DOC PREVIEW
UHCL CSCI 5931 - WAP Public Key Infrastructure

This preview shows page 1-2-16-17-18-33-34 out of 34 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

WAP Public Key InfrastructureCryptographyTypesExampleHashingHashing example(Sender)..Hashing example(Receiver)..What is Public Key Infrastructure ?Components of wired PKIComponents of wired PKI contd..WAP PKI ModelTypes of AuthenticationWTLS Class 1WTLS Class 2WTLS Class 2 contd..Slide 16Slide 17Slide 18SignTextSignText contd..Slide 21WTLS Class 3Digital Certificate.Types of Digital certificatesOverviewWAP PKI OperationsTrusted CA Information HandlingTrusted CA information Handling contd..WTLS Server Certificate handlingClient RegistrationClient Certificate URLsSlide 32FutureReferencesWAP Public Key InfrastructureCSCI 5939.02 – CSCI 5939.02 – Independent StudyIndependent StudyFall 2002Fall 2002Jaleel SyedJaleel SyedPresentation No 5Presentation No 5CryptographyEncryption: Transforming a message containing critical data into a cipher text.Decryption: Decoding encoded data and reproducing the original message.TypesSymmetric cryptosystems: encoding and decoding done using the same secret key.•Highly insecure.•Faster when compared to asymmetric crypto.•Algorithms such as Data Encryption Standard(DES) are used both for encryption and decryption.Asymmetric cryptosystems. Encoding done using public key and decoding done using private key.•Secure.•Slower computing speed.•Algorithms such as RSA, ECDSA etc. Are used.ExampleHashingIt is method to obtain a digital fingerprint(hash) of an original message.This is used to test the integrity but not to reproduce the message.Hashing example(Sender)..Digital Signature Associated with message encryptionHashing example(Receiver)..Receiving sideWhat is Public Key Infrastructure ?It is a system which enables users to securely and privately exchange data and money through the use of public and private key pair.It provides a digital certificate that can identify an individual.It provides directory services(repository) that can store or cancel certificates when necessary.Components of wired PKICertificate Authority•Issues/updates/cancels the digital certificates to the requestor.Registration Authority•Authenticates the requestorRepository•A directory service that stores digital certificates.SubscriberRelying partyComponents of wired PKI contd..WAP PKI ModelTypes of AuthenticationWTLS Class 1WAP Device and WAP Gateway are not authenticated.WTLS Class 2It provides the capability for the WAP Device to authenticate the identity of the WAP Gateway.SignTextIt provides a mechanism for the client device to create a digital signature of text sent to it.It provides the capability for the WAP device to authenticate the identity of the WAP gateway as well as for the WAP gateway to authenticate the identity of the WAP device.WTLS Class 3Similar to signText, except that, in this the client’s private key is used to sign a “challenge” from the server.WTLS Class 1Security limitations of WAPWTLS Class 2Two Phase security modelWAP Client communicates to the origin server(content server) via the gateway.End to End Security modelWAP client communicates with a WAP Server(WAP gateway + Origin server).WTLS Class 2 contd..Two Phase Security ModelWTLS Class 2 contd..1. The WAP Gateway generates a key pair- public key & private key.2. WAP Gateway sends certificate request to WPKI Portal.3. WPKI Portal confirms ID and forwards request to CA.4. CA sends Gateway Public Certificate to WAP Gateway.5. CA populates online repository with WAP Gateway certificate.6. WTLS session established between the device and the gateway.7. SSL/TSL Session established between the gateway and the server.WTLS Class 2 contd..End to End Security ModelWTLS Class 2 contd..1. The WAP Server generates a key pair- public key & private key.2. WAP Server sends certificate request to WPKI portal.3. WPKI portal confirms ID and forwards request to CA.4. CA sends Server Public certificate to WAP Server5. WTLS session established between the WAP server and the WAP device.SignTextMessage SigningSignText contd..1. WAP device requests certificate and sends certificate URL to WAP device.2. WPKI Portal confirms ID and passes request to CA.3. CA generates User Certificate and sends Certificate URL(or entire certificate) to the WAP device.4. CA populates the database with User Public key certificate.5. User signs transaction at the WAP device and sends transaction, signature and certificate URL(or certificate) to Origin Server.SignText contd..6. Origin Server uses certificate URL to retrieve user certificate from database(if not already in possession of certificate).7. CA database sends user certificate to the Origin Server(if necessary).8. Origin server verifies the signed transaction sent from the WAP device.WTLS Class 3Similar to signText, except that, in this the client’s private key is used to sign a challenge from the server.Used for Non-repudiation.Digital Certificate.Name of the certificate holder.The certificate holder’s public key.Certification AuthorityA Serial NumberValidity periodTypes of Digital certificatesClient Certificate.–Authenticates the client.WAP Server WTLS Certificate.–It authenticates the identity of the WAP server–Encrypt information for server.CA Certificate.–Authenticates the Certification AuthorityOverviewWAP PKI OperationsTrusted CA information Handling.WTLS Server Certificate Handling.Client Registration.Client Certificate URLs.Trusted CA Information HandlingThis operation verifies whether the CA that issued the certificate, can be trusted or not.The CA information should be distributed to each client.The CA.•WSP(wireless session protocol): URL is distributed.•Provisioning: CA information is downloaded on the client.Trusted CA information Handling contd..The CA information is sent to the client by.•Out of band hash verification method: the CA certificate is hashed and sent through an in-band channel whereas the “display” form of hash is sent in an out of band channel(phone or mail).•Signature verification method: if a new CA has issued the certificate, then it can only be trusted if it is accompanied by the cert of a CA already trusted by the client.The CA updates the CA certificate the client has by sending a key roll-over message to the client.WTLS Server Certificate handling The WAP server sends a certification request to a CA.In response, the CA may.•Issue a long-lived WTLS


View Full Document

UHCL CSCI 5931 - WAP Public Key Infrastructure

Documents in this Course
Load more
Download WAP Public Key Infrastructure
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view WAP Public Key Infrastructure and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view WAP Public Key Infrastructure 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?