AbstractWAP is the protocol that is a secure data communication for the wireless environments developed by the WAP Forum. WTLS(Wireless Transport Layer Security) is the proposed protocol for secure communication in the WAP. The purpose of WTLS is to provide secure and efficient services in the wireless Internet environment. However,
the existing WTLS handshake protocol has some security problems in several active attacks. Therefore, in this paper, we analyze the securities of the existing protocol, and then propose a security enhanced WTLS Handshake protocol. Keywords- WAP
- WTLS
- Handshake protocol
- active attack
This work was supported by the University IT Research Center Project by the MIC (Ministry of
Information and Communication) Republic of Korea. PreviewUnable to display preview. Download preview PDF. ReferencesLevi, A., Savas, E.: Performance Evaluation of Public-Key Cryptosystem Operations in WTLS Protocol. In: Proceedings of the 8th IEEE International Symposium on Computers and Communication, ISCC 2003, pp. 1245–1250 (2003) Google Scholar Dierks, T., Allen, C.: The TLS Protocol version 1.0, IETF RFC 2246 (January 1999) Google Scholar WAP Forum,
Wireless Application Protocol Wireless Transport Layer Security Specification version, February 18 (2000) Google Scholar Radhamani, G., Ramasamy, K.: Security Issues in WAP WTLS Protocol. In: IEEE 2002 International Conference on Communication, Circuits and Systems and West Sino Expositions, vol. 1, pp. 483–487 (2002) Google Scholar Kwak, D.J., Ha, J.C., Lee, H.J., Kim, H.K., Moon, S.J.: A WTLS Handshke Protocol with User Anonymity and Forward Secrecy. In: Lee, J.-Y., Kang, C.-H. (eds.) CIC 2002. LNCS, vol. 2524, pp. 219–230. Springer, Heidelberg (2003) CrossRef Google Scholar ANSI, Public Key Cryptography for the finacial services industry : Key agreement and key transport using elliptic curve cryptography, ANSI X9.63 (2001) Google Scholar Oh, S.H., Kwak, J., Lee, S.W., Won, D.H.: Security Analysis and
Applications of Standard key Agreement Protocols. In: Kumar, V., Gavrilova, M.L., Tan, C.J.K., L’Ecuyer, P. (eds.) ICCSA 2003. LNCS, vol. 2668, pp. 191–200. Springer, Heidelberg (2003) CrossRef
Google Scholar Gunther,
C.: An Identity-based Key-exchange Protocol. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 29–37. Springer, Heidelberg (1990) Google Scholar Koblitz, N.: Elliptic curve Cryptosystems. Mathematics of Computation 48(177), 203–209 (1987)
MATH MathSciNet
CrossRef
Google Scholar Yang, J.P., Shin, W.S., Rhee, K.H.: An End-to-End
Authentication Protocol in Wireless Application Protocol. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 247–259. Springer, Heidelberg (2001) CrossRef
Google Scholar Zheng, W.: An
Authentication and Security Protocol for Mobile Computing. In: Proceeding of IFIP, September 1996, pp. 249–257 (1996) Google
Scholar Go, J.S., Kim, K.J.: Wireless authentication Protocols Preserving User Anonymity. In: SCIS 2001 (January 2001) Google Scholar
Download references Authors
and AffiliationsSchool of Information and Communication Engineering, Sungkyunkwan University, 300 Chunchun-Dong, Jangan-Gu, Suwon, Gyeonggi-Do, 440-746, Korea Jin Kwak, Jongsu Han & Dongho Won Division of Computer Science, Hoseo University, Asan, Chuncheongnam-Do, 336-795, Korea Soohyun Oh
Authors - Jin Kwak
You
can also search for this author in PubMed Google Scholar - Jongsu Han
You can also search for this author in
PubMed Google Scholar - Soohyun Oh
You can also search for this author in PubMed Google Scholar - Dongho Won
You can also search for this author in
PubMed Google Scholar
Editors and AffiliationsDepartment of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy Antonio
Laganá Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada Marina L. Gavrilova William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA Vipin Kumar School of Computing, Soongsil University, Seoul, Korea Youngsong Mun OptimaNumerics Ltd., Cathedral House, 23-31
Waring Street, BT1 2DX, Belfast, UK C. J. Kenneth Tan Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy Osvaldo Gervasi
Rights and permissions© 2004 Springer-Verlag Berlin Heidelberg About this paperCite this paperKwak, J., Han, J., Oh, S., Won, D. (2004). Security Enhanced WTLS Handshake Protocol. In: Laganá, A., Gavrilova, M.L., Kumar, V.,
Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3045. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24767-8_100 Download citationDOI:
https://doi.org/10.1007/978-3-540-24767-8_100 Publisher Name: Springer, Berlin, Heidelberg Print ISBN: 978-3-540-22057-2 Online ISBN: 978-3-540-24767-8 eBook Packages: Springer Book Archive
What is WTLS protocol?
Wireless Transport Layer Security (WTLS) is a security level for the Wireless Application Protocol (WAP), specifically for the applications that use WAP. It is based on Transport Layer Security (TLS) v1. 0, which is a security layer used in the internet and is a successor to Secure Sockets Layer (SSL) 3.1.
Is TLS protocol secure?
Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website.
What is the security concern in WAP?
There are some security problems with WAP. The most important threat associated with WAP is the use of the WAP gateway. There are however also some security weaknesses in the WTLS protocol and some possible threats by using mobile devices. The most important security problems will now be discussed.
What are the functions supported by WML describe WTLS security services?
WTLS can provide different levels of security (for privacy, data integrity, and authentication) and has been optimized for low bandwidth, high-delay bearer networks. WTLS takes into account the low processing power and very limited memory capacity of the mobile devices for cryptographic algorithms.
|