WIRELESS APPLICATION PROTOCOL

Seminar Report Submitted by

ROHAN PATTNAIK
in partial fulfilment for the award of the Degree of

Bachelor of Technology in
Electronics &CommunicationEngineering

Dept. of Electronic & Communication System

Centurion Institute of Technology

CENTURION UNIVERSITY OF TECHNOLOGY & MANAGEMENT, Jatni

DECLARATION
I hereby declare that this submission is my own work and that, to the best of my knowledge and belief, it contains no material previously published or written by another person nor material which has been accepted for the award of any other degree or diploma of the university or other institute of higher learning, except where due acknowledgment has been made in the text.

Place: Date:

JATNI

RohanPattnaik
Reg. No.: 0801307099

Certificate

This is to APPLICATION

certify that seminarentitled WIRELESS PROTOCOL submitted by ROHAN

PATTNAIK bearing Reg. No: 0801307099 to Centurion Institute

of Technology

under Biju Pattnaik

University of Technology

towards partial fulfilment for the award of the degree of Bachelor of Technology in the specialization of Electronics &Communication Engineering is a bonafide record of the work.

Seminar Coordinator

HOD (ECE)

ACKNOWLEDGMENTS

Foremost, I would like to express my sincere gratitude to Ms. DURGESH NANDINI DASHfor the continuous support of my BTech. studyand for his patience, motivation, enthusiasm, and immense knowledge. His guidance helped me a lot for my technical seminar. I could not have imagined having a better advisor and mentor for my BTech. Study.

My special thanks go to my parents and my friends, who have been supportive and caring throughout every step.

Signature of Student

ABSTRACT
WIRELESS APPLICATION PROTOCOL
Most of us are very familiar with the Internet and have witnessed a technological revolution in terms of the way we conduct business and manage our finances through Internet in computers. These services are now currently emerging on the wireless Internet, allowing people to access bank accounts , order goods and perform other services from their mobile phones and this is only possible due to WAP.It is a set of communication protocols that makes it possible to access the Internet via wireless devices such as mobile phones, PDAs etc. The Wireless Application Protocol (WAP) is a protocol stack for wireless communication networks. WAP uses WTLS, a wireless variant of the SSL/TLS protocol, to secure the communication between the mobile phone and other parts of the WAP architecture. This paper describes the security architecture of WAP and some important properties of the WTLS protocol. There are however some security problems with WAP and the WTLS protocol. Privacy, data protection and integrity are not always provided. Users and developers of WAP-applications should be aware of this. In this paper, we address the security weaknesses of WAP and WTLS and propose some countermeasures and good practices when using WAP. We conclude with advising when to use WAP and when not. The Wireless Application Protocol (WAP) is a result of continuous work to define an industry wide specification fordeveloping applications that operate over wireless communication networks. The scope for the WAP Forum is to definea set of specifications to be used by service applications. The wireless market is growing very quickly, reaching newcustomers and providing new services. To enable operators and manufacturers to meet the challenges in advancedservices, differentiation, and fast/flexible service creation, WAP selects and defines a set of open, extensible protocolsand content formats as a basis for interoperable implementations.

LIST OF FIGURES
FIGURE NAME
WAP Architecture Wireless protocol stack WAP gateway Block diagram of WML WML example

PAGE NO
4 5 9 11 12

CONTENTS
CHAPTERS TOPIC NAMES
LIST OF FIGURES CHAPTER 1 CHAPTER 2 CHAPTER 3 CHAPTER 4 CHAPTER 5 CHAPTER 6 CHAPTER 7 CHAPTER 8 CHAPTER 9 CHAPTER 10 CHAPTER 11 INTRODUCTION HISTORY ARCHITECTURE WIRELESS PROTOCOL STACK FUNCTIONS OF PROTOCOLS WAP GATEWAY WIRELESS MARKUP LANGUAGE ADVANTAGES AND DISADVANTAGES APPLICATIONS CONCLUSION REFERENCES

PAGE
1 2 3 4 5 6-8 9 10-12 13 14 15 16

INTRODUCTION
Most of us are very familiar with the Internet and have witnessed a technological revolution in terms of the way we conduct business and manage our finances through Internet in computers. These services are now currently emerging on the wireless Internet, allowing people to access bank accounts, order goods and perform other services from their mobile phones and this is only possible due to WAP.As mobile phones become increasingly popular day by day, invention of this technology (WAP) could become the greatest invention in this upcoming decade.The WAP solution leverages the tremendousinvestment in web servers, web development tools, web programmers and web applications while solving the unique problems associated with the wireless domain. The WAP specification is developed and supported by the wireless telecommunication community so that theentire industry and its subscribers can benefit from a single, open specification.WAP is the technology that makes it possible to link wireless devices to the Internet by translating internet information so it can be displayed on the screen of mobile phone or other devices.WAP is an attempt to define the standards for how content from the Internet is filtered for mobile communications. Content is now readily available on the Internet and WAP was designed as the way of making it easily available on mobile phones. In the modern society, information and access to information is getting more and more important. During the last couple of years, there is a strong tendency towards mobility. This implies an increasing need for being online and having access to information all the time. Browsing on the Internet is not restricted anymore to desktop computers; people can now also use their mobile phones or PDA. This is done by WAP, the Wireless Application Protocol. WAP is a protocol stack for wireless communication networks, specified by the WAP forum. The WAP forum is currently part of the Open Mobile Alliance.WAP is essentially a wireless equivalent to the Internet protocol stack (TCP/IP). A big advantage of WAP is that it is bearer independent. The most common bearer is currently GSM, but also a PDA or a third generation mobile phone can be used. In the rest of the paper, we will assume that a mobile phone is used to browse on the Internet.

HISTORY
WAP's development began during the middle of the 1990's.During this period the two major manufactures; Nokia and Ericsson were interested in providing such sophisticated technologies to gain a competitive advantage in the mobile information market by developing their own specialized technologies.Finally in 1997 the WAP forum was founded. This group produced the WAP specification-a detailed series of technical documents that define standards for implementing wireless network applications. Later hundreds of industry firms have given strong backing to the WAP Forum, so that the WAP technology should become widely adopted and well used .The forums main aim was to bring together the various technologies by a standardized protocol named WAP which is accepted worldwide. WAP 2 is the first major revision since 1998. The problems solved by WAP include the following:

Protocol mismatchUnlike the Internet, mobile networks (such as GSM and TDMA) are not inherently IP-based; they do not support the protocol of the Internet. Device limitationsMobile devices (cellular phones, pagers, and palmtops) are not ideal Web clients. UsabilityUsability is an issue, particularly with the limited size of mobile phones and pagers.

To address these issues, WAP defines a set of optimized protocols that can run over a wide variety of underlying cellular networks. It also specifies an application environment suited to small handled devices, including a display markup language (Wireless Markup Language, WML) and associated scripting language (WMLScript).

ARCHITECHTURE

First the mobile user enters the URL through the WAP site. Then the URL request is converted in to a binary WSP request. This WSP protocol helps in conserving the bandwidth by compressing the data in to a binary format because the mobile phonesoperate in a given frequency range based on its access technologies. After this process mobile sends the WSP request to the WAP gateway. The WAP gateway converts the WSP request in to an equivalent HTTP request. The HTTP request is sent through the internet. The data then passes through the firewall where unnecessary data are left out and only necessary data are sent to the main application server.After receiving the data server creates a WML page. After the creation of the WML page, server sends a request to the WAP gateway. Gateway converts the WML page in to a binary WML page. This binary WML page is sent to the mobile throughWSP protocol. Mobile converts the binary WML in to text WML and displays the web page.

WIRELESS PROTOCOL STACK

Although the WAP protocol mirrors Internet standards to a great degree, it is almost completely incompatible with them. Because of this incompatibility, WAP devices cannot communicate directly with WWW servers. The WAP protocols must first be translated from their WAP formats to the protocols send by the WWW. This is why every WAP device needs to communicate with a WAP gateway in orderto request WML pages. The WAP translate the WAP binary protocols into the HTTP text protocol that the World Wide Web servers use. This lightweight protocol stack minimizes bandwidth requirements, helping and assuring that a variety of networks can run WAP applications. WAP protocols conserve wireless bandwidth by reducing the number of communications that typically pass between the content provider and the browser. In HTTP/TCP/IP interactions, there are typically 17 messages back and forth in order to display a page.

FUNCTIONS OF PROTOCOLS
WIRELESS APPLICATIONENVIRONMENT (WAE)WAPS applications layer is the Wireless Application Environment (WAE). WAE directly supports WAP application development with Wireless Markup Language (WML) instead of HTML and WML Script instead of JavaScript. WAE also includes the Wireless Telephony Application Interface (WTAI, or WTA for short) that provides a programming interface to telephone for initiating calls, sending text messages, and other networking capability.

WIRELESS SESSION PROTOCOL (WSP)The WAP session protocol (WSP) layer provides a lightweight session layer to allow efficient exchange of data between applications. WSP is the equivalent to HTTP for WAP browsers. WAP involves browsers and servers just like the WEB, but HTTP was not a practical choice for WAP because of its relative inefficiency on the wire. WSP conserves precious bandwidth on wireless links; in particular, WSP works with relatively compact binary data where HTTP works mainly with text data. WSP is responsible for two different types of functionality. The first is to create a session between the WAP client and the WAP gateway.

Wireless Transaction Protocol (WTP)The WAP transaction protocol (WTP) layer provides transaction support, adding reliability to the datagram service provided by WDP. WTPs job is to make sure that packets sent via WDP actually arrive at their destination. It does this by waiting for an ACK or acknowledgement packet sent the other side must explicitly acknowledge using WTP. If an acknowledgement packet is not received within a specific time window, WTP will resend the packet. Unacknowledged packets will be resend for a certain number of times until an error is generated if no acknowledgement is received.

Wireless Transport Layer Security (WTLS)The WAP Transaction Layer Security, WTLS, is a session oriented, secure protocol layer patterned after the webs Secure Session Layer (SSL) and Transaction Layer Security (TLS) protocols. The WTLS layer is optional and is independent of the layers above and below it.It provides data integrity and privacy to the datas during the communication process so that no modification can be done and no third party can read those datas. It also provides security to the datas. One unique feature of WTLS is the ability of both client and server to independently recalculate encryption key information based in an embedded sequence number. WTLS is thus optimized to minimize information exchange between client and server. There are three levels of WTLS secure sessions. Level one is anonymous encryption where neither client nor server is authenticated. Level two supports server certificates where clients authenticate the server. Level three supports client certificates where the server can authenticate the client. WTLS supports three certificate types: x.509, WTLS, and x.968. The WTLS certificate format is unique to WAP and is designed to minimize informationtransfer. The x.509 certificate is the same format as that used on the web in SSL andTLS transactions. And the x.968 format is currently not fully specified, but will besupported in the future. WTLS is compatible with both WSP/B and WSP with WTPand can is activated as an additional protocol layer between either of these higher layers and the WDP protocol.

WIRELESS DATAGRAM PROTOCOL (WDP)The WAP Datagram Protocol, WDP, is a datagram oriented, network layer protocol modeled after the User Datagram Protocol (UDP) used on the Internet. UDP is a member of the TCP/IP protocol suite and is a simple, best effort data delivery protocol. On those networks where Internet protocols are present, WDP and UDP are identical. On networks where UDP is not available, WAP defines a UDP equivalent. These UDP equivalents are known as mappings. The currently defined mappings create the equivalent of UDP over SMS, USSD, and other mobile data transports. WDP makes no attempt to confirm delivery, resend lost packets, or correct errors in transmission. This is left to the higher layer protocols.WDP Protocol Provides Physical Communication between the mobile phones and the Base Stations. The WDP layer operates above the data capable bearer services supportedby the various network types. As a general datagram service, WDP offers a consistentservice to the upper layer protocol (Security, Transaction and Session) of WAP andcommunicate transparently over one of the available bearer services. Since the WDPprotocols provide a common interface to the upper layer protocols, they are able tofunction independently of the underlying wireless network. This is accomplished byadapting the transport layer to specific features of the underlying bearer. The WAP Datagram Protocol, WDP, is a datagram oriented, network layer protocol modeled after the User Datagram Protocol (UDP) used on the Internet. UDP is a member of the TCP/IP protocol suite and is a simple, "best effort" data delivery protocol. On those networks where Internet protocols are present, WDP and UDP are identical. On networks where UDP is not available, WAP defines a UDP equivalent. These UDP equivalents are known as "mappings". The currently defined mappings create the equivalent of UDP over SMS, USSD, and other mobile data transports. WDP makes no attempt to confirm delivery, resend lost packets, or correct errors in transmission. This isleft to the higher layer protocols.

WAP GATEWAY

When the mobile device wants to connect to the Internet, all the communication passes through the WAP gateway. This WAP gateway translates all the protocols used in WAP to the protocols used on the Internet. For example, the WAP proxy encodes (and decodes) the content to reduce theSize of the data that has been sent over the wireless link. Another example is the WTLS protocol. The communication between the mobile device and the WAP gateway is secured with WTLS. WTLS is only used between the mobile device and the WAP gateway, while SSL/TLS can be used between the gateway and the Internet. This means that the WAP gateway first has to decrypt the encrypted WTLS-traffic and then has to encrypt it again (using SSL/TLS). A WAP Gate way is an intermediary between the Internet and the mobile phone network. When we send information from Mobile phone to the Internet, it goes to WAP Gateway and it converts our WAP request from the Mobile phone into a Web request. And also, a WAP Gateway converts a web request when sending information from Internet to mobile phone so that all WAP enabled device can receive them.

WIRELESS MARKUP LANGUAGE

WML stands for Wireless Markup Language which is a programming language which is derived from HTML and also a subset extensible markup language (XML) especially for wireless network characteristics.WML allows developers to specify the format and presentation of text, the hierarchies of pages, and to link the pages. The hierarchies of these pages are called decks, the individual pages are called cards. It is a markup language based on XML and is used to specify the format and presentation of text, hierarchies of screens (known as deck), and hyperlinks between those screens (or cards). Because mobile phones are not as powerful as computers and certainly do not have as large screens (or cards). because mobile phones are not as powerful as computers and certainly do not have as large screens, the code has to take on a special reduced form a deck. A deck is comprised of a series of cards because mobile phones have very little memory, you have to display all of your information as little chunks. These are cards. A group Of these chunks (cards) is called a deck. A WAP enabled browser will deduce that to WML document i.e.; a deck. And apart from WML there is WML Script (Wireless Markup Language Script) which is used to produce dynamic content, WML produces only static content, WML produces only static content and by using WMLScript we can develop dynamic content. Just as JavaScript allows client side processing for use with HTML, WMLScript (Wireless Markup Language Script) is a client side script language for use with WML. JavaScript can be used to make the pages more dynamic, and to perform advanced mathematical calculations in HTML pages. WMLScript is very similar to JavaScript and therefore easy to learn for those who have used that before. WMLScript is actually based on ECMAScript (which is based on Netscapes JavaScript language), however it has been modified in places to support low bandwidth communications and thin clients.

BLOCK DIAGRAM OF WML

WML EXAMPLE

ADVANTAGES AND DISADVANTAGES

ADVANTAGES
User Experience: WAP aims to enhance the user experience by addressing characteristics of wireless environment: Narrow bandwidth connection. Devices with small screens, Limited battery use without recharging, Limited memory, and Limited processing power. Cost and Application Development Time Reduction: New services can be added quickly and at a lower cost. It provides secure access to relevant Internet information and services such for example messaging, banking, and entertainment.

It Supports most wireless networks (like: CDMA, GSM, etc). It can be built on any operating system.

DISADVANTAGES
It cannotprovide services for a long period of time. Speed of accessingis slow.

It is very difficult to keep the phones up-to-date with new WAP services.

APPLICATIONS
Electronic mail
Wireless-network-based e-mail is becoming a popular application available now. In order to provide a high level of customer service, mobile workers and sales professionals must stay in touch with home offices and customers. This is possible only through wireless network support. These applications allow members of a workgroup to access information on workgroup calendaring, status of collaborative projects, research and development, time and expense reporting, customer service and other activities where multiple members of a workgroup participate in approval process.Because many of these people are mobile, they need to access this information wirelessly from the field or from their vehicles while they are moving from customer to customer.

Mobile data collection

These solutions are based on some sort of handheld device scanning information on an item and either storing it locally or transmitting it to a central processor. The device might range from simple portable bar code readers to more sophisticated PDTs with RF capability that will read information from various devices and send this information automatically through wireless local area networks or wide area networks.

Banking
Many banking industry customers are developing wireless applications to improve bottom-line costs. Even the big banks are realizing that their sales people must leave their offices to sell directly to customers. The features provided include: Wireless banking transactions - account balance, funds transfer, bill payment Sales Professional Automation in financial industry Credit card authorization via POS terminals equipped with wireless adapters

Stock Trading
The New York stock exchange has made a significant change to the classical methods used by traders in the past. This includes: Hand-held PDAs connected to wireless networks, accessing information from stock exchange servers. Wireless mobile computing trading from Pocket PC by large active investors.

CONCLUSION
WAP enables mobile phones to browse on the internet. It is the wireless equivalent to TCP/IP and has the big advantage of being bearer independent. The security architecture of WAP consists of three parts: the mobile phone, the WAP gateway and the Internet. The communication between the mobile phone and the gateway is protected by WTLS, a wireless version of SSL/TLS, while the traffic from the gateway to the Internet can be protected by SSL/TLS. The WAP gateway decrypts all the WTLS traffic and encrypts all the SSL/TLS traffic. From a security point of view, this means that the gateway should be considered as an entity-in-the-middle. It is due to this fact that both the user and the web server on the Internet have to trust the WAP gateway. As this is not always the case, solutions have been searched for to avoid this entity-in-the-middle. All these solutions have some disadvantages: The user has to configure his own system (choose the WAP gateway) or all the WAP gateways and servers have to be upgraded. There is a need for easier solutions. Until better solutions are found, it is a good idea to be cautious when using WAP. When you want to execute some sensitive application (like electronic banking), it is maybe a good idea not to use WAP. For other applications, WAP is a nice and ingenious technology. In the past few months, a number of sites such as Rediff.com, Clubgreetings.com and Sharekhan.com have come out with WAP versions, offering a range of services from daily news, stock quotes and weather reports to airline schedules, restaurant listings, ecards and e-mail to people on the move. All the players hope to be able to take a fair share of the WAP market once it takes off, hopefully by the end of this year. Even so, issues such as low mobile phone penetration, small screen size, low memory of phones and smaller bandwidth continue to dampen this optimism. The major mobile operators providing mobile Internet services in India at present are Orange, Airtel and Tata Cellular. And in a few months, probably all the major mobile operators in this country would have enabled their cellular phones to connect to the WAP-enabled Internet sites.

REFERENCES

http://www.wapforum.org http://developer.phone.com http://forum.nokia.com http://mobileinternet.ericsson.se http://www.developer.ericsson.com.au http://www.winwap.com http://www.microsoft.com/mobile/phones/ http://www.nttdocomo.com