Skip to main content
Log in

Improving WTLS Security for WAP Based Mobile e-Commerce

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

In recent years, WAP has been gaining increasing popularity as a platform for mobile e-commerce; its security has thus become an important issue. In this paper, we focus primarily on improving WTLS, a sub-protocol of WAP, to achieve enhanced WAP security. We propose using an Anonymous Client Authentication (ACA) scheme, which can be applied in general to most Public Key Infrastructure based mobile e-commerce applications, to be incorporated into WTLS to provide client anonymity in WAP. Further, in order to support the desired security feature forward secrecy, and to resist various attacks which could hardly be coped with by the original WTLS, we exploit Elliptic Curve Cryptography (ECC) for session key establishment. The proposed protocol has been shown able to outperform not only the original WTLS protocol, but also the published improved WTLS protocols in terms of computation cost and communication bandwidth. Besides, the proposed ACA scheme can also be exploited in other internet and wireless network based platforms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. WAP Forum. (2001). Wireless application protocol wireless application specification. http://www.wapforum.org/.

  2. Downes, S. (2005). Authentication and identification. International Journal of Instructional Technology and Distance Learning, 2(10), ISSN 1550-6908.

    Google Scholar 

  3. Kaliski B. (2001) An unknown key-share attack on the MQV key agreement protocol. ACM Transaction on Information and System Security 4(3): 275–288

    Article  Google Scholar 

  4. Bhansali, B. B. (2001). Man-in-the-middle Attack. 16 February 2001.

  5. Park, D. G., Boyd, C., & Moon, S.-J. (2000). Forward secrecy and its application to future mobile communications security. Public Key Cryptography 2000, LNCS1751, Spring-Verlag, pp. 433–445.

  6. Kwak, D. J., Ha, J. C., & Lee, H. (2003). A WTLS handshake protocol with user anonymity and forward secrecy. Proceedings of Mobile Communications: 7th CDMA International Conference (CIC2002), LNCS2524, pp. 219–230.

  7. Lee, K., & Moon, S. (2000). AKA protocols for mobile communications. Proceedings of 6th Australasian Conference Information Security and Privacy (ACISP2000), pp. 400–411.

  8. Diffie W., Hellman M.E. (1979) New direction in cryptography. IEEE Transaction on Information Theory 22(6): 644–654

    Article  MathSciNet  Google Scholar 

  9. Rivest R., Shamir A., Adleman L. (1978) A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2): 120–126

    Article  MATH  MathSciNet  Google Scholar 

  10. Cui Y.-Y., Zhou Y.-B., Feng D.-G. (2005) Cryptanalysis and improvement of a WTLS handshake protocol with user anonymity and forward secrecy. Transactions on engineering, computing and technology 6: 328–331

    Google Scholar 

  11. Zou X.-Q., Feng D.-G. (2004) Advances in security of WTLS handshake protocol. Journal of the Graduate School of the Chinese Academy of Sciences 21(4): 494–500

    Google Scholar 

  12. Ye R., Feng Y.-j., Yu S., Wu Y. (2005) Employing ECMQV key exchange scheme to enhance WTLS security. Computer Applications 25(4): 859–886

    Google Scholar 

  13. Dugal, R., & Minard, B. (2006). ECMQV ciphersuites for TLS. Certicom Corp., 16 October 2006.

  14. Kwak, J., Han, J., Oh, S., & Won, D. (2004). Security enhanced WTLS handshake protocol. Computational Science and Its Applications (ICCSA2004), 3045.

  15. Jurisic, A., & Menezes, A. J. ECC Whitepapers: Elliptic Curves and Cryptography, Certicom corp., http://www.certicom.com/research/weccrypt.html.

  16. Menezes A.J., Van Oorschot P.C., Vanstone S.A. (2005) Handbook of applied cryptography. CRC Press, New York, p 263

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Moon-Chuen Lee.

Rights and permissions

Reprints and permissions

About this article

Cite this article

He, YJ., Lee, MC. Improving WTLS Security for WAP Based Mobile e-Commerce. Wireless Pers Commun 51, 17–29 (2009). https://doi.org/10.1007/s11277-008-9604-0

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-008-9604-0

Keywords

Navigation