    • Telephony Support (WTA)
the wap model cont
The WAP Model (cont)
  • Components that enable communication between mobile terminals and network servers include:
    • Standard naming model
    • Content typing
    • Standard content formats
    • Standard communication protocols
wap proxy
WAP Proxy
  • WAP Architectural specification (version 12-July-2001) specifies the term WAP Proxy.
  • WAP utilizes proxy technology to optimize and enhance the connection between wireless domain and WWW. WAP proxy provides various functions including:
wap proxy cont
WAP Proxy (cont)
  • Protocol Gateway: Translates requests from a wireless protocol stack to the WWW protocols. Also performs DNS look up
  • Content Encoders and Decoders:Translate WAP content into a compact format due to slow underlying wireless link and vice versa
  • User Agent Profile Management:Enable personalization and customization of the device
  • Caching proxy:Improves perceived performance and network utilization by maintaining a cache of frequently accessed resources
wap client
WAP Client
  • Primarily include wireless phones, PDAs and pagers
  • Beginning to support more memory, faster processing power and longer battery life
  • Contains a user agent or a mini-browser that implements WAE specification and can execute any WAP compliant application.
  • Available in thousands of different models and types. A WAP compliant application written once can reach and be executed on all of theses devices
application servers
Application Servers
  • Real power of WAP lies in the fact that it leverages existing Internet infrastructure to extend reach of applications to millions of users with wireless devices
  • Application servers typically consist of three tiers:
    • Web Server; understands HTTP protocol and responds to HTTP requests from the clients. E.g. Apache, iPlanet, Microsoft IIS etc
    • Application Server; encodes elements like personalization, commerce, security and data persistence logic. E.g. iPlanet, WebLogic etc
    • Database Server; used for persistence storage of application data. E.g. Oracle, Sybase, Informix etc
bearer networks
Bearer Networks
  • WAP specification is air-interface independent
  • WAP specification is intended to sit on top of existing bearer channel standards so that any bearer standard can be used with the WAP protocols to implement complete product solutions
  • WAP operates over different bearer services including short message, circuit-switched data and packet data
  • Since bearers offer service of varying throughput, delays and error rate, WAP protocols are designed to compensate for or tolerate these varying level of services
bearer networks cont
Bearer Networks (cont)
  • Some of the common bearers are:
    • SMS (Short Message Service); stateless and one of the slowest bearers. Each SMS message is broken down into a short message of maximum 160 characters, no session maintenance
    • CSD (Circuit Switched Data); uses circuit switching to establish connection with WAP gateway at around 9600bps; much faster than SMS
    • USSD (Unstructured supplementary Services Data); messages of maximum 182 characters; session based
    • GPRS (General Packet Radio Service); one of the fastest bearers; uses packet based data transmission with speeds of up to 171.2 kbps
transport services layer
Transport Services Layer
  • Offers set of consistent services to upper layer protocols and maps those services to available bearer services.
  • Transport services include:
    • Datagrams; provides a connectionless, unreliable datagram service where each datagram is routed independently. WDP and UDP are the two protocols used. WDP is replaced by UDP when used over an IP network layer i.e WDP over IP is UDP/IP
    • Connections; provides data transport service in which communications proceed in three phases: connection establishment, two way reliable data transfer and connection release. TCP (usually profiled) is used to provide connection transport service
transfer services
Transfer Services
  • Provides for structured transfer of information
  • Transfer services include:
    • Hypermedia Transfer: WSP and WTP provide the hypermedia transfer service over secure and non-secure datagram transports. HTTP provides same service over secure and non-secure connection oriented transports
    • Streaming: provides a mean for transferring isochronous data such as audio and video
    • Message Transfer: provides mean to transfer asynchronous multimedia messages like email or instant messages
wireless transaction protocol wtp based on version 30 apr 1998
Wireless Transaction Protocol (WTP)Based on Version 30-Apr-1998
  • Three classes of transaction service
    • Unreliable one-way requests,
    • Reliable one-way requests,
    • Reliable two-way request-reply transactions
  • Use of unique transaction identifiers, acknowledgements, duplicate removal and retransmissions
  • PDU concatenation and delayed acknowledgment to reduce the number of messages sent
  • Optional user to user reliability – WTP triggers the confirmation of each received message
  • Asynchronous transactions
session services
Session Services
  • Provide for the establishment of shared state between network elements that span multiple network requests or data transfers. It includes:
    • Capability Negotiation; includes specifications for describing, transmitting and managing capabilities and preference information about the client, user and network elements
    • Push-OTA; provides for network initiated transactions to be delivered to wireless devices
    • Sync; provides for synchronization of replicated data
    • Cookies; allows applications to establish state on the client or proxy that survives multiple hypermedia transfer transactions
wireless session protocol wsp based on version 30 apr 1998
Wireless Session Protocol (WSP)Based on Version 30-Apr-1998
  • Provides WAE with a consistent interface for two session services:
    • Connection oriented service over WTP
    • Connectionless service over secure and non-secure WDP
  • Long lived session state
  • Common facility for reliable and unreliable data push
  • HTTP/1.1 functionality and semantics in a compact over-the-air encoding
  • Provides for session suspend/resume
application framework
Application Framework
  • Primary objective is to establish an interoperable environment that will allow operators and service providers to build applications and services that can reach a wide variety of different wireless platforms in an efficient and useful manner. It includes:
    • WAE/WTA User-Agent; WAE is a micro-browser environment containing WML, XHTML, WML Script, WTA, WTAI all optimized for handheld devices
    • Content Formats; WAE includes support for color, audio, video, images, phone book records, animation etc
application framework cont
Application Framework (cont)
  • Push; provides a general mechanism for the network to initiate the transmission of data to applications resident on WAP devices
  • Multimedia Messaging; Multimedia Message Service (MMS) provides for the transfer and processing of multimedia messages such as email and instant messages to WAP devices
security services
Security Services
  • Privacy; to ensure that communication is private and cannot be understood by any eavesdropper
  • Authentication; to establish the authenticity of parties to the communication
  • Integrity; to ensure that communication is unchanged and uncorrupted
  • Non-Repudiation; to ensure that parties cannot

deny that communication took place

  • Some examples include Authentication, Cryptographic Libraries, Identity, PKI, Secure Transport and Secure Bearer
service discovery
Service Discovery
  • Services are found at many layers. These include:
    • External Functionality Interface (EFI); allows applications to discover what external functions/services are available on the device
    • Provisioning; allows a device to be provisioned with the parameters necessary to access network services
    • Navigation Discovery; allows a device to discover new network services
    • Service Lookup; provides for the discovery of a service’s parameters through a directory lookup by name
wap 1 x gateway
WAP 1.x Gateway

WAP 1.x Gateway

WAP HTTP Proxy with Profiled TCP and HTTPwireless profiled versions are interoperable with TCP and HTTP
Direct Accesswireless optimizations as defined by the Wireless Profiles for TCP and HTTP may not be available
push architecture
Push Architecture
  • Normal client–server model is ‘pull’ technology. E.g. browsing the world wide web
  • In ‘push’ technology, there is no explicit request from the client before the server transmits its contents. E.g. SMS
  • Extremely beneficial for time and location based services. E.g. to get traffic alerts up ahead on the highway, weather alerts, listing of nearby restaurants etc
push initiator pi
Push Initiator (PI)
  • Responsible for generating the message to be pushed and passing it on to PPG.
  • Messages are all XML based
  • Commonly HTTP Post mechanism is used for communication between PI and PPG
  • Responsible for authenticating itself with the PPG usually using X.509 based digital client certificates
  • Also responsible for managing the workflow of the push messages
push proxy gateway ppg
Push Proxy Gateway (PPG)
  • Acts as access point for content pushes from Internet to the mobile network
  • PI identification and authentication
  • Parsing of and error detection in push content
  • Translates client address provided by PI into a format understood by mobile network
  • Store the content if client is currently unavailable
  • Notify PI about final outcome of push a submission
  • Protocol conversion
push access protocol pap
Push Access Protocol (PAP)
  • XML based communication protocol by which a PI pushes content to mobile network addressing its PPG
  • Can be transported over virtually any protocol that allows MIME types to be transported over the Internet
  • Supports following operations:
    • Push Submission (PI to PPG)
    • Result Notification (PPG to PI)
    • Push Cancellation (PI to PPG)
    • Push Replacement (PI to PPG)
    • Status Query (PI to PPG)
    • Client Capabilities Query (PI to PPG)
push over the air protocol
Push Over-The-Air Protocol
  • Responsible for transporting content from the PPG to the client and its user agents
  • Provides both connectionless (mandatory) and connection-oriented (optional) services
  • Connectionless service relies upon WSP
  • Connection-oriented service may be provided in conjunction with WSP (OTA-WSP) and HTTP (OTA-HTTP)
current successes
Current Successes
  • Over 18 million WAP users (Cahners-In-Stat / Gartner Dataquest / Strategis, eTforecasts)
  • Close to 200 carriers deployed or in final testing (Mobile Lifestreams)
  • 50 million WAP-enabled handsets shipped worldwide (International Data Corp)
  • Tens of thousands of developers creating apps and content (WAP Forum)
  • 12,000 WAP sites from 100+ countries (Cellmania.com)
  • 7.8 million WAP-readable pages (Pinpoint Networks
consumer successes
Consumer Successes
  • Sprint “wireless Web” users reached 1.3 M in 1Q01
  • Telesp Celular - 323,000 out of 623,000 subscribers with WAP-enabled phone accessed WAP services (EYO2000)
  • Digital Bridges – 30 Million hits on WAP game site from 1 Million games played in a six month period
the survey facts
The Survey FACTS
  • Survey of 500+ users in Scandinavia:
    • 61% of WAP users: satisfied with their WAP experience (Strand Consult)
  • Survey of 250 users in UK (on all networks)
    • 71% of WAP users: WAP is meeting or exceeding expectations (Teleconomy)
wap 2 0 launched july 31 2001
WAP 2.0Launched July 31, 2001
  • What the Developers see:
    • XHTML (fully backwards compatible)
    • TCP
  • Supported User Features:
    • Color Graphics
    • Animation
    • Large File Downloading
    • Location-Smart Services
    • Pop-up/Context Sensitive Menus
    • Data Synchronization with Desktop PIM
secure from day one
Secure From Day One
  • Security meets most extreme demands
    • End-to-end encryption
    • Supports PKI (new in 2.0)
    • Secure proxies in handset and gateway
    • Transactions are as secure as PC sites
a secure foundation for wireless commerce
A Secure Foundation For Wireless Commerce
  • Transactions demanding security already happening over WAP
    • Banking (Citicorp, Deutche, Allied Irish Bank, Schwab)
    • Finance (Abbey National and Halifax Bank mortgages online)
    • M-Commerce (Amazon.com, MySimon)
  • Basing their future mobile commerce plans on WAP:
    • Certicom, VeriSign, Entrust.com
security loop holes cont
Security Loop Holes (cont)
  • Data flows between WAP device and application server through WAP gateway
  • All TSL/SSL encrypted content is decrypted at the WAP gateway before being re-encrypted using WTLS for transmission over wireless network and vice versa
  • Thus data exists in the memory of gateway for a brief period of time in human-readable plain text format……….SECURITY RISK
  • Conversion between WTLS and TLS is one of the most controversial features of the WAP gateway because it violates the concept of end-to-end security between the WAP client and the application or content server
proposed solutions
Proposed Solutions
  • Host the gateway within the secure intranet of application server
    • However users need to configure their WAP devices to communicate with the new gateway
  • Application level security on top of WAP
    • Introduce security at a software layer above WAP and consider WAP merely as a potential insecure communication means.
    • Security is solely taken care of by means of dedicated software running at two ends i.e. mobile phone and web server
    • No use of WAP security features neutralizes most of optimizations offered by WAP gateway including data conversion and compression to accommodate for the limited bandwidth
proposed solutions cont
Proposed Solutions (cont)
  • Enabling Internet on the Mobile Device
    • Proposed by WAP Forum for WAP 2.0
    • Re-design the WAP protocol to not to use a gateway
    • Employ the existing Internet standards, including TCP for entire wired and wireless part of a connection
    • Disregarding WAP gateway makes it possible to attain same high level of security for an m-commerce transaction as an e-commerce transaction on ordinary web using end-to-end encryption
    • However this change will cause compatibility problems and will neutralize optimizations offered by WAP gateway
proposed solutions cont hosting the gateway within the secure intranet of application server
Proposed Solutions (cont)Hosting the gateway within the secure intranet of application server

[1] Technical specifications and presentations by Scott Goldman


[2] Damon Hougland, Khurram Zafar.2001. essential WAP FOR WEB PROFESSIONALS. Upper Saddle River (NJ): Prentice Hall; 234 p.

[3] Wei Meng, Soo Mee, Karli Watson, Ted Wugofski. 2000. Beginning WAP, WML & WMLScript. Birmigham (UK): Wrox Press; 650p

[4] Niels Christian Juul and Niels Jorgensen

“Security Limitations in the WAP Architecture”

Position Paper

[5] Presentation by Bruce Martin


[6] Presentation by Owen Sullivan