Wireless Security Concerns(WTLS and the WAP GAP)ByDeepthi KovvuriWhy is wireless security important?- By 2004 there will be more than 40% wireless internet users in United states- By 2004 50% of internet hits will originate from wireless devices.- More and more security critical applications will run on wireless devices for example banking, e-Wallets, mobile payment systems etc.What are the challenges in wireless security?Small footprint devices- These are devices with low processing power and small memory.Network- Less bandwidth, more latency, less connection stability and less predictable availability.Introduction to Wireless Application Protocol (WAP) In 1997 the term WAP hit all the headlines all over the world and everyone started looking at it as the new money making machine in the telecommunications area.WAP – The Wireless Application protocol is a communications protocol and application environment for the deployment of information resources, advanced telephony services, and internet access from mobile devices. WAP is basically a set of protocols that optimizes standard TCP/IP/HTTP/HTML protocols, for use under the low bandwidth, high latency conditions often found in wireless security.A study compared the number of packets needed to process a stock quote query from a desktop browser using HTTP 1.0 with the same query from a WAP browser. The WAP protocol was found to use less than half the number of packets that the standard HTTP/TCP/IP stack uses to deliver the same content. This improvement is essential to best utilize the limited wireless bandwidth available.WAP System architectureWAP Gateway(Refer to the figure below) When a WAP session is started on a mobile phone a connection is created using WSP between the mobile device and the WAP gateway. WSP is a protocol responsible for starting and ending connections from the mobile devices to WAP gateway. The gateway translates the WSP request into a HTTP request and sends it to the appropriate server. Theorigin server then sends the response via HTTP to the Gateway. The gateway translates and compresses the information and sends it back to the mobile device.Summary of the functionality provided by the gateway 1. Translates between HTTP and WSP2. The CODER/DECODER functionality in the gateway is used to convert the WML and WML script going to and coming from the client into a form that is optimized for low bandwidth networks.3. A HTML to WML translator (optional).4. Charging/billing functionality5. Also implements an interface for each of the bearers present in the wireless network of the operator.WAP 1.0 Software Architecture The WAP protocol stack as shown below consists of 5 layers. The figure on the left shows the corresponding internet protocol stack.HTML, JavaScript etc…HTTPSSLTCP,UDPIP, DataLink Layer,Physical LayerTLS: TLS uses public key cryptography, bulk encryption algorithms and shared secret key exchange techniques to provide privacy over the internet. Public key cryptography is Application Layer (WAE)Session Layer(WSP)Transaction Layer(WTP)Security Layer(WTLS)Transport Layer(WDP)Bearers (SMS, CSD,USSD,CDMA, CDPD…)used to exchange a shared secret key for bulk encryption at the beginning of a secure internet connection. WTLS (Wireless Transport Layer Security):WTLS is an optional layer and is based on TLS (Transport Layer security) which is in turn based on SSL(Secure Sockets Layer).WTLS operates over transport layer WDP.WTLS attempts to lighten the overheads associated establishing a secure connection between two applications. WTLS generally uses RSA based cryptography. However, the protocol can also use elliptic curvecryptography(ECC) which provides a high level of security while demanding fewer computing and memory resources than other encryption approaches. This is an important consideration for the small footprint hand-held devices.WTLS processes security algorithms faster by minimizing the protocol overhead and enables more data compression than traditional TLS solutions. The translation between TLS and WTLS takes milliseconds and occurs in the memory of a WAP gateway. The content of the volatile memory is erased as quickly as possible. In WTLS , a client and a gateway share on secret key and a gateway and server share another secret key during a secure session.WTLS Vs TLS - The difference is that WTLS added some additional features which are oriented towards the challenges of transporting data over a wireless network. The table below shows the features added onto the WTLS which are not included in TLS.WAP GAP The main criticism with WAP has not been the WTLS protocol but the role of the WAP gateway server as a point of transition between the wired and the wireless networks.Tokenization- WML content coming from the internet or another provider is encoded into a compact binary form at the WAP gateway before being sent to the wirelessdevice. During this process the WAP gateway can also check that the WML has no errors and is well formed.Translation of the data takes place in the memory of the gateway. No encrypted data is ever stored on the secondary storage of the gateway. However this causes a big security risk as it assumes a shift of trust from the application provider to the network provider. The two security implications of the WAP architecture are1. The WTLS session is between the phone and the WAP gateway, not the vendors server. This means that data is only encrypted between the phone and the gateway,at which point it is decrypted by the gateway before being re-encrypted and sent on to the vendor’s server over a TLS connection.2. The WAP gateway gets to see all of the data in clear textSolutionsNetwork Operator hosted WAP Gateway:This is the classic configuration with the WAP Gateway located at the operator’s site. WTLSDatagram SupportExpanded set of alertsOptimized handshakeNew certificate formatAddition cipher suitesClient identitiesKey refresh optionSeparate Read and Write channelsSeveral security problems with this solution:There is no way for the web server to requirethat the phone use the security protocol WTLS since WTLS is optional. Actually there is no way for the WEB server to know whether WTLS is being used between the WAP phone and gateway.All data is decrypted at the gateway to listen to traffic .There is no way for the WEB server to detect eavesdropping or tampering.There is no way for the WEB server to know the identity of the WAP user and it is not
View Full Document