Wireless Web Services Security - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Wireless Web Services Security

Description:

Mobile phones WAP & WML. Secure Systems Research Group - FAU. Wireless LAN ... GPS tracking relies on 24 civilian usable satellites that circle the earth. ... – PowerPoint PPT presentation

Number of Views:13
Avg rating:3.0/5.0
Slides: 14
Provided by: christo72
Learn more at: http://www.cse.fau.edu
Category:

less

Transcript and Presenter's Notes

Title: Wireless Web Services Security


1
Wireless Web Services Security
  • Christopher Lo

2
Overview
  • Main differences between wired and wireless web
    services
  • Network connection method
  • Format supported on mobile devices
  • Size of screen on mobile devices
  • Mobile Devices
  • PDAs Wireless LAN
  • Mobile phones WAP WML

3
Wireless LAN
  • Most PDAs can handle 802.11i technology allowing
    them to access web services through wireless LAN
  • Issues with Wireless LAN
  • Uncontrolled range with radio signal
  • Exposed setup allows for drive by hacking
  • Constantly Changing IPs

4
Wireless LAN Encryption Standards
  • WEP - Wired Equivalent Privacy
  • WPA - WiFi Protected Access
  • RSN - Robust Security Network

5
WEP
  • The most problematic of the three
  • UC Berkleys study has shown the RC4 stream
    cipher can be broken using a series of
    computation.
  • Small keys and need to manually change keys poses
    maintenance problems
  • Dictionary attacks can find keys

6
WPA
  • Compatible with existing 802.11i
  • Temporal Key Integrity Protocol (TKIP)
  • Uses a master key to create encryption values
    which are then changed and automatically
    distributed.
  • Key mixing for each packet
  • A 64-bit message integrity code
  • Offers the means to re-key the packet.

7
RSN
  • Encrypts with AES-CCMP (AES Counter-Mode Cipher
    Block Chaining Message Authentication Code
    Protocol)
  • TKIP is used to handle the older systems
  • User authentication and key management is handled
    using the IEEE 802.1x Port Based Network
    Authentication
  • Authentication system is based on Extensible
    Authentication Protocol (EAP).
  • The authentication server is located on the wired
    network and may also be the same as the Remote
    Authentication Dial-In User Service (RADIUS).

8
WML
  • Mobile phones are primarily restricted to WAP for
    accessing web services
  • Older mobile phones are mostly restricted to
    black and white screens.
  • Size restrictions even with colored screens
  • WML is the primary format for wireless web
    services
  • WML is an XML application but with much less the
    processing power
  • Limited user input available

9
XML to WML
  • Most companies write their own WML versions of
    the web service
  • Translation should be moved to the portal/web
    server (Phone.com, SprintPCS, etc)
  • IBM WebSphere currently supports translation to
    WML

10
WAP
  • Wireless Application Protocol
  • WAP Gateway translates WTLS to SSL

11
WAP Server
  • The WTLS support is built into the web server

12
Issues with XML
  • Size is generally too large for mobile devices
  • Increased size Increased airtime
  • Problem with constantly changing IPs
  • Need for compression before encryption

13
Other Concerns Tracking Web Services
  • FollowUs, Fleetstar-Online, Kids OK
  • Rely on tracking GSM or GPS
  • A cell ID must first be registered with a service
    in order to be tracked.
  • GPS tracking relies on 24 civilian usable
    satellites that circle the earth.
  • Assisted GPS system (AGPS)
  • GSM - the SIM card is tracked instead of the
    actual phone.
  • The legal stipulations are mapped out in a set of
    Code of Practices.
Write a Comment
User Comments (0)
About PowerShow.com