The Research Of WAP Security Based On End-to-end

With the development of mobile communications market, the kinds of mobile serverces are increasingly enriched, so the requirement of their security is continually rising. The WAP combine mobile communications with Internet and uses WTLS layer to implement security functions. In WAP1.x editions, WAP gateway is used to transform WTLS with TLS protocol, so there is a problem of security gap in it. Although the WAP2.0version solve the WAP end-to-end security issues, but along with the development of mobile communications have become increasingly frequent, the burden of WAP gateway becomes onerous, the waiting time is long enough to make the news be stolen. WAP2.0efficiency may be a risk for security applications and the promotion of the protocols. So, WAP end-to-end issue has been plaguing the people’s problems, the WAP end-to-end security issues are of major significance.There are many limitation of WTLS protocol, for example, it lacks of forward security in Key exchange process and suffers from several attacks without mutual authentication under completely anonymous mode. While in un-anonymous mode, the client and server send their digital certificates to authenticate each other. It must rely on the WPKI system with a trusted CA party to distribute certificates. Though the WPKI technology is already well developed, it lacks of oneness and mutual manipulation, the distribution and management of certificates are very complex, and the cost is very high. At present most WAP operations are not based on WPKI, so it brings many hidden troubles on lacking of identify authentication. If certificates are used, there is another problem of user anonymity.Analysis of several WAP gateway models, select an appropriate model, then offer a key exchange protocol based on the user’s password for the WTLS. Through a user-memory password can facilitate the realization of the mutual authentication of client and server. Who first proposed the password-based authenticated key agreement protocol. In the agreement, Involved in both sides in advance to share a password to be used for mutual authentication in the communication and consultation to get ashort-term session key.In the agreement to participate in both sides pre-shared a password is used for mutual authentication in the communication and consultation to get a short-term session key.This paper presents a PAKE protocol based on ECDH, Its security mainly relies on the ECDH algorithm’s elliptic curve cryptosystem, elliptic curve discrete logarithm problem. The agreement does not require the use of digital certificates, This offer more security attributes for the WTLS anonymous mode; Users only need to remember the password, That Not only saves storage space, but also to prevent cell phone or PDA is lost, others false using WAP charges business. The client and server just prior written some of the secret information, the amount of data sent in real-time handshake process is significantly reduced, thus saving bandwidth and transfer time.