From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

Jump to: navigation, search

Wireless Transport Layer Security (WTLS) is the security layer of WAP, providing privacy, data integrity and authentication for WAP services. WTLS, designed specifically for the wireless environment, is needed because the client and the server must be authenticated in order for wireless transactions to remain secure and because the connection needs to be encrypted. For example, a user making a transaction with a bank over a wireless device needs to know that the connection is secure and private and not subject to a security breach during transfer (sometimes referred to as a man-in-the-middle attack). WTLS is needed because mobile networks do not provide complete end-to-end security.

WTLS is based on the widely used TLS v1.0 security layer used in Internet. Because of the nature of wireless transmissions, modifications were made to the TLS v1.0 in order to accommodate for wireless' low bandwidth, datagram connection, limited processing power and memory capacity, and cryptography exporting restrictions.

Show above is the WAP stack. As you can see, it is quite similar to the standard TCP stack.

The typical workflow in WAP communication is shown in the figure above.

WAP Server WTLS certificates

A WAP server WTLS certificate is a certificate that authenticates the identity of a WAP site to visiting micro-browsers found in many mobile phones on the market. When a micro-browser user wants to send confidential information to a WAP server, the micro-browser will access the server's digital certificate. The certificate, which contains the WAP server's public key, will be used by the micro-browser to:

  • Authenticate the identity of the WAP server and
  • Encrypt information for the server using the WTLS protocol

Since the WAP server is the only one with access to its private key, only the server can decrypt the information. This is how the information remains confidential and tamper-proof while in transit across the Internet.

Attacks on the WTLS Protocol


See Also

External Links