1. INTRODUCTION1. INTRODUCTION> WN-1: Comparison of WTLS and ITLS in Wireless end-to-end secure network < 1Comparison of WTLS and ITLS in Wireless end-to-end secure network (December 2002) Younhee Kim, Chun-kit Wong, George Mason University Abstract— End-to-end security is a major concern in current wireless network and business transactions. In this paper, we will study two end-to-end security supported protocols. An industry implemented security protocol, Wireless Transfer Layer Security (WTLS), and an academic proposed security protocol, Integrated Transfer Layer Security (ITLS) will be introduced. The current specification of WTLS does not provide total end-to-end security because WTLS-enabled gateway will leak plaintext during data transmission to the server. ITLS was created based on fixing WTLS security holes. A comparison of ITLS and WTLS demonstrates that ITLS provides stronger protection in gateway and offers a more secure channel than WTLS. Unlike in WTLS, where server trusts gateway, clients is the ITLS security partner of server in ITLS. All the encryption and decryption will be doubled on the client-side. Due to the limited resource on the client side (mobile devices), ITLS will perform slower than WTLS. We propose a modified ITLS that will increase ITLS performance in addition to providing the same security level as current ITLS. An implementation for WTLS is also introduced later in the paper. Index Terms—End to end security, Wireless Transfer Layer Security, Integrated Transfer Layer Security, handshake protocol, record protocol. 1. INTRODUCTION 1. INTRODUCTION 1.1 What is end – to – end security? Why do we need it? nd-to-end security is a concept that deals with securing data from an end-point to one end-point to another wherever it is created, stored, transmitted, accessed, or destroyed. End-to-end security plays a crucial role in the wireless network and business transactions. When a customer places an order with e-merchant, sensitive data is exchanged with the merchant, typically information including credit card number, delivery address, etc. A customer is less likely to engage in mobile commerce if there is a risk the privacy of the data will be violated anywhere in between the parties. Thus, Wireless Transfer Layer Security (WTLS) and Integrated Transfer Layer Security (ITLS) were created to address these security concerns. In this paper, we will discuss in detail how WTLS works. In addition, ITLS will be introduced and compared with WTLS later on in the paper . 1.2 WTLS To provide a secure wireless environment, Wireless Application Protocol (WAP)i is a result of continuous work to define an industry-wide specification. Wireless Transfer Layer Security (WTLS) is part of security transfer protocol in WAP. WTLS provides authentication, privacy and data integrity between two applications communicating over a wireless network. WTLS is optimized for the relatively low-bandwidth and high-latency by incorporating features such as diagram support, streamlined protocol handshaking and dynamic key refreshing. Two protocols, handshake protocol and record protocol are explained in details in WTLS section of the paper. 1.3 ITLS Integrated Transfer Layer Security (ITLS)ii is protocol proposed by Eun-Kyeong Kwon of Kaywon School of Art and Design, Yong-Gu Cho of Youngdong University, and Ki-Joon Chae of Ewha Womans University. The idea behind ITLS is to combine WTLS and TLS repetitive into one communication channel. The goal of ITLS is to eliminate what WTLS has encountered, particularly problems in WAP gateway. The security partner of a server is not a client via gateway but a client directly. The rest of this paper is organized as follows. Section 2 describes the problem with WAP. Section 3 explains and compares two major protocols in end-to-end security: WTLS and ITLS. In section 4 we propose a modified version of ITLS. Section 5 talks about implementation of WTLS. Section 6 recapitulates the discussion of the paper. 2. THE PROBLEMS WITH WAP AND THE NEED OF END-TO-END SECURITY In order to discuss how WTLS and ITLS works, WAP architectures and WAP data transmission will be introduced first. 2.1 WAP Architecture E> WN-1: Comparison of WTLS and ITLS in Wireless end-to-end secure network < 2 Figure 1. WTLS architecture WAP network architectureiii consists of WAP clients, WAP gateways and content servers (refer to figure). A WAP client is typically a small handheld device such as a mobile phone. A WAP gateway is a network component that operates as an intermediary between WAP clients and content servers. WAP gateways are accessed through a network access point (NAP), where WAP clients dial in. A content server is a device that contains content or creates it when requested by a WAP client. Normally, it is an HTTP server. 2.2 How data is transmitted in WAP? Usually WAP transaction is a request-response transaction. A WAP client sends request to a content server, which returns a response. The transaction initiates first from a WAP client who makes a WAP-protocol request and sends it to a WAP gateway. Then, the WAP gateway translates the request into an HTTP request and sends it to a content server. The content server sends the requested content to the WAP gateway. The WAP gateway translates the data into WML binary format and sends it back to the WAP client. 2.3 The problems with WAP and the need for End-to-end security The security in the above-mentioned WAP transaction is based on the security of underlying wired and mobile network. Transport Layer Security (TLS) protocol is a generic security protocol, which secures any application running on top of TCP. TLS also provides client and server authentication-using certificates. Similarly like HTTP can be secured with TLS, WAP can be secured using Wireless Transport Layer Security protocolsiv (WTLS) specified in the WAP protocol suite. It also allows HTTP applications to communicate in a way that is designed to prevent eavesdropping, tampering and message forgery. Figure 2. WAP gateway insecurity In WAP, some security in communication between a WAP client and a content server is achieved if the HTTP communication between the WAP gateway and the content server is encrypted using TLS and if WTLS is used between the WAP client and the WAP gateway. However, during the data transmission, the data is decrypted into plaintext message in the WAP gateway and encrypted with another secret key to
View Full Document
Unlocking...