Familiarity with some concepts relating to digital
communications and to security are required in order to understand
the points made later in this paper, and the place within the
communications process of the existing security solutions.
Protocol Stacks
There is an industry standard theoretical protocol stack that
was developed by the Open Systems Initiative (OSI) many years ago,
in part to facilitate a common understanding of the functionality
provided by a protocol stack and to facilitate comparisons between
different vendor's implementations.
This stack is shown in the diagram below.
The 'bottom most' layer of the OSI stack, Layer 1 or the
physical layer, defines the properties of the physical medium
through which communications are transmitted and the
characteristics of electrical transmission through that medium.
Above that is Layer 2, the data link layer. The data link layer
is responsible for the transmission of data over the physical
medium and also for the addressing of devices on the network.
The third layer is the network layer, which is responsible for
network addressing and for the routing of data between
networks.
The transport layer is the fourth layer and is responsible for
preparing data for transmission across the data-link. This includes
such functions as segmentation and reassembly of packets of
information, and also sequencing of packets and retransmission of
packets that get lost or corrupted.
Layer 5 is the session layer, which is responsible for
establishing and maintaining sessions between two devices across a
network. What exactly this entails depends on the protocols
involved.
Above layer 5 is the presentation layer, which is responsible
for translation and reformatting of data that is transmitted or
received over the network. This helps to facilitate communication
between computers that are based on different architectures and
which utilize different information representation schemes.
The last layer, layer 7, is the application layer, which is
responsible for identifying requests for remote resources and for
the reformatting of those requests as remote requests. This allows
applications to operate independently of the location of the
services that they utilize.
Although the details of the actual protocol stack will vary
depending on a whole host of factors (such as the type of network,
where the client or server device resides) in general in the wired
world certain participants in the stack are more common and more
typical than others. The mapping of the wired protocol stack onto
the OSI model is as follows:
Ø Physical layer - UTP
or co-axial cable
Ø Data link Layer -
Ethernet, Token-ring, FDDI or PPP
Ø Network layer -
IP
Ø Transport layer -
TCP or UDP
Ø Session layer -
TCP
Ø Presentation -
varies, but could be NetBIOS or XDR
Ø Application layer -
depends on the service being invoked; a typical example is HTTP
In the wireless world a similar kind of mapping exists, although
with different protocols at each layer. The mapping of both the
fixed-wire and WAP protocol stacks is shown in the diagram
below:
The WAP protocol stack contains the following elements:
Ø Physical and Data link
layers - depends in part on the type of wireless network, but
with WAP it will be PPP over one or more over-the-air bearer
protocols.
Ø Network layer - IP
is the network layer protocol of choice, although not all wireless
networks are capable of transmitting IP, so SMS or some other
non-packet network protocol may be used.
Ø Transport layer -
the transport layer protocol of choice is UDP, but it may not be
feasible over non-IP networks. For this and other reasons, WAP
defines an additional transport layer protocol, WDP, which can be
used where UDP cannot.
Ø Session layer - In
the wireless world some of the functionality of the session layer
is incorporated into WTP, while other aspects are included with
WSP.
Ø Presentation layer -
this functionality is included in WSP.
Ø Application layer -
some aspects of application layer functionality are taken care of
by WSP, whereas others are implemented in the Wireless Application
Environment.
Encryption
Cryptography is the study of encryption, or the science of
encoding data into another format that cannot easily be decoded or
understood, using some sort of mathematical algorithm. The
mathematical algorithms are based on an intractable (difficult to
solve) problem. There are two of these problems that are commonly
used for encryption: one is finding the prime factors of a very
large integer; the other is finding the logarithm of a very large
number to a known base.
Developing and proving the robustness of an encryption algorithm
(called a cipher) is extremely difficult, so there are
relatively few of these algorithms in existence. If everyone used
the same few algorithms their effectiveness at concealing
information would be severely limited, so the algorithms use keys,
which are strings of bits, to 'customize' the behavior of the
algorithm. What this means, in effect, is that the same algorithm
can be used to encode the same original information twice using two
different keys and produce two completely different encoded forms.
This helps to make these algorithms useful for multiple people from
the point of view that in order to decode the message both the
algorithm and the key have to be known.
In general, the strength of the algorithm (usually defined in
terms of how much effort is required to decode an encoded message)
depends on the length of the key. Unfortunately the relationship is
not actually that simple, because keys of equivalent lengths can
provide different levels of protection when used with different
algorithms. Therefore there is no general rule about how long a key
should be, although some guidelines do exist for various
algorithms. The problem with these guidelines is that as computer
power increases the ease with which algorithms can be cracked also
increases, so it is necessary to be constantly aware of advances in
this area.
All cryptographic algorithms, because of their computationally
intensive nature (remember they are dealing with intractable
mathematical problems) are computationally expensive, which is a
nice way of saying that they are slow on most computers. This has
implications in most applications, where processing power is not
unlimited and where response times count. However, it is also true
that not all algorithms are equally computationally expensive.
In particular, there is a class of ciphers that are particularly
expensive, but which provide some particularly useful features.
These are called asymmetric ciphers. Their less
computationally expensive counterparts are called symmetric
ciphers. Symmetric ciphers make use of the same key to both
encode and decode the data.
The problem with these types of ciphers is that both the party
encoding the message and the party decoding the message need to
have a copy of the key, and finding a secure way to exchange the
key is an intractable problem in its own right. Asymmetric ciphers
make use of a complex mathematical property of the underlying
algorithms that allows two different keys to be used - one for
encryption, and one for decryption. The key that is used for
encryption is known as the public key, and is derived from
the private key, which is used for decryption. This
arrangement means that there is no need to exchange keys, as the
public key cannot be used for decryption, so it doesn't matter if
it falls into the wrong hands. The private key has to be carefully
guarded, but this is relatively easy to achieve, as there is no
need for anyone other than the rightful owner to be given access to
the key.
One way that we can address some of the performance issues
associated with encryption, yet still make use of the most robust
encryption methods available, is to make use of symmetric ciphers
for most encryption and asymmetric ciphers to facilitate the
exchange of the symmetric keys. In fact it is a little bit more
complex than this, because these mechanisms of key exchange are
often not used to exchange the symmetric key itself, but are
instead used to exchange a piece of information called the
pre-master secret, which is exchanged in encrypted
format using asymmetric encryption. This pre-master secret can be
used in conjunction with public and private keys to generate a
secret key that is used for the symmetric encryption. The means by
which this is achieved is quite clever, but I am not going to
attempt to explain it here because there isn't enough space to go
into all of the mathematics and the detail of how the ciphers work,
which would be required to understand how it is done.
Certificates
Certificates are a convenient place for storing and
managing public keys. They also form the basis of authentication in
digital communications, being the digital equivalent of a passport.
Like a passport, they have to be issued by a recognized authority
and contain certain things that allow the subject's identity to be
confirmed and the certificate's validity to be ascertained. The
former is achieved by including some identifying information on the
subject, along with the subject's public key. The latter is
achieved by certificates being issued by a recognized Certification
Authority, and being digitally signed by that authority. The
Certification Authority's signature is widely and publicly
available for use in validating the certificate.
Digital signatures are based on hash algorithms (also
called message digests), which produce a 'digested' version,
called the hash code, of the text that they take as input.
The hash function is deterministic, which means that the
hash value that it produces is dependent on the text that it takes
as input in such a way that any alteration in the text produces a
significant change in the hash code. A good hash function is also a
one-way function, meaning that the function cannot be
derived from the hash value and the input text, and it is also
collision resistant, which means that no two input values
should produce the same hash value. Digital signatures are based on
a special type of hash function that takes a key as input, as well
as the original text. This means that the hash value is dependent
on both the input text and the key, and therefore if you and I both
sign some text using our own keys, the hash value produced will be
different. In this sense digital signatures are slightly unlike
real-world signatures, in that they will vary depending on the
content that is being signed, which also makes them almost
impossible to forge.
Certificates are fairly complex documents, and are usually
presented and validated on behalf of the user without any human
intervention. This has two ramifications:
Ø The certificates end up
stored on computer, floppy disks, etc.
Ø It is impossible to track
down copies of certificates if it becomes necessary to change or
replace one
The first of these issues causes some problems in the
wireless-world, which we will investigate later on. The second is
addressed by means of Certificate Revocation Lists (CRLs).
These are lists that are maintained by the Certification
Authorities of certificates that have been issued, but that have
become invalid for some reason or another. CRLs should be consulted
before simply accepting a certificate as being valid.
Because of the large universal need for certificates, it is not
feasible for a single organization to be responsible for the
administration of all certificates, so there is a facility whereby
certification authority can be delegated to other organizations.
Any organization, theoretically, can act as a certification
authority, and many organizations fulfill that capacity for
certificates used internally, for example by employees. However,
certificates that are valid in the public domain have to be
certified by a recognized authority. Certificate chains make this
feasible; by chaining certificates to the certificates that certify
their authenticity a trail is built back to some authority that can
be deemed to be acceptable.
Email TopXML