Beruflich Dokumente
Kultur Dokumente
ROHAN PATTNAIK
in partial fulfilment for the award of the Degree of
Bachelor of Technology in
Electronics &CommunicationEngineering
DECLARATION
I hereby declare that this submission is my own work and that, to the best of my knowledge and belief, it contains no material previously published or written by another person nor material which has been accepted for the award of any other degree or diploma of the university or other institute of higher learning, except where due acknowledgment has been made in the text.
Place: Date:
JATNI
RohanPattnaik
Reg. No.: 0801307099
Certificate
This is to APPLICATION
of Technology
University of Technology
towards partial fulfilment for the award of the degree of Bachelor of Technology in the specialization of Electronics &Communication Engineering is a bonafide record of the work.
Seminar Coordinator
HOD (ECE)
ACKNOWLEDGMENTS
Foremost, I would like to express my sincere gratitude to Ms. DURGESH NANDINI DASHfor the continuous support of my BTech. studyand for his patience, motivation, enthusiasm, and immense knowledge. His guidance helped me a lot for my technical seminar. I could not have imagined having a better advisor and mentor for my BTech. Study.
My special thanks go to my parents and my friends, who have been supportive and caring throughout every step.
Signature of Student
ABSTRACT
WIRELESS APPLICATION PROTOCOL
Most of us are very familiar with the Internet and have witnessed a technological revolution in terms of the way we conduct business and manage our finances through Internet in computers. These services are now currently emerging on the wireless Internet, allowing people to access bank accounts , order goods and perform other services from their mobile phones and this is only possible due to WAP.It is a set of communication protocols that makes it possible to access the Internet via wireless devices such as mobile phones, PDAs etc. The Wireless Application Protocol (WAP) is a protocol stack for wireless communication networks. WAP uses WTLS, a wireless variant of the SSL/TLS protocol, to secure the communication between the mobile phone and other parts of the WAP architecture. This paper describes the security architecture of WAP and some important properties of the WTLS protocol. There are however some security problems with WAP and the WTLS protocol. Privacy, data protection and integrity are not always provided. Users and developers of WAP-applications should be aware of this. In this paper, we address the security weaknesses of WAP and WTLS and propose some countermeasures and good practices when using WAP. We conclude with advising when to use WAP and when not. The Wireless Application Protocol (WAP) is a result of continuous work to define an industry wide specification fordeveloping applications that operate over wireless communication networks. The scope for the WAP Forum is to definea set of specifications to be used by service applications. The wireless market is growing very quickly, reaching newcustomers and providing new services. To enable operators and manufacturers to meet the challenges in advancedservices, differentiation, and fast/flexible service creation, WAP selects and defines a set of open, extensible protocolsand content formats as a basis for interoperable implementations.
LIST OF FIGURES
FIGURE NAME
WAP Architecture Wireless protocol stack WAP gateway Block diagram of WML WML example
PAGE NO
4 5 9 11 12
CONTENTS
CHAPTERS TOPIC NAMES
LIST OF FIGURES CHAPTER 1 CHAPTER 2 CHAPTER 3 CHAPTER 4 CHAPTER 5 CHAPTER 6 CHAPTER 7 CHAPTER 8 CHAPTER 9 CHAPTER 10 CHAPTER 11 INTRODUCTION HISTORY ARCHITECTURE WIRELESS PROTOCOL STACK FUNCTIONS OF PROTOCOLS WAP GATEWAY WIRELESS MARKUP LANGUAGE ADVANTAGES AND DISADVANTAGES APPLICATIONS CONCLUSION REFERENCES
PAGE
1 2 3 4 5 6-8 9 10-12 13 14 15 16
INTRODUCTION
Most of us are very familiar with the Internet and have witnessed a technological revolution in terms of the way we conduct business and manage our finances through Internet in computers. These services are now currently emerging on the wireless Internet, allowing people to access bank accounts, order goods and perform other services from their mobile phones and this is only possible due to WAP.As mobile phones become increasingly popular day by day, invention of this technology (WAP) could become the greatest invention in this upcoming decade.The WAP solution leverages the tremendousinvestment in web servers, web development tools, web programmers and web applications while solving the unique problems associated with the wireless domain. The WAP specification is developed and supported by the wireless telecommunication community so that theentire industry and its subscribers can benefit from a single, open specification.WAP is the technology that makes it possible to link wireless devices to the Internet by translating internet information so it can be displayed on the screen of mobile phone or other devices.WAP is an attempt to define the standards for how content from the Internet is filtered for mobile communications. Content is now readily available on the Internet and WAP was designed as the way of making it easily available on mobile phones. In the modern society, information and access to information is getting more and more important. During the last couple of years, there is a strong tendency towards mobility. This implies an increasing need for being online and having access to information all the time. Browsing on the Internet is not restricted anymore to desktop computers; people can now also use their mobile phones or PDA. This is done by WAP, the Wireless Application Protocol. WAP is a protocol stack for wireless communication networks, specified by the WAP forum. The WAP forum is currently part of the Open Mobile Alliance.WAP is essentially a wireless equivalent to the Internet protocol stack (TCP/IP). A big advantage of WAP is that it is bearer independent. The most common bearer is currently GSM, but also a PDA or a third generation mobile phone can be used. In the rest of the paper, we will assume that a mobile phone is used to browse on the Internet.
HISTORY
WAP's development began during the middle of the 1990's.During this period the two major manufactures; Nokia and Ericsson were interested in providing such sophisticated technologies to gain a competitive advantage in the mobile information market by developing their own specialized technologies.Finally in 1997 the WAP forum was founded. This group produced the WAP specification-a detailed series of technical documents that define standards for implementing wireless network applications. Later hundreds of industry firms have given strong backing to the WAP Forum, so that the WAP technology should become widely adopted and well used .The forums main aim was to bring together the various technologies by a standardized protocol named WAP which is accepted worldwide. WAP 2 is the first major revision since 1998. The problems solved by WAP include the following:
Protocol mismatchUnlike the Internet, mobile networks (such as GSM and TDMA) are not inherently IP-based; they do not support the protocol of the Internet. Device limitationsMobile devices (cellular phones, pagers, and palmtops) are not ideal Web clients. UsabilityUsability is an issue, particularly with the limited size of mobile phones and pagers.
To address these issues, WAP defines a set of optimized protocols that can run over a wide variety of underlying cellular networks. It also specifies an application environment suited to small handled devices, including a display markup language (Wireless Markup Language, WML) and associated scripting language (WMLScript).
ARCHITECHTURE
First the mobile user enters the URL through the WAP site. Then the URL request is converted in to a binary WSP request. This WSP protocol helps in conserving the bandwidth by compressing the data in to a binary format because the mobile phonesoperate in a given frequency range based on its access technologies. After this process mobile sends the WSP request to the WAP gateway. The WAP gateway converts the WSP request in to an equivalent HTTP request. The HTTP request is sent through the internet. The data then passes through the firewall where unnecessary data are left out and only necessary data are sent to the main application server.After receiving the data server creates a WML page. After the creation of the WML page, server sends a request to the WAP gateway. Gateway converts the WML page in to a binary WML page. This binary WML page is sent to the mobile throughWSP protocol. Mobile converts the binary WML in to text WML and displays the web page.
Although the WAP protocol mirrors Internet standards to a great degree, it is almost completely incompatible with them. Because of this incompatibility, WAP devices cannot communicate directly with WWW servers. The WAP protocols must first be translated from their WAP formats to the protocols send by the WWW. This is why every WAP device needs to communicate with a WAP gateway in orderto request WML pages. The WAP translate the WAP binary protocols into the HTTP text protocol that the World Wide Web servers use. This lightweight protocol stack minimizes bandwidth requirements, helping and assuring that a variety of networks can run WAP applications. WAP protocols conserve wireless bandwidth by reducing the number of communications that typically pass between the content provider and the browser. In HTTP/TCP/IP interactions, there are typically 17 messages back and forth in order to display a page.
FUNCTIONS OF PROTOCOLS
WIRELESS APPLICATIONENVIRONMENT (WAE)WAPS applications layer is the Wireless Application Environment (WAE). WAE directly supports WAP application development with Wireless Markup Language (WML) instead of HTML and WML Script instead of JavaScript. WAE also includes the Wireless Telephony Application Interface (WTAI, or WTA for short) that provides a programming interface to telephone for initiating calls, sending text messages, and other networking capability.
WIRELESS SESSION PROTOCOL (WSP)The WAP session protocol (WSP) layer provides a lightweight session layer to allow efficient exchange of data between applications. WSP is the equivalent to HTTP for WAP browsers. WAP involves browsers and servers just like the WEB, but HTTP was not a practical choice for WAP because of its relative inefficiency on the wire. WSP conserves precious bandwidth on wireless links; in particular, WSP works with relatively compact binary data where HTTP works mainly with text data. WSP is responsible for two different types of functionality. The first is to create a session between the WAP client and the WAP gateway.
Wireless Transaction Protocol (WTP)The WAP transaction protocol (WTP) layer provides transaction support, adding reliability to the datagram service provided by WDP. WTPs job is to make sure that packets sent via WDP actually arrive at their destination. It does this by waiting for an ACK or acknowledgement packet sent the other side must explicitly acknowledge using WTP. If an acknowledgement packet is not received within a specific time window, WTP will resend the packet. Unacknowledged packets will be resend for a certain number of times until an error is generated if no acknowledgement is received.
Wireless Transport Layer Security (WTLS)The WAP Transaction Layer Security, WTLS, is a session oriented, secure protocol layer patterned after the webs Secure Session Layer (SSL) and Transaction Layer Security (TLS) protocols. The WTLS layer is optional and is independent of the layers above and below it.It provides data integrity and privacy to the datas during the communication process so that no modification can be done and no third party can read those datas. It also provides security to the datas. One unique feature of WTLS is the ability of both client and server to independently recalculate encryption key information based in an embedded sequence number. WTLS is thus optimized to minimize information exchange between client and server. There are three levels of WTLS secure sessions. Level one is anonymous encryption where neither client nor server is authenticated. Level two supports server certificates where clients authenticate the server. Level three supports client certificates where the server can authenticate the client. WTLS supports three certificate types: x.509, WTLS, and x.968. The WTLS certificate format is unique to WAP and is designed to minimize informationtransfer. The x.509 certificate is the same format as that used on the web in SSL andTLS transactions. And the x.968 format is currently not fully specified, but will besupported in the future. WTLS is compatible with both WSP/B and WSP with WTPand can is activated as an additional protocol layer between either of these higher layers and the WDP protocol.
WIRELESS DATAGRAM PROTOCOL (WDP)The WAP Datagram Protocol, WDP, is a datagram oriented, network layer protocol modeled after the User Datagram Protocol (UDP) used on the Internet. UDP is a member of the TCP/IP protocol suite and is a simple, best effort data delivery protocol. On those networks where Internet protocols are present, WDP and UDP are identical. On networks where UDP is not available, WAP defines a UDP equivalent. These UDP equivalents are known as mappings. The currently defined mappings create the equivalent of UDP over SMS, USSD, and other mobile data transports. WDP makes no attempt to confirm delivery, resend lost packets, or correct errors in transmission. This is left to the higher layer protocols.WDP Protocol Provides Physical Communication between the mobile phones and the Base Stations. The WDP layer operates above the data capable bearer services supportedby the various network types. As a general datagram service, WDP offers a consistentservice to the upper layer protocol (Security, Transaction and Session) of WAP andcommunicate transparently over one of the available bearer services. Since the WDPprotocols provide a common interface to the upper layer protocols, they are able tofunction independently of the underlying wireless network. This is accomplished byadapting the transport layer to specific features of the underlying bearer. The WAP Datagram Protocol, WDP, is a datagram oriented, network layer protocol modeled after the User Datagram Protocol (UDP) used on the Internet. UDP is a member of the TCP/IP protocol suite and is a simple, "best effort" data delivery protocol. On those networks where Internet protocols are present, WDP and UDP are identical. On networks where UDP is not available, WAP defines a UDP equivalent. These UDP equivalents are known as "mappings". The currently defined mappings create the equivalent of UDP over SMS, USSD, and other mobile data transports. WDP makes no attempt to confirm delivery, resend lost packets, or correct errors in transmission. This isleft to the higher layer protocols.
WAP GATEWAY
When the mobile device wants to connect to the Internet, all the communication passes through the WAP gateway. This WAP gateway translates all the protocols used in WAP to the protocols used on the Internet. For example, the WAP proxy encodes (and decodes) the content to reduce theSize of the data that has been sent over the wireless link. Another example is the WTLS protocol. The communication between the mobile device and the WAP gateway is secured with WTLS. WTLS is only used between the mobile device and the WAP gateway, while SSL/TLS can be used between the gateway and the Internet. This means that the WAP gateway first has to decrypt the encrypted WTLS-traffic and then has to encrypt it again (using SSL/TLS). A WAP Gate way is an intermediary between the Internet and the mobile phone network. When we send information from Mobile phone to the Internet, it goes to WAP Gateway and it converts our WAP request from the Mobile phone into a Web request. And also, a WAP Gateway converts a web request when sending information from Internet to mobile phone so that all WAP enabled device can receive them.
WML EXAMPLE
It Supports most wireless networks (like: CDMA, GSM, etc). It can be built on any operating system.
DISADVANTAGES
It cannotprovide services for a long period of time. Speed of accessingis slow.
It is very difficult to keep the phones up-to-date with new WAP services.
APPLICATIONS
Electronic mail
Wireless-network-based e-mail is becoming a popular application available now. In order to provide a high level of customer service, mobile workers and sales professionals must stay in touch with home offices and customers. This is possible only through wireless network support. These applications allow members of a workgroup to access information on workgroup calendaring, status of collaborative projects, research and development, time and expense reporting, customer service and other activities where multiple members of a workgroup participate in approval process.Because many of these people are mobile, they need to access this information wirelessly from the field or from their vehicles while they are moving from customer to customer.
Banking
Many banking industry customers are developing wireless applications to improve bottom-line costs. Even the big banks are realizing that their sales people must leave their offices to sell directly to customers. The features provided include: Wireless banking transactions - account balance, funds transfer, bill payment Sales Professional Automation in financial industry Credit card authorization via POS terminals equipped with wireless adapters
Stock Trading
The New York stock exchange has made a significant change to the classical methods used by traders in the past. This includes: Hand-held PDAs connected to wireless networks, accessing information from stock exchange servers. Wireless mobile computing trading from Pocket PC by large active investors.
CONCLUSION
WAP enables mobile phones to browse on the internet. It is the wireless equivalent to TCP/IP and has the big advantage of being bearer independent. The security architecture of WAP consists of three parts: the mobile phone, the WAP gateway and the Internet. The communication between the mobile phone and the gateway is protected by WTLS, a wireless version of SSL/TLS, while the traffic from the gateway to the Internet can be protected by SSL/TLS. The WAP gateway decrypts all the WTLS traffic and encrypts all the SSL/TLS traffic. From a security point of view, this means that the gateway should be considered as an entity-in-the-middle. It is due to this fact that both the user and the web server on the Internet have to trust the WAP gateway. As this is not always the case, solutions have been searched for to avoid this entity-in-the-middle. All these solutions have some disadvantages: The user has to configure his own system (choose the WAP gateway) or all the WAP gateways and servers have to be upgraded. There is a need for easier solutions. Until better solutions are found, it is a good idea to be cautious when using WAP. When you want to execute some sensitive application (like electronic banking), it is maybe a good idea not to use WAP. For other applications, WAP is a nice and ingenious technology. In the past few months, a number of sites such as Rediff.com, Clubgreetings.com and Sharekhan.com have come out with WAP versions, offering a range of services from daily news, stock quotes and weather reports to airline schedules, restaurant listings, ecards and e-mail to people on the move. All the players hope to be able to take a fair share of the WAP market once it takes off, hopefully by the end of this year. Even so, issues such as low mobile phone penetration, small screen size, low memory of phones and smaller bandwidth continue to dampen this optimism. The major mobile operators providing mobile Internet services in India at present are Orange, Airtel and Tata Cellular. And in a few months, probably all the major mobile operators in this country would have enabled their cellular phones to connect to the WAP-enabled Internet sites.
REFERENCES