Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proposal for WAP-IETF co- operation on a wireless friendly TLS Tim Wright, Vodafone and chair WAP Security Group

Published byCassandra Wolf Modified over 9 years ago

Similar presentations

Presentation on theme: "Proposal for WAP-IETF co- operation on a wireless friendly TLS Tim Wright, Vodafone and chair WAP Security Group"— Presentation transcript:

1 Proposal for WAP-IETF co- operation on a wireless friendly TLS Tim Wright, Vodafone and chair WAP Security Group timothy.wright@vf.vodafone.co.uk

2 Contents Introduction to WAP, WTLS and other WAP security functions Differences between WTLS and TLS WAP-NG WSG part in WAP-NG A wireless friendly TLS?

3 WAP Formed by Ericsson, Motorola, Nokia, phone.com Opened up (“Opened up?”) in Spring 1998 Wireless friendly versions of html, http, TCP/IP for delivery of “Internet content and services” to wireless clients

4 Stack WSP (carrying WML and WMLScript) WTP WTLS WDP Bearer

5 WTLS Wireless friendly version of TLS Several differences designed to: –optimise bandwidth use –accommodate unreliable link –reduce client code size and processor requirements

6 Other WAP security features WAP Identity Module (WIM) –specification of interface to tamper-resistant device for storage of crypto parameters signText –WMLScript function for signature generation Profile of X.509 for client certs –based on RFC 2459 WPKI –client and server cert request, root download

7 Major differences between WTLS and TLS Datagram support No fragmentation Key refresh for long-lived connections Optimized handshaking Shared-secret handshake Compact certificate (WTLSCertificate)

8 Shorter parameters Cipher suite negotiation Algorithms

9 Datagram Support Mandatory use of explicit sequence numbers Concatenation of successive handshake messages in one direction into one transport SDU Extra conditions for handshake to deal with lost messages

10 No fragmentation Assumed not needed as optimisations will mean application data is less than 16K Reduces WTLS code size

11 Key Refresh for long lived connections ClientHello and ServerHello include setting of key refresh rate Recalculation of key_block every n records, n=2 k, k is uint 8 Allows key refresh without handshake

12 Optimised handshaking Server can retrieve client cert from own sources after Client Hello, if client sends public key id (hash) or cert URL, and do abbreviated handshake Client indicates the roots it has in ClientHello (trusted_key_ids), so that server can send appropriate certs

13 Shared Secret Handshake Pre-master secret is a shared secret previously loaded into client and server Handshake is as for (W)TLS abbreviated handshake (Hello’s, ChangeCipherSpec’s and Finished’s only) Allows implicit authentication and confidentiality/integrity, with risk of extraction of secret from terminal

14 Compact certificate “WTLSCert” defined in specification Designed for authentication of WAP gateway only No extensions length - 450 bytes compared to around 750 for X.509

15 Format struct { uint8 certificate_version; SignatureAlgorithm signature_algorithm; Identifier issuer; uint32 valid_not_before; uint32 valid_not_after; Identifier subject; PublicKeyType public_key_type; ParameterSpecifier parameter_specifier; PublicKey public_key; } ToBeSignedCertificate;

16 Shorter parameters Truncated (40 and 80 bit versions) of SHA- 1 and MD5 allowed Pre-master secret is only 20 bytes, not 48 Client and Server Random’s only 16 bytes, not 32 Session ID is 8 bytes, not 32

17 Cipher suite negotiation Key exchange/authentication algorithm negotiated separately from cipher and MAC Allows negotiation of strong authentication with weak encryption where legislation requires Allow theoretical possibility of NULL key exchange with strong ciphering and MAC

18 Algorithms - anonymous handshake RSA_ANON, with 512 and 768 bit limited versions DH_ANON, with 512 and 768 bit limited versions ECDH_ANON, with 113 and 131 bit limited versions

19 Algorithms - server/client authentication RSA, with 512 and 768 bit limited versions No temporary keys ECDH_ECDSA –4 basic curves, 4 non-basic

20 Algorithms - MAC SHA-1, MD5 and 40/80 bit truncations allowed Only one used “XOR MAC” - divide the message into 5 bit blocks and XOR together –designed for low end devices –warnings in specification against use –attack publicised (Saarinen, Wagner)

21 Algorithms - encryption RC5-32/16/16 is recommended for client and server –56 and 40 bit versions, use shorter key, pad to 128 bit and use RC5-32/16/16 Others –DES, 3DES, IDEA –None of these in production handsets

22 Attacks XOR MAC Possibility of negotiating NULL key exchange gives middleperson attack Possibility of low entropy IV allows intruder possibility of guessing key if can control channel Redirection attacks as for TLS

23 WAP Next Generation (NG) WAP NG is the great leap back to Internet compliant specs http, html, TLS, TCP/IP to the handset But wireless friendly versions of these protocols –initially with PEP’s WSG task is TLS to the handset

24 WSG plans re TLS Wireless profile of TLS 1.0, including: –Profile of client and server X.509 –Specified ciphersuites –Guidelines on TLS options Specification of use of WIM for TLS Development within WSG and IETF of wireless-friendly TLS 1.1?

25 Changes required? Possibilities (early thoughts, and TBD): –Algorithms - ECC & RC5? –Client certificate URL –Client to indicate trusted roots in Hello –NOT necessarily datagram support and WTLS certs

26 Timescales WAP NG specs to be ready summer 2001 (though WG’s have some flexibility) TLS standardisation timescales? –waiting on RFC 2459 progress –time for some minor changes for wireless to TLS 1.0?

27 Next Steps WSG to determine changes necessary/”nice to have” for wireless friendly TLS TLS to determine what can be squeezed into TLS 1.0 and what needs new version Make changes to TLS 1.0 Begin work on TLS 1.1 as required

Download ppt "Proposal for WAP-IETF co- operation on a wireless friendly TLS Tim Wright, Vodafone and chair WAP Security Group"

Similar presentations

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Web security: SSL and TLS

Web security: SSL and TLS
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
WTLS (Wireless Transport Layer Security) Youngho Choung

WTLS (Wireless Transport Layer Security) Youngho Choung
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Cryptography and Network Security Chapter 17 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 17 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

Similar presentations

Ads by Google