Abstract
Mobile commerce is becoming more and more commonplace, but security is still a major concern. To provide security, the WAP (Wireless Application Protocol) forum suggests the WAP security architecture. However, it needs the WAP gateway for intermediate process between the WTLS (Wireless Transport Layer Security) and the SSL (Secure Socket Layer) protocol, and it does not guarantee end-to-end security between the mobile devices and the WAP servers. In this paper, we propose a new authentication protocol to solve this problem. Our solution is based on the design of a new network component that is called CRL-agent. Furthermore, we also analyze and evaluate the security strength of the proposed protocol.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
WAP Forum: Wireless Application Protocol Architecture Specification, 1998.
WAP Forum: Wireless Application Protocol Wireless Transport Layer Security Specification, 1999.
WAP Forum: Wireless Application Protocol Public Key Infrastructure Definition, 2000.
David Wagner, Bruce Schneier: Analysis Of The SSL 3.0 Protocol. Proceedings of 2nd USENIX Workshop on Electronic Commerce 2104 USENIX Press, November 1997, pp. 29–40.
Markku-Juhani Saarinen: Attack Against The WAP WTLS Protocol. Communications and Multimedia Security Joint working conference IFIP TC6 and TC11 Katholieke Universiteit Leuven, 1999, Belgium.
Sami Jormalainen, Jouni Laine: Security In The WTLS. http://www.hut.fi/jtlaine2/wtls/, 1999.
Steven M. Bellovin: Problem Areas For The IP Security Protocols. Proceedings of the Sixth USENIX Security Symposium, 1996, pp. 205–214.
Rolf Oppliger: Security Technologies For The World Wide Web. ARTECH HOUSE. INC, 2000.
Charles Arehart, Nirmal Chidambaram etc: Professional WAP. Wrox Press Ltd, 2000, pp. 10–41.
Peter Buhler, Thomas Eirich, Michael Stenier, Michael Waidner: Secure Password-Based Cipher Suite For TLS. In Symposium on Network and Distributed Systems Security (NDSS’ 00), pages 129–142, San Diego, CA, Internet Society, 2000.
S. Halevi and H. Krawczyk: Public-Key Cryptography And Password Protocols. In 5th ACM Conference on Computer and Communication Security”, San Francisco, California. ACM Press, 1998.
Steven M. Bellovin: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. Proceedings of the IEEE Symposium on research in Security and Privacy, Oakland, May 1992.
N. Haller: The S/KEY One-Time Password System. RFC 1760, Feb 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, J.P., Shin, W., Rhee, K.H. (2001). An End-to-End Authentication Protocol in Wireless Application Protocol. In: Varadharajan, V., Mu, Y. (eds) Information Security and Privacy. ACISP 2001. Lecture Notes in Computer Science, vol 2119. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47719-5_21
Download citation
DOI: https://doi.org/10.1007/3-540-47719-5_21
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42300-3
Online ISBN: 978-3-540-47719-8
eBook Packages: Springer Book Archive