WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Wireless PKI Shakeel Ahamad Shaik (Research Fellow) Under the supervision of Dr.V.N.Sastry, Associate Professor (IDRBT) & Dr.S.K.Udgata, Reader (UOH) Saturday,
CP3397 ECommerce.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Lecture 23 Internet Authentication Applications
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
A Survey of WAP Security Architecture Neil Daswani
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Cryptography and Network Security Chapter 17
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Chapter 8 Web Security.
Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
CSCI 6962: Server-side Design and Programming
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure Electronic Transaction (SET)
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
PKI interoperability and policy in the wireless world.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Chapter 21 Distributed System Security Copyright © 2008.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Secure Messenger Protocol using AES (Rijndael) Sang won, Lee
1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
WAP Public Key Infrastructure
The Secure Sockets Layer (SSL) Protocol
Chapter 4 Cryptography / Encryption
Presentation transcript:

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5

Cryptography  Encryption: Transforming a message containing critical data into a cipher text.  Decryption: Decoding encoded data and reproducing the original message.

Types  Symmetric cryptosystems: encoding and decoding done using the same secret key. Highly insecure. Faster when compared to asymmetric crypto. Algorithms such as Data Encryption Standard(DES) are used both for encryption and decryption.  Asymmetric cryptosystems. Encoding done using public key and decoding done using private key. Secure. Slower computing speed. Algorithms such as RSA, ECDSA etc. Are used.

Example

Hashing  It is method to obtain a digital fingerprint(hash) of an original message.  This is used to test the integrity but not to reproduce the message.

Hashing example(Sender).. Digital Signature Associated with message encryption

Hashing example(Receiver).. Receiving side

What is Public Key Infrastructure ?  It is a system which enables users to securely and privately exchange data and money through the use of public and private key pair.  It provides a digital certificate that can identify an individual.  It provides directory services(repository) that can store or cancel certificates when necessary.

Components of wired PKI  Certificate Authority Issues/updates/cancels the digital certificates to the requestor.  Registration Authority Authenticates the requestor  Repository A directory service that stores digital certificates.  Subscriber  Relying party

Components of wired PKI contd..

WAP PKI Model

Types of Authentication  WTLS Class 1  WAP Device and WAP Gateway are not authenticated.  WTLS Class 2  It provides the capability for the WAP Device to authenticate the identity of the WAP Gateway.  SignText  It provides a mechanism for the client device to create a digital signature of text sent to it.  It provides the capability for the WAP device to authenticate the identity of the WAP gateway as well as for the WAP gateway to authenticate the identity of the WAP device.  WTLS Class 3  Similar to signText, except that, in this the client’s private key is used to sign a “challenge” from the server.

WTLS Class 1 Security limitations of WAP

WTLS Class 2  Two Phase security model  WAP Client communicates to the origin server(content server) via the gateway.  End to End Security model  WAP client communicates with a WAP Server(WAP gateway + Origin server).

WTLS Class 2 contd.. Two Phase Security Model

WTLS Class 2 contd.. 1. The WAP Gateway generates a key pair- public key & private key. 2. WAP Gateway sends certificate request to WPKI Portal. 3. WPKI Portal confirms ID and forwards request to CA. 4. CA sends Gateway Public Certificate to WAP Gateway. 5. CA populates online repository with WAP Gateway certificate. 6. WTLS session established between the device and the gateway. 7. SSL/TSL Session established between the gateway and the server.

WTLS Class 2 contd.. End to End Security Model

WTLS Class 2 contd.. 1. The WAP Server generates a key pair- public key & private key. 2. WAP Server sends certificate request to WPKI portal. 3. WPKI portal confirms ID and forwards request to CA. 4. CA sends Server Public certificate to WAP Server 5. WTLS session established between the WAP server and the WAP device.

SignText Message Signing

SignText contd.. 1. WAP device requests certificate and sends certificate URL to WAP device. 2. WPKI Portal confirms ID and passes request to CA. 3. CA generates User Certificate and sends Certificate URL(or entire certificate) to the WAP device. 4. CA populates the database with User Public key certificate. 5. User signs transaction at the WAP device and sends transaction, signature and certificate URL(or certificate) to Origin Server.

SignText contd.. 6. Origin Server uses certificate URL to retrieve user certificate from database(if not already in possession of certificate). 7. CA database sends user certificate to the Origin Server(if necessary). 8. Origin server verifies the signed transaction sent from the WAP device.

WTLS Class 3  Similar to signText, except that, in this the client’s private key is used to sign a challenge from the server.  Used for Non-repudiation.

Digital Certificate.  Name of the certificate holder.  The certificate holder’s public key.  Certification Authority  A Serial Number  Validity period

Types of Digital certificates  Client Certificate. –Authenticates the client.  WAP Server WTLS Certificate. –It authenticates the identity of the WAP server –Encrypt information for server.  CA Certificate. –Authenticates the Certification Authority

Overview

WAP PKI Operations  Trusted CA information Handling.  WTLS Server Certificate Handling.  Client Registration.  Client Certificate URLs.

Trusted CA Information Handling  This operation verifies whether the CA that issued the certificate, can be trusted or not.  The CA information should be distributed to each client.  The CA. WSP(wireless session protocol): URL is distributed. Provisioning: CA information is downloaded on the client.

Trusted CA information Handling contd..  The CA information is sent to the client by. Out of band hash verification method: the CA certificate is hashed and sent through an in-band channel whereas the “display” form of hash is sent in an out of band channel(phone or mail). Signature verification method: if a new CA has issued the certificate, then it can only be trusted if it is accompanied by the cert of a CA already trusted by the client.  The CA updates the CA certificate the client has by sending a key roll-over message to the client.

WTLS Server Certificate handling  The WAP server sends a certification request to a CA.  In response, the CA may. Issue a long-lived WTLS certificate. Or issue a sequence of short-lived WTLS certificates. oUsed to check for revocation of servers. oEquivalent to certificate revocation lists(CRLs) in wired PKI oTypical lifetime is 48 hrs.

Client Registration  Client generates a public – private key pair.  Finds the PKI portal via manual browsing or through a URL contained in WML page.  The PKI Portal checks if the requestor has the corresponding private key to the given public key(Proof of Possession).  This is done by signing a “challenge” provided by the PKI Portal.

Client Certificate URLs  The client sends its certificate URL to the server, which it uses to get the certificate.  It is preferable to pass a link to client certificate rather than passing the whole client certificates.  Protocols used HTTP, LDAP or FTP.

Example

Future  The WAP Forum is working on a number of significant new specifications:  Transport layer end-to-end security.  WTLS session from the client all the way to the proxy in the content server's secure domain  Wireless Interface Module

References Introduction to PKI Wireless PKI model Digital certificates and wireless transport layer security Analysis of subscriber certificates concept Future of WAP and beyond

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.