Free Windows Help Tutorials sponsored by inkjet printer cartridges dot org /title> <META HTTP-EQUIV="imagetoolbar" CONTENT="no"> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=ISO 8859-1"> <META name="description" Content="Hundreds of downloadable Windows help tutorials, articles and how-to guides sponsored by inkjet printer cartridges dot org."><style type="text/css">  </style> </head> <body bgcolor=#999999 vlink=blue link=blue> <span name = "INTRA" class="pg" style="top:0px; left:5px; width:714px; height:1010px"></span> <span name = "INTRA" style='top:0px; left:5px; height:1010px; width:714px' class='img'> <img src="pg0001im.png" height = "1010 width = "714" border="0"> </span> <span class='nav' style='left: 10px; top: 10px'><pre></pre></span><span name = "INTRA" style='top:108px; left:63px' class="ft3"><pre><font face='Arial'>Understanding</font></pre></span> <span name = "INTRA" style='top:165px; left:63px' class="ft3"><pre><font face='Arial'>WAP Security</font></pre></span> <span name = "INTRA" style='top:265px; left:63px' class="ft2"><pre><font face='Arial'><i><b>On</b></i> <i><b>the</b></i> <i><b>face</b></i> <i><b>of</b></i> <i><b>it,</b></i> <i><b>the</b></i></font></pre></span> <span name = "INTRA" style='top:286px; left:63px' class="ft2"><pre><font face='Arial'><i><b>much hyped</b></i> <i><b>WAP</b></i> <i><b>appears</b></i></font></pre></span> <span name = "INTRA" style='top:262px; left:247px' class="ft0"><pre><font face='Arial'><b>W</b></font></pre></span> <span name = "INTRA" style='top:265px; left:295px' class="ft1"><pre><font face='Arial'>AP (Wireless Application Protocol) is being much hyped as part of the</font></pre></span> <span name = "INTRA" style='top:277px; left:295px' class="ft1"><pre><font face='Arial'> mobile computing revolution e business and e commerce computing</font></pre></span> <span name = "INTRA" style='top:290px; left:295px' class="ft1"><pre><font face='Arial'>over mobile phones. There is certainly going to be a lot of WAP about (IDC</font></pre></span> <span name = "INTRA" style='top:303px; left:247px' class="ft1"><pre><font face='Arial'>has forecast that all personal communications service phones will be Internet en </font></pre></span> <span name = "INTRA" style='top:306px; left:63px' class="ft2"><pre><font face='Arial'><i><b>quite</b></i> <i><b>secure,</b></i> <i><b>but</b></i> <i><b>there</b></i> <i><b>are</b></i></font></pre></span> <span name = "INTRA" style='top:316px; left:247px' class="ft1"><pre><font face='Arial'>abled using WAP by mid 2001), and as WAP is intended to cope with commercial</font></pre></span> <span name = "INTRA" style='top:327px; left:63px' class="ft2"><pre><font face='Arial'><i><b>severa;</b></i> <i><b>issues</b></i> <i><b>you</b></i> <i><b>should</b></i></font></pre></span> <span name = "INTRA" style='top:328px; left:247px' class="ft1"><pre><font face='Arial'>transactions, security will be a requirement.</font></pre></span> <span name = "INTRA" style='top:347px; left:63px' class="ft2"><pre><font face='Arial'><i><b>be</b></i> <i><b>aware</b></i> <i><b>of.</b></i></font></pre></span> <span name = "INTRA" style='top:349px; left:247px' class="ft1"><pre><font face='Arial'>On the face of it, WAP security appears to be pretty good. Digital phones are trusted</font></pre></span> <span name = "INTRA" style='top:361px; left:247px' class="ft1"><pre><font face='Arial'>and the WAP model includes security in the form of WTLS (Wireless Transaction</font></pre></span> <span name = "INTRA" style='top:374px; left:247px' class="ft1"><pre><font face='Arial'>Level Security). WTLS is a form of SSL (Secure Sockets Layer) optimised for mobile</font></pre></span> <span name = "INTRA" style='top:380px; left:63px' class="ft1"><pre><font face='Arial'>By David Norfolk</font></pre></span> <span name = "INTRA" style='top:387px; left:247px' class="ft1"><pre><font face='Arial'>phones. Nevertheless, things aren't as simple as this. For a start, some of the threats</font></pre></span> <span name = "INTRA" style='top:395px; left:63px' class="ft1"><pre><font face='Arial'>IT Journalist</font></pre></span> <span name = "INTRA" style='top:399px; left:247px' class="ft1"><pre><font face='Arial'>associated with WAP are different to those associated with ordinary Internet</font></pre></span> <span name = "INTRA" style='top:412px; left:247px' class="ft1"><pre><font face='Arial'>computing (and some are the same), and this must be taken into account when</font></pre></span> <span name = "INTRA" style='top:425px; left:247px' class="ft1"><pre><font face='Arial'>designing WAP applications. However, security firms such as ISS think that there</font></pre></span> <span name = "INTRA" style='top:438px; left:247px' class="ft1"><pre><font face='Arial'>are serious and fundamental problems with the WAP security model and, even if</font></pre></span> <span name = "INTRA" style='top:450px; left:247px' class="ft1"><pre><font face='Arial'>these don't affect you, there are certainly implementation issues with WAP (which</font></pre></span> <span name = "INTRA" style='top:463px; left:247px' class="ft1"><pre><font face='Arial'>isn't a mature technology) that may compromise security.</font></pre></span> <span name = "INTRA" style='top:483px; left:247px' class="ft1"><pre><font face='Arial'>The fundamental problem with WAP security is that it is optional. This leads to the</font></pre></span> <span name = "INTRA" style='top:496px; left:247px' class="ft1"><pre><font face='Arial'>risk that someone can be persuaded to think that a transmission is safe when it isn't,</font></pre></span> <span name = "INTRA" style='top:509px; left:247px' class="ft1"><pre><font face='Arial'>and this may lead to a further compromise of security. Some of the people involved</font></pre></span> <span name = "INTRA" style='top:522px; left:247px' class="ft1"><pre><font face='Arial'>in WAP want to change this, but it seems unlikely that this will be addressed even</font></pre></span> <span name = "INTRA" style='top:534px; left:247px' class="ft1"><pre><font face='Arial'>in the upcoming next release. Perhaps security is seen as a usability barrier to</font></pre></span> <span name = "INTRA" style='top:547px; left:247px' class="ft1"><pre><font face='Arial'>adoption of a new technology, and many first time apps are simple and don't need</font></pre></span> <span name = "INTRA" style='top:560px; left:247px' class="ft1"><pre><font face='Arial'>security, but even a perception of a lack of security can kill confidence in a new</font></pre></span> <span name = "INTRA" style='top:572px; left:247px' class="ft1"><pre><font face='Arial'>technology.</font></pre></span> <span name = "INTRA" style='top:599px; left:247px' class="ft2"><pre><font face='Arial'><i><b>Cryptography</b></i></font></pre></span> <span name = "INTRA" style='top:621px; left:247px' class="ft1"><pre><font face='Arial'>However, the cryptography used for transmission across the Web probably isn't a</font></pre></span> <span name = "INTRA" style='top:634px; left:247px' class="ft1"><pre><font face='Arial'>problem. No doubt it can be broken, but not easily enough to be generally useful</font></pre></span> <span name = "INTRA" style='top:647px; left:247px' class="ft1"><pre><font face='Arial'>(that is, not in anything like real time). Where a serious problem does arise is with</font></pre></span> <span name = "INTRA" style='top:659px; left:247px' class="ft1"><pre><font face='Arial'>the WAP Gateway, which converts from the WAP security protocol WTLS, used</font></pre></span> <span name = "INTRA" style='top:672px; left:247px' class="ft1"><pre><font face='Arial'>between phone and Gateway, and SSL, used over the Internet. This implies that the</font></pre></span> <span name = "INTRA" style='top:685px; left:247px' class="ft1"><pre><font face='Arial'>message is available for a short time unencrypted on the Gateway and, if the</font></pre></span> <span name = "INTRA" style='top:697px; left:247px' class="ft1"><pre><font face='Arial'>Gateway is compromised, so are any WAP communications. Work is under way to</font></pre></span> <span name = "INTRA" style='top:710px; left:247px' class="ft1"><pre><font face='Arial'>address this (it seems to have no real advantages for anyone), but it isn't known</font></pre></span> <span name = "INTRA" style='top:723px; left:247px' class="ft1"><pre><font face='Arial'>when, or even if, the WAP specs will change.</font></pre></span> <span name = "INTRA" style='top:743px; left:247px' class="ft1"><pre><font face='Arial'>A second fundamental problem at the moment, but one that will presumably go</font></pre></span> <span name = "INTRA" style='top:756px; left:247px' class="ft1"><pre><font face='Arial'>away in time, is the essential immaturity of the technology. Modern mobile phones</font></pre></span> <span name = "INTRA" style='top:769px; left:247px' class="ft1"><pre><font face='Arial'>are pushing the boundaries of what you can squeeze into a phone (both physically,</font></pre></span> <span name = "INTRA" style='top:781px; left:247px' class="ft1"><pre><font face='Arial'>and in terms of processor and memory), and this is a classic recipe for the production</font></pre></span> <span name = "INTRA" style='top:794px; left:247px' class="ft1"><pre><font face='Arial'>of hardware specific solutions, code that is hard to understand, and obscure bugs</font></pre></span> <span name = "INTRA" style='top:807px; left:247px' class="ft1"><pre><font face='Arial'>introduced in maintenance releases. Tom DeMarco pointed out years ago (in</font></pre></span> <span name = "INTRA" style='top:819px; left:247px' class="ft1"><pre><font face='Arial'>Controlling Software Projects, Yourdon Press, 1982, ISBN 0 13 171711 1, reporting</font></pre></span> <span name = "INTRA" style='top:832px; left:247px' class="ft1"><pre><font face='Arial'>work by Weinberg and Schulman in 1974) that giving a programming team a goal</font></pre></span> <span name = "INTRA" style='top:845px; left:247px' class="ft1"><pre><font face='Arial'>of optimising one project metric (completion time or program size, for instance)</font></pre></span> <span name = "INTRA" style='top:857px; left:247px' class="ft1"><pre><font face='Arial'>severely impacted performance on other project metrics (program clarity or user </font></pre></span> <span name = "INTRA" style='top:870px; left:247px' class="ft1"><pre><font face='Arial'>friendly output, perhaps). It is unlikely that the situation will be much different for</font></pre></span> <span name = "INTRA" style='top:883px; left:247px' class="ft1"><pre><font face='Arial'>the code in a WAP phone (although at least it isn't running Windows applications).</font></pre></span> <span name = "INTRA" style='top:903px; left:247px' class="ft1"><pre><font face='Arial'>The net result of this technology immaturity is that phones tend to be subtly different</font></pre></span> <span name = "INTRA" style='top:950px; left:52px' class="ft4"><pre><font face='Helvetica'>Issue 131:June 2001</font></pre></span> <span name = "INTRA" style='top:943px; left:261px' class="ft5"><pre><font face='Arial'><b>PC</b> <b>Network</b> <b>Advisor</b></font></pre></span> <span name = "INTRA" style='top:950px; left:612px' class="ft4"><pre><font face='Helvetica'>File: B1423.1</font></pre></span> <span name = "INTRA" style='top:962px; left:52px' class="ft4"><pre><font face='Helvetica'>page 9</font></pre></span> <span name = "INTRA" style='top:962px; left:519px' class="ft4"><pre><font face='Helvetica'>Buying and Evaluating:Hardware</font></pre></span> <span name = "INTRA" style='top:967px; left:284px' class="ft6"><pre><font face='Helvetica'><b>www.pcnetworkadvisor.com</b></font></pre></span> <span name = "INTRA" class='nav' style='left: 357px; top: 1010px'><pre>Next page <a href='page0002.htm'>></a></pre></span> <span name = "INTRA" style='top:1050px; left:50px' class="ft4"><pre><b><font color="#FF0000" size="3" face="Arial">New!</font><font color="#FF0000" size="3" face="Arial Narrow"> </font><font size="2" face="Arial">The best sites for quality <a href="http://www.inkjet-printer-cartridges.org">inkjet printer cartridges</a> and the best sites for <a href="http://www.cheap-inkjet-cartridges.com">cheap inkjet cartridges</a></font></b></pre></span></body> <span name = "INTRA" style='top:1100px; left:300px' class="ft4"><pre><b><font color="#FF0000" size="3" face="Arial"><a href="../index.html">Windows Help Desk Home</a> </font></b></pre></span></body></html>