Pages

Saturday, November 28, 2009

ENFORCEMENT OF SECURITY IN WAP VIA THE WTLS PROTOCOL

 ENFORCEMENT OF SECURITY IN WAP VIA THE WTLS PROTOCOL

Abstract

A huge growth of the wireless mobile services poses demand for the end-to-end secure connections. The Wireless Transport Layer Security provides authentication, privacy and integrity for the Wireless Application Protocol. It is based on the widely used TLS v1.0. The requirements of the mobile networks have been taken into account when designing the WTLS; low bandwidth, data gram connection, limited processing power and memory capacity, and cryptography exporting restrictions have all been considered.

In this paper, the security of the WTLS is analyzed. Firstly, the concept of data security is provided for the background information. The common security terms including authentication, privacy, and integrity are explained. Then the most important parts from the specification of the WTLS are presented. The known security threats of the WTLS are discussed and their impacts evaluated. Finally the analysis is performed based on the known facts.

The WTLS is, finally, found to be quite a good security solution even with its known security problems. Some improvements for the protocol will be necessary, but there is little need for any major changes. If the supported algorithms are combined in an appropriate way it is possible to guarantee a sufficient security level. The null ciphers should not be allowed and the anonymous authentications should be denied. The development work of the WTLS continues and the next version should be released in near future. If all known security problems will be fixed then the WTLS provides a sufficient security level.

No comments:

Post a Comment