Transport-Level Security
Transport-level security, also known as channel security, deals with the point-to-point communication between a wireless client and the enterprise data source. This involves communication over both wireless and wireline channels. With WAP, data is encrypted during over-the-air transport using Wireless Transport Layer Security (WTLS) protocol, and over-the-wire transport using Internet security protocols such as SSL and TLS. This discrepancy leads to one of the main WAP security issues. But before we discuss that topic, we will examine the features of WTLS.
WTLS
Wireless Transport Layer Security (WTLS) protocol was developed to address the unique characteristics of wireless networks, namely low bandwidth and high latency. It is a variation of the Transport Layer Security (TLS) protocol, which is the IETF standard for security on Internet. Unfortunately, TLS cannot be used directly because it is not efficient enough for a wireless environment. WTLS improved on the efficiency of the protocol while adding new capabilities aimed at wireless users. The following are some of the major features added to WTLS, which are not in TLS:
- Support for other cryptographic algorithms. SSL and TLS primarily use RSA encryption. WTLS supports RSA, Diffie-Hellman (DH), and Elliptic Curve Cryptography (ECC).
- Definition of a new compact public key certificate, WTLS certificates. These are a more efficient version of X.509 certificates.
- UDP datagram support. This impacts many areas of the protocol, from how data is encrypted to extra support for message handling, to ensure messages do not get lost, duplicated, or delivered out of order.
- A key refresh option. This is renegotiated periodically, based on the number of messages sent.
- An expanded set of alerts. This adds clarity for error handling.
- Optimized handshakes. This reduces the number of round-trips required in high-latency networks.
In addition to these changes, WTLS also introduced three levels of authentication between the client and the gateway. They are listed in ascending order:
Class I WTLS. Anonymous interactions between the client and WAP gateway; no authentication takes place.
Class II WTLS. The server authenticates itself to the client using WTLS certificates.
Class III WTLS. Both the client and the WAP gateway authenticate to each other. This is the form of authentication used with smartcards. GSM Subscriber Identity Modules (SIM), for example, can store authentication details on the device for two-way authentication.
In this tutorial:
- Mobile and Wireless Security
- Security Primer
- Networking Security Threats
- Security Technologies
- Algorithms and Protocols
- Leading Protocols
- Transport Layer Security (TLS)
- Other Security Measures
- Virtual Private Networks (VPNs)
- WAP Security
- Transport-Level Security
- The WAP Gap
- Application-Level Security
- Smart Client Security
- Data Store Security