WAP

WAP is Communication protocol that enables wireless mobile devices to have an access to the Internet.

WAP gateway translates client request to server from WAP to HTTP and on way back from server to client, from HTTP to WAP. WAP request first originate from client mobile device, which travel to n/w carrier’s base station and from there, they are relayed to WAP gateway where conversion from WAP to HTTP takes place. WAP gateway interacts with WEB Server using HTTP protocol. WEB Server sends HTTP response to WAP gateway(gets converted to WAP response). Response goes to base station and from there on to mobile device.

Wireless Application Environment (WAE) The Wireless Application Environment (WAE) is a general-purpose application environment based on a combination of World Wide Web (WWW) and Mobile Telephony technologies. WAE includes a micro-browser environment containing the following functionality: Wireless Markup Language (WML) – a lightweight markup language, similar to HTML, but optimised for use in hand-held mobile terminals; · WMLScript – a lightweight scripting language, similar to JavaScript™; · Wireless Telephony Application (WTA, WTAI) – telephony services and programming interfaces; and · Content Formats – a set of well-defined data formats, including images, phone book records and calendar information

Wireless Session Protocol (WSP) The Wireless Session Protocol (WSP) provides the application layer of WAP with a consistent interface for two session services. The first is a connection-oriented service that operates above the transaction layer protocol WTP. The second is a connectionless service that operates above a secure or non-secure datagram service (WDP).

Long-lived session state, The Wireless Session Protocols currently consist of services suited for browsing applications (WSP/B) HTTP/1.1 functionality and semantics in a compact over-the-air encoding, Long-lived session state, Session suspend and resume with session migration, A common facility for reliable and unreliable data push, and Protocol feature negotiation.

Wireless Transaction Protocol (WTP) The Wireless Transaction Protocol (WTP) runs on top of a datagram service and provides as a light-weight transaction-oriented protocol that is suitable for implementation in “thin” clients (mobile stations). Three classes of transaction service: · Unreliable one-way requests, · Reliable one-way requests, and · Reliable two-way request-reply transactions; · Optional user-to-user reliability - WTP user triggers the confirmation of each received message; · Optional out-of-band data on acknowledgements; · PDU concatenation and delayed acknowledgement to reduce the number of messages sent · Asynchronous transactions.

Wireless Transport Layer Security (WTLS) WTLS is a security protocol based upon the industry-standard Transport Layer Security (TLS) protocol, formerly known as Secure Sockets Layer (SSL). Data integrity – WTLS contains facilities to ensure that data sent between the terminal and an application server is unchanged and uncorrupted. Privacy – WTLS contains facilities to ensures that data transmitted between the terminal and an application server is private and cannot be understood by any intermediate parties that may have intercepted the data stream. Authentication – WTLS contains facilities to establish the authenticity of the terminal and application server. Denial-of-service protection – WTLS contains facilities for detecting and rejecting data that is replayed or not successfully verified. WTLS makes many typical denial-of-service attacks harder to accomplish and protects the upper protocol layers.

Wireless Datagram Protocol (WDP) The Transport layer protocol in the WAP architecture is referred to as the Wireless Datagram Protocol (WDP). The WDP layer operates above the data capable bearer services supported by the various network types. Since the WDP protocols provide a common interface to the upper layer protocols the Security, Session and Application layers are able to function independently of the underlying wireless network.

Bearers The WAP protocols are designed to operate over a variety of different bearer services, including short message, circuit-switched data, and packet data. The bearers offer differing levels of quality of service with respect to throughput, error rate, and delays. The WAP protocols are designed to compensate for or tolerate these varying level of service.

Security in GSM

Evolution Earlier days- Advanced Mobile Phone system(AMPS) were used –Little or no security. Each mobile phone has 32 bit serial number and 10 digit telephone number in PROM. Telephone number had 3 digit area code, represented by 10 bits and 7 digit subscriber number in 24bits. When mobile is switched on, it sends out its 32bit serial and 34 bit number in clear text.

D-AMPS- digital AMPS. (used in US and Japan) GSM(Global System for Mobile Communication is used in Europe. GPRS(General Packet Radio Service) is emerging wireless data service. GSM is for Voice and GPRS for data( 2.5G)

3 Key aspects of GSM security Subscriber identity authentication Signaling data confidentiality User data confidentiality Each subscriber has unique International Mobile Subscriber Identity(IMSI) Each subscriber has unique subscriber authentication key( Ki) GSM works in such way that above information is never transmitted across mobile n/w. GSM uses challenge/response mechanism. Actual transmission encrypted with ciphering key Kc.

Security in 3 elements of GSM Infrastructure. SIM contains IMSI, Ki, ciphering key generation algorithm A8, authentication algorithm A3, Personal Identification Number(PIN) GSM Handset contains ciphering algorithm A5. Authentication Center(AUC) contains A3, A5,A8 algorithms and identification and authentication information about subscribers.

GSM Authentication-challenge/response GSM n/w sends 128 bit random number to subscriber. 32 bit signed response using A3 (authentication) and Ki(authentication key) is prepared by handset and sent back to n/w N/w retrieves Ki from DB and performs same operation using A3 algorithm on original 128 bit number and compare with one received from handset. If two match, user is authenticated. Signed response takes place inside SIM(IMSI and Ki)

GSM-Signaling and data confidentiality SIM contains A8(ciphering key generation algorithm) This is used to produce 64-bit ciphering key Kc. Kc is obtained by applying same random number as used in authentication to A8 with individual subscriber authentication key Ki. Kc is later used for secure communication b/w subscriber and mobile telephony base station.

GSM-voice and data security A5 algorithm used to encrypt voice and data traffic b/w user handset and GSM n/w Subscriber handset sends ciphering mode request to GSM n/w. GSM n/w in response starts encryption and decryption of traffic using A5 and Kc.