wtls.xml

The Kannel Open Source WAP and SMS gateway works as both an SMS gateway, for implementing keyword b

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V3.1//EN" [
		 <!ENTITY figtype "#FIGTYPE#">
		 <!ENTITY timestamp "#DATE#">
		 <!ENTITY version "#VERSION#">
]>

<!-- <!DOCTYPE book SYSTEM "docbookx.dtd"> -->
<book>
	<title>Guide to Mobile Internet Security</title>
	<chapter>
		<title>1  Introduction</title>
		<para>Welcome to the Alligata Server <citetitle>Guide to Mobile Internet Security</citetitle>. This guide is part of the Alligata Server Secure package. It supplements the Alligata Server User Manual, and explains how you can use Alligata Server Secure&apos;s encryption features to set up secure Wireless Application Protocol (WAP) services such as credit card transactions and exchange of private information across the Mobile Internet or a mobile intranet.</para>
		<para>This guide covers the following subjects:</para>
		<itemizedlist>
			<listitem>
				<para>How security is implemented on the Internet using cryptography, message hashing, digital certificates and digital signatures.</para>
			</listitem>
			<listitem>
				<para>How the Wireless Transport Layer Security (WTLS) component of the WAP stack extends security to the Mobile Internet.</para>
			</listitem>
			<listitem>
				<para>How to obtain the data items items you need to set up secure Mobile Internet services: asymmetric key pairs and digital certificates.</para>
			</listitem>
			<listitem>
				<para>How to configure Alligata Server Secure to offer secure WAP services.</para>
			</listitem>
		</itemizedlist>
	</chapter>
	<chapter>
		<title>2  Internet Security Overview</title>
		<para>For an understanding of security on the Mobile Internet, some knowledge is required of how security works on the terrestrial Internet. This section explains the ways in which confidential information sent across the Internet can be protected against interception, alteration and forgery by third parties.
</para>
		<section>
			<title>2.1 Aspects of Internet Security
</title>
			<para>To be considered entirely secure, any method of communication must offer the following features:
</para>
			<itemizedlist>
				<listitem>
					<para>
						<emphasis role="bold">Privacy</emphasis>. A message must not be readable by third parties between its source and its destination.</para>
				</listitem>
				<listitem>
					<para>
						<emphasis role="bold">Integrity protection</emphasis>. A message must reach its destination in the same form as it left its source, or else the fact that it has been altered in transit must be obvious to its recipient.</para>
				</listitem>
				<listitem>
					<para>
						<emphasis role="bold">Authentication.</emphasis> Means must exist for the recipient of a message to verify that its sender is trustworthy and genuine (that is, not impersonating a third party).</para>
				</listitem>
				<listitem>
					<para>
						<emphasis role="bold">Non-repudiation.</emphasis> The sender of a message must not be able to deny, at a later time, having sent it.</para>
				</listitem>
			</itemizedlist>
			<para>All these features are available on the Internet through the use of encryption, hashing, digital certificates, digital signatures and password protection. These techniques are discussed in detail later in this section. Firstly, it is important to know why they are necessary to begin with.
</para>
		</section>
		<section>
			<title>2.2 Insecurity of the Internet</title>
			<para>The Internet is not an inherently secure medium. A message sent across the Internet from one computer to another typically travels via several intermediate computers, called routers. Anyone with access to a router can inspect or modify data packets as they pass through it. Furthermore, before and after its journey across the Internet, data will often pass through a local area network (LAN). The architecture of most LANs is such that data packets from and to one computer on the network can freely be read by any other computer on it.
</para>
			<para>All this means that a message transmitted across the Internet can potentially be seen, and even altered, by hundreds of people (some known to the sender, others unknown) on its way to its destination.</para>
		</section>
		<section>
			<title>2.3 Secure Sockets Layer (SSL)
</title>
			<para>A solution to the problem of secure Internet communication was first developed by the software company Netscape in 1994. Netscape added a protocol layer, the <emphasis role="bold">Secure Sockets Layer (SSL)</emphasis>, on top of the Internet&apos;s TCP/IP protocol suite in its Navigator Web browser. SSL employs a collection of mathematical and computational techniques to allow data to be sent securely across the Internet in ways that meet all the criteria of privacy, integrity protection, authentication and non-repudiation. By 1998, SSL was firmly integrated into the infrastructure of the Internet as a whole, and was the main catalyst behind the e-commerce boom of the late 1990s. As Figure 1 shows, it can be used in conjunction with any of the higher-level Internet protocols, such as HTTP, File Transfer Protocol (FTP) and Internet Message Access Protocol (IMAP).
</para>
			<mediaobject>
				<imageobject>
					<imagedata fileref="fig1o&figtype;">
				</imageobject>
				<caption>
					<para>Figure 1: SSL&apos;s position among the Internet&apos;s protocols
</para>
				</caption>
			</mediaobject>
			<para>SSL uses the following methods to provide security across the Internet:
</para>
			<itemizedlist>
				<listitem>
					<para>
						<emphasis role="bold">Cryptography.</emphasis> This is the science of scrambling messages so that they cannot easily be understood by anyone other than their sender and their intended recipient. It enables privacy in Internet communications.</para>
				</listitem>
				<listitem>
					<para>
						<emphasis role="bold">Message hashing.</emphasis> A message is run through a computational algorithm to produce a message &apos;fingerprint&apos;, which can be used to verify that the message has not been altered in transit.</para>
				</listitem>
				<listitem>
					<para>
						<emphasis role="bold">Digital certificates.</emphasis> A digital certificate is a short electronic document that vouches for the authenticity of its holder. It is issued by an organisation called a <emphasis role="bold">certificate authority (CA)</emphasis> and is formatted in such a way that it is practically impossible to counterfeit.</para>
				</listitem>
				<listitem>
					<para>
						<emphasis role="bold">Digital signatures.</emphasis> A digital signature is a way of formatting a message so that it is traceable to one source, and one source only. Digital signatures enable non-repudiation in Internet transactions.</para>
				</listitem>
			</itemizedlist>
			<para>The methods used by SSL are generic mathematical and procedural ones, which can be applied to any secure means of communication. As we shall see in Section 3, they have already been adopted by the Mobile Internet&apos;s Wireless Transport Layer Security (WTLS) protocol (see Section 3), and they are likely to form the basis of any future developments in Internet security.
</para>
			<para>Sections 2.4 to 2.8 examine the elements of Internet security as they are implemented in SSL. 
</para>
		</section>
		<section>
			<title>2.4 Privacy</title>
			<para>The fundamental requirement of any method of secure communication is privacy. In inherently transparent media such as the Internet, this means finding ways of ensuring that even if a third party can see a message, they cannot understand it. The best way to achieve this is to scramble the message in a way that is systematic whilst being all but impossible to deduce from the scrambled message alone.
</para>
			<section>
				<title>2.4.1 Symmetric Key Cryptography</title>
				<para>SSL uses techniques of <emphasis role="bold">cryptography</emphasis> to scramble and unscramble data. Cryptography is the art of rendering information opaque by passing it through mathematical scrambling algorithms. The scrambling of information using cryptography is called <emphasis role="bold">encryption</emphasis>; its unscrambling is called <emphasis role="bold">decryption</emphasis>. </para>
				<para>In encryption, message data is passed through a mathematical algorithm involving a particular numeric value. This numeric value is called the <emphasis role="bold">key</emphasis>. In basic cryptography, a message can only easily be decrypted by someone with access to the key with which it was encrypted.
</para>
				<para>Other important cryptographic terms are:
</para>
				<itemizedlist>
					<listitem>
						<para>
							<emphasis role="bold">Plaintext:</emphasis> unencrypted data. Despite its name, the term usually refers to any kind of unencrypted data, whether textual, graphical, audio or binary.</para>
					</listitem>
					<listitem>
						<para>
							<emphasis role="bold">Ciphertext:</emphasis> data that has been encrypted.</para>
					</listitem>
					<listitem>
						<para>
							<emphasis role="bold">Cryptanalysis:</emphasis> the study of methods to &apos;break&apos; ciphertext (that is, deduce its original plaintext form) without direct access to its encryption key, encryption algorithm, or both.</para>
					</listitem>
				</itemizedlist>
				<para>An example of a very simple cryptographic algorithm is to add a value <replaceable>x</replaceable> (the key) to the code of each character in a message. To decrypt an encrypted message, its recipient must know both its encryption algorithm and the algorithm&apos;s key. They can then use the key to perform the inverse of the encryption operation on each character of the message. For example, if a message were encrypted by adding 6 to the code of each character in it, it would be decrypted by subtracting 6 from each code. Because the decryption operation is the exact inverse of the encryption operation, this type of cryptography is called <emphasis role="bold">symmetric key cryptography</emphasis>.
</para>
				<para>The algorithms that are actually used in symmetric key cryptography on the Internet are much more complex than this example, in order to be able to withstand attempts to crack them by trial-and-error (known as &apos;brute force attacks&apos;). Most symmetric agorithms encrypt messages not a character at a time, but a block of bits at a time (typically 64) ( a method called <emphasis role="bold">block cipher encryption</emphasis>). In block cipher encryption, a complicated series of transformations is applied to each block in turn, using a very long key (ideally at least 112 bits). In addition, a technique called <emphasis role="bold">cipher block chaining</emphasis> is often applied, whereby the result of the encryption of each block is used as a filter for the encryption of the next block (see Figure 2). Cipher block chaining hides any repeated patterns of data that occur in the plaintext message. (Such patterns are always a useful &apos;handle&apos; for malicious cryptanalysts.)
</para>
				<mediaobject>
					<imageobject>
						<imagedata fileref="fig2o&figtype;">
					</imageobject>
					<caption>
						<para>Figure 2: Cipher block chaining
</para>
					</caption>
				</mediaobject>
			</section>
			<section>
				<title>2.4.2 Public Key Cryptography
</title>
				<para>Advanced symmetric key cryptography offers very effective security for most purposes. (According to one estimate, there is not enough energy available in the solar system to perform a computational brute force attack against a 256-bit key.) However, symmetric key cryptography has an important limitation: before any encrypted communication can take place, the encryption key itself must be securely conveyed from the sender to the recipient. Symmetric key cryptography only allows this to be done by extraneous means. For example, the sender could send the key in an armoured van to the recipient (this is how banks install keys in their cash machines). Of course, this undermines the main advantage of the Internet over other forms of communication, namely its practicality.
</para>
				<para>To circumvent this limitation of symmetric key cryptography, another type of cryptography, called <emphasis role="bold">public key cryptography</emphasis> ( also known as <emphasis role="bold">asymmetric key cryptography</emphasis> ) is employed for the exchange of symmetric keys. Public key cryptography exploits the existence of a type of mathematical operation called a <emphasis role="bold">one-way function</emphasis>. A one-way function is one that is much easier to perform in one direction than in the other. A simple example of a one-way function is the multiplication of prime numbers: for instance, it is much easier to multiply 4253 by 5521 than it is to find the two prime factors of 23480813. (The multiplication of prime numbers plays a significant role in many cryptographic algorithms.)</para>
				<para>Public key cryptography uses advanced one-way functions, consisting of a mathematical algorithm and a numerical key, to encrypt data. Unlike in symmetric key cryptography, however, the key used to encrypt a message cannot be used to decrypt it. Decrypting the message requires a different key that is mathematically related to the encryption key, but for all practical purposes impossible to derive from it. Even knowing the encryption algorithm is no help in calculating the encryption key, for which reason the best-known encryption algorithms are kept in the public domain. (The thinking is that submitting encryption algorithms to the scrutiny of the world&apos;s cryptanalysts is the best way of testing their robustness. For example, the RSA algorithm used by Alligata Secure has so far yielded no significant weaknesses.)
</para>
				<para>Note that deriving a decryption key from an encryption key is always hypothetically possible; in fact, mathematically it is many times quicker to work out a private asymmetric key than it is to work out a symmetric key of the same length. Still, calculating a private assymetric key of 1792 bits should ( for the next few years, at least ) be all but computationally infeasible even using hundreds of thousands of computers working in parallel. Certainly, for almost every organisation in the world, it will be financially infeasible.
</para>
			</section>
			<section>
				<title>2.4.3 Cryptography in Practice
</title>
				<para>Let us suppose Brian wants to set up a secure Internet connection. He first uses an appropriate software tool to create an asymmetric key pair, consisting of one public and one private key. Others can then use his public key to encrypt messages to him, which he ( and no one else ) can read using his private key. In this way, anyone can send Brian a private message without going through the risk or inconvenience of exchanging symmetric keys beforehand.
</para>
				<para>Conversely, if Brian wants to send a message that others can be sure originated with him, he encrypts it using his private key, and others use his public key to read it. (This is the process of creating a <emphasis role="bold">digital signature</emphasis>, and is elaborated in Section 2.7.)
</para>
				<para>In practice, the complex mathematical processes used by public key cryptography make it rather slow for use with long messages. SSL therefore restricts its use of public key cryptography to the exchange of a symmetric key (see Section 2.3.1) between the client and the server at the start of a secure Internet session. This symmetric key is agreed on-the-fly between the client and the server and it is called the <emphasis role="bold">session key</emphasis>. After the session is over, it is discarded by both the client and the server.
</para>
				<para>The ways in which symmetric and asymmetric cryptography are combined in real Internet transactions are illustrated in Section 2.8.</para>
			</section>
		</section>
		<section>
			<title>2.5 Integrity Protection
</title>
			<para>We have seen how cryptography can be used to send messages across the Internet that are unreadable by third parties. However, this does not prevent third parties from blindly altering messages between their source and their destination. Depending on the content of the message, such alterations may be apparent to the recipient of the message or not. (For example, indiscriminate interference with a text message is usually easier to spot than with a block of binary data.)
</para>
			<para>
				<emphasis role="bold">Integrity protection</emphasis> is the term applied to techniques for verifying that a message reaches its intended recipient in exactly the same form as it leaves its sender. While integrity protection does not guarantee that a message will reach its desination unchanged, it does (virtually) guarantee that any change is obvious to the recipient.
</para>
			<section>
				<title>2.5.1 Hash Functions</title>
				<para>Integrity protection uses computational algorithms called <emphasis role="bold">hash functions</emphasis>. A hash function is a one-way function (see Section 2.3.2) into which data ( such as an Internet message ) is fed, and whose result is a value of a fixed length in bits. Passing a message through a hash function produces a <emphasis role="bold">hash value</emphasis> that is effectively a &apos;fingerprint&apos; of the message. This fingerprint is called the <emphasis role="bold">message digest</emphasis>. It is usually much shorter than the message itself.
</para>
				<para>The sender of a message computes its digest, encrypts the digest using their private key and sends it appended to the message. The recipient verifies the integrity of the message by decrypting the digest using the sender&apos;s public key, then running the message through the same hashing algorithm that produced the digest. If the message has been interfered with on its journey, the hash value calculated by the recipient will not match the value of the digest.
</para>
				<para>In fact, a matching hash value is not an absolute guarantee of integrity: a <emphasis role="bold">collision</emphasis> is theoretically possible, whereby the modified message happens to produce exactly the same hash value as the original message. However, collisions in good-quality hash functions are so rare that their calculation may be considered computationally intractable.
</para>
			</section>
		</section>
		<section>
			<title>2.6 Authentication
</title>
			<para>SSL allows privacy and integrity in Internet communications. However, without further measures, the anonymity of the Internet makes it easy for a user to impersonate another user. For example, a malicious party could create a Web site on which they masquerade as a respected organisation, set up a private connection for transactions, and begin obtaining money and credit card details from unsuspecting &apos;customers&apos;.
</para>
			<mediaobject>
				<imageobject>
					<imagedata fileref="fig3o&figtype;">
				</imageobject>
				<caption>
					<para>Figure 3: Creation of a message digest using a hash function
</para>
				</caption>
			</mediaobject>
			<section>
				<title>2.6.1 Digital Certificates
</title>
				<para>This problem is addressed by the use of <emphasis role="bold">digital certificates</emphasis>. A digital certificate is a message sent by one party to another at the beginning of a secure Internet session, verifying the sender&apos;s identity and vouching for their integrity. The certificate is obtained from an organisation called a <emphasis role="bold">certificate authority (CA)</emphasis>. The certificate is virtually impossible to forge, for reasons that are explained later.
</para>
				<para>Once a secure session has been requested by an Internet client such as a Web browser, it typically continues with the server sending the client its digital certificate. The server&apos;s digital certificate contains the following information:</para>
				<itemizedlist>
					<listitem>
						<para>The server&apos;s public key</para>
					</listitem>
					<listitem>
						<para>The certificate&apos;s serial number</para>