Jump to content

Wireless Transport Layer Security

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 213.42.2.22 (talk) at 05:07, 4 May 2008. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Wireless Transport Layer Security (WTLS) is a security protocol, part of the Wireless Application Protocol (WAP) stack. It sits between the WTP and WDP layers in the WAP communications stack.

Overview

WTLS is derived from TLS. WTLS uses similar semantics adapted for a low bandwidth mobile device. The main changes are…

  • Compressed data structures — Where possible packet sizes are reduced by using bit-fields, discarding redundancy and truncating some cryptographic elements.
  • New certificate format — WTLS defines a compressed certificate format. This broadly follows the X.509 v3 certificate structure, but uses smaller data structures.
  • Packet based design — TLS is designed for use over a data stream. WTLS adapts that design to be more appropriate on a packet based network. A significant amount of the design is based on a requirement that it be possible to use a packet network such as SMS as a data transport.

WTLS has been superseded in the WAP 2.0 standard by the End-to-end Transport Layer Security Specification.

Security

WTLS uses modern cryptographic algorithms and in common with TLS allows negotiation of cryptographic suites between client and server.

Algorithms

An incomplete list…

Security criticisms

  • Encryption/Decryption at the gateway — in the WAP architecture the content is typically stored on the server as uncompressed WML (an XML DTD). That content is retrieved by the gateway using HTTP and compressed into WBXML, in order to perform that compression the gateway must be able to handle the WML in cleartext, so even if there is encryption between the client and the gateway (using WTLS) and between the gateway and the originating server (using HTTPS) the gateway acts as a man-in-the-middle. This gateway architecture serves a number of purposes: transcoding between HTML and WML; content providers need not implement WBXML compression; removes reliance on DNS; enables a walled garden
  • Digest truncation — HMAC message digests are truncated to reduce transmission overhead, this reduces the theoretical effectiveness of the HMAC potentially reducing the data integrity protection.
  • Inadequate review — WTLS is significantly different from TLS, it is not clear that the changes made to WTLS have not in some way weakened the security. The use of a new certificate format is an example of this. The format defined in the WTLS specification may not be appropriate for all the uses to which a certificate may be used.
  • Client Implementation - As there are no official specifications which WTLS implementations must adhere to, many may use insecure cryptographic algorithms or key generation processes. In some client software, WTLS may even be disabled.

Interoperability

As mentioned above the client and server negotiate the cryptographic suite. This happens when the session is started, briefly the client sends a list of supported algorithms and the server chooses a suite, or refuses the connection. The standard does not mandate support of any algorithm. An endpoint (either client or server) that needs to be interoperable with any other endpoint may need to implement every algorithm (including some covered by intellectual property rights).

Modifications for WTLS based on SSL/TLS

  • Format of identification and certificates
    • WTLS identifiers are of several types: X.509 distinguished names, SHA-1 of the public key, a secret binary key and a textual name known to the two parties
    • The exchange can be anonymous but not recommended
  • Cryptography Algorithm
    • Adds Elliptic Curve Diffie Hellman ECDH
    • Key sizes for RSA exchange are 512, 768, 1024
  • Content of handshake algorithms
    • New content to ClientHello, ServerHello, Certificate, ServerKeyExchange, ClientKeyExchange
  • Exchange protocol during handshake
    • Handshake messages flowing in one direction can be consolidated in one message
    • Handshake messages can be retransmitted under certain conditions
    • ClientKeyExchange message is not mandatory
  • Calculation of secrets
    • PreMasterSecret can either be stored in the terminal smart card or it can be exchanged using one of the key exchanged algorithms
    • MasterSecret is calculated using only one hash function, where in TLS two hash functions are used
  • The Alert messages
    • As in TLS the alert messages are not encrypted
    • WTLS adds more alert messages for example to distinguish between the termination of a connection from the closure of a session


Retrieved from "https://en.wikipedia.org/w/index.php?title=Wireless_Transport_Layer_Security&oldid=210046666"