WAP Public Key Infrastructure By: Juan Cao For: CSCI5939 Instructor: Dr. T. Andrew Yang Date: 04/03/2003 9/18/2018
What is PKI? Public-Key Infrastructure (PKI) is the combination of software, encryption technologies, and services that enables enterprises to provide secure services. “PKI integrate * digital certificates, * public-key cryptography, * certificate authorities into a total, enterprise-wide network security architecture.”[1] 9/18/2018
A typical enterprise's PKI encompasses “the issuance of digital certificates to individual users and servers; end-user enrollment software; integration with corporate certificate directories (repository); tools for managing, renewing, and revoking certificates; and related services and support.”[1] 9/18/2018
PKI is composed of following objects. CSCI5939 Wireless Security 9/18/2018 PKI is composed of following objects. Certificate Authority Digital Certificate Registration Authority (RA) Directory Servers Certification Maintenance System PKI is composed of following objects. - Certificate Authority (CA) that issue and examines Digital Certification. - Digital Certificate that possess information about the Pubic Key or related information to the Public Key. - Registration Authority (RA) that acts as the CA for confirmation before the Digital Certification is issued to the applicant. - Directory Servers that stores the certification possessing the Public Key. - Certification Maintenance System. 9/18/2018
WPKI Model 9/18/2018
CSCI5939 Wireless Security 9/18/2018 TLS and WTLS WTLS is a variant of TLS optimized for use in wireless applications Class 1 - Provides confidentiality and data integrity based on public-key cryptography between client and server. The two parties remain anonymous. Class 2 - Additionally introduces server certificates to allow the client to authenticate the server. Class 3 - Additionally introduces client certificates so that the WTLS session can be mutually authenticated and application-layer signatures can be generated as proof for non-repudiation. 9/18/2018
WTLS instances are classified as CSCI5939 Wireless Security 9/18/2018 WTLS instances are classified as “Class 1 - Provides confidentiality and data integrity based on public-key cryptography between client and server. The two parties remain anonymous.”[6] “Class 2 - Additionally introduces server certificates to allow the client to authenticate the server.”[6] “Class 3 - Additionally introduces client certificates so that the WTLS session can be mutually authenticated and application-layer signatures can be generated as proof for non-repudiation.”[6] WTLS - classes pClass 1 - encryption/integrity only pClass 2 - gateway authentication and encryption/integrity (“SSL security”) pClass 3, client authentication 9/18/2018
WAP 1.1 Security Architecture WTLS SSL/TLS terminal WAP Gateway Server CA root w WAP Server w SSL Client x SSL Server x WAP CA Root w SSL CA Root x PKI portal CA 9/18/2018
Enabling WTLS Class 2 Security CSCI5939 Wireless Security 9/18/2018 Enabling WTLS Class 2 Security 5 4 terminal WAP Gateway Server CA root w 1 SSL Server x 3 w (1) Gateway sends certificate request to PKI Portal (2) portal Confirms ID and forwards request to CA (3) CA send Gateway Public Certificate to Gateway (may be via Portal) (4) WTLS Session established between Phone and Gateway (5) SSL/TLS session established between Gateway and Server 2 WAP CA Root w SSL CA Root x PKI portal CA 9/18/2018
WAP 1.2 Security Architecture WML Signature WTLS SSL/TLS terminal WAP Gateway Server CA root w WAP Server w SSL Client x SSL Server x WTLS Auth x WML Sign WAP CA Root w x SSL CA Root x PKI portal CA repository 9/18/2018
Enabling WTLS Class 3 Security CSCI5939 Wireless Security 9/18/2018 Enabling WTLS Class 3 Security 5 3 1 terminal WAP Gateway 6 Server 7 CA root w SSL Server x WAP Server w WTLS Auth x 4 (1) Phone requests Certificate from PKI portal (via gateway). (2) Portal confirms ID and passes request to CA (3) CA generates User Certificate and sends Certificate URL to client. (Alternatively the CA can send the entire client certificate to the device [to be stored on the WIM for example]) (4) CA populates Database with User Public Key Certificate (if necessary) (5) Client private key is used to sign "challenge" from the server (logically via gateway) (6) Server uses CertificateURL to retrieve User Certificate from database (if not already in possession of certificate) (7) CA Database sends user certificate to database (if necessary). WAP CA Root w 2 SSL CA Root x PKI portal CA 9/18/2018 repository
Types of authentication: Message signing “The WMLScript Crypto Library Specification provides cryptographic functionality for message signing.”[2] “SignText provides a mechanism for client device to create a digital signature of text send to it using WMLScript.”[2] “The WAP identity Module, WIM, may be used for private signing key storage and signature computation.”[2] 9/18/2018
Enabling WML SignText Security CSCI5939 Wireless Security 9/18/2018 Enabling WML SignText Security 6 7 3 1 terminal WAP Gateway Server CA root w SSL Server x WAP Server w WML Sign x 4 (1) Phone requests Certificate from PKI portal (via gateway). (2) Portal confirms ID and passes request to CA (3) CA generates User Certificate and sends Certificate URL to client. (Alternatively the CA can send the entire client certificate to the device [to be stored on the WIM for example]) (4) CA populates Database with User Public Key Certificate (if necessary) (5) User signs transaction at client, and sends transaction, signature & CertificateURL (or certificate) to server (logically via gateway) (6) Server uses CertificateURL to retrieve User Certificate from database (if not already in possession of certificate) (7) CA Database sends user certificate to database (if necessary). WTLS auth WAP CA Root w 2 x SSL CA Root x PKI portal CA 9/18/2018 repository
WAP 1.3 End-to-End Security Architecture WTLS WML Signature WTLS Server terminal WAP Gateway WAP Server w CA root w Master pull proxy WAP Server w WTLS Auth x WML Sign WAP CA Root w x SSL CA Root x PKI portal CA repository 9/18/2018
Digital Certificates “Digital certificates are electronic files that are used to uniquely identify people and resources over networks such as the Internet.”[5] It is a passport. A certificate typically includes a variety of information pertaining to its owner and to the CA that issued it, such as: * The name of the holder and other identification information * The holder’s public key * The name of the Certification Authority * A serial number * lifetime 9/18/2018
Types of Digital Certificates Client Certificate (Device Certificate for WIM): * Authenticates the clients WAP Server WTLS certificate: * Authenticate the identity of the WAP server * Encrypt information for the server using WTLS CA certificate: * Identifies CA * Is used to authenticate and validate the WAP server certificate. 9/18/2018
WAP PKI Operations Trusted CA information Handling. WTLS Server Certificate Handling. Client Registration. Client Certificate URLs. 9/18/2018
Trusted CA Information Handling CSCI5939 Wireless Security 9/18/2018 Trusted CA Information Handling “This operation verifies whether the CA that issued the certificate, can be trusted or not.”[8] “In order to provide integrity, trusted CA information is downloaded in self-signed format” [4] “The CA information SHOULD be distributed (i.e. downloaded) to the clients through WSP (wireless session protocol): CA information is pulled when a URL is presented to a user, Provisioning: CA information is downloaded on the client.”[8] 9/18/2018
Trusted CA information Handling contd.. CSCI5939 Wireless Security 9/18/2018 Trusted CA information Handling contd.. The CA information is sent to the client by: Out of band hash verification method: the CA certificate is hashed and sent through an in-band channel whereas the “display” form of hash is sent in an out of band channel (phone or mail). * the hashed data hashVerification.doc[4] The security of this mechanism consists in downloading the CA information over the air and having the user enter the "display" form of the hash of this information via e.g. the keyboard. The hash value itself is not sent over the air and MUST be sent to the user via an out-of-band channel. 9/18/2018
Trusted CA information Handling contd.. CSCI5939 Wireless Security 9/18/2018 Trusted CA information Handling contd.. The CA information is sent to the client by: Signature verification method: if a new CA has issued the certificate, then it can only be trusted if it is accompanied by the cert of a CA already trusted by the client. * signatureVerification.doc[4] Devices MUST provide a mechanism through which some CAs can be marked as trusted for this particular purpose and MUST enforce this privilege when using this mechanism. Devices SHOULD also provide a mechanism to control whether a CA installed via this mechanism is allowed to "introduce" new CAs. 9/18/2018
WTLS Server Certificate handling The WAP server sends a certification request to a CA. In response, the CA may. Issue a long-lived WTLS certificate. Or issue a sequence of short-lived WTLS certificates. Used to check for revocation of servers. Equivalent to certificate revocation lists (CRLs) in wired PKI Typical lifetime is 48 hrs. 9/18/2018
CSCI5939 Wireless Security 9/18/2018 Client Registration “The client “proves” its identity and also “proves” that it possesses the private key corresponding to the public key which is to be certified.”[7] Finds the PKI portal via manual browsing or through a URL contained in WML page. The PKI Portal checks if the requestor has the corresponding private key to the given public key (Proof of Possession). The client can use either WTLS Class III or signText() as the mechanism for proving possession of the relevant private key. In other words: “prove it by using it”. The PKIX group have defined a number of fairly feature-rich protocols that can be used for such registration cases [RFC2510, RFC2797], however WSG felt that it was unreasonable to expect that device manufacturers would include support for such complex protocols in their current devices. At this point WSG faced the prospect of inventing a new format, or adopting a pragmatic near-term solution – of course the latter approach prevailed. 9/18/2018
Client Certificate URLs CSCI5939 Wireless Security 9/18/2018 Client Certificate URLs “it was suggested that instead of storing their certificates, clients could store a certificate URL that they then send over-the-air to verifiers.”[7] “The verifier, presumably having fewer bandwidth limitations, can de-reference the URL and retrieve the client’s certificate.”[7] “Doing this requires that the URL has a format that allows the verifier to check that the retrieved certificate and URL “match” and such a format is defined in the WPKI specification.”[7] Protocols used HTTP, LDAP or FTP. As WAP devices have limited storage, and can be quite hard to contact from a server, it is obvious that storing a client’s own certificate on the client’s device might not always be a good idea. After all, a client may have many certificates (but still have limited storage) and certificates expire and must be renewed, which is a problem (for users and PKI operators)if you have to get rid of the old one and replace it each year. In addition, if a certificate is stored on the client, it can only be used if it is sent over-the-air, and bandwidth is another limited resource! The solution adopted first recognizes that clients that only sign, never need to see their own certificates! That is, they would only use their certificates to send to signature verifiers, whether for WTLS class III or signText(). 9/18/2018
Examples VirtualWine.doc[3] Example.doc[5] 9/18/2018
Future Outlook For WAP [9] With the emergence of next generations networks it will make possible the delivery of full-motion video images and high-fidelity sound over mobile networks. With the introduction of packet-switched data networks will kick-start the take-up of WAP services. General packet radio services (GPRS), a method of sending Internet information to mobile telephones at high speed allowing mobile to be in always connected state Technologies like bluetooth will connect the mobile to the personal computers. 9/18/2018
CSCI5939 Wireless Security 9/18/2018 Any Questions?? 9/18/2018
References [1] http://www.misecurity.com/eng/products/wpki_info.html [2] http://www.eurescom.de/~pub/seminars/past/2001/SecurityFraud/10-Nardone/10aNardone/10nardone.pdf [3] www.mohca.org/presentations/wireless_vandergeest.ppt [4] http://www1.wapforum.org/tech/documents/WAP-217-WPKI-20010424-a.pdf [5] http://www.entrust.com/resources/pdf/understanding_wtls.pdf [6] http://www.ee.ucl.ac.uk/lcs/papers2002/LCS030.pdf [7] http://www.baltimore.co.kr/downloads/pdf/baltimore_telepathy_wpkiwhitepaper.pdf [8] http://nas.cl.uh.edu/yang/teaching/csci5939WAP/csci5939WAP.htm [9] http://www.mobileinfo.com/WAP/future_outlook.htm 9/18/2018