Princess Nora Bint Abdulrahman University College of computer

Prepared by Dr. Samia Chelloug

E-mail: [email protected]

Princess Nora Bint Abdulrahman

University

College of computer and information

sciences

Networks department

Networks Security (NET 536)

Content

1. Basics of computer and network security.

2. Impact of network architecture on network security.

3. Basics of network design.

4. Firewalls and virtual private networks.

5. Internet and wireless network security.

6. Impact of operating systems models on network security.

7. How to secure an application?

References

William Stallings, ‘Cryptography and

Network Security: Principles and practice’,

Fifth edition, 2011.

Part 6 : Wireless application protocol

• WAP: universal, open standard developed by the

WAP Forum.

• Provides mobile users of wireless phones and other

wireless terminals access to telephony and

information services, including the Internet and the

Web.

• WAP is designed to work with all wireless network

technologies (e.g., GSM,CDMA,and TDMA).

• The WAP Programming Model is based on three

elements: the client, the gateway, and the original

server.

Wireless application protocol


• HTTP is used between the gateway and the original

server to transfer content.

• The gateway acts as a proxy server for the wireless

domain.

• The gateway provides DNS services, converts

between WAP protocol stack and the WWW stack

(HTTP and TCP/IP), encodes information from the

Web into a more compact form that minimizes

wireless communication, and in the other direction,

decodes the compacted form into standard Web

communication conventions. The gateway also

caches frequently requested information.



• Using WAP, a mobile user can browse Web content

on an ordinary Web server.

• The Web server provides content in the form of

HTML-coded pages that are transmitted using the

standard Web protocol stack (HTTP/TCP/IP).

• The HTML content must go through an HTML filter,

which either may be colocated with the WAP proxy

or in a separate physical module.

• The filter translates the HTML content into WML

content. If the filter is separate from the proxy,

HTTP/TCP/IP is used to deliver the WML to the

proxy.


• The proxy converts the WML to a more compact

form known as binary WML and delivers it to the

mobile user over a wireless network using the WAP

protocol stack.

• If the Web server is capable of directly generating

WML content, then the WML is delivered using

HTTP/TCP/IP to the proxy, which converts the WML

to binary WML and then delivers it to the mobile

node using WAP protocols.


Security services:

• Cryptographic libraries: provides service for

signing data for integrity and non-repudiation

purposes.

• Authentication: WAP provides various mechanisms

for client and server authentication. At the Session

Services layer, HTTP Client Authentication may be

used to authenticate clients to proxies and application

servers. At the Transport Services layer, WTLS and

TLS (transport layer security) handshakes may be used

to authenticate clients and servers.


WTLS:

-Digital certificates are electronic files that are used to

identify people and resources over networks such as the

Internet. Digital certificates also enable secure,

confidential communication between two parties using

encryption.

-When you travel to another country, your passport

provides a way to establish your identity and gain

entry. Digital certificates provide similar identification

in the electronic world. Certificates are issued by a

Certification Authority (CA).


WTLS :

A certificate typically includes:

• The name of the holder

• The holder’s public key.

• The name of the Certification Authority that issued the

certificate;

• A serial number;

• The validity period (or lifetime) of the certificate (a

start and an end date).


WTLS :


WTLS:

A WAP server WTLS certificate is a certificate that

authenticates the identity of a WAP site to visiting

micro-browsers found in many mobile phones on the

market.

When a micro-browser user wants to send confidential

information to a WAP server, the micro-browser will

access the server's digital certificate.


WTLS:

Suppose Alice wants to connect to a secure WAP site,

with her mobile phone, to buy something online:

• When Alice visits a WAP site secured with WTLS her

micro-browser sends a "Client Hello" message to the

WAP server indicating that a secure session (WTLS) is

requested.

• The WAP server responds by sending Alice it's server

certificate (which includes it's public key).


WTLS:

Alice's micro-browser will verify that the server's

certificate is valid and has been signed by a CA whose

certificate is in the micro-browser's database (and who

Alice trusts).

• If the certificates are all valid, Alice's micro-browser

will generate a one-time, unique "session" key and

encrypt it with the server's public key. Her micro-

browser will then send the encrypted session key to the

server so that they will both have a copy.


WTLS:

The server will decrypt the message using its private

key and recover the session key. At this point Alice can

be assured of two things:

• The WAP site she is communicating with is really the

one it claims to be (its identity has been verified), and

• Only Alice's micro-browser and the WAP server have

a copy of the session key.


WAP stack


Handshake

Protocol

Wireless markup language

• WML (Wireless Markup Language) is the dominant

language in use with wireless devices today.

• Essentially, WML is a subset of HTML, but has its

roots in XML.

• WML pages are structured within "decks," allowing

several pages ("cards") to be defined in each WML

file.

• This deck analogy allows multiple pages to be

delivered to the mobile client at the same time,

minimizing the loading time between related pages.



• Suppose we have three simple cards

• These cards together form a deck and are delivered to

the mobile device in one file.



• <?xml version="1.0"?>

• <!DOCTYPE wml PUBLIC "-

//WAPFORUM//DTD WML 1.1//EN"

• "http://www.wapforum.org/DTD/wml_1.1.xml">

• <wml>

• <card id="Card1" title="Sample ">

• </card>

• </wml>




Documents

Princess Nora Bint Abdulrahman University College of computer