Skip to main content
SpringerLink
Log in

An End-to-End Authentication Protocol in Wireless Application Protocol

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2119))

Included in the following conference series:

Abstract

Mobile commerce is becoming more and more commonplace, but security is still a major concern. To provide security, the WAP (Wireless Application Protocol) forum suggests the WAP security architecture. However, it needs the WAP gateway for intermediate process between the WTLS (Wireless Transport Layer Security) and the SSL (Secure Socket Layer) protocol, and it does not guarantee end-to-end security between the mobile devices and the WAP servers. In this paper, we propose a new authentication protocol to solve this problem. Our solution is based on the design of a new network component that is called CRL-agent. Furthermore, we also analyze and evaluate the security strength of the proposed protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. WAP Forum: Wireless Application Protocol Architecture Specification, 1998.

    Google Scholar 

  2. WAP Forum: Wireless Application Protocol Wireless Transport Layer Security Specification, 1999.

    Google Scholar 

  3. WAP Forum: Wireless Application Protocol Public Key Infrastructure Definition, 2000.

    Google Scholar 

  4. David Wagner, Bruce Schneier: Analysis Of The SSL 3.0 Protocol. Proceedings of 2nd USENIX Workshop on Electronic Commerce 2104 USENIX Press, November 1997, pp. 29–40.

    Google Scholar 

  5. Markku-Juhani Saarinen: Attack Against The WAP WTLS Protocol. Communications and Multimedia Security Joint working conference IFIP TC6 and TC11 Katholieke Universiteit Leuven, 1999, Belgium.

    Google Scholar 

  6. Sami Jormalainen, Jouni Laine: Security In The WTLS. http://www.hut.fi/jtlaine2/wtls/, 1999.

  7. Steven M. Bellovin: Problem Areas For The IP Security Protocols. Proceedings of the Sixth USENIX Security Symposium, 1996, pp. 205–214.

    Google Scholar 

  8. Rolf Oppliger: Security Technologies For The World Wide Web. ARTECH HOUSE. INC, 2000.

    Google Scholar 

  9. Charles Arehart, Nirmal Chidambaram etc: Professional WAP. Wrox Press Ltd, 2000, pp. 10–41.

    Google Scholar 

  10. Peter Buhler, Thomas Eirich, Michael Stenier, Michael Waidner: Secure Password-Based Cipher Suite For TLS. In Symposium on Network and Distributed Systems Security (NDSS’ 00), pages 129–142, San Diego, CA, Internet Society, 2000.

    Google Scholar 

  11. S. Halevi and H. Krawczyk: Public-Key Cryptography And Password Protocols. In 5th ACM Conference on Computer and Communication Security”, San Francisco, California. ACM Press, 1998.

    Google Scholar 

  12. Steven M. Bellovin: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. Proceedings of the IEEE Symposium on research in Security and Privacy, Oakland, May 1992.

    Google Scholar 

  13. N. Haller: The S/KEY One-Time Password System. RFC 1760, Feb 1995.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Pukyong Nat’l Univ., 599-1, Daeyeon3-Dong, Nam-Gu, Pusan, 608-737, Republic of Korea

    Jong -Phil Yang & Weon Shin

  2. Division of Electronic, Computer and Telecommunication Engineering, Pukyong Nat’l Univ., 599-1, Daeyeon3-Dong, Nam-Gu, Pusan, 608-737, Republic of Korea

    Kyung -Hyune Rhee

Authors
  1. Jong -Phil Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Weon Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kyung -Hyune Rhee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Macquarie University, North Ryde, NSW, 2109, Australia

    Vijay Varadharajan  & Yi Mu  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yang, J.P., Shin, W., Rhee, K.H. (2001). An End-to-End Authentication Protocol in Wireless Application Protocol. In: Varadharajan, V., Mu, Y. (eds) Information Security and Privacy. ACISP 2001. Lecture Notes in Computer Science, vol 2119. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47719-5_21

Download citation

  • DOI: https://doi.org/10.1007/3-540-47719-5_21

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42300-3

  • Online ISBN: 978-3-540-47719-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation