SlideShare une entreprise Scribd logo

Identifying How WAP Can Be Used For Secure mBusiness

Oliver Pfaff
Oliver Pfaff

IIR Wireless eBusiness Security Forum Barcelona. January, 2002

Technologie
1  sur  27
Identifying How WAP Can Be Used For Secure M-Business 3rd Wireless eBusiness Security Forum Barcelona. January 29-30, 2002
Contents ,[object Object],[object Object],[object Object],[object Object]
WAP - Wireless Application Protocol ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],‘ Internet world‘ Wireless network ‘ Telephony world’ PSTN WAP gateway HTTP TCP/IP Web services
(R)evolution with WAP-NG ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
WAP Generation 1 and 2 Stacks Bearer WDP WTLS WTP WSP Subnet IP TCP HTTP WSP WTP WTLS WDP Bearer Mobile device WAP gateway Web server TLS IP Subnet Mobile device WAP proxy Subnet TCP* TLS Subnet IP TCP* Subnet IP TCP Web server Generation 1: own protocol stack and presentation language Generation 2: alignment with Internet and WWW standards HTTP* IP TCP TLS HTTP Subnet IP TCP TLS HTTP HTTP* HTTP Remark: WAP 2.0 also supports transport proxies and IP routers as intermediate entities. WML over HTTP WBXML over WSP
Classification of the Considered IT-Security Technologies ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Public key infrastructure Entity identifier Public key Application technologies Infrastructure Application Entity Private key G o a l Security token
Contents ,[object Object],[object Object],[object Object],[object Object]
Timeline of WAP Security Specifications WAP 1.2 WAP 1.1 WAP 1.0 Dec. 99 Jun. 99 Apr. 98 WTLS (April, 98) WTLS (Feb., 99) Approved specification releases: WMLSCrypt (Nov., 99) WIM (Nov., 99) WTLS (Nov., 99) WAP 1.2.1 WTLS (Feb., 00) Jun. 00 Jul. 01 WMLSCrypt (Nov., 99) WIM (Feb., 00) WTLS (Apr., 01) WMLSCrypt (Jun., 01) WIM (Jul., 01) WAP 2.0 WPKI (Apr., 01) TLS (Apr., 01) E2ESec (Jun., 01) WAPCert (May, 01)
Since WAP 1.0 WTLS - Wireless TLS WAP generation 1 stack Session Layer (WSP) Transaction Layer (WTP) Application Layer (WAE) Bearer Transport Layer (WDP) Security Layer (WTLS) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
WTLS Limitations WTLS span 1 4 3 2 5 6 7 8 Mobile device Base station Web server ,[object Object],[object Object],[object Object],[object Object],[object Object],Dial-in server WAP gateway Dial-in server WAP gateway WAP gateway navigation:
WAP Gateway Out- vs. Insourcing Mobile device WAP gateway Web server ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Enterprises supporting Web-based accesses to Intranet resources via publically reachable https-servers in the DMZ have several options to accomodate WAP gateways in order to supply WAP-based resource accesses: Backend services
Since WAP 1.2 WMLScript Crypto (Aka: WMLSCrypt) ,[object Object],[object Object],[object Object],[object Object],[object Object],Sample WMLScript source: Sample GUI:
Since WAP 1.2 WIM - Wireless Identity Module ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],WIM service primitives PKCS#15 interpreter (AID: WAP-WIM) ISO 7816 MF AID: WAP-WIM ICC application Security objects DF(PKCS15) Reference system WIM application WIM EF(Certificate) EF(Private key) EF(Certificate ID)
ICC-Based WIM Implementation Options with Respect to SIM ,[object Object],[object Object],[object Object],SIM plus WIM via external reader SIM plus WIM via internal secondary reader (‘dual-slot’) ,[object Object],[object Object],Integrated SIM/WIM card ,[object Object],[object Object],SIM plus WIM via internal secondary reader (‘dual-chip’) ,[object Object],[object Object]
Since WAP 2.0 WPKI and WAPCert ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Since WAP 2.0 TLS - Transport Layer Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Bearer Security Layer (SSL/TLS) Application Layer (e.g. HTTP) Network Layer (IP) Internet stack Transport Layer (TCP)
Future WAP Security Features Under Construction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
A Vision PTDs - Personal Trusted Devices ,[object Object],[object Object],[object Object],[object Object],[object Object]
Contents ,[object Object],[object Object],[object Object],[object Object]
IT-Strategy Challenges ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Application Technologies WAP Security Integration 1 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Infrastructure Technologies WAP Security Integration 2 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Contents ,[object Object],[object Object],[object Object],[object Object]
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Abbreviations 3GPP Third-Generation Partner Project AID Application ID ASN Abstract Syntax Notation CDMA Code Division Multiple Access cHTML compact HTML CMS Cryptographic Message Syntax DF Dedicated File DMZ De-Militarized Zone E2E End-to-End EF Elementary File GPRS General Packet Radio Service GSM Global System for Mobile Communications HTML HyperText Markup Language HTTP HyperText Transfer Protocol HTTP* Wireless profiled HTTP(interoperable with HTTP) https HTTP over SSL/TLS ICC Integrated Circuits Card ID Identifier IETF Internet Engineering Task Force IP Internet Protocol ISO International Standards Organization IT Information Technology MeT Mobile electronic Transactions MF Master File NTT Nippon Telegraph and Telephone OCSP Online Certificate Status Protocol PDA Personal Digital Assistant PKCS Public Key Cryptography Standards PKI Public Key Infrastructure PKIX PKI-X.509 PSTN Public Switched Telephone Network PTD Personal Trusted Device RFC Request For Comment SCONT Signed Content SCP Smart Card Platform SIM Subscriber Identity Module SSL Secure Sockets Layer TCP Transmission Control Protocol TCP* Wireless profiled TCP(interoperable with TCP) TDMA Time Division Multiple Access TLS Transport Layer Security UMTS Universal Mobile Telecommunications System USIM Universal SIM W3C World Wide Web Consortium WAP Wireless Application Protocol WAP-NG WAP Next Generation WBXML Wireless Binary XML WDP Wireless Datagram Protocol WIM Wireless Identity Module WML Wireless Markup Language WMLScript WML Script WPKI Wireless PKI WSP Wireless Session Protocol WTLS Wireless TLS WTP Wireless Transaction Protocol WWW World Wide Web XHTML eXtensible HTML XKMS XML Key Management Specification XML eXtensible Markup Language XMLDSig XML Digital Signatures XMLEnc XML Encryption
References and Further Reading ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Author Information Dr. Oliver Pfaff Siemens AG Information and Communication Networks Charles-De-Gaulle-Str. 2 D-81730 Munich E-Mail: oliver.pfaff@icn.siemens.de Telephone: +49.89.722.53227 Mobile: +49.172.8250805

Recommandé

Mc
McMc
McAnkit Anand
 
A Review on security issues in WiMAX
A Review on security issues in WiMAXA Review on security issues in WiMAX
A Review on security issues in WiMAXEditor IJMTER
 
An introduction to SwiftNET
An introduction to SwiftNETAn introduction to SwiftNET
An introduction to SwiftNETRishabh Dangwal
 
Unified Security Architectures for Web and WAP
Unified Security Architectures for Web and WAPUnified Security Architectures for Web and WAP
Unified Security Architectures for Web and WAPOliver Pfaff
 
Wap 1
Wap 1Wap 1
Wap 1Vruti Surani
 
A Survey of Interoperability among Surveillance System using ONVIF
A Survey of Interoperability among Surveillance System using ONVIFA Survey of Interoperability among Surveillance System using ONVIF
A Survey of Interoperability among Surveillance System using ONVIFRSIS International
 
Locking Down and Re-Using V2X Security - Lessons for Smart Cities
Locking Down and Re-Using V2X Security - Lessons for Smart CitiesLocking Down and Re-Using V2X Security - Lessons for Smart Cities
Locking Down and Re-Using V2X Security - Lessons for Smart CitiesOnBoard Security, Inc. - a Qualcomm Company
 
Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Eurotech
 

Recommandé

Mc
McMc
McAnkit Anand
 
A Review on security issues in WiMAX
A Review on security issues in WiMAXA Review on security issues in WiMAX
A Review on security issues in WiMAXEditor IJMTER
 
An introduction to SwiftNET
An introduction to SwiftNETAn introduction to SwiftNET
An introduction to SwiftNETRishabh Dangwal
 
Unified Security Architectures for Web and WAP
Unified Security Architectures for Web and WAPUnified Security Architectures for Web and WAP
Unified Security Architectures for Web and WAPOliver Pfaff
 
Wap 1
Wap 1Wap 1
Wap 1Vruti Surani
 
A Survey of Interoperability among Surveillance System using ONVIF
A Survey of Interoperability among Surveillance System using ONVIFA Survey of Interoperability among Surveillance System using ONVIF
A Survey of Interoperability among Surveillance System using ONVIFRSIS International
 
Locking Down and Re-Using V2X Security - Lessons for Smart Cities
Locking Down and Re-Using V2X Security - Lessons for Smart CitiesLocking Down and Re-Using V2X Security - Lessons for Smart Cities
Locking Down and Re-Using V2X Security - Lessons for Smart CitiesOnBoard Security, Inc. - a Qualcomm Company
 
Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Eurotech
 
SWIFT & IntelliMATCH
SWIFT & IntelliMATCHSWIFT & IntelliMATCH
SWIFT & IntelliMATCHParamjeet Singh
 
Java ME Networking & Connectivity
Java ME Networking & ConnectivityJava ME Networking & Connectivity
Java ME Networking & ConnectivityStefano Sanna
 
authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)Azad Kaki
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Virtual private network
Virtual private networkVirtual private network
Virtual private networkSOHIL SUNDARAM
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX networkAlexandre De Oliveira
 
Swift society worldwideinterbankfinancialtelecommunication
Swift society worldwideinterbankfinancialtelecommunicationSwift society worldwideinterbankfinancialtelecommunication
Swift society worldwideinterbankfinancialtelecommunicationVogelDenise
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajendra Dangwal
 
VPN Virtual Private Network
VPN Virtual Private NetworkVPN Virtual Private Network
VPN Virtual Private NetworkRama Krishna Nakka
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour DetectionRestricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour DetectionAnkit Singh
 
User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...Siddharth Rao
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Vpn
VpnVpn
VpnKamalPreet Saluja
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network) Netwax Lab
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)sonangrai
 
Vpn Virtual Private Network
Vpn Virtual Private NetworkVpn Virtual Private Network
Vpn Virtual Private Networkfaisalmalik
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkP1Security
 
Wireless Application Protocol ppt
Wireless Application Protocol pptWireless Application Protocol ppt
Wireless Application Protocol pptgo2project
 
Wireless application protocol
Wireless application protocolWireless application protocol
Wireless application protocolgit tech
 
112321 112333 wirless application protocol
112321 112333 wirless application protocol112321 112333 wirless application protocol
112321 112333 wirless application protocolJAINIK PATEL
 
Wap ppt
Wap pptWap ppt
Wap pptAbhijit Nath
 

Contenu connexe

Tendances

Java ME Networking & Connectivity
Java ME Networking & ConnectivityJava ME Networking & Connectivity
Java ME Networking & ConnectivityStefano Sanna
 
authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)Azad Kaki
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Virtual private network
Virtual private networkVirtual private network
Virtual private networkSOHIL SUNDARAM
 
Swift society worldwideinterbankfinancialtelecommunication
Swift society worldwideinterbankfinancialtelecommunicationSwift society worldwideinterbankfinancialtelecommunication
Swift society worldwideinterbankfinancialtelecommunicationVogelDenise
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour DetectionRestricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour DetectionAnkit Singh
 
User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...Siddharth Rao
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network) Netwax Lab
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)sonangrai
 
Vpn Virtual Private Network
Vpn Virtual Private NetworkVpn Virtual Private Network
Vpn Virtual Private Networkfaisalmalik
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkP1Security
 

Tendances (18)

SWIFT & IntelliMATCH
SWIFT & IntelliMATCHSWIFT & IntelliMATCH
SWIFT & IntelliMATCH
 
Java ME Networking & Connectivity
Java ME Networking & ConnectivityJava ME Networking & Connectivity
Java ME Networking & Connectivity
 
authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
Virtual private network
Virtual private networkVirtual private network
Virtual private network
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX network
 
Swift society worldwideinterbankfinancialtelecommunication
Swift society worldwideinterbankfinancialtelecommunicationSwift society worldwideinterbankfinancialtelecommunication
Swift society worldwideinterbankfinancialtelecommunication
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
VPN Virtual Private Network
VPN Virtual Private NetworkVPN Virtual Private Network
VPN Virtual Private Network
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour DetectionRestricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
 
User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Vpn
VpnVpn
Vpn
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
 
Vpn Virtual Private Network
Vpn Virtual Private NetworkVpn Virtual Private Network
Vpn Virtual Private Network
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN network
 

Similaire à Identifying How WAP Can Be Used For Secure mBusiness

Wireless Application Protocol ppt
Wireless Application Protocol pptWireless Application Protocol ppt
Wireless Application Protocol pptgo2project
 
Wireless application protocol
Wireless application protocolWireless application protocol
Wireless application protocolgit tech
 
112321 112333 wirless application protocol
112321 112333 wirless application protocol112321 112333 wirless application protocol
112321 112333 wirless application protocolJAINIK PATEL
 
a-presentation-on-wireless-communication
a-presentation-on-wireless-communication a-presentation-on-wireless-communication
a-presentation-on-wireless-communicationjhcid
 
WebRTC Security
WebRTC SecurityWebRTC Security
WebRTC SecurityAlex Hunte
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTCQuobis
 
Wap architecture and wml script
Wap architecture and wml scriptWap architecture and wml script
Wap architecture and wml scriptishmecse13
 
FALLSEM2023-24_ITA1008_TH_VL2023240102332_2023-09-21_Reference-Material-I.pptx
FALLSEM2023-24_ITA1008_TH_VL2023240102332_2023-09-21_Reference-Material-I.pptxFALLSEM2023-24_ITA1008_TH_VL2023240102332_2023-09-21_Reference-Material-I.pptx
FALLSEM2023-24_ITA1008_TH_VL2023240102332_2023-09-21_Reference-Material-I.pptxBARATHSHARMA
 
Wireless application prorocol
Wireless application prorocolWireless application prorocol
Wireless application prorocol9535814851
 
WAP- Wireless Application Protocol
WAP- Wireless Application ProtocolWAP- Wireless Application Protocol
WAP- Wireless Application ProtocolSenthil Kanth
 
Telecommunication network2222
Telecommunication network2222Telecommunication network2222
Telecommunication network2222Chirag_pahuja
 

Similaire à Identifying How WAP Can Be Used For Secure mBusiness (20)

Wireless Application Protocol ppt
Wireless Application Protocol pptWireless Application Protocol ppt
Wireless Application Protocol ppt
 
Wireless application protocol
Wireless application protocolWireless application protocol
Wireless application protocol
 
112321 112333 wirless application protocol
112321 112333 wirless application protocol112321 112333 wirless application protocol
112321 112333 wirless application protocol
 
Wap ppt
Wap pptWap ppt
Wap ppt
 
Wap ppt
Wap pptWap ppt
Wap ppt
 
Mobile Communication
Mobile CommunicationMobile Communication
Mobile Communication
 
Wap model
Wap modelWap model
Wap model
 
a-presentation-on-wireless-communication
a-presentation-on-wireless-communication a-presentation-on-wireless-communication
a-presentation-on-wireless-communication
 
Wap
WapWap
Wap
 
WebRTC Security
WebRTC SecurityWebRTC Security
WebRTC Security
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTC
 
Mcpp113,16,33,41
Mcpp113,16,33,41Mcpp113,16,33,41
Mcpp113,16,33,41
 
Wap architecture and wml script
Wap architecture and wml scriptWap architecture and wml script
Wap architecture and wml script
 
WAP
WAPWAP
WAP
 
FALLSEM2023-24_ITA1008_TH_VL2023240102332_2023-09-21_Reference-Material-I.pptx
FALLSEM2023-24_ITA1008_TH_VL2023240102332_2023-09-21_Reference-Material-I.pptxFALLSEM2023-24_ITA1008_TH_VL2023240102332_2023-09-21_Reference-Material-I.pptx
FALLSEM2023-24_ITA1008_TH_VL2023240102332_2023-09-21_Reference-Material-I.pptx
 
Introduction to WAP
Introduction to WAPIntroduction to WAP
Introduction to WAP
 
It2402 mobile communication unit5
It2402 mobile communication unit5It2402 mobile communication unit5
It2402 mobile communication unit5
 
Wireless application prorocol
Wireless application prorocolWireless application prorocol
Wireless application prorocol
 
WAP- Wireless Application Protocol
WAP- Wireless Application ProtocolWAP- Wireless Application Protocol
WAP- Wireless Application Protocol
 
Telecommunication network2222
Telecommunication network2222Telecommunication network2222
Telecommunication network2222
 

Plus de Oliver Pfaff

Trends in IIoT and OT Security
Trends in IIoT and OT SecurityTrends in IIoT and OT Security
Trends in IIoT and OT SecurityOliver Pfaff
 
Web-of-Things and Services Security
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services SecurityOliver Pfaff
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
IT-Security@Contemporary Life
IT-Security@Contemporary LifeIT-Security@Contemporary Life
IT-Security@Contemporary LifeOliver Pfaff
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web SecurityOliver Pfaff
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?Oliver Pfaff
 
Does REST Change the Game for IAM?
Does REST Change the Game for IAM?Does REST Change the Game for IAM?
Does REST Change the Game for IAM?Oliver Pfaff
 
Trust in E- and M-Business - Advances Through IT-Security
Trust in E- and M-Business - Advances Through IT-SecurityTrust in E- and M-Business - Advances Through IT-Security
Trust in E- and M-Business - Advances Through IT-SecurityOliver Pfaff
 
Early Adopting Java WSIT-Experiences with Windows CardSpace
Early Adopting Java WSIT-Experiences with Windows CardSpaceEarly Adopting Java WSIT-Experiences with Windows CardSpace
Early Adopting Java WSIT-Experiences with Windows CardSpaceOliver Pfaff
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
Identity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityIdentity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityOliver Pfaff
 
State-of-the-Art in Web Services Federation
State-of-the-Art in Web Services FederationState-of-the-Art in Web Services Federation
State-of-the-Art in Web Services FederationOliver Pfaff
 
Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...
Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...
Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...Oliver Pfaff
 
Identity 2.0, Web services and SOA in Health Care
Identity 2.0, Web services and SOA in Health CareIdentity 2.0, Web services and SOA in Health Care
Identity 2.0, Web services and SOA in Health CareOliver Pfaff
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?Oliver Pfaff
 

Plus de Oliver Pfaff (17)

Trends in IIoT and OT Security
Trends in IIoT and OT SecurityTrends in IIoT and OT Security
Trends in IIoT and OT Security
 
Web-of-Things and Services Security
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services Security
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
IT-Security@Contemporary Life
IT-Security@Contemporary LifeIT-Security@Contemporary Life
IT-Security@Contemporary Life
 
OAuth Base Camp
OAuth Base CampOAuth Base Camp
OAuth Base Camp
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web Security
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?
 
Does REST Change the Game for IAM?
Does REST Change the Game for IAM?Does REST Change the Game for IAM?
Does REST Change the Game for IAM?
 
Analyzing OAuth
Analyzing OAuthAnalyzing OAuth
Analyzing OAuth
 
Trust in E- and M-Business - Advances Through IT-Security
Trust in E- and M-Business - Advances Through IT-SecurityTrust in E- and M-Business - Advances Through IT-Security
Trust in E- and M-Business - Advances Through IT-Security
 
Early Adopting Java WSIT-Experiences with Windows CardSpace
Early Adopting Java WSIT-Experiences with Windows CardSpaceEarly Adopting Java WSIT-Experiences with Windows CardSpace
Early Adopting Java WSIT-Experiences with Windows CardSpace
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
Identity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityIdentity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric Identity
 
State-of-the-Art in Web Services Federation
State-of-the-Art in Web Services FederationState-of-the-Art in Web Services Federation
State-of-the-Art in Web Services Federation
 
Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...
Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...
Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...
 
Identity 2.0, Web services and SOA in Health Care
Identity 2.0, Web services and SOA in Health CareIdentity 2.0, Web services and SOA in Health Care
Identity 2.0, Web services and SOA in Health Care
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?
 

Dernier

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Dernier (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Identifying How WAP Can Be Used For Secure mBusiness

  • 1. Identifying How WAP Can Be Used For Secure M-Business 3rd Wireless eBusiness Security Forum Barcelona. January 29-30, 2002
  • 2.
  • 3.
  • 4.
  • 5. WAP Generation 1 and 2 Stacks Bearer WDP WTLS WTP WSP Subnet IP TCP HTTP WSP WTP WTLS WDP Bearer Mobile device WAP gateway Web server TLS IP Subnet Mobile device WAP proxy Subnet TCP* TLS Subnet IP TCP* Subnet IP TCP Web server Generation 1: own protocol stack and presentation language Generation 2: alignment with Internet and WWW standards HTTP* IP TCP TLS HTTP Subnet IP TCP TLS HTTP HTTP* HTTP Remark: WAP 2.0 also supports transport proxies and IP routers as intermediate entities. WML over HTTP WBXML over WSP
  • 6.
  • 7.
  • 8. Timeline of WAP Security Specifications WAP 1.2 WAP 1.1 WAP 1.0 Dec. 99 Jun. 99 Apr. 98 WTLS (April, 98) WTLS (Feb., 99) Approved specification releases: WMLSCrypt (Nov., 99) WIM (Nov., 99) WTLS (Nov., 99) WAP 1.2.1 WTLS (Feb., 00) Jun. 00 Jul. 01 WMLSCrypt (Nov., 99) WIM (Feb., 00) WTLS (Apr., 01) WMLSCrypt (Jun., 01) WIM (Jul., 01) WAP 2.0 WPKI (Apr., 01) TLS (Apr., 01) E2ESec (Jun., 01) WAPCert (May, 01)
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25. Abbreviations 3GPP Third-Generation Partner Project AID Application ID ASN Abstract Syntax Notation CDMA Code Division Multiple Access cHTML compact HTML CMS Cryptographic Message Syntax DF Dedicated File DMZ De-Militarized Zone E2E End-to-End EF Elementary File GPRS General Packet Radio Service GSM Global System for Mobile Communications HTML HyperText Markup Language HTTP HyperText Transfer Protocol HTTP* Wireless profiled HTTP(interoperable with HTTP) https HTTP over SSL/TLS ICC Integrated Circuits Card ID Identifier IETF Internet Engineering Task Force IP Internet Protocol ISO International Standards Organization IT Information Technology MeT Mobile electronic Transactions MF Master File NTT Nippon Telegraph and Telephone OCSP Online Certificate Status Protocol PDA Personal Digital Assistant PKCS Public Key Cryptography Standards PKI Public Key Infrastructure PKIX PKI-X.509 PSTN Public Switched Telephone Network PTD Personal Trusted Device RFC Request For Comment SCONT Signed Content SCP Smart Card Platform SIM Subscriber Identity Module SSL Secure Sockets Layer TCP Transmission Control Protocol TCP* Wireless profiled TCP(interoperable with TCP) TDMA Time Division Multiple Access TLS Transport Layer Security UMTS Universal Mobile Telecommunications System USIM Universal SIM W3C World Wide Web Consortium WAP Wireless Application Protocol WAP-NG WAP Next Generation WBXML Wireless Binary XML WDP Wireless Datagram Protocol WIM Wireless Identity Module WML Wireless Markup Language WMLScript WML Script WPKI Wireless PKI WSP Wireless Session Protocol WTLS Wireless TLS WTP Wireless Transaction Protocol WWW World Wide Web XHTML eXtensible HTML XKMS XML Key Management Specification XML eXtensible Markup Language XMLDSig XML Digital Signatures XMLEnc XML Encryption
  • 26.
  • 27. Author Information Dr. Oliver Pfaff Siemens AG Information and Communication Networks Charles-De-Gaulle-Str. 2 D-81730 Munich E-Mail: oliver.pfaff@icn.siemens.de Telephone: +49.89.722.53227 Mobile: +49.172.8250805