WAP Public Key Infrastructure - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

WAP Public Key Infrastructure

Description:

This operation verifies whether the CA that issued the certificate, can be trusted or not. ... The CA information is sent to the client by. ... – PowerPoint PPT presentation

Number of Views:66
Avg rating:3.0/5.0
Slides: 35
Provided by: Sye5
Category:

less

Transcript and Presenter's Notes

Title: WAP Public Key Infrastructure


1
WAP Public Key Infrastructure
  • CSCI 5939.02 Independent Study
  • Fall 2002
  • Jaleel Syed
  • Presentation No 5

2
Cryptography
  • Encryption Transforming a message containing
    critical data into a cipher text.
  • Decryption Decoding encoded data and reproducing
    the original message.

3
Types
  • Symmetric cryptosystems encoding and decoding
    done using the same secret key.
  • Highly insecure.
  • Faster when compared to asymmetric crypto.
  • Algorithms such as Data Encryption Standard(DES)
    are used both for encryption and decryption.
  • Asymmetric cryptosystems. Encoding done using
    public key and decoding done using private key.
  • Secure.
  • Slower computing speed.
  • Algorithms such as RSA, ECDSA etc. Are used.

4
Example
5
Hashing
  • It is method to obtain a digital
    fingerprint(hash) of an original message.
  • This is used to test the integrity but not to
    reproduce the message.

6
Hashing example(Sender)..
  • Digital Signature Associated with message
    encryption

7
Hashing example(Receiver)..
  • Receiving side

8
What is Public Key Infrastructure ?
  • It is a system which enables users to securely
    and privately exchange data and money through the
    use of public and private key pair.
  • It provides a digital certificate that can
    identify an individual.
  • It provides directory services(repository) that
    can store or cancel certificates when necessary.

9
Components of wired PKI
  • Certificate Authority
  • Issues/updates/cancels the digital certificates
    to the requestor.
  • Registration Authority
  • Authenticates the requestor
  • Repository
  • A directory service that stores digital
    certificates.
  • Subscriber
  • Relying party

10
Components of wired PKI contd..
11
WAP PKI Model
12
Types of Authentication
  • WTLS Class 1
  • WAP Device and WAP Gateway are not authenticated.
  • WTLS Class 2
  • It provides the capability for the WAP Device to
    authenticate the identity of the WAP Gateway.
  • SignText
  • It provides a mechanism for the client device to
    create a digital signature of text sent to it.
  • It provides the capability for the WAP device to
    authenticate the identity of the WAP gateway as
    well as for the WAP gateway to authenticate the
    identity of the WAP device.
  • WTLS Class 3
  • Similar to signText, except that, in this the
    clients private key is used to sign a
    challenge from the server.

13
WTLS Class 1
Security limitations of WAP
14
WTLS Class 2
  • Two Phase security model
  • WAP Client communicates to the origin
    server(content server) via the gateway.
  • End to End Security model
  • WAP client communicates with a WAP Server(WAP
    gateway Origin server).

15
WTLS Class 2 contd..
  • Two Phase Security Model

16
WTLS Class 2 contd..
  • The WAP Gateway generates a key pair- public key
    private key.
  • WAP Gateway sends certificate request to WPKI
    Portal.
  • WPKI Portal confirms ID and forwards request to
    CA.
  • CA sends Gateway Public Certificate to WAP
    Gateway.
  • CA populates online repository with WAP Gateway
    certificate.
  • WTLS session established between the device and
    the gateway.
  • SSL/TSL Session established between the gateway
    and the server.

17
WTLS Class 2 contd..
  • End to End Security Model

18
WTLS Class 2 contd..
  • The WAP Server generates a key pair- public key
    private key.
  • WAP Server sends certificate request to WPKI
    portal.
  • WPKI portal confirms ID and forwards request to
    CA.
  • CA sends Server Public certificate to WAP Server
  • WTLS session established between the WAP server
    and the WAP device.

19
SignText
  • Message Signing

20
SignText contd..
  • WAP device requests certificate and sends
    certificate URL to WAP device.
  • WPKI Portal confirms ID and passes request to CA.
  • CA generates User Certificate and sends
    Certificate URL(or entire certificate) to the WAP
    device.
  • CA populates the database with User Public key
    certificate.
  • User signs transaction at the WAP device and
    sends transaction, signature and certificate
    URL(or certificate) to Origin Server.

21
SignText contd..
  • Origin Server uses certificate URL to retrieve
    user certificate from database(if not already in
    possession of certificate).
  • CA database sends user certificate to the Origin
    Server(if necessary).
  • Origin server verifies the signed transaction
    sent from the WAP device.

22
WTLS Class 3
  • Similar to signText, except that, in this the
    clients private key is used to sign a challenge
    from the server.
  • Used for Non-repudiation.

23
Digital Certificate.
  • Name of the certificate holder.
  • The certificate holders public key.
  • Certification Authority
  • A Serial Number
  • Validity period

24
Types of Digital certificates
  • Client Certificate.
  • Authenticates the client.
  • WAP Server WTLS Certificate.
  • It authenticates the identity of the WAP server
  • Encrypt information for server.
  • CA Certificate.
  • Authenticates the Certification Authority

25
Overview
26
WAP PKI Operations
  • Trusted CA information Handling.
  • WTLS Server Certificate Handling.
  • Client Registration.
  • Client Certificate URLs.

27
Trusted CA Information Handling
  • This operation verifies whether the CA that
    issued the certificate, can be trusted or not.
  • The CA information should be distributed to each
    client.
  • The CA.
  • WSP(wireless session protocol) URL is
    distributed.
  • Provisioning CA information is downloaded on the
    client.

28
Trusted CA information Handling contd..
  • The CA information is sent to the client by.
  • Out of band hash verification method the CA
    certificate is hashed and sent through an in-band
    channel whereas the display form of hash is
    sent in an out of band channel(phone or mail).
  • Signature verification method if a new CA has
    issued the certificate, then it can only be
    trusted if it is accompanied by the cert of a CA
    already trusted by the client.
  • The CA updates the CA certificate the client has
    by sending a key roll-over message to the client.

29
WTLS Server Certificate handling
  • The WAP server sends a certification request to a
    CA.
  • In response, the CA may.
  • Issue a long-lived WTLS certificate.
  • Or issue a sequence of short-lived WTLS
    certificates.
  • Used to check for revocation of servers.
  • Equivalent to certificate revocation lists(CRLs)
    in wired PKI
  • Typical lifetime is 48 hrs.

30
Client Registration
  • Client generates a public private key pair.
  • Finds the PKI portal via manual browsing or
    through a URL contained in WML page.
  • The PKI Portal checks if the requestor has the
    corresponding private key to the given public
    key(Proof of Possession).
  • This is done by signing a challenge provided by
    the PKI Portal.

31
Client Certificate URLs
  • The client sends its certificate URL to the
    server, which it uses to get the certificate.
  • It is preferable to pass a link to client
    certificate rather than passing the whole client
    certificates.
  • Protocols used HTTP, LDAP or FTP.

32
Example
  • Example

33
Future
  • The WAP Forum is working on a number of
    significant new specifications
  • Transport layer end-to-end security.
  • WTLS session from the client all the way to the
    proxy in the content server's secure domain
  • Wireless Interface Module

34
References
  • Introduction to PKI
  • Wireless PKI model
  • Digital certificates and wireless transport layer
    security
  • Analysis of subscriber certificates concept
  • Future of WAP and beyond
Write a Comment
User Comments (0)
About PowerShow.com