Security in WAP - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Security in WAP

Description:

Optional steps Client can send NULL reply to Certificate request, Anonymous key exchange etc. ... Impersonation: Anonymous key exchange methods allow key ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 11
Provided by: sanke
Category:
Tags: wap | anon | security

less

Transcript and Presenter's Notes

Title: Security in WAP


1
Security in WAP
  • Sanket Naik, Ameya Varde
  • CS590F Fall 2000

2
Motivation and Goals
  • To study the security issues in WAP
  • To analyze an existing implementation and
    implement enhancements
  • To investigate security holes in the
    implementation and WAP in general
  • To suggest improvements for both

3
Implementation
  • WAP stack from Kannel (www.kannel.org)
  • An on-going open source project implementing the
    WAP stack
  • No WTLS support
  • WTLS layer from 3ui.com (www.3ui.com)
  • We identified 2 security enhancements
  • SSL connection between WAP gateway and Content
    (HTML) server
  • Authentication of the WAP gateway by the WAP
    client
  • Both missing in WTLS patch from 3ui

4
Kannel architecture
5
Security Enhancements
6
Development tools
  • Platform Linux
  • OpenSSL crypto library (http//www.openssl.org)
  • NOKIA WAP Toolkit (http//www.forum.nokia.com)
  • Simulates a web-enabled NOKIA 7110 phone

7
WTLS optimizations
  • Why optimize?
  • Low bandwidth
  • Less processing power
  • Less memory
  • Weaker power supply
  • The optimizations
  • Abbreviated handshake using pre-master secret
    from previous session
  • Optional steps Client can send NULL reply to
    Certificate request, Anonymous key exchange etc.

8
The flaws
  • Encryption not truly end-to-end
  • Abbreviated handshake susceptible to replay
    attack
  • Chosen plain-text attack IV for each packet
    Sequence number XOR Original IV
  • DOS attack Alerts are unauthenticated
  • Man-in-the-middle attack 40 bit XOR MAC allows
    even bit changes
  • Impersonation Anonymous key exchange methods
    allow key generation w/o Authentication (Kannel
    WTLS has only anonymous key exchange methods!)
  • Weaker encryption mechanisms due to export
    regulations

9
Suggestions
  • WAP specifications
  • Enforce Client authentication rather than keep it
    optional
  • Make WTLS layer mandatory whether people use it
    or not.
  • Implementation
  • Provide Gateway authentication in WAP clients
  • Add stronger algorithms, keys and key exchange
    methods to the cipher suites

10
Conclusions
  • WTLS Specs propose weak security
  • Developers and Manufacturers are deploying WAP
    stacks which do not meet even these weak security
    requirements
  • Mostly due to lack of security expertise
  • Open source exposing these weaknesses
  • Yet additional code review required
  • Our 2 bits should be checked in soon
Write a Comment
User Comments (0)
About PowerShow.com