Webmaster''''s Guide to the Wireless Internet part 48 ppt

WTLS and Point-to-Point Security Models The term point-to-point security describes an approach where information is pro-tected at each leg of the journey from a user to a Web server by

WTLS and Point-to-Point

Security Models

The term point-to-point security describes an approach where information is

pro-tected at each leg of the journey from a user to a Web server by the appropriate security technology for each part of the communication As we have seen, this approach has inherent weaknesses at the points where the security methods

cyclic redundancy check (CRC) algorithm, which represents the integrity of information as a number.

■ Privacy Privacy means that information communicated

between two people or computers is inscrutable to third par-ties Encrypting information so that only the sender and recipient understand it ensures privacy.

■ Public Key In public-key cryptography the sender and

recip-ient each get two keys: a private key and a public key The public key is made accessible while the private key remains secret The sender of a message encrypts the information using the recipient’s public key but the information can only

be decrypted using the recipient’s private key.

■ Secret Key In secret key cryptography the sender and

recip-ient use the same method of encrypting and decrypting information A shared piece of information or secret known only to a message’s sender and recipient can be used to encrypt and decrypt the message This is known as secret key

or symmetric cryptography.

■ Trojan A program that appears to be legitimate but is

designed to have destructive effects on the programs and data of the computer onto which the Trojan program has been loaded.

■ Virus A program that replicates itself by infecting other

pro-grams Viruses are typically programmed to append their exe-cutable code to other programs, resulting in their propagation.

■ Worm A malicious program that replicates itself over a

work and that typically fills all of the storage space or net-work capacity Worms typically exploit a specific vulnerability, such as a buffer overflow in a particular network application,

in order to execute their own code on remote machines.

change between legs of the data’s journey.The most important technology in the point-to-point security model is WTLS.WTLS is the equivalent of SSL for WAP, and it provides encryption between wireless browsers and WAP gateways.The most standard form of WTLS (WTLS Class I) is designed to work together with SSL so that WTLS operates on the wireless network side of the WAP gateway and SSL operates on the Internet side.WTLS and SSL together ensure that infor-mation is encrypted from point to point all the way from a wireless browser to a Web server (see Figure 10.4)

How WTLS Works

WTLS is the part of the WAP specification designed to ensure the privacy, authenticity, and integrity of communication Communications traffic in the air may also be encrypted depending on the wireless network and air-connect tech-nology but, like WTLS, this does not provide true end-to-end encryption

The three main components of WTLS are: (1) the handshaking protocol that provides for key exchange; (2) a record structure for encrypted information; and (3) the Wireless Identity Module (WIM).The handshaking protocol is used when

a client and server (a WAP gateway) initiate a session During the handshaking

Figure 10.4Point-to-Point Security Model

WAP Phone

Web Server

WAP Gateway

WTLS works between devices and WAP gateways.

SSL works between WAP gateways and Web servers.

process, the client lists supported cryptographic and key exchange methods, and the server chooses a preferred method After authenticating each other ,the client and server select a protocol version and cipher.WTLS borrows from the SSL standard and supports the RC5, DES, 3DES and IDEA ciphers, although the DES and 3DES ciphers are the more typically used.Three key exchange methods are supported including RSA, Diffie-Hellman, and Elliptic Curve Diffie-Hellman, with the RSA method being the most commonly used.WTLS also provides a way keys to be exchanged anonymously based on the servier’s public key.When authenticating anonymously, the client encrypts a secret key using the server’s public key, and sends a Client Key Exchange message.The record structure of WTLS provides a mechanism for the data’s privacy and integrity to be checked, and the WIM is the core software logic that performs all of the actual cryptog-raphy, including handshaking, authentication, and encryption

WTLS Classes

The version 2.0 WAP specification incorporates three classes of WTLS security, offering successively stronger levels of security.WTLS Class I only provides encryp-tion between the wireless browser and the WAP gateway, after which the gateway is responsible for the data’s security.WTLS Class II is a close analog of SSL on the Internet because it allows SSL-like encryption directly between wireless browsers and Web servers.WTLS Class III provides a framework for PKI security

The WAP Gap

Mobile devices using WAP do not connect directly to Web sites or applications nor

do they directly support the HTTP protocol or SSL In effect,WAP gateways act like proxy servers for mobile devices A gateway translates one kind of communica-tion to another kind In this case a WAP gateway translates communicacommunica-tion from the WAP protocol to HTTP over the Internet.When a WAP gateway relays a request to a Web server on behalf of a mobile device, it uses the WAP protocol to communicate with the device and HTTP to communicate with the Web server Like Web browsers,WAP gateways support SSL, which is the standard method of encrypting HTTP communications SSL is normally used between Web browsers and Web servers Communication between a mobile device and a WAP gateway is secured using WTLS and communication between the WAP gateway and Web servers is secured using SSL.WAP gateways decrypt WTLS communication and then re-encrypt the communication using SSL.This means that inside the WAP gateway, the information is unencrypted at one point It is theoretically possible for

the WAP gateway to malfunction and establish unencrypted HTTP communication

rather than using SSL.This flaw is referred to as the WAP gap (see Figure 10.5) and

it is the ideal point for a man-in-the-middle attack.

How Likely is a WAP Gateway Compromise?

WTLS Class I is the most widely deployed security standard on the wireless Web for WAP devices (there are currently many more DoCoMo i-mode devices in use).WTLS Class I communication is theoretically flawed because it is possible, however improbable, that a mobile operator’s WAP gateway can be compromised

or that it might not initiate SSL connections over the Internet However, what is more important to you as a wireless Webmaster , is that the software and configu-ration of the mobile operator’s WAP gateway and the security of the WAP

gateway itself are totally outside your control; you have no way of knowing if one

or more of these machines has been compromised or if you are being victimized

by a man in the middle attack Experts disagree about how serious the WAP gap really is or whether it can be successfully exploited However, the fact that the WAP gap exists means that the design of WTLS Class I, and of the wireless Web today, is imperfect at best

Figure 10.5The WAP Gap

WAP Gateway

WTLS works between devices and WAP gateways.

Potentially unencrypted HTTP communication.

Web Server

WAP Phone

The "WAP Gap"

is between WTLS and SSL.

SECURITY ALERT

There are two methods of testing SSL between a WAP gateway and a Web server or Web-based application The first is to directly enter an HTTPS Universal Resource Locator (URL) on the device and see if the WAP gateway successfully connects The more secure method is to restrict all communications to SSL (TCP/IP port 443) Enforcing SSL at the Web server is the best way to guarantee that information is secure.

The Seven Layers of Point-to-Point Security

Point-to-point security can be broken down into seven layers, corresponding to the steps in the communication path between mobile devices and Web servers or applications Despite concerns like the WAP gap and mistrust of WASPs, these seven security layers provide practical assurance that applications and transactions are reasonably secure For most organizations, content and information such as e-mail that are made available through wireless devices are adequately served by a point-to-point security model.This is only because the security requirements are low For banking solutions such as consumer banking and mobile credit card applications, point-to-point security as it exists today (primarily using WTLS Class I security) is not acceptable Nonetheless, in the fierce competition to reach the wireless market first, even a theoretically flawed security solution may pose an acceptable risk when balanced with other business considerations Device limita-tions and the lack of common global standards mean that relatively high levels of security cannot be widely deployed today Point-to-point security forms the only real alternative because it can be widely deployed.The seven layers of point-to-point security are:

1 Embedded Security Technology

2 Secure Air-Connect Technologies

3 Mobile Operator Network Security

4 Secure Mobile operator Gateways

5 Authentication

6 Data Center and Network Security

7 Secure Application Interfaces

Embedded Security Technology

The first layer of defense in a computer system is always the end terminal

Physical access to the device must be controlled If the device is a phone, it will often have a lock code or password feature that prevents it from being used unless

a code is entered PDAs such as Palm OS devices have password and lock features

to prevent unauthorized access in the event that the device is lost or stolen

Notebook computers have the same capabilities either as a Basic Input/Output System (BIOS) feature orbuilt in to the operating system In order to be effective, all of these features require configuration As a wireless Webmaster, it is up to you

to set security policies and to define standard configurations for the devices used

to access your network and servers Unlike desktop workstations, you have to expect that mobile devices will inevitably be lost or stolen Guidelines covering what and how to communicate can protect confidential information when all else fails Security policies are your final line of defense: users must be told what can be communicated through mobile devices and what can be stored on mobile devices such as PDAs Users should be advised to treat their wireless communica-tions in the same way they would a private conversation with a coworker in a public place

Security Policies

An excellent example of security guidelines comes from the world of investment banking, where security is of supreme importance because

of the ramifications for transactions Unlike most corporate users, investment banking professionals are keenly aware of security issues and that the ultimate responsibility for confidentiality rests upon the bankers themselves.

Investment banking professionals must observe a strict standard and adhere to protocols that ensure the highest level of confidentiality possible They must always use caution when discussing business, par-ticularly in a public place such as an airport, elevator, or restaurant As with products that are not yet announced in other industries, invest-ment bankers often use code names for their projects and clients even

in internal discussions.

Developing & Deploying…

Mobile Operator Network Security

WTLS extends security beyond the inherent air-connect security, across the entire mobile operator network, right to the edge of the Internet at the WAP gateway Once traffic leaves the WAP gateway it is no longer secured by the air-connect technology,WTLS, or the network operator’s internal network security

At the same time, users may roam to areas where they do not have the same cov-erage or may use a less secure air-connect technology like the analog AMPS system.The security technologies implemented in air interfaces such as CDMA are designed to protect the network and subscribers from misuse such as stolen phone numbers or unauthorized network use Security of the air interface itself and the mobile operator’s network enhances the security of wireless data services such as WAP browsing, but were designed to protect data communications

Secure Mobile Operator Gateways

The WAP gap and the potential for man-in-the-middle attacks mean that the secu-rity of mobile operator WAP gateways is critical Inside the WAP gateway, informa-tion encrypted through WTLS Class I security is decrypted and then re-encrypted using SSL.The information is vulnerable at that point; ss a wireless Webmaster you have no control of the mobile operator’s WAP gateway and no way of knowing if one or more of these machines has been compromised For organizations buying network service from a carrier, it is reasonable to request a description of network security as would normally be provided by an Internet service provider.The only way to be certain that WAP gateway security is not an unmanaged risk is not to depend on it, relying instead on end-to-end SSL or PKI security

Authentication

Exposing applications and information on the Web means providing more than one line of defense against unauthorized access and malicious hacking.The sim-plest strategy is to support a single authentication standard such as Remote

When using mobile devices to communicate, investment banking professionals must rely first and foremost upon the established best practices within their field and observe the same precautions they would when sending e-mail outside the company or when traveling Regardless

of the security technology used, any communication technology is only

as secure as the policies and practices observed by users.

Authentication Dial-In User Service (RADIUS) or Lightweight Directory Access Protocol (LDAP)-based user ID/password authentication.Technologies such as SecureID can easily be added to wireless applications but are cumbersome for users because of the constraints of entering information quickly using a mobile phone or wireless PDA

SECURITY ALERT

As with local area network (LAN) or host access user IDs and passwords, wireless user IDs and passwords should follow standard guidelines for length and composition Users may wish to simplify their passwords to make wireless applications more usable, but as a wireless Webmaster you must consider that cracking will be done over the Internet and not from mobile devices Weak passwords can be quickly broken, and this is especially true for numeric personal identification number (PIN)-based passwords, which are the easiest passwords to enter on a phone.

Data Center and Network Security

If you are using a WASP you must make sure that the WASP data center facility

is secure.This means physical security, security policies, operational methodology and procedures, and tools to detect and protect against intrusion attempts.Your WASP should be able to clearly articulate their security architecture and practices including:

1 Secure Data Center Design

2 Customer Network Isolation

3 Secure Router Configurations

4 VPNs and Private Pipes

5 Secure Methodology

6 Security Management

7 Security Auditing

Secure Data Center Design

A secure data center design involves a physical network architecture (see Figure 10.6) that isolates servers and customer information from access over the

Internet.This is commonly accomplished through a double firewall scheme where Internet-accessible servers are separated from other machines, and where access to machines through a second firewall is restricted in any of several ways, such as being limited to a particular network address and application

Customer Network Isolation

Isolating customer networks means that firewalls are configured to compartmen-talize each customer’s servers and data.This mitigates the risk that another cus-tomer’s application might receive secure information if it were unencrypted for any reason within the service provider’s network

Figure 10.6Typical Secure Data Center Network Design

DMZ Network

Back-End Applications

Wireless Application (Front-end Web Server)

Data Center Network

Internal Firewall

Content Sources (Database Servers, etc.)

Load Balancer

VPN Server

Internet

External Firewall Router

Secure Router Configurations

Like any service provider, a WASP must have secure network router and device configurations.This means that devices are properly configured following well-defined security guidelines.The best way to ensure that your WASP’s network router configurations are secure is through an independent audit

VPNs and Private Pipes

Availability of Virtual Private Network technology or private network connec-tions (“private pipes”) is an important consideration A VPN acts like a conduit over the Internet Information passing through the conduit is encrypted, but the encryption is transparent to applications on either end of the connection.VPNs allow information to be passed over the Internet with no practical risk of a com-promise Another method involves establishing private network connections between the WASP data center and customer networks.This approach is more costly than a VPN, but is also theoretically more secure since it bypasses the Internet completely

Secure Methodology

Secure deployment methodologies and remote administration protocols such as SSH are necessary to ensure that there is no exposure of secure information or systems at any point, even when new system components are being deployed

Secure methodology can include administration procedures and tools so that only authorized personnel can perform administrative tasks Secure methodology guards against accidental exposure and malicious activity within the WASPs network

Security Management

Designing and deploying a secure system does not mean that it will remain secure indefinitely Security flaws in software applications and computer or net-work router operating systems are discovered and corrected over time

Monitoring and timely deployment of security patches will correct known vul-nerabilities, and all service providers should have clear procedures to accom-plishing this on an ongoing basis

Security Auditing

You should negotiate independent auditing as a term of your contract with a WASP A WASP will not give you direct access to their network, firewalls, or routers, therefore you must rely on their self-report or obtain the contractual right