Security in the Wireless Application Protocol : post-graduate thesis in information and communication technology
Master thesis
Permanent lenke
http://hdl.handle.net/11250/137430Utgivelsesdato
2000Metadata
Vis full innførselSamlinger
Sammendrag
The necessity of being online wherever you are and at any time, have brought foreword the
WAP technology. Solution based on banking, industry, and sale among others, is services
and application that are on the market to day. Like in all new technologies the security issues
in WAP is of great interest. The interest lies on both possible intruders and company that
want to make a profit out of it by offering services. This assignment enlightens possible
security problems in the WAP architecture, both in the security layer Wireless Transport
Layer of Security (WTLS) and the WAP infrastructure.
The report is a result of the investigation and will be used as information on new technology
for my employer, The Norwegian Intelligence Service (NIS).
In the version that exist as of to day (version 1.1 and version 1.2) the security-leaks in the
security layer are to many, and to easy for an intruder to attack. Some of the security
problems is a consequence of a cipher-suit on 40 bits, this is considered week in all literature
about crypto-analysis. The designers of WAP applications got the responsibility to implement
as much security as required into the solution. As of 14.January 2000 the export of strong
encryption is regardless of their strength or type of technology. This means that the
designers can implement cipher-suites bigger than 40 bits into the solution.
To avoid a lesser probability of man-in-the-middle attacks in the infrastructure a company
should invest in a WAP Gateway or WAP Server. This will surround the WAP architecture
with the security infrastructure inside a company. Based on the research in this report it is
possible to draw the conclusion; independence is the key to maximum security. This will also
be the preferable solution for NIS if operations goes wireless, but it is recommended that NIS
carries out a comprehensive evaluation on WAP and type of bearer before even considering
implementing the WAP technology.
The use of eXtended Markup Language as a base for the interfaces shown for the user is
fully supported by the means of Wireless Markup Language and extended Style Language.
The powerful style language makes it possible to implement more powerful features. This is
verified in the demo application.
Beskrivelse
Masteroppgave i informasjons- og kommunikasjonsteknologi 2000 - Høgskolen i Agder, Grimstad
Utgiver
Høgskolen i AgderAgder University College