Attacks Against the WAP WTLS Protocol

  • Markku-Juhani Saarinen
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 23)


The WAP WTLS protocol was designed to provide privacy, data integrity, and authentication for wireless terminals. The protocol is currently being fielded, and it is expected that the protocol will be contained in millions of devices in a few years.

Even though the WTLS protocol is closely modeled after the well-studied TLS protocol, we have identified a number of potential security problems in it. In this note, we describe a chosen plaintext data recovery attack, a datagram truncation attack, a message forgery attack, and a key-search shortcut for some exportable keys.


Block Cipher Stream Cipher Group Order Transport Layer Security Alert Message 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    M. Bellare, R. Canetti and H. Krawczyk, “Keying Hash Functions for Message Authentication,” Advances in Cryptology - Crypto ‘86 Proceedings, Springer-Verlag, 1996Google Scholar
  2. [2]
    M. Bellare, R. Guérin and P. Rogaway, “XOR MACS: New Methods for Authentication Using Finite Pseudorandom Functions,” Advances in Cryptology - Crypto ‘85 Proceedings, Springer-Verlag, 1995Google Scholar
  3. [3]
    S. Bellovin, “Problem Areas for the IP Security Protocols,” Proceedings of the Sixth USENIX Security Symposium, pp. 205–214, USENIX Association 1996Google Scholar
  4. [4]
    S. M. Bellovin, “Probable Plaintext Cryptanalysis of the IP Security Protocols,” Proceedings of the Symposium on Network and Distributed System Security, pp. 155–160, 1997Google Scholar
  5. [5]
    D. Bleichenbacher, “Chosen Ciphertext Attacks against Protocols Based on the RSA Encryption Standard PKCS 1,” Advances in Cryptology - Crypto ‘88 Proceedings, pp. 1–12, Springer-Verlag, 1998Google Scholar
  6. [6]
    D. Bleichenbacher, B. Kaliski and J. Staddon, “Recent results on PKCS 1: RSA Encryption Standard,” RSA Laboratories’ Bulletin, Number 7, June 26, 1998.Google Scholar
  7. [7]
    T. Dierks and C. Allen, “The TLS Protocol Version 1.0,” RFC 2246,,1999
  8. [8]
    A. O. Freier, P. Karlton and P. C. Kocher, “The SSL Protocol Version 3.0,”,1996
  9. [9]
    B. Kaliski, “PKCS 1: RSA Encryption Version 1.5,” RFC 2313,,1998
  10. [10]
    B. Kaliski and J. Staddon, “PKCS 1: RSA Cryptography Specifications Version 2.0,” RFC 2437, 1999
  11. [11]
    National Institute of Standards and Technology, “Digital Signature Standard,” FIPS PUB 186, 1994Google Scholar
  12. [12]
    National Institute of Standards and Technology, “Secure Hash Standard,” FIPS PUB 180–1, 1995Google Scholar
  13. [13]
    National Security Agency, “Skipjack and KEA Algorithm Specifications Version 2.0,”,1998
  14. [14]
    S. Pohlig and M. Hellman, “An improved algorithm for computing logarithms over GF(p) and its cryptographic significance,” IEEE Transactions on Information Theory, Vol. 24, pp. 106–110, 1978MathSciNetzbMATHCrossRefGoogle Scholar
  15. [15]
    J. Pollard, “Monte Carlo Methods for Index Computation (mod p),” Mathematics of Computation, Vol 32., pp. 918 — 924, 1974Google Scholar
  16. [16]
    R. Rivest, “The MD5 Message-Digest Algorithm,” RFC1321,,1992
  17. [17]
    M. Robshaw and J. Staddon, “A Note on the Security of the OAEPEnhanced RSA Public-Key Encryption Scheme,” RSA Laboratories’ Bulletin, Number 9, February 23, 1999Google Scholar
  18. [18]
    WAP Forum, “Wireless Application protocol - Wireless Transport Layer Security Specification, Version 12-Feb-1999,” available from,1999
  19. [19]
    D. Wagner and B. Schneier, “Analysis of the SSL 3.0 protocol,” Proceedings of the Second USENIX Workshop on Electronic Commerce, USENIX Press, pp. 29–40, 1996Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 1999

Authors and Affiliations

  • Markku-Juhani Saarinen
    • 1
  1. 1.University of JyväskyläJyväskyläFinland

Personalised recommendations