WAP Public Key Infrastructure - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

WAP Public Key Infrastructure

Description:

WAP Public Key Infrastructure CSCI 5939.02 Independent Study Fall 2002 Jaleel Syed Presentation No 5 Cryptography Encryption: Transforming a message containing ... – PowerPoint PPT presentation

Number of Views:189
Avg rating:3.0/5.0
Slides: 35
Provided by: Sye5
Category:

less

Transcript and Presenter's Notes

Title: WAP Public Key Infrastructure


1
WAP Public Key Infrastructure
  • CSCI 5939.02 Independent Study
  • Fall 2002
  • Jaleel Syed
  • Presentation No 5

2
Cryptography
  • Encryption Transforming a message containing
    critical data into a cipher text.
  • Decryption Decoding encoded data and reproducing
    the original message.

3
Types
  • Symmetric cryptosystems encoding and decoding
    done using the same secret key.
  • Highly insecure.
  • Faster when compared to asymmetric crypto.
  • Algorithms such as Data Encryption Standard(DES)
    are used both for encryption and decryption.
  • Asymmetric cryptosystems. Encoding done using
    public key and decoding done using private key.
  • Secure.
  • Slower computing speed.
  • Algorithms such as RSA, ECDSA etc. Are used.

4
Example
5
Hashing
  • It is method to obtain a digital
    fingerprint(hash) of an original message.
  • This is used to test the integrity but not to
    reproduce the message.

6
Hashing example(Sender)..
  • Digital Signature Associated with message
    encryption

7
Hashing example(Receiver)..
  • Receiving side

8
What is Public Key Infrastructure ?
  • It is a system which enables users to securely
    and privately exchange data and money through the
    use of public and private key pair.
  • It provides a digital certificate that can
    identify an individual.
  • It provides directory services(repository) that
    can store or cancel certificates when necessary.

9
Components of wired PKI
  • Certificate Authority
  • Issues/updates/cancels the digital certificates
    to the requestor.
  • Registration Authority
  • Authenticates the requestor
  • Repository
  • A directory service that stores digital
    certificates.
  • Subscriber
  • Relying party

10
Components of wired PKI contd..
11
WAP PKI Model
12
Types of Authentication
  • WTLS Class 1
  • WAP Device and WAP Gateway are not authenticated.
  • WTLS Class 2
  • It provides the capability for the WAP Device to
    authenticate the identity of the WAP Gateway.
  • SignText
  • It provides a mechanism for the client device to
    create a digital signature of text sent to it.
  • It provides the capability for the WAP device to
    authenticate the identity of the WAP gateway as
    well as for the WAP gateway to authenticate the
    identity of the WAP device.
  • WTLS Class 3
  • Similar to signText, except that, in this the
    clients private key is used to sign a
    challenge from the server.

13
WTLS Class 1
Security limitations of WAP
14
WTLS Class 2
  • Two Phase security model
  • WAP Client communicates to the origin
    server(content server) via the gateway.
  • End to End Security model
  • WAP client communicates with a WAP Server(WAP
    gateway Origin server).

15
WTLS Class 2 contd..
  • Two Phase Security Model

16
WTLS Class 2 contd..
  1. The WAP Gateway generates a key pair- public key
    private key.
  2. WAP Gateway sends certificate request to WPKI
    Portal.
  3. WPKI Portal confirms ID and forwards request to
    CA.
  4. CA sends Gateway Public Certificate to WAP
    Gateway.
  5. CA populates online repository with WAP Gateway
    certificate.
  6. WTLS session established between the device and
    the gateway.
  7. SSL/TSL Session established between the gateway
    and the server.

17
WTLS Class 2 contd..
  • End to End Security Model

18
WTLS Class 2 contd..
  1. The WAP Server generates a key pair- public key
    private key.
  2. WAP Server sends certificate request to WPKI
    portal.
  3. WPKI portal confirms ID and forwards request to
    CA.
  4. CA sends Server Public certificate to WAP Server
  5. WTLS session established between the WAP server
    and the WAP device.

19
SignText
  • Message Signing

20
SignText contd..
  1. WAP device requests certificate and sends
    certificate URL to WAP device.
  2. WPKI Portal confirms ID and passes request to CA.
  3. CA generates User Certificate and sends
    Certificate URL(or entire certificate) to the WAP
    device.
  4. CA populates the database with User Public key
    certificate.
  5. User signs transaction at the WAP device and
    sends transaction, signature and certificate
    URL(or certificate) to Origin Server.

21
SignText contd..
  1. Origin Server uses certificate URL to retrieve
    user certificate from database(if not already in
    possession of certificate).
  2. CA database sends user certificate to the Origin
    Server(if necessary).
  3. Origin server verifies the signed transaction
    sent from the WAP device.

22
WTLS Class 3
  • Similar to signText, except that, in this the
    clients private key is used to sign a challenge
    from the server.
  • Used for Non-repudiation.

23
Digital Certificate.
  • Name of the certificate holder.
  • The certificate holders public key.
  • Certification Authority
  • A Serial Number
  • Validity period

24
Types of Digital certificates
  • Client Certificate.
  • Authenticates the client.
  • WAP Server WTLS Certificate.
  • It authenticates the identity of the WAP server
  • Encrypt information for server.
  • CA Certificate.
  • Authenticates the Certification Authority

25
Overview
26
WAP PKI Operations
  • Trusted CA information Handling.
  • WTLS Server Certificate Handling.
  • Client Registration.
  • Client Certificate URLs.

27
Trusted CA Information Handling
  • This operation verifies whether the CA that
    issued the certificate, can be trusted or not.
  • The CA information should be distributed to each
    client.
  • The CA.
  • WSP(wireless session protocol) URL is
    distributed.
  • Provisioning CA information is downloaded on the
    client.

28
Trusted CA information Handling contd..
  • The CA information is sent to the client by.
  • Out of band hash verification method the CA
    certificate is hashed and sent through an in-band
    channel whereas the display form of hash is
    sent in an out of band channel(phone or mail).
  • Signature verification method if a new CA has
    issued the certificate, then it can only be
    trusted if it is accompanied by the cert of a CA
    already trusted by the client.
  • The CA updates the CA certificate the client has
    by sending a key roll-over message to the client.

29
WTLS Server Certificate handling
  • The WAP server sends a certification request to a
    CA.
  • In response, the CA may.
  • Issue a long-lived WTLS certificate.
  • Or issue a sequence of short-lived WTLS
    certificates.
  • Used to check for revocation of servers.
  • Equivalent to certificate revocation lists(CRLs)
    in wired PKI
  • Typical lifetime is 48 hrs.

30
Client Registration
  • Client generates a public private key pair.
  • Finds the PKI portal via manual browsing or
    through a URL contained in WML page.
  • The PKI Portal checks if the requestor has the
    corresponding private key to the given public
    key(Proof of Possession).
  • This is done by signing a challenge provided by
    the PKI Portal.

31
Client Certificate URLs
  • The client sends its certificate URL to the
    server, which it uses to get the certificate.
  • It is preferable to pass a link to client
    certificate rather than passing the whole client
    certificates.
  • Protocols used HTTP, LDAP or FTP.

32
Example
  • Example

33
Future
  • The WAP Forum is working on a number of
    significant new specifications
  • Transport layer end-to-end security.
  • WTLS session from the client all the way to the
    proxy in the content server's secure domain
  • Wireless Interface Module

34
References
  • Introduction to PKI
  • Wireless PKI model
  • Digital certificates and wireless transport layer
    security
  • Analysis of subscriber certificates concept
  • Future of WAP and beyond
Write a Comment
User Comments (0)
About PowerShow.com