1、A Survey of WAP Security Architecture,Neil Daswani ,December 3, 2000,Neil Daswani, ,Overview,Security Basics Wireless Security WTLS & SSL WAP Security Models WIM, WMLScript, Access Control Summary References,December 3, 2000,Neil Daswani, ,Security Basics,Security Goals Authentication Confidentialit
2、y Integrity Authorization Non-Repudiation,December 3, 2000,Neil Daswani, ,Security Basics,Cryptography Symmetric: 3DES, RC4, etc. Asymmetric: RSA, ECC Key Exchange Digital Signature Certificates PKI,December 3, 2000,Neil Daswani, ,Wireless Security,Link Layer Security GSM CDMA CDPD Application Layer
3、 Security WAP: WTLS, WML, WMLScript, & SSL iMode: N/A SMS: N/A,December 3, 2000,Neil Daswani, ,Need for App Level Security,Bearer Independence Security out to Gateway Advanced Security Goals (ie. Non-Repudiation),December 3, 2000,Neil Daswani, ,Basic WAP Architecture,Internet,Gateway,Web Server,WTLS
4、,SSL,December 3, 2000,Neil Daswani, ,WTLS & SSL,WTLS Goals Authentication: Asymmetric Key Crypto Class 1: No Authentication Class 2: Server Authentication Class 3: Mutual Authentication Privacy: Symmetric Key Crypto Data Integrity: MACs,December 3, 2000,Neil Daswani, ,WTLS: Class 1,No Authentication
5、,ClientHello -ServerHelloApplication Data,December 3, 2000,Neil Daswani, ,WTLS: Class 2,Server-Authentication Only,ClientHello -ServerHelloCertificateApplication Data,1. Verify Server Certificate,2. Establish Session Key,December 3, 2000,Neil Daswani, ,WTLS: Class 3,Client Hello - ServerHelloCertifi
6、cateCertificateRequestApplication Data,1. Verify Server Certificate,2. Establish Session Key,3. Generate Signature,Mutual-Authentication,December 3, 2000,Neil Daswani, ,TLS/SSL vs. WTLS,WTLS supports ECC WTLS over WDP TLS over TCP Premaster secret is 20 bytes (vs. 48 in TLS/SSL),December 3, 2000,Nei
7、l Daswani, ,WAP Security Models,Operator Hosts Gateway Without PKI With PKI Content Provider Hosts Gateway Static Gateway Connection Dynamic Gateway Connection,December 3, 2000,Neil Daswani, ,Operator Hosts Gateway,Without PKI,Operator,Content Provider,December 3, 2000,Neil Daswani, ,Operator Hosts
8、Gateway,Without PKI: Advantages No extra work for Content Provider No extra work for user System only requires one logical gateway Disadvantages Content Provider must trust Operator (NDA) Operator can control home deck Operator can introduce advertising,December 3, 2000,Neil Daswani, ,Operator Hosts
9、 Gateway,With PKI,December 3, 2000,Neil Daswani, ,Operator Hosts Gateway,With PKI: Advantages Content providers does not need to trust Operator. Disadvantages PKI Infrastructure must be in place.,December 3, 2000,Neil Daswani, ,Content Provider Hosts Gateway,Static Gateway Connection,WAPGateway,Web
10、Server,WTLS Class 2,SSL,Content Provider,December 3, 2000,Neil Daswani, ,Content Provider Hosts Gateway,Static Gateway Connection Advantages Content Provider does not need to trust Operator Content Provider can control home deck OTA can be used to configure mobile terminal Disadvantages Mobile termi
11、nal may have limited number of gateway config sets (i.e., Nokia 7110 has 10) Mobile Terminal needs to be configured. OTA via WAP Push / SMS may not work with gateway / mobile terminal combination Content Provider may have to pre-configure mobile terminals,December 3, 2000,Neil Daswani, ,Content Prov
12、ider Hosts Gateway,Dynamic Gateway Connection,Internet,WAPGateway,WTLS Class 2,SSL,Operator,Web Server,SSL,Content Provider,WAPGateway,December 3, 2000,Neil Daswani, ,Content Provider Hosts Gateway,Dynamic Gateway Connection Advantages Content Provider does not need to trust Operator. Content Provid
13、er does not need to worry about mobile terminal config Disadvantages Operator needs to trust Content Provider. Not deployed yet.,December 3, 2000,Neil Daswani, ,Restricting Gateway Access,Consider the following attack: Eve runs a “modified” WAP gateway Eve fools a user into using her gateway Now, Ev
14、e can eavesdrop on all of the users requests and responses! To prevent this, check the gateway IP address in the HTTP request.,December 3, 2000,Neil Daswani, ,WIM: WAP Identity Module,WIM must be tamper-resistant Stores Keys & Master Secrets Computes crypto operations “unwrapping master secret” clie
15、nt signature in WTLS Handshake key exchange (ECC WTLS Handshake) Also: Generates Keys Stores Certificates (or their URLs) CA & Root Certs User Certs Can be implemented with SIM,December 3, 2000,Neil Daswani, ,WMLScript Crypto API,Non-repudiation signedString = Crypto.signText (stringToSign, options,
16、 keyIdType, keyId)Uses a separate, distinct signing key WIM can store signing key and compute signature,December 3, 2000,Neil Daswani, ,WML Access Control,WML Deck-Level Access Control WMLScript Access Control use access domain domain_name | path path_name | domain domain_name path path_name; use ac
17、cess domain “” path “/stats”,December 3, 2000,Neil Daswani, ,Summary,Gateway position & configuration allows for different trust models Security at multiple levels Link Layer (depends on bearer) App Layer Authentication, Confidentiality, and Integrity: WTLS Authorization: App-dependent, or WML and W
18、MLScript use access pragma Non-Repudiation: WML signText,December 3, 2000,Neil Daswani, ,References,C. Arehart, N. Chidambaram, S. Guruprasad, et. al. Professional WAP. Wrox Press, 2000. ISBN 1-861004-0-44 D. Margrave, GSM Security and Encryption WAP-100, Wireless Application Protocol Architecture S
19、pecification WAP-191, Wireless Markup Language Specification WAP-193, WMLScript Language Specification WAP-199, Wireless Transport Layer Security Specification WAP-198, Wireless Identity Module WAP-161, WMLScript Crypto API Library WAP-187, WAP Transport Layer E2E Security Specification WAP-217, WAP Public Key Infrastructure Definition,
