Abstract
In recent years, WAP has been gaining increasing popularity as a platform for mobile e-commerce; its security has thus become an important issue. In this paper, we focus primarily on improving WTLS, a sub-protocol of WAP, to achieve enhanced WAP security. We propose using an Anonymous Client Authentication (ACA) scheme, which can be applied in general to most Public Key Infrastructure based mobile e-commerce applications, to be incorporated into WTLS to provide client anonymity in WAP. Further, in order to support the desired security feature forward secrecy, and to resist various attacks which could hardly be coped with by the original WTLS, we exploit Elliptic Curve Cryptography (ECC) for session key establishment. The proposed protocol has been shown able to outperform not only the original WTLS protocol, but also the published improved WTLS protocols in terms of computation cost and communication bandwidth. Besides, the proposed ACA scheme can also be exploited in other internet and wireless network based platforms.
Similar content being viewed by others
References
WAP Forum. (2001). Wireless application protocol wireless application specification. http://www.wapforum.org/.
Downes, S. (2005). Authentication and identification. International Journal of Instructional Technology and Distance Learning, 2(10), ISSN 1550-6908.
Kaliski B. (2001) An unknown key-share attack on the MQV key agreement protocol. ACM Transaction on Information and System Security 4(3): 275–288
Bhansali, B. B. (2001). Man-in-the-middle Attack. 16 February 2001.
Park, D. G., Boyd, C., & Moon, S.-J. (2000). Forward secrecy and its application to future mobile communications security. Public Key Cryptography 2000, LNCS1751, Spring-Verlag, pp. 433–445.
Kwak, D. J., Ha, J. C., & Lee, H. (2003). A WTLS handshake protocol with user anonymity and forward secrecy. Proceedings of Mobile Communications: 7th CDMA International Conference (CIC2002), LNCS2524, pp. 219–230.
Lee, K., & Moon, S. (2000). AKA protocols for mobile communications. Proceedings of 6th Australasian Conference Information Security and Privacy (ACISP2000), pp. 400–411.
Diffie W., Hellman M.E. (1979) New direction in cryptography. IEEE Transaction on Information Theory 22(6): 644–654
Rivest R., Shamir A., Adleman L. (1978) A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2): 120–126
Cui Y.-Y., Zhou Y.-B., Feng D.-G. (2005) Cryptanalysis and improvement of a WTLS handshake protocol with user anonymity and forward secrecy. Transactions on engineering, computing and technology 6: 328–331
Zou X.-Q., Feng D.-G. (2004) Advances in security of WTLS handshake protocol. Journal of the Graduate School of the Chinese Academy of Sciences 21(4): 494–500
Ye R., Feng Y.-j., Yu S., Wu Y. (2005) Employing ECMQV key exchange scheme to enhance WTLS security. Computer Applications 25(4): 859–886
Dugal, R., & Minard, B. (2006). ECMQV ciphersuites for TLS. Certicom Corp., 16 October 2006.
Kwak, J., Han, J., Oh, S., & Won, D. (2004). Security enhanced WTLS handshake protocol. Computational Science and Its Applications (ICCSA2004), 3045.
Jurisic, A., & Menezes, A. J. ECC Whitepapers: Elliptic Curves and Cryptography, Certicom corp., http://www.certicom.com/research/weccrypt.html.
Menezes A.J., Van Oorschot P.C., Vanstone S.A. (2005) Handbook of applied cryptography. CRC Press, New York, p 263
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
He, YJ., Lee, MC. Improving WTLS Security for WAP Based Mobile e-Commerce. Wireless Pers Commun 51, 17–29 (2009). https://doi.org/10.1007/s11277-008-9604-0
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-008-9604-0