Part 3: Communication Security Basics - PowerPoint PPT Presentation

1 / 42
About This Presentation
Title:

Part 3: Communication Security Basics

Description:

X.509 oder WTLS oder URL. X.509. Certificates. no. yes. Fragmentation. WTLS. TLS. 3b - 30 ... Unblock Reference Data. 3b - 36. WIM function groups. Management ... – PowerPoint PPT presentation

Number of Views:82
Avg rating:3.0/5.0
Slides: 43
Provided by: michael383
Category:

less

Transcript and Presenter's Notes

Title: Part 3: Communication Security Basics


1
Part 3 Communication Security Basics
  • Chapter b Security features of the Wireless
    Application Protocol (WAP)

2
Contents
  • What is WAP?
  • WAP I and WAP II
  • WAP-PKI
  • Application layer WML WMLScript Crypto Lib
  • Transport layer WTLS
  • Hardware WIM
  • Problems

3
Contents
  • What is WAP?
  • WAP I and WAP II
  • WAP-PKI
  • Application layer WML WMLScript Crypto Lib
  • Transport layer WTLS
  • Hardware WIM
  • Problems

4
Example Ask for train connections
5
Contents
  • What is WAP?
  • WAP I and WAP II
  • WAP-PKI
  • Application layer WML WMLScript Crypto Lib
  • Transport layer WTLS
  • Hardware WIM
  • Problems

6
Web-Modell
7
WAP I model Translator WAP - WEB
Gateway
Client
Server
encoded req.
req.
Encode Decode
WAEUserAgent
cgi scriptsetc.
encoded resp.
resp.
WAP I
WEB
8
WAP I protocol stack
WAP
WEB
Application (WAE)
Application
Session (WSP)
HTTP
Transaction (WTP)
TCP
Security (WTLS)
Security (TLS)
Transport (WDP)
IP/UDP
Medium GSM, CDMA, UMTS ...
Medium ...
9
WAP II Model WAP talks WEB
optional
Server
req.
cgi scriptsetc.
Client
resp.
WAEUserAgent
Push
Push
WEB
10
Example for a WAP II configuration TCP und
HTTP
WEB
WAP
Proxy
11
Example for WAP II configuration TLS Tunneling
WEB
WAP
Proxy
12
Contents
  • What is WAP?
  • WAP I and WAP II
  • WAP-PKI
  • Application layer WML WMLScript Crypto Lib
  • Transport layer WTLS
  • Hardware WIM
  • Problems

13
WAP PKI
  • PKI portal provides PKI services
  • PKI portal connected via gateway or direct with
    mobile phone
  • 2 keys
  • authentication
  • signing
  • Device certificates possible
  • New certificate format WTLS certificate
  • advantage compact
  • Client certificates often not stored in client

14
Root keys
  • Root key validation
  • Signature Signed by reliable party
  • or
  • Hash User must type 30 (!) digits

15
Certificates for servers
  • Long time certificates (as for WEB servers)
  • Server generates PKCS10 request
  • CA sends certificate
  • 2. Short time certificates (keine CRLs)
  • Client subscribes at CA (one-time)
  • Gets a new certificate (e.g.) every day

16
Certificates for clients
  • Authentication certificate
  • Client sends cert. request using WTLS to PKI
    Portal
  • Proof of Possession (POP) by WTLS
  • Signaturcertificate
  • Client signes text for POP
  • Delivery
  • certificate
  • LDAP-URL
  • HTTP-URL

17
Contents
  • What is WAP?
  • WAP I and WAP II
  • WAP-PKI
  • Application layer WML WMLScript Crypto Lib
  • Transport layer WTLS
  • Hardware WIM
  • Problems

18
Problem Variables in WML
  • WML allows setting and writing of
    variables
  • Problem Other decks can read this variable

ltwmlgt ltcardgt ... ltsetvar
nameshopping_cart value31415gt ltdo
"typeaccept"gt ltgo href"http//wap.versand.
de/shopping_cart"gt lt/dogt lt/cardgt lt/wmlgt
19
Problem Variables in WML (cont.)
  • Solutions access element
  • But No cryptographic authentication of the
    permitted decks
  • Variables should not be used for passwords

20
Digitale signature within WMLScript
21
Contents
  • What is WAP?
  • WAP I and WAP II
  • WAP-PKI
  • Application layer WML WMLScript Crypto Lib
  • Transport layer WTLS
  • Hardware WIM
  • Problems

22
Design goals of WTLS
  • Authentication of communication partner
  • Confidentiality of communication data
  • Integrity and authenticity of communication data
  • Interoperability
  • Efficiency
  • Extensibility
  • But No non-repudiation

23
Architecture of WTLS
PSE
Data
Handshake
Change Cipher Spec.
ApplicationData
Alert
WTLS
Record
WDP
24
WTLS in principle
Errare humanum est.
WTLS record protokol
Compression of Errare ...
eTiasd
Cryptogram of Errare ...Encrypted by a
symmetric algorithm and protected by a MAC
Cryptogram of Errare ...
aBziEa
xdsiWn
WDP-Protokoll
25
Architecture of WTLS (repitition)
PSE
Data
?
Handshake
Change Cipher Spec.
ApplicationData
Alert
WTLS
?
Record
WDP
26
6 symmetric keys
27
Handshake protocol, option 1 Server-only
authentication
28
No non-repudiation
3
Sorry, I can not decide this!
2
I did not receive any messageby Alice.The log
file has been fakedby Alice!
1
I have canceled thecontract for my flat3 months
ago.
  • Reason The record protocol is based on symmetric
    cryptography

29
TLS vs. WTLS
30
Contents
  • What is WAP?
  • WAP I and WAP II
  • WAP-PKI
  • Application layer WML WMLScript Crypto Lib
  • Transport layer WTLS
  • Hardware WIM
  • Problems

31
Contents
  • What is WAP?
  • Application layer WML WMLScript Crypto Lib
  • Transport layer WTLS
  • Hardware WIM
  • Problems

32
Wireless Identity Module (WIM)
  • Tamper proof hardware for PSE
  • Contains keys
  • Stores Master Secrets
  • Stores Shared Secret (opt.) for WTLS
  • Signes data
  • Verifies data
  • PKCS15 format
  • Can be used outside of WAP
  • Can be placed on SIM

33
WIM function groups
  • Management
  • Verification
  • Data access
  • Cryptography
  • Exceptions

34
WIM function groups
  • Management
  • Verification
  • Data access
  • Cryptography
  • Exceptions
  • Open Service
  • Close Service

35
WIM function groups
  • Management
  • Verification
  • Data access
  • Cryptography
  • Exceptions
  • Perform Verification
  • Disable Ver. Req.
  • Enable Ver. Req.
  • Change Reference Data
  • Unblock Reference Data

36
WIM function groups
  • Management
  • Verification
  • Data access
  • Cryptography
  • Exceptions
  • Open File
  • Close File
  • Read Binary
  • Update Binary

37
WIM function groups
  • Management
  • Verification
  • Data access
  • Cryptography
  • Exceptions
  • Compute Dig. Sig.
  • Verify Dig. Sig.
  • Get Random
  • Key Transport
  • Key Agreement
  • Derive Master Secret
  • Phash
  • Decipher

38
WIM function groups
  • Management
  • Verification
  • Data access
  • Cryptography
  • Exceptions
  • Exception

39
Contents
  • What is WAP?
  • WAP I and WAP II
  • WAP-PKI
  • Application layer WML WMLScript Crypto Lib
  • Transport layer WTLS
  • Hardware WIM
  • Problems

40
Problems
  • WAP I gateway must translate between TLS and WTLS
    ? clear data phase required
  • Bugs in implementation of the gateway can
    generate problems (e.g. identification via IP
    numbers)
  • Mobile phone must be configured carefully
  • Verification of reliable certificates is
    cumbersome

41
Summary
  • WAP I Efficient
  • WAP II Direct usage of WEB protocols,
    configureable
  • Digital signatures on the application layer
  • WTLS is considered secure
  • WIM based on smart card is a well known concept
  • Display of mobile phone too small
  • Usage cumbersome
  • WAP II Complex. Is it worth this?

42
References (www.wapforum.org)
  • WMLScript Crypto API Library Specification
  • WAP-161-WMLScriptCrypto-20010620-a
  • Wireless Identity Module Specification
  • WAP-260-WIM-20010712-a
  • Wireless Transport Layer Security Specification
  • WAP-261-WTLS-20010406-a
  • WAP Certificate profile Specification
  • WAP-211-WAPCert-20010522-a
  • WAP Public Key Infrastructure Specification
  • WAP-217-WPKI-20010424-a
  • WAP TLS Profile and Tunneling Specification
  • WAP-219-TLS-20010411-a
  • End-to-end Transport Layer Security
    Specification
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Part 3: Communication Security Basics" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!