Wap Wtls Security

Nowadays, a novel electronic transaction mode based on WAP is becoming more popular in Mobile Enhanced Message Service. As the Transport Layer Security Protocol in WAP, WTLS has the important effect on mobile service security.This paper systematically introduces the WTLS protocol stack. Through doing some analysis on handshake protocol of WTLS protocol stack in detail, four security leaks in WTLS handshake protocol were indicated: lack of forward security, unknown key-share attack, man-in-the middle attack and no protecting of user identity. After analyzing the existent status of research all over the world, pointing out the deficiency of solving schemes in existence, a mutual authentication and key exchange protocol FS-MAKEP is proposed. The protocol can implement key exchange promptly and safely. It provides forward security, prevents unknown key-share attack and man-in-the middle attack, and realizes dual authentication which combines certificate authentication and anonymous authentication. Furthermore, it decreases the amount of online calculation of clients. Base on the advantage of FS-MAKEP on key-exchange and identity authentication, the paper applies the idea of FS-MAKEP in WTLS protocol and proposes an improved WTLS handshake protocol, which primely solves four security leaks of previous WTLS protocol; Then we use Rubin logic to prove the security of improved WTLS handshake protocol; The feasibility of the modified protocol is proved under Linux environment on which the modified WTLS handshake protocol is implemented.But mobile E-business requires more on protecting of user identity—user anonymity protection, thus, a user anonymity license authentication scheme AL-SA is designed based on trapdoor hash function online/offline signature scheme. The main feature of the scheme is to produce anonymous License for users through the third part authentication centre, and the server verifies anonymous License instead of direct authentication of user certificate. Then we combine AL-SA with FS-MAKEP to improve the user authentication process of WTLS handshake protocol. The improved protocol not only solves four leaks of previous protocol, but also provides users anonymity, decreases the amount of calculation of clients and enhances the efficiency that the server verifies user identity.According to analyze calculation costs and communication loads of both improved schemes, the advantage of both schemes are discussed. Finally, provide a summary of WTLS security research and an outlook of the further research direction.