Your SlideShare is downloading. ×
0
A Survey of WAP Security Architecture Neil Daswani [email_address]
Overview <ul><li>Security Basics </li></ul><ul><li>Wireless Security </li></ul><ul><li>WTLS & SSL </li></ul><ul><li>WAP Se...
Security Basics <ul><li>Security Goals </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Confidentiality </l...
Security Basics <ul><li>Cryptography </li></ul><ul><ul><li>Symmetric: 3DES, RC4, etc. </li></ul></ul><ul><ul><li>Asymmetri...
Wireless Security <ul><li>Link Layer Security </li></ul><ul><ul><li>GSM </li></ul></ul><ul><ul><li>CDMA </li></ul></ul><ul...
Need for App Level Security <ul><li>Bearer  Independence </li></ul><ul><li>Security out to Gateway </li></ul><ul><li>Advan...
Basic WAP Architecture Internet Gateway Web Server WTLS SSL
WTLS & SSL <ul><li>WTLS Goals </li></ul><ul><ul><li>Authentication: Asymmetric Key Crypto </li></ul></ul><ul><ul><ul><li>C...
WTLS: Class 1 <ul><li>No Authentication </li></ul>ClientHello -----------> ServerHello <-----------  ServerHelloDone Clien...
WTLS: Class 2 <ul><li>Server-Authentication Only </li></ul>ClientHello -----------> ServerHello Certificate <-----------  ...
<ul><li>Mutual-Authentication </li></ul>WTLS: Class 3 Client Hello -----------> ServerHello Certificate CertificateRequest...
TLS/SSL vs. WTLS <ul><li>WTLS supports ECC </li></ul><ul><li>WTLS over WDP TLS over TCP </li></ul><ul><li>Premaster secret...
WAP Security Models <ul><li>Operator Hosts Gateway </li></ul><ul><ul><li>Without PKI </li></ul></ul><ul><ul><li>With PKI <...
Operator Hosts Gateway <ul><li>Without PKI </li></ul>Operator Content Provider Internet WAP/HDTP Gateway Web Server WTLS C...
Operator Hosts Gateway <ul><li>Without PKI: </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul><ul><li>No extra work ...
Operator Hosts Gateway <ul><li>With PKI </li></ul>
Operator Hosts Gateway <ul><li>With PKI: </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul><ul><li>Content providers...
Content Provider Hosts Gateway <ul><li>Static Gateway Connection </li></ul>WAP Gateway Web Server WTLS Class 2 SSL Content...
Content Provider Hosts Gateway <ul><li>Static Gateway Connection </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul><...
Content Provider Hosts Gateway <ul><li>Dynamic Gateway Connection </li></ul>Internet WAP Gateway WTLS Class 2 SSL Operator...
Content Provider Hosts Gateway <ul><li>Dynamic Gateway Connection </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul>...
Restricting Gateway Access <ul><li>Consider the following attack: </li></ul><ul><ul><li>Eve runs a “modified” WAP gateway ...
WIM: WAP Identity Module <ul><li>WIM must be tamper-resistant  </li></ul><ul><li>Stores Keys & Master Secrets </li></ul><u...
WMLScript Crypto API <ul><li>Non-repudiation </li></ul><ul><li>signedString = Crypto.signText (stringToSign, options, keyI...
WML Access Control <ul><li>WML Deck-Level Access Control <wml> <head> <access domain=“worldfaq.com” path = “/stats”> </hea...
Summary <ul><li>Gateway position & configuration allows for different trust models </li></ul><ul><li>Security at multiple ...
References <ul><li>C. Arehart, N. Chidambaram, S. Guruprasad, et. al.  Professional WAP.  Wrox Press, 2000.  ISBN 1-861004...
Upcoming SlideShare
Loading in...5
×

Wap Security Arch Presentation

1,416

Published on

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,416
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
39
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Wap Security Arch Presentation"

  1. 1. A Survey of WAP Security Architecture Neil Daswani [email_address]
  2. 2. Overview <ul><li>Security Basics </li></ul><ul><li>Wireless Security </li></ul><ul><li>WTLS & SSL </li></ul><ul><li>WAP Security Models </li></ul><ul><li>WIM, WMLScript, Access Control </li></ul><ul><li>Summary </li></ul><ul><li>References </li></ul>
  3. 3. Security Basics <ul><li>Security Goals </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Confidentiality </li></ul></ul><ul><ul><li>Integrity </li></ul></ul><ul><ul><li>Authorization </li></ul></ul><ul><ul><li>Non-Repudiation </li></ul></ul>
  4. 4. Security Basics <ul><li>Cryptography </li></ul><ul><ul><li>Symmetric: 3DES, RC4, etc. </li></ul></ul><ul><ul><li>Asymmetric: RSA, ECC </li></ul></ul><ul><li>Key Exchange </li></ul><ul><li>Digital Signature </li></ul><ul><li>Certificates </li></ul><ul><li>PKI </li></ul>
  5. 5. Wireless Security <ul><li>Link Layer Security </li></ul><ul><ul><li>GSM </li></ul></ul><ul><ul><li>CDMA </li></ul></ul><ul><ul><li>CDPD </li></ul></ul><ul><li>Application Layer Security </li></ul><ul><ul><li>WAP: WTLS, WML, WMLScript, & SSL </li></ul></ul><ul><ul><li>iMode: N/A </li></ul></ul><ul><ul><li>SMS: N/A </li></ul></ul>
  6. 6. Need for App Level Security <ul><li>Bearer Independence </li></ul><ul><li>Security out to Gateway </li></ul><ul><li>Advanced Security Goals (ie. Non-Repudiation) </li></ul>
  7. 7. Basic WAP Architecture Internet Gateway Web Server WTLS SSL
  8. 8. WTLS & SSL <ul><li>WTLS Goals </li></ul><ul><ul><li>Authentication: Asymmetric Key Crypto </li></ul></ul><ul><ul><ul><li>Class 1: No Authentication </li></ul></ul></ul><ul><ul><ul><li>Class 2: Server Authentication </li></ul></ul></ul><ul><ul><ul><li>Class 3: Mutual Authentication </li></ul></ul></ul><ul><ul><li>Privacy: Symmetric Key Crypto </li></ul></ul><ul><ul><li>Data Integrity: MACs </li></ul></ul>
  9. 9. WTLS: Class 1 <ul><li>No Authentication </li></ul>ClientHello -----------> ServerHello <----------- ServerHelloDone ClientKeyExchange ChangeCipherSpec Finished -----------> <----------- Finished Application Data <----------> Application Data
  10. 10. WTLS: Class 2 <ul><li>Server-Authentication Only </li></ul>ClientHello -----------> ServerHello Certificate <----------- ServerHelloDone ClientKeyExchange ChangeCipherSpec Finished -----------> <----------- Finished Application Data <----------> Application Data 1. Verify Server Certificate 2. Establish Session Key
  11. 11. <ul><li>Mutual-Authentication </li></ul>WTLS: Class 3 Client Hello -----------> ServerHello Certificate CertificateRequest <----------- ServerHelloDone Certificate ClientKeyExchange (only for RSA) CertificateVerify ChangeCipherSpec Finished -----------> <----------- Finished Application Data <----------> Application Data 1. Verify Server Certificate 2. Establish Session Key 3. Generate Signature
  12. 12. TLS/SSL vs. WTLS <ul><li>WTLS supports ECC </li></ul><ul><li>WTLS over WDP TLS over TCP </li></ul><ul><li>Premaster secret is 20 bytes (vs. 48 in TLS/SSL) </li></ul>
  13. 13. WAP Security Models <ul><li>Operator Hosts Gateway </li></ul><ul><ul><li>Without PKI </li></ul></ul><ul><ul><li>With PKI </li></ul></ul><ul><li>Content Provider Hosts Gateway </li></ul><ul><ul><li>Static Gateway Connection </li></ul></ul><ul><ul><li>Dynamic Gateway Connection </li></ul></ul>
  14. 14. Operator Hosts Gateway <ul><li>Without PKI </li></ul>Operator Content Provider Internet WAP/HDTP Gateway Web Server WTLS Class 1 or Encrypted HDTP SSL
  15. 15. Operator Hosts Gateway <ul><li>Without PKI: </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul><ul><li>No extra work for Content Provider </li></ul></ul></ul><ul><ul><ul><li>No extra work for user </li></ul></ul></ul><ul><ul><ul><li>System only requires one logical gateway </li></ul></ul></ul><ul><ul><li>Disadvantages </li></ul></ul><ul><ul><ul><li>Content Provider must trust Operator (NDA) </li></ul></ul></ul><ul><ul><ul><li>Operator can control home deck </li></ul></ul></ul><ul><ul><ul><li>Operator can introduce advertising </li></ul></ul></ul>
  16. 16. Operator Hosts Gateway <ul><li>With PKI </li></ul>
  17. 17. Operator Hosts Gateway <ul><li>With PKI: </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul><ul><li>Content providers does not need to trust Operator. </li></ul></ul></ul><ul><ul><li>Disadvantages </li></ul></ul><ul><ul><ul><li>PKI Infrastructure must be in place. </li></ul></ul></ul>
  18. 18. Content Provider Hosts Gateway <ul><li>Static Gateway Connection </li></ul>WAP Gateway Web Server WTLS Class 2 SSL Content Provider
  19. 19. Content Provider Hosts Gateway <ul><li>Static Gateway Connection </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul><ul><li>Content Provider does not need to trust Operator </li></ul></ul></ul><ul><ul><ul><li>Content Provider can control home deck </li></ul></ul></ul><ul><ul><ul><li>OTA can be used to configure mobile terminal </li></ul></ul></ul><ul><ul><li>Disadvantages </li></ul></ul><ul><ul><ul><li>Mobile terminal may have limited number of gateway config sets (i.e., Nokia 7110 has 10) </li></ul></ul></ul><ul><ul><ul><li>Mobile Terminal needs to be configured. </li></ul></ul></ul><ul><ul><ul><ul><li>OTA via WAP Push / SMS may not work with gateway / mobile terminal combination </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Content Provider may have to pre-configure mobile terminals </li></ul></ul></ul></ul>
  20. 20. Content Provider Hosts Gateway <ul><li>Dynamic Gateway Connection </li></ul>Internet WAP Gateway WTLS Class 2 SSL Operator Web Server SSL Content Provider WAP Gateway
  21. 21. Content Provider Hosts Gateway <ul><li>Dynamic Gateway Connection </li></ul><ul><ul><li>Advantages </li></ul></ul><ul><ul><ul><li>Content Provider does not need to trust Operator. </li></ul></ul></ul><ul><ul><ul><li>Content Provider does not need to worry about mobile terminal config </li></ul></ul></ul><ul><ul><li>Disadvantages </li></ul></ul><ul><ul><ul><li>Operator needs to trust Content Provider. </li></ul></ul></ul><ul><ul><ul><li>Not deployed yet. </li></ul></ul></ul>
  22. 22. Restricting Gateway Access <ul><li>Consider the following attack: </li></ul><ul><ul><li>Eve runs a “modified” WAP gateway </li></ul></ul><ul><ul><li>Eve fools a user into using her gateway </li></ul></ul><ul><li>Now, Eve can eavesdrop on all of the users requests and responses! </li></ul><ul><li>To prevent this, check the gateway IP address in the HTTP request. </li></ul>
  23. 23. WIM: WAP Identity Module <ul><li>WIM must be tamper-resistant </li></ul><ul><li>Stores Keys & Master Secrets </li></ul><ul><li>Computes crypto operations </li></ul><ul><ul><li>“ unwrapping master secret” </li></ul></ul><ul><ul><li>client signature in WTLS Handshake </li></ul></ul><ul><ul><li>key exchange (ECC WTLS Handshake) </li></ul></ul><ul><li>Also: </li></ul><ul><ul><li>Generates Keys </li></ul></ul><ul><ul><li>Stores Certificates (or their URLs) </li></ul></ul><ul><ul><ul><li>CA & Root Certs </li></ul></ul></ul><ul><ul><ul><li>User Certs </li></ul></ul></ul><ul><li>Can be implemented with SIM </li></ul>
  24. 24. WMLScript Crypto API <ul><li>Non-repudiation </li></ul><ul><li>signedString = Crypto.signText (stringToSign, options, keyIdType, keyId) </li></ul><ul><li>Uses a separate, distinct signing key </li></ul><ul><li>WIM can store signing key and compute signature </li></ul>
  25. 25. WML Access Control <ul><li>WML Deck-Level Access Control <wml> <head> <access domain=“worldfaq.com” path = “/stats”> </head> <card> … </card> </wml> </li></ul><ul><li>WMLScript Access Control use access domain domain_name | path path_name | domain domain_name path path_name; </li></ul><ul><li>use access domain “worldfaq.com” path “/stats” </li></ul>
  26. 26. Summary <ul><li>Gateway position & configuration allows for different trust models </li></ul><ul><li>Security at multiple levels </li></ul><ul><ul><li>Link Layer (depends on bearer) </li></ul></ul><ul><ul><li>App Layer </li></ul></ul><ul><ul><ul><li>Authentication, Confidentiality, and Integrity: WTLS </li></ul></ul></ul><ul><ul><ul><li>Authorization: App-dependent, or WML <access> and WMLScript use access pragma </li></ul></ul></ul><ul><ul><ul><li>Non-Repudiation: WML signText </li></ul></ul></ul>
  27. 27. References <ul><li>C. Arehart, N. Chidambaram, S. Guruprasad, et. al. Professional WAP. Wrox Press, 2000. ISBN 1-861004-0-44 </li></ul><ul><li>D. Margrave, GSM Security and Encryption </li></ul><ul><li>WAP-100, Wireless Application Protocol Architecture Specification </li></ul><ul><li>WAP-191, Wireless Markup Language Specification </li></ul><ul><li>WAP-193, WMLScript Language Specification </li></ul><ul><li>WAP-199, Wireless Transport Layer Security Specification </li></ul><ul><li>WAP-198, Wireless Identity Module </li></ul><ul><li>WAP-161, WMLScript Crypto API Library </li></ul><ul><li>WAP-187, WAP Transport Layer E2E Security Specification </li></ul><ul><li>WAP-217, WAP Public Key Infrastructure Definition </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×