Security in the Wireless Application Protocol : post-graduate thesis in information and communication technology

Abstract

The necessity of being online wherever you are and at any time, have brought foreword the WAP technology. Solution based on banking, industry, and sale among others, is services and application that are on the market to day. Like in all new technologies the security issues in WAP is of great interest. The interest lies on both possible intruders and company that want to make a profit out of it by offering services. This assignment enlightens possible security problems in the WAP architecture, both in the security layer Wireless Transport Layer of Security (WTLS) and the WAP infrastructure. The report is a result of the investigation and will be used as information on new technology for my employer, The Norwegian Intelligence Service (NIS). In the version that exist as of to day (version 1.1 and version 1.2) the security-leaks in the security layer are to many, and to easy for an intruder to attack. Some of the security problems is a consequence of a cipher-suit on 40 bits, this is considered week in all literature about crypto-analysis. The designers of WAP applications got the responsibility to implement as much security as required into the solution. As of 14.January 2000 the export of strong encryption is regardless of their strength or type of technology. This means that the designers can implement cipher-suites bigger than 40 bits into the solution. To avoid a lesser probability of man-in-the-middle attacks in the infrastructure a company should invest in a WAP Gateway or WAP Server. This will surround the WAP architecture with the security infrastructure inside a company. Based on the research in this report it is possible to draw the conclusion; independence is the key to maximum security. This will also be the preferable solution for NIS if operations goes wireless, but it is recommended that NIS carries out a comprehensive evaluation on WAP and type of bearer before even considering implementing the WAP technology. The use of eXtended Markup Language as a base for the interfaces shown for the user is fully supported by the means of Wireless Markup Language and extended Style Language. The powerful style language makes it possible to implement more powerful features. This is verified in the demo application.