Enabling Technologies for Wireless E-Business phần 3 pps
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.68 MB, 41 trang )
3
W
i
re
l
ess Secur
i
ty 69
3.4.3 WWAN
S
ecur
i
t
y
In
f
rastructure
Thi
s sect
i
on ta
lk
s a
b
out t
h
e
most use
d
GSM commun
i
cat
i
on system an
d
t
h
e cur
-
rent most popular 3G s
y
stems. There are man
y
standards for the 3G s
y
stems, but
we
p
ick Universal Mobile Telecommun
i
cations S
y
stem (UMTS) for its compati-
bility with GSM, to better demonstrate how the server assisted security mecha-
nism o
p
erates.
T
h
e
S
ecur
i
ty
A
rc
hi
tecture
W
WAN covers a very
b
roa
d
serv
i
ce area
i
n a
hi
erarc
hi
ca
l
structure cons
i
st
i
ng o
f
many V
i
s
i
te
d
Locat
i
on Reg
i
sters
(
VLRs
)
. W
i
t
h
suc
h
vast amount of VLRs, t
h
e
ir
computation and stora
g
e abilit
y
are na
t
urall
y
limited b
y
c
o
s
t, causin
g
it infeasible
t
o store all the subscriber data, and a more
p
owerful centralized server is calle
d
f
or, which is HLR/AuC (Home Location Register/ Authentication Center).
Fig. 3.16 shows the GSM communication infrastructure and, in general, the
Au
C
wou
ld
b
e attac
h
e
d
to a HLR
i
n a secure env
i
ronment.
Th
e Aut
h
ent
i
cat
i
on Center
(
AuC
)
secure
l
y stores t
h
e secret
k
eys of a
ll
su
b-
scribers for later user authentication pu
rposes. Other personal information not in-
u
u
volved
wi
t
h
a
u
t
he
nt
ic
at
io
n
is
s
t
o
r
ed
o
n
th
e HLR. Bes
id
es,
i
t
i
s assume t
h
at t
h
ere
i
s
a secure channel between HLR/AuC and the
v
isited network for delivering sensi
-
tive information, such as user authentication
i
nformation for assisting visited net
-
w
or
k
prov
id
ers
i
n aut
h
ent
i
cat
i
ng t
h
e user.
Th
e VLR, w
hi
c
h
i
s t
h
e v
i
s
i
te
d
networ
k
prov
id
ers, aut
h
ent
i
cates t
h
e user
b
ase
d
o
n t
he
i
nf
o
rmat
io
n
ob
ta
i
ne
d
from HLR
/
Au
C
. It
i
s no
d
ou
b
t t
h
at HLR
/
Au
C
i
s t
h
e
k
e
y
to successfu
lly
aut
h
ent
i
cate
b
ot
h
t
h
e MS an
d
t
h
e VLR. T
h
e aut
h
ent
i
cat
i
n
g
ca
-
p
abilit
y
of the HLR/AuC comes from the ke
y
share
d
w
ith MS. Based on the
knowled
g
e of this ke
y
, the correspondin
g
authenticator can b
e
de
ri
ved
t
o
co
n
v
in
ce
F
ig. 3.16
.
GSM communication infrastructure
GS
M
A
ut
h
ent
i
cat
i
on
F
ig
. 3.17
ill
ustrates t
h
e GSM
a
ut
h
ent
i
cat
i
on process. T
h
e c
h
a
ll
en
g
e
/
response secu-
r
i
t
y
mec
h
an
i
sm
i
s use
d
for aut
h
ent
i
cat
i
on
i
n t
h
e GSM. Because t
h
e HLR
/
AuC
s
hares a secret ke
y
Ki with the MS, the HLR/AuC can retrieve the MS’s secret ke
y
Ki and
g
enerate a random number RAND to help the VLR verif
y
the MS locall
y
when the MS is checking in the visited network.
t
o t
h
e VLR t
h
at t
h
e MS
i
s t
h
e a
ll
ege
d
one. T
hi
s way, t
h
e user
i
s approve
d
to
access t
h
e resources w
i
t
hi
n v
i
s
i
te
d
n
etwor
k
w
i
t
h
out o
b
stac
l
e.
70
Below shows the associated
p
rocedure.
1
. App
l
y t
h
e secret
k
ey K
i
an
d
t
h
e ran
d
om RAND to t
h
e A3 a
l
gor
i
t
h
m to
2.
App
ly
t
h
e secret
k
e
y
K
i
an
d
t
h
e ran
d
om RAND to t
h
e A8 a
lg
or
i
t
h
m to
com
p
ute
K
C
= A8(Ki, RAND), where the A8 is also an algorithm known
between the HLR/AuC and the MS.
F
i
g. 3.17.
GS
M aut
h
ent
i
cat
i
on
Th
e HLR
/
AuC transm
i
ts t
h
e tr
i
p
l
et
(
RAND, XRES, K
C
)
to t
h
e VLR. W
i
t
h
t
h
e
u
se of the triplet, the procedure
f
or the VLR to verif
y
the MS is as follows.
1
.
T
he VLR sends the RAND as a challen
g
e to intend the MS to send back an
appropr
i
ate response.
2.
U
pon receivin
g
the RAND, the MS computes SRES and
K
C
a
s
th
e
s
am
e
a
s
HLR
/
AuC’s process, an
d
t
h
en sen
d
s t
h
e resu
l
t
b
ac
k
to t
h
e VLR.
After rece
i
v
i
n
g
t
h
e SRES returne
d
from t
h
e MS, t
h
e VLR w
ill
ver
i
f
y
w
h
et
h
e
r
t
he responded SRES matches the expected XRES. Because the secret ke
y
is onl
y
k
nown
by
t
h
e HLR
/
AuC an
d
t
h
e MS, t
h
e VLR can
b
e conv
i
nce
d
t
h
at t
h
e MS
i
s
a
uthentic onl
y
if the secret ke
y
is well-protected and SRES=XRES. Furthermore,
to
secu
r
e
t
he
co
mm
u
n
ic
at
io
n
be
t
wee
n
th
e MS an
d
VLR, a sess
i
on
k
e
y
K
C
c
an al
so
W
B. L
e
e
compute XRES = A3(Ki, RAND), where the A3 is an al
g
orithm known
b
etween t
h
e HLR
/
AuC an
d
t
h
e MS.
3
W
i
re
l
ess Secur
i
ty 71
b
e
d
er
i
ve
d
an
d
ver
i
f
i
e
d
i
n t
h
e aut
h
ent
i
cat
i
on process. After t
h
at
,
t
h
e transm
i
tte
d
messa
g
e can be encr
y
pted and decr
y
pted b
y
A5 with the session ke
y
K
C
.
Bec
a
use
of the secrec
y
of the session ke
y
, the confidentialit
y
between MS and VLR can be
g
uaranteed.
V
ulnerabilities
T
he problems with native GSM security are summarized as follows [3.35, 3.36,
3
.37
]
.
1
.
SIM/ME interface: SIM/ME interface of MS lacks
p
ro
p
er
p
rotection an
d
can be potentiall
y
exploited
t
o cause messa
g
es to be leaked out. However,
t
he system’s security is yet guarded
b
y the SIM algorithm.
2
. Attacks on the algorith
m
A
3/8: In April 1998, Wagner and Goldberg suc
-
cessfu
ll
y crac
k
e
d
COMP-128 w
hi
c
h
ma
d
e use of A3
/
8. W
i
t
h
aroun
d
160,000 chosen plaintext
attack attempts launched, Ki could be compro-
t
mi
sed.
Attacks on the algorithm A5/1: A5/1 has also been found to contain a weak-
n
ess. Biryukov and Shamir [3
.
38] devised the metho
d
o
f “time-memory trade
-
off”, w
hi
c
h
exp
l
o
i
ts connect
i
ons
b
etween a
l
gor
i
t
h
m state an
d
k
ey stream sequence
to
d
er
i
ve Kc.
U
MT
S
A
ut
h
ent
i
cat
i
on
Thi
r
d
g
enerat
i
on
(
3G
)
mo
bil
e p
h
ones ar
e
c
h
aracter
i
se
d
by
high
er rates of
d
at
a
transm
i
ss
i
on an
d
a r
i
c
h
er ran
g
e of serv
i
ces an
d
Un
i
versa
l
Mo
bil
e Te
l
ecommun
i
ca-
tions System (UMTS) is one of the new 3G systems. An important characteristic
of UMTS is that the new radio access network is connected to an evolution of the
GS
M core networ
k
.
Th
e pr
i
nc
i
p
l
es of UMTS secur
i
ty are, t
h
erefore,
bu
ild
on t
h
e secur
i
ty of GSM
by
a
d
opt
i
n
g
t
h
e secur
i
t
y
features from GSM t
h
at
h
ave prove
d
to
b
e nee
d
e
d
an
d
t
h
at are ro
b
ust, an
d
correct
i
n
g
t
h
e pro
bl
ems w
i
t
h
GSM
by
a
dd
ress
i
n
g
secur
i
t
y
w
eaknesses
[
3.35, 3.38
]
.
T
he new securit
y
features for UMTS, not addressed in GSM, are listed as
fo
ll
ows.
1
.
P
r
ovide
m
u
t
u
a
l
a
u
t
he
nt
ic
at
io
nan
d
i
nte
g
r
i
t
y
protect
i
on of cr
i
t
i
ca
l
s
ig
na
lli
n
g
p
roce
d
ures to
gi
ve
g
reater protect
i
on a
g
a
i
nst fa
l
se
b
ase stat
i
on attac
k
s.
2
.
3.
Encrypt
i
on term
i
nates at t
h
e ra
di
o networ
k
contro
ll
er.
4.
U
MTS adopts the same architecture as GSM; embracin
g
its benefits and re-
p
lacin
g
the existin
g
securit
y
problems. Like GSM, UMTS also emplo
y
s a server
Establish a cipher ke
y
and inte
g
rit
y
ke
y
and assure user that cipher
/
inte
g
rit
y
ke
y
s’ freshness.
Ad
opt open
d
es
i
gn a
l
gor
i
t
h
m
s f1 to f9 w
i
t
h
l
ong
e
r
k
ey
l
engt
h
(
128-
bi
t
)
i
nstea
d
of m
y
ster
y
A3, A5, an
d
A8 a
lg
or
i
t
h
ms.
72
ass
i
ste
d
secur
i
ty mo
d
e
l
. T
h
erefore, HLR
/
AuC
i
s respons
ibl
e for oversee
i
ng
i
n
-
with independent MS. For a specific security service the pre-shared master key is
used in accompanying with a dedicated algorithm, to generate a corresponding
s
erv
i
ce
k
ey. Because on
l
y MS an
d
HLR
/
AuC
h
o
ld
s t
h
e master
k
ey, on
l
y t
h
ey w
ill
b
e a
bl
e to generate t
h
e serv
i
ce
k
eys, an
d
s
i
nce HLR
/
AuC w
ill
su
b
sequent
l
y
b
e-
s
tow the possession of the service ke
y
s to the VLR, VLR and MS will be able to
l
ocall
y
authenticate each other to initiate the services.
3.5 Summary
In t
hi
s c
h
apter, we out
li
ne
d
var
i
ous pract
i
ca
l
so
l
ut
i
ons t
h
at can
b
e use
d
to over-
co
m
e
th
ose
intrin
s
i
c
r
es
tri
c
ti
o
ns
that ar
e
inh
e
r
e
nt in th
e
m
ob
il
e
dev
i
ces
an
d
th
e
w
ir
e
l
ess
e
n
v
ir
o
nm
e
nt t
o
r
e
aliz
e
th
e
man
y
securit
y
requirements. We discussed the
wireless equivalent of public key cryptosys
t
e
m; the use of WPKI certificate to re-
s
olve verification of
p
ublic key’s ownership. Furthermo
r
e, we introduced elli
p
tic
curve cryptograp
h
y, an a
l
ternate approac
h
to convent
i
ona
l
pu
bli
c
k
ey cryptogra-
ph
y, w
hi
c
h
i
s su
i
ta
bl
e for app
li
cat
i
ons un
d
er resource-constra
i
ne
d
con
di
t
i
ons.
Des
p
ite so, several
p
ractical issues concernin
g
ECC still remain t
o
be
r
eso
l
ved.
For instance, findin
g
an efficientl
y
wa
y
to determine an appropriate base poin
t
G
and a suitable elliptic curve is still undergoing more research. And ever since
Koblitz demonstrated, in the
2
0
01 EuroCrypto, the
e
ffectiveness of the Weil Par-
i
ng property on t
h
e Super S
i
ngu
l
ar E
lli
pt
i
c Curve for
h
an
dli
ng aut
h
ent
i
cat
i
on
p
ro
bl
ems, a
dil
emma
b
etween c
h
oos
i
ng t
h
e more secure Non-S
i
ngu
l
ar E
lli
pt
i
c
Curve or the relatively less secure but of
fering the Paring property Super Singular
f
f
E
lliptic Curve, has emer
g
ed.
Finally, due to the mobility characteristics, mobile devices will invariably face
authentication difficulties whe
n
entering a foreign visited network. With the hel
p
of t
h
e server, muc
h
of t
h
e aut
h
ent
i
cat
i
on comp
li
cat
i
on can
b
e re
li
eve
d
.
Additionally, if we want to enjoy the ad
vantages of a broader coverage area and
d
d
b
etter mo
bili
t
y
transm
i
ss
i
on performa
n
ce from
b
ot
h
WWAN an
d
WLAN, t
h
e
i
n-
teropera
bili
t
y
amon
g
t
h
ese two
h
etero
g
eneous networ
k
s must
b
e so
l
ve
d
. W
i
t
hi
n
the sever-assisted model, the role of a server is the answer to this
p
roblem. O
f
course, the vulnerabilities inh
e
r
ited from the underlying environments must be
a
l
so carefu
ll
y eva
l
uate
d
to fac
ili
tate t
h
e poss
ibl
e so
l
ut
i
on.
For t
h
e t
i
me
b
e
i
ng, t
h
e top
i
c of
m
obil
e secur
i
ty w
hil
e not o
b
s
truct
i
ng t
h
e prac
-
t
i
ca
l
d
eman
d
of eff
i
c
i
enc
y
w
ill
rema
i
n as an area of act
i
ve researc
h
for man
y
y
ears
t
o
co
m
e.
W
B
.
L
e
e
di
v
id
ua
l
’s secur
i
t
y
requ
i
rements: mutua
l
aut
h
ent
i
cat
i
on,
i
nte
g
r
i
t
y
, an
d
anon
y-
m
i
t
y
. T
h
e wa
y
to accomp
li
s
h
t
hi
s
g
oa
l
i
s t
h
rou
gh
g
uar
di
n
g
of a master
k
e
y
s
h
are
d
All th
e
co
mm
u
ni
c
ati
o
n n
e
t
wo
rk
s
d
i
scussed
in thi
s
sec
ti
o
n
used
v
ari
ous
l
eve
l
s
of server assistance with the common
g
oal of achievin
g
the different securit
y
mec
h
an
i
sms.
3
W
i
re
l
ess Secur
i
t
y
7
3
References
1. R. Rivest, A. Shamir and
L
. Adleman (1978) A me
t
h
od for obtainin
g
di
g
ital
si
g
natures and public ke
y
cr
y
ptos
y
st
e
m
s, Communications of the ACM, 21,
pp
.
120
-
126
.
2. W. Barker
(
1991
)
Introdu
c
tion to the Analysis of
t
he Data Encryption Stan
-
d
ar
d
(
DES
)
. Laguna H
ill
s,
C
A: Aegean Par
k
Press.
3. J. Daemen an
d
V. R
ij
men
(
2001
)
R
ij
n
d
ae
l
: T
h
e A
d
vance
d
Encrypt
i
on Stan-
d
ar
d.
Dr
.
D
obb
s Journal.
’
’
4
. Public-Ke
y
Infrastructure (X.509) PKIX, h
t
tp://www.ietf.or
g
/html.charters
/
p
kix-charter.html
5. Internet X.509 Public Key Infrastructure Certificate and CRL Profile,
6
. WPKI, W
i
re
l
ess Pu
bli
c Key Infrastructure Def
i
n
i
t
i
on, WAP Forum, 24
Apr
il
2001.
7. Internet X.509 Pu
bli
c Ke
y
Infrastructure Cert
i
f
i
cate an
d
CRL Prof
il
e,
8
. Internet X.509 Public Key Infrastructu
r
e
– On-line Certificate Status Proto-
co
l
- OCSP
,
IETF RFC 2560
,
M. Myers, R. An
k
ney, A. Ma
l
pan
i
,
S. Ga
l
per
i
n, an
d
C. A
d
ams, June 1999.
9. N. Ko
bli
tz
(
1987
)
E
lli
pt
i
c Curve Cr
y
ptos
y
stem, Mat
h
emat
i
cs of Computa
-
ti
on
,
48
,
203-209.
1
0. W. Diffie and M. E. Hellmn
(
1976
)
New Directions in Cr
y
pto
g
raph
y
, IEEE
T
ransactions on Information Theor
y.
V. IT-22, n.6,
pp
. 644-654.
1
1. B. Do
d
son an
d
A. Lenstra
(
1995
)
NF
S
w
i
t
h
four
l
arge pr
i
mes: an exp
l
os
i
ve
experiment, Advances in Cryptology-CRYPTO’
9
5.
’
’
1
2. A.M. O
dly
z
k
o
(
1995
)
T
h
e future
o
f
i
nte
g
er factor
i
zat
i
on, Cr
y
ptoB
y
tes,
l(
2
)
.
1
3. IEEE P1363, Stan
d
ar
d
Spec
i
f
i
cat
i
ons for Pu
bli
c Ke
y
Cr
y
pto
g
rap
hy
,
b
a
ll
o
t
draft, 1999. Drafts available at http://
g
rouper.ieee.or
g
/
g
roups/1363
/
i
n
de
x
.
html
.
1
4. ISO
/
IEC 14888-3
,
Informat
i
on Tec
hn
o
l
ogy - Secur
i
ty Tec
h
n
i
ques - D
i
g
i
ta
l
S
i
gnatures w
i
t
h
Appen
di
x - Part 3: Cert
i
f
i
cate Base
d
-
Mec
h
an
i
sm
,
1998.
1
5. ANSI X9.62, Pu
bli
c Ke
y
Cr
y
pto
g
rap
hy
for t
h
e F
i
nanc
i
a
l
Serv
i
ces In
d
ustr
y
:
Th
e E
lli
pt
i
c Curve D
igi
ta
l
S
ig
n
a
t
ure A
lg
or
i
t
h
m
(
ECDSA
)
, 1999.
1
6. ANSI X9.63, Public Ke
y
Cr
y
pto
g
raph
y
for the Financial Services Industr
y
:
E
lliptic Curve Ke
y
A
g
reement and Ke
y
Transport Protocols, workin
g
draft,
August 1999.
1
7. National Institute of Standards
a
nd Technology, Digital Signature Standard,
FIPS Pu
bli
cat
i
on 186-2
,
Fe
b
ruar
y
2000. Ava
il
a
bl
e at
h
ttp:
//
cstc.n
i
st.
g
ov
/
f
i
ps.
1
8. WAP W
i
re
l
ess Transport La
y
er Secur
i
t
y
Spec
i
f
i
cat
i
on, WAP Forum, 5 No-
vember 1
999
.
1
9. P.L. Mont
g
omer
y
(1985) Modular Multiplication without trial division,
Mathematics of Com
p
utati
o
n,
44
,
pp
. 5
19
-5
21
.
R. Housle
y
, et al., Januar
y
1999.
R. Hous
l
ey, et a
l
., January 1999.
7
4
W
B
.
L
e
e
20.
Menezes, T. O
k
amoto an
d
S. Vanstone
(
1993
)
Re
d
uc
i
n
g
e
lli
pt
i
c curve
l
o
g
a
-
rithms to lo
g
arithms in a finite field, IEEE Tran
s
a
c
ti
o
n
s
o
n Inf
o
rmati
o
n
T
heor
y
, 39,
pp
. 1639-1646.
21.
S
emaev
(
1998
)
Evalu
a
tion of discrete logarithms in a
g
roup of p-torsio
n
p
oints of an elli
p
tic curve in c
h
a
racteristic
p
, Mathematics of Com
p
utation,
6
7, pp.
3
5
3
-
3
5
6
.
22.
N. Smart
(
1999
)
T
h
e
d
i
screte
l
o
g
ar
i
t
h
m pro
bl
e
m
on e
lli
pt
i
c curves of trace
one, Journal of Cr
y
ptolo
gy
, 12, pp. 193-196.
23
.
T
. Satoh and K. Araki
(
1998
)
Fermat
q
uotients and the
po
l
y
nomial time dis-
crete log algorithm for anomalous elli
p
tic curves, Comme
n
t
arii Mathematici
Universitatis Sancti Pauli
,
4
7,
pp
.
81
-
92
.
24.
D. S
h
an
k
s
(
1971
)
C
l
ass num
b
er, a t
h
eor
y
of factor
i
zat
i
on an
d
g
enera. In
19
6
9
Num
b
er T
h
eor
y
Inst
i
tute
(
Proc. S
y
mpos. Pure Mat
h
.
,
Vo
l
. XX
,
State
Univ. New York, Ston
y
Brook, N
y
. 196
9
),
pp
. 415-440. Amer. Math. Soc.,
Providence, RI.
2
5
.
C
erticom ECC Challenge, Novemb
e
r 1997, htt
p
://www.certicom.com.
26.
T
om Karygiannis and Les Owens
(
2002) Wireless Network Security:
802.11
,
B
l
uetoot
h
an
d
Han
dh
e
ld
Dev
i
ces, NIST Spec
i
a
l
Pu
bli
cat
i
on 800-
48
.
2
7.
IEEE P802.11i/D10.0 (2004) Medium Access Control (MAC) Securit
y
En
-
hancements, Amendment 6 to IEEE Standard for Information technolo
gy
–
T
elecommunications and information ex
c
h
ange between systems – Local
and metro
p
olitan area netw
o
rks – S
p
ecific re
q
uirements – Part 11: Wireless
Me
di
um Access Contro
l
(
MAC
)
an
d
P
h
ys
i
ca
l
Layer
(
PHY
)
Spec
i
f
i
cat
i
ons.
28.
L
. B
l
un
k
an
d
J. Vo
llb
rec
h
t
(
1998
)
PPP Ext
e
ns
ibl
e Aut
h
ent
i
cat
i
on Protoco
l
(EAP), IETF RFC 2284.
2
9.
W
ireless LAN Securit
y
White Paper, Cisco S
y
stems, co.
com/war
p
/
p
ublic/cc/
p
d/witc/ao1
2
00ap/prodlit/wswpf_wp.pdf.
30
.
H. Andersson, S. Josefsson, G.
Z
orn, D. Simon, and A. Palekar (2002) Pro-
Z
Z
t
ecte
d
EAP Protoco
l
(
PEAP
)
, IETF.
31.
B. A
b
o
b
a an
d
D. S
i
mon
(
1999
)
P
P
P
EAP TLS Aut
h
ent
i
cat
i
on Protoco
l,
IETF RF
C
2716.
32
.
C
. He an
d
J.C. M
i
tc
h
e
ll
(
200
4
)
Ana
ly
s
i
s of t
h
e 802
.
1
1
i
4-Wa
y
Han
d
s
h
a
k
e,
Proceedings of the 2004 ACM workshop on Wireless security, pp. 43-50.
33
.
C
. He and J.C. Mitchell, Security Analysis and Improvements for IEEE
802.11
i,
h
ttp:
//
www.
i
soc.org
/i
soc
/
conferences
/
n
d
ss
/
05
/
procee
din
g
s
/
papers
/
NDSS05
-
1107.
p
df, 2005.
34
.
Dictionar
y
Attack on Cisco LEAP Vulnera
b
ilit
y
, Reversion 2.1, Cisco S
y
s
-
tems, />p/public/707/cisco-s
r
r
n-20030802-lea
p
.
p
df.
35
.
P.S. Pagliusi (2002) A Contemporary Foreword on GSM Security, Proceed
-
i
ngs of t
h
e Internat
i
ona
l
Conference on Infrastructure Secur
i
ty, LNCS No.
243
7, pp.
12
9-144, Spr
i
nger-Ver
l
ag.
3
Wireless Securit
y
7
5
36. K. Boman, G. Horn, P. Howar
d
an
d
V. N
i
em
i
(
2002
)
UMTS Secur
i
t
y
, E
l
ec
-
tron
i
cs & Commun
i
cat
i
on En
gi
neer
i
n
g
Journa
l
, 14
(
5
)
, pp. 191-204.
37. G.M. Koien (2004) An Introduction to Access Security in UMTS, IEEE
W
i
re
l
ess Commun
i
cat
i
on, 11
(
1
)
, pp. 8-18.
38. B
i
ryu
k
ov, A. S
h
am
i
r, an
d
D. Wagner
(
2002
)
Rea
l
T
i
me Cryptana
l
ys
i
s of
A5/1 on a PC, in FSE 2000, LNCS No. 1978, S
p
.
4 Wireless Application Protocol
W
. Kou
I
SN National Ke
y
Laborator
y
, Xidian Universit
y
, P.R. China
4.1 Introduction
T
he wireless a
pp
lication
pr
otocol
(
WAP
)
is a suite of emerging standards to en-
able mobile Internet a
pp
lications. The WAP standards have been created as a re
-
s
ult of the WAP Forum that was formed i
n
June 1997 by Ericsson, Motorola, an
d
Nokia. The WAP Forum is designed to assist
the convergence of
t
two fast-grow
i
ng
networ
k
tec
h
no
l
og
i
es, name
l
y, w
i
re
l
ess commun
i
cat
i
ons an
d
t
h
e Internet. T
h
e
convergence
i
s
b
ase
d
on rap
idl
y
i
ncreas
i
ng
n
um
b
ers of mo
bil
e p
h
one users an
d
t
h
e
d
ramati
c
e
ff
ec
t
o
f
e
-
bus
in
ess
ove
r th
e
In
te
rn
e
t
.
Th
e
co
m
b
inati
o
n
o
f th
ese
t
wo
technolo
g
ies will have a bi
g
impact on current e-business practice, and it will
create hu
g
e market potential.
In this cha
p
ter, a detailed intr
o
duction to WAP is
p
rese
n
ted, including the appli-
cation environment and various protocols. The security aspect in the present Inter-
net env
i
ronment
i
s
d
ea
l
t w
i
t
h
i
n
S
ect. 4.3.
4.2 Wireless Application Protocol
4.2.1 Overv
i
ew
T
he WAP standards consist of a varie
t
y of architecture components, including an
tt
app
li
cat
i
on env
i
ronment, scr
i
pt
i
ng an
d
ma
rk
up
l
anguages, networ
k
protoco
l
s, an
d
s
ecur
i
ty features. T
h
ese components an
d
features
t
oget
h
er
d
ef
i
ne
h
ow w
i
re
l
ess
d
ata
h
an
d
sets commun
i
cate over t
h
e w
i
re
l
ess networ
k,
an
d
h
ow content an
d
ser
-
vices are delivered. With the WAP standards, a wireless data handset can establish
a connection to a WAP-com
p
liant wireless infrastructure, re
q
uest and receive the
content and services, and
p
resent them to t
h
e
end user. This WAP-com
p
liant wire
-
l
ess infrastructure may include the han
d
s
et, the server side infrastructure, such as
the proxy server (WAP gateway), t
h
e
Web server, the a
pp
lication server, and the
network operator (telecommunication company). The WAP architecture is shown
i
n F
i
g. 4.1.
T
he WAP architecture can also be
p
resented throu
g
h t
h
e WAP
p
rotocol stack
shown in Fi
g
. 4.2. The WAP protocol stack covers the complete picture fro
m
4 Wireless A
pp
lication Protocol 77
Fi
g. 4.
2
. T
h
e WAP
p
rotoco
l
stac
k
b
earers to app
li
cat
i
ons. T
h
e
b
earers are t
h
e var
i
ous w
i
re
l
ess networ
k
s t
h
at
W
AP
c
urrent
ly
supports. T
h
e
transport
l
a
y
er
i
s an
i
nterface common to t
h
e un
d
er
lyi
n
g
w
ireless network, and it provides a constant service to the upper la
y
ers in the
W
AP stack, such that the bearer services are transparent to the upper la
y
ers. In
o
t
h
er wor
d
s, w
i
t
h
t
h
e transport
l
ayer, t
h
e spec
i
f
i
c networ
k
c
h
aracter
i
st
i
cs can
b
e
m
as
k
e
d
. T
h
e secur
i
ty
l
ayer prov
id
es secur
i
ty for t
h
e transport
l
ayer,
b
ase
d
on t
h
e
thi
n c
li
ents. T
h
e sess
i
on
l
ayer prov
id
es
th
e app
li
cat
i
on
l
ayer w
i
t
h
t
h
e capa
bili
ty to
select connection-oriented or connectionless services. The application la
y
er deals
wi
t
h
a genera
l
-purpose env
i
ronment for a
ppli
cat
i
ons.
T
h
e WAP protoco
l
s
i
n F
i
g. 4.2
i
nc
l
u
de
w
i
re
l
ess a
ppli
cat
i
on env
i
ronmen
t
(WAE), wireless session
p
rotocol (WSP), wireless transaction
p
rotocol (WTP),
i
n
d
ustry stan
d
ar
d
protoco
l
an
d
t
h
e tr
a
nsport
l
ayer secur
i
ty
(
TLS
)
protoco
l
. T
h
e tran-
saction la
y
er provides a li
g
htwei
g
ht transa
c
t
ion-oriented
p
rotocol for mobile
78 W
. Kou
w
i
re
l
ess transport
l
ayer secur
i
ty
(
WTLS
)
,an
d
w
i
re
l
ess
d
atagram protoco
l
(
WDP
)
.
In Sects. 4.2.2–4.2.6, we discuss these
p
rotocols with s
p
ecial focus on WAE.
4.2.2 Wireless A
pp
lication Environment
W
AE cons
i
sts of a set of stan
d
ar
d
s t
h
at co
ll
ect
i
ve
ly
d
ef
i
ne a
g
roup of formats fo
r
w
i
re
l
ess app
li
cat
i
ons an
d
d
own
l
oa
d
a
bl
e content. WAE spec
i
f
i
es an app
li
cat
i
on
f
ramework for wireless devices, such as
c
ellular phones, pagers, and PDAs. WAE
has two logical layers, namely, user-agent layer and format-and-service layer. The
components of the user-agent layer in
c
lude browsers, phone books, message edi-
tors, an
d
ot
h
er
i
tems on t
h
e user
d
ev
i
ce s
id
e, suc
h
as w
i
re
l
ess te
l
ep
h
ony app
li
cat
i
on
(
WTA
)
agent. T
h
e components of t
h
e format-an
d
-serv
i
ce
l
ayer
i
nc
l
u
d
e common
el
ements an
d
formats access
ibl
e to t
h
e user agents, suc
h
as WML, WMLScr
i
pt,
an
d
WAP
bi
nar
y
XML content format
(
WBXML
)
.
A WAP m
i
cro
b
rowser
h
as t
h
e fo
ll
ow
i
n
g
capa
bili
t
i
es:
•
Submission of re
q
uests to the server
•
Rece
p
tion of res
p
onses from the server
•
Conversion of and
p
arse the data
•
Interpretat
i
on from WML an
d
WMLScr
i
pt f
il
es
•
A
bili
t
y
to
i
nteract w
i
t
h
th
e appropr
i
ate WAP
l
a
y
er
•
L
oca
l
cac
h
e an
d
var
i
a
bl
e mana
g
emen
t
•
W
ireless session
p
r
o
tocol processin
g
•
E
ffective management of local hardware resources, such as RAM, ROM,
s
ma
ll
screen, an
d
i
nput an
d
output
W
i
re
l
ess Mar
k
up Language
Wi
re
l
ess mar
k
up
l
anguage
(
WML
)
i
s a
l
anguage
b
ase
d
on t
h
e extens
ibl
e mar
k
up
l
anguage
(
XML
)
. WML
i
s opt
i
m
i
ze
d
for sma
ll
screens an
d
li
m
i
te
d
memory capac-
ity, and for content intended for light
weight, wireless devices such as mobile
t
t
ph
ones an
d
persona
l
digi
ta
l
ass
i
stants
(
PDAs
)
.
A WML
d
ocument
i
s ca
ll
e
d
d
ec
k
. A pa
g
e of a WML
d
ocument
i
s ca
ll
e
d
car
d
.
A
dec
k
co
n
s
i
s
t
s
o
f
o
n
e
or
mo
r
e
c
ar
ds.
Ea
c
h
deck is identified b
y
an individual
URL address, similar to an HTML pa
g
e. A WML deck requires a browser tha
t
w
ill f
o
rmat th
e
dec
k f
o
r t
h
e
be
n
e
fit
o
f th
e
use
r
.
Th
e
b
r
owse
r
de
t
e
rmin
es
th
e
final
sh
ape of t
h
e
d
ec
k
. Somet
i
mes, peop
l
e use
th
e ana
l
ogy of HTML to exp
l
a
i
n WML.
In t
h
e ana
l
ogy, a WML
d
ec
k
correspon
d
s to an HTML page. However, t
h
ere are
di
fferences
b
etween a WML
d
ec
k
an
d
an HTML page. W
hil
e eac
h
HTML f
il
e
i
s a
si
n
gl
e v
i
ewa
bl
e pa
g
e, a WML
d
ec
k
ma
y
c
onta
i
n mu
l
t
i
p
l
e car
d
s, eac
h
of w
hi
c
h
i
s a
s
eparate v
i
ewa
bl
e ent
i
t
y
. WML f
il
es are store
d
as stat
i
c text f
il
es on a server. Dur
-
i
n
g
the transmission fr
o
m
the server to the browser, the WML files are encoded in
b
inar
y
format b
y
the wireless connection
g
atewa
y
an
d
th
e
n
se
nt t
o
th
e
b
r
owse
r
.
T
his is also different from HTML, where there is no need for such an encodin
g
p
rocess.
4 W
i
re
l
ess App
li
cat
i
on Protoco
l
W
ML contains commands for navigation in decks. Each WML command has
two core attr
ib
utes, name
l
y,
id
an
d
c
l
ass. T
h
e
id
i
s t
h
e attr
ib
ute for an
i
n
di
v
id
ua
l
name to t
h
e e
l
ements
i
ns
id
e a
d
ec
k,
whil
e t
h
e c
l
ass
i
s t
h
e attr
ib
ute t
h
at
li
n
k
s t
h
e
el
ement to one or severa
l
groups. A WML
d
ec
k,
at
i
ts most
b
as
i
c
l
eve
l,
i
s con
-
s
tr
uc
t
ed
fr
o
m a
se
t
o
f
ele
m
e
nt
s.
E
le
m
e
nt
s
ar
e
id
e
nt
i
f
i
e
d
by
ta
g
s
,
which
ar
e
e
n-
c
l
ose
d
i
n an
g
u
l
ar
b
rac
k
ets. Eac
h
e
l
ement must
i
nc
l
u
d
e a start ta
g
(
<e
l_
ta
g
>
)
an
d
an en
d
ta
g
(
<
/
e
l_
ta
g
>
)
.
Th
e content
i
s
i
nc
l
u
d
e
d
b
etween t
h
e start an
d
en
d
ta
g
s. An
e
mpt
y
element that has no c
o
ntent can be abbreviated by
a single tag (<el_tag/>).
y
Because WML is based on the XML lan
g
ua
g
e, a WML document must follo
w
t
h
e
XML r
u
l
e
t
o
co
ntain the XML-specified document t
y
p
e
definition
(
DTD
)
a
t
th
e
b
eg
i
nn
i
ng of t
h
e WML co
d
e, w
hi
c
h
i
s referre
d
to as
d
ec
k
h
ea
d
er or
d
ocumen
t
p
ro
l
og, as fo
ll
ows:
<
?
xm
l
ve
r
sio
n=“1
.
0”
?
>
<!D
OC
TYPE wm
l
P
U
BLI
C
“-
//W
APF
O
R
U
M
//
DTD
W
ML 1.1
//
EN”
h
ttp:
//
www.wapforum.o
r
g/
DTD
/
wm
l_
1.1.xm
l
>
A deck is defined b
y
the <wml> and </wml> ta
g
s that are required in ever
y
W
ML document. Within a deck, each card is defined b
y
the <card> and </card>
ta
g
s. Bot
h
<wm
l
>⋅⋅
⋅
<
/w
m
l
> an
d
<
c
ar
d
>⋅⋅⋅
</
car
d
> are formatt
i
n
g
comman
d
s. T
h
e
<
w
m
l>
⋅⋅⋅
<
/w
m
l
>
co
mman
ds
su
mmar
i
z
e
t
he
deck.
T
he
<
c
ar
d>
⋅⋅⋅
<
/c
ar
d
>
co
m
-
mands summarize the text, ima
g
es, input fields, and an
y
other ob
j
ects of a card in
th
e
dec
k
.
Car
d
s are t
h
e
b
as
i
c un
i
ts of WML
,
d
ef
i
ni
ng an
i
nteract
i
on
b
etween a mo
bil
e
d
ev
i
ce an
d
t
h
e user. Eac
h
car
d
may conta
i
n t
h
ree
di
fferent groups of e
l
ements:
content e
l
ements
(
suc
h
as text, ta
bl
es,
a
n
d
i
mages
)
, tas
k
s an
d
events
(
suc
h
as
<onevent>, <t
i
mer>, an
d
<
d
o>
)
, an
d
d
ata
e
ntr
y
(
suc
h
as <
i
nput> an
d
<se
l
ect>
)
.
WML
S
cr
i
pt
W
MLScr
i
pt
i
s a s
i
mp
l
e scr
i
pt
i
n
g
la
n
g
ua
g
e
b
ase
d
on ECMAScr
i
pt
(
ECMA-262
s
tan
d
ar
d)
w
i
t
h
mo
di
f
i
cat
i
ons to
b
etter
s
upport
l
ow-
b
an
d
w
id
t
h
commun
i
cat
i
on an
d
thin clients. WMLScri
p
t is
p
ar
t
of the WAP application layer.
t
W
MLScript complements the WML b
y
add
i
n
g
simple formattin
g
capabilities to
make the user interfaces more readable, for example, the capabilities of checkin
g
the validity of user input and generating m
e
ssages and dialog locally to reduce the
need for ex
p
ensive round-tri
p
t
o
show alerts. These ca
p
abilities are not su
pp
orte
d
b
y WML as the content of WML is
s
tatic. WMLScri
p
t
p
rovides
p
rogrammable
f
unct
i
ona
li
t
y
t
h
at can
b
e
used over narrowband comm
unication links in clients
m
m
w
i
t
h
li
m
i
te
d
capa
bili
t
i
es. W
i
t
h
WMLScr
i
pt, more a
d
vance
d
user
i
nterface func
-
t
ions can be supported and intelli
g
e
n
ce
c
an
be
a
dded
to the client. WMLScri
pt
also
p
rovides access to the device and its peripheral functionalit
y
, and reduces the
am
ou
nt
o
f
b
an
dw
i
d
th that i
s
n
eeded
f
o
r
sen
d
in
g
data back an
d
f
o
rth
be
t
wee
n th
e
server and the client.
W
MLScri
p
t is similar to JavaScri
p
t. For e
x
a
m
p
le, WMLScri
pt
i
ncludes a num
-
ber of operators such as assignment and arithmetic operators, which are similar to
th
ose
i
n JavaScr
i
pt. However, t
h
ere are ma
j
or
di
fferences
b
etween WMLScr
i
p
t
an
d
JavaScr
i
pt. F
i
rst, WML conta
i
ns
r
eferences to t
h
e
U
RL a
dd
ress of
a
79
W
MLScr
i
pt funct
i
on, w
h
ereas JavaScr
i
pt funct
i
ons are norma
lly
em
b
e
dd
e
d
i
n t
h
e
HTML code. Second, WMLScri
p
t must be com
p
iled into bi
n
a
r
y
WMLScript code
p
rior to its execution in a WAP device,
w
hile there is no such re
q
uirement for
J
avaScri
p
t.
Although WMLScript is based on ECMASc
r
i
p
t as mentioned earlier, there are
differences between WMLScri
p
t and ECMAScri
p
t. First, like JavaScri
p
t,
E
CMAScript is not encoded in a binary form while WMLScri
p
t has to be. Second,
to form WMLScript, many advanced feat
ures of the ECMAScript language have
t
t
b
een
d
roppe
d
to ma
k
e WMLScr
i
pt sma
ll
er
a
n
d
eas
i
er to comp
il
e
i
nto
bi
nar
y
W
MLScr
i
pt co
d
e.
W
MLScript s
y
ntacticall
y
resembles C lan
g
ua
g
e. It has basic t
y
pes, variables,
e
x
p
ressions, and statements. Unlike C, WMLScri
p
t cannot be used to write
stand-alone applications. There is no built-in support for reading and wr
iting
r
f
iles. Because it is an i
n
terpreted language, scripts or f
unctions can run only in the
f
f
p
resence of an inter
p
reter, which is supplied as part of the WAP user agent.
W
MLScr
i
pt
i
s a wea
kly
t
y
pe
d
an
d
o
bj
ect-
b
as
ed
l
an
g
ua
g
e,
i
n w
hi
c
h
var
i
a
bl
es must
b
e
d
ec
l
are
d
b
efore t
h
e
y
can
b
e use
d
i
n express
i
on. In WMLScr
i
pt, t
h
ere
i
s no ma
i
n
p
ro
g
ram or rout
i
ne. Funct
i
ons are create
d
to perform spec
i
f
i
c tas
k
s an
d
t
h
e
y
are
i
nvoked throu
g
h a WML call. When a
W
MLScri
p
t function is invoked, the WAP
g
atewa
y
accesses the source code, compiles it into binar
y
WMLScript code, an
d
th
e
n
se
n
ds
th
e
e
x
ecu
tion function to the WAP user a
g
ent. WMLScript code is
written in normal text files wit
h
the file extension “wmls.”
Each WMLScript file contains at least
one function. Each function is composed
t
of statements that perform the appropriate processing. The structure of
a
WMLScr
i
pt funct
i
on
i
s as fo
ll
ows:
e
xtern funct
i
on funct
i
on_xyz
(
parameter
li
st
)
{//
start of t
h
e statements
s
tatement
_
1;
s
tatement
_
2;
s
tatement
_
n;
}// end of the statements
W
ith this structure and the file e
x
t
ension “xmls,” a sim
p
le WMLScri
p
t exam
p
le
t
o set a
d
ay of t
h
e wee
k
, w
hi
c
h
i
s
i
nc
l
u
d
e
d
i
n t
h
e f
il
e name
d
“set
d
ay.xm
l
s,”
i
s
li
ste
d
as fo
ll
ows:
e
xtern
f
un
c
ti
on SetDay
(
g
i
venDay
)
{
i
f
(gi
venDa
y
> 0 &&
gi
venDa
y
<=7
)
{
var newDa
y
=
gi
venDa
y
;
}
e
lse {
newDay=1;
}
return newDay;
}
T
o
i
nvo
k
e a WMLScr
i
pt funct
i
on, a
r
eference to t
h
e WMLScr
i
pt funct
i
on mus
t
b
e
i
nc
l
u
d
e
d
i
n a
W
ML
d
ocument. T
h
e ca
ll
w
ill
b
e route
d
from t
h
e
W
AP
b
rowser
80 W
.Ko
u
4 W
i
re
l
ess App
li
cat
i
on Protoco
l
throu
g
h the WAP
g
atewa
y
to
th
e
se
r
ve
r
.
Th
e
se
r
ve
r t
h
e
n sends the binar
y
W
MLScri
p
t code to the WAP browser.
T
he WAP browser has an inter
p
reter,
which is able to execu
t
e WMLScript programs in their binary format. Using our
e
xam
p
le, the reference to the WMLScri
p
t can be as sim
p
le as follows:
<
d
o t
y
pe=“ACCEPT”
l
a
b
e
l
=“Set Da
y
”>
<! Ca
lli
n
g
t
h
e WMLScr
i
pt funct
i
on: >
<
g
o
h
ref=“set
d
a
y
.xm
l
s
#
SetDa
y
($(
g
ivenDa
y
))”/>
<
/do
>
Wireless Telephony Application Interface and
Wireless Telephony Applications
d
One of the ma
j
or mobile services is voice. How can we set u
p
a call or receive an
i
ncomin
g
call usin
g
a WAP-enabled mo
b
i
le device? This is the
p
roblem that wire
-
l
ess telephony application interface (WTAI) addresses. WTAI is designed to allow
wireless network o
p
erators access the telephony features of WAP device. Through
ei
t
h
er a WML
d
ec
k/
car
d
or WMLScr
i
pt, us
i
n
g
t
h
e WTAI funct
i
on
lib
rar
i
es, a
mo
bil
e p
h
one ca
ll
can
b
e set up an
d
an
i
ncom
i
n
g
ca
ll
can
b
e rece
i
ve
d
. In a
ddi
t
i
on,
t
ext messa
g
es can
b
e sent or rece
i
ve
d
, an
d
p
h
one
b
oo
k
entr
i
es can
b
e man
i
pu
l
ate
d
on the WAP device.
W
ireless telephon
y
application (WTA) is a collection of telephon
y
-specific ex
-
te
n
s
i
o
n
s
f
o
r
c
all an
d
f
e
at
u
r
e
co
ntr
o
l m
ec
hani
s
m
s
that mak
e
a
dv
an
ced
m
ob
il
e
n
e
t
-
work services available to the mobile users. It provides a bridge between wireless
t
elephony and data. The WTA app
l
ications can use the privileged WTAI.
From the architecture
p
oint of view,
a
WTA server communicates with the
WAP gateway to
d
e
li
ver an
d
manage te
l
ep
h
o
ny serv
i
ces; on t
h
e c
li
ent s
id
e, t
h
ere
i
s a WTA framewor
k,
w
hi
c
h
h
as t
h
ree components as fo
ll
ows:
1
. User agent
.
T
hi
s agent supports t
h
e WTAI
lib
rar
i
es
,
ren
d
ers WML
,
an
d
e
xecutes WMLScri
p
ts.
2.
R
epositor
y
. It
p
rovides
p
ersistent client-si
d
e stora
g
e for wireless telephon
y
a
pp
lications.
3
.
E
vent han
d
ling
.
This deals with incoming
-
call and call-connected events to
be delivered to a wireless telephony app
l
ication for processing, which may
also invoke WMLScript library interfaces to initiate and control telephon
y
operat
i
ons.
Wi
re
l
ess te
l
ep
h
ony supports
i
n WAP ma
ke
WAP su
i
ta
bl
e for creat
i
ng mo
bil
e
applications through voice services. The compact
form, encryption, and error hand-
t
li
n
g
capa
bili
t
i
es of WAP ena
bl
e cr
i
t
i
ca
l
w
i
re
l
ess pa
y
ment transact
i
ons.
WBXML
WAP
bi
nar
y
XML content format
(
WBXML
)
i
s
d
ef
i
ne
d
i
n t
h
e
bi
nar
y
XML con-
t
ent format specification in the WAP standard set. This format is a compact binary
re
p
resentation of the XML. The main
p
ur
p
ose is to reduce the transmission size o
f
XML
docu
m
e
nt
s
o
n narr
owb
an
d
co
mm
u
ni
c
ati
o
n
c
hann
e
l
s.
A binary XML document is com
posed of a sequence of elements and each ele-
m
m
ment may
h
ave zero or more attr
ib
utes. T
h
e e
l
ement structure of XML
i
s pre
-
s
erve
d
w
hil
e t
h
e format enco
d
es t
h
e parse
d
ph
ys
i
ca
l
form of an XML
d
ocument.
81
T
his allows user a
g
ents to ski
p
elements and data that
a
r
e
n
o
t
u
n
de
r
s
t
ood.
In t
e
rm
s
of enco
di
ng, a to
k
en
i
ze
d
structure
i
s u
s
e
d
to enco
d
e an XML
d
ocument. T
h
e net
-
wor
k
b
yte or
d
er
i
s
bi
g-en
di
an, t
h
at
i
s,
th
e most s
i
gn
i
f
i
cant
b
yte
i
s transm
i
tte
d
f
i
rst.
W
i
t
hi
n a
b
yte,
bi
t-or
d
er
i
s a
l
so
bi
g-en
di
an, name
l
y, t
h
e most s
i
gn
i
f
i
cant
bi
t f
i
rst.
4.2.3 Wireless Session Protocol
WSP
i
s a protoco
l
fam
ily
i
n t
h
e WAP arc
hi
tecture, w
hi
c
h
prov
id
es t
h
e WAP ap-
pli
cat
i
on
l
a
y
er w
i
t
h
a cons
i
stent
i
nterface for sess
i
on serv
i
ces.
WS
P esta
bli
s
h
es a
sessio
n
be
t
wee
n t
he
clie
nt an
d
t
he
WAP
g
atewa
y
to prov
id
e content transfer: t
h
e
client makes a re
q
uest, and then
t
h
e
se
r
ve
r an
swer
s
with a repl
y
t
hrou
g
h the WAP
g
atewa
y
. WSP supports the efficien
t
operation of a WAP microbrowser runnin
g
o
n th
e
c
li
e
nt
dev
i
ce
w
ith limit
e
d capacit
y
and communicatin
g
over a low
-
bandwidth wireless network. The WSP brows
i
n
g applications are based on the
HTTP 1.1 standard
,
and inc
o
rp
orated with additional features that are not include
d
i
n t
h
e HTTP protoco
l
, for
e
xamp
l
e, t
h
e connect
i
on to t
h
e server w
ill
not
b
e
l
os
t
w
h
en a mo
bil
e user
i
s mov
i
n
g
, resu
l
t
i
n
g
i
n a c
h
an
g
e from one
b
ase stat
i
on to
an
o
t
he
r
.
T
he
o
t
he
r a
ddi
t
io
na
l
f
eatures that WSP supports include:
f
f
•
B
inar
y
enco
d
in
g
.
Given the low bandwidth of the wireless network, the
e
fficient binar
y
encodin
g
of the content to be transferred is necessar
y
fo
r
mobile Internet a
pp
lications.
•
Data pus
h
f
unctiona
l
ity
.
Data pus
h
funct
i
ona
li
ty
i
s not supporte
d
i
n t
h
e
HTTP protoco
l
. A pus
h
i
s w
h
at
i
s
p
erforme
d
w
h
en a WSP server transfers
th
e
d
ata to a mo
bil
e c
li
ent w
i
t
h
o
u
t a prece
di
ng request
f
rom t
h
e c
li
ent.
W
SP supports t
h
ree pus
h
mec
h
an
i
sms for
d
ata transfer, name
ly
, a con
-
fi
rme
d
d
ata pus
h
w
i
t
hi
n an
e
x
i
st
i
n
g
sess
i
on context,
a
n
o
n-
co
nf
i
rm
ed
d
ata
p
us
h
w
i
t
hi
n an ex
i
st
i
n
g
sess
i
on co
n
text, an
d
a nonconf
i
rme
d
d
ata pus
h
without an existin
g
session context.
•
C
apabilit
y
ne
g
otiation
:
M
obile clients and servers can ne
g
otiate various
p
arameters for t
h
e sess
i
on esta
bli
s
h
me
n
t
s, for examp
l
e, max
i
mum out
-
s
tan
di
ng requests an
d
protoco
l
opt
i
ons.
•
Session suspen
d
/resum
e
.
It a
ll
ows a mo
bil
e user to sw
i
tc
h
off an
d
on t
h
e
mo
bil
e
d
ev
i
ce an
d
to cont
i
nue operat
i
on at t
h
e exact po
i
nt w
h
ere t
h
e
d
ev
i
ce
w
a
s
swi
t
ched
o
ff
.
WS
P offers two
di
fferent s
e
rv
i
ces, name
ly
, t
h
e connect
i
on-or
i
ente
d
serv
i
ce an
d
th
e
co
nn
ec
ti
o
nl
ess
se
r
v
i
ce.
Th
e
co
nn
ec
ti
o
n-
o
r
i
e
nt
ed
se
r
v
i
ce
ha
s
t
he full ca
p
abili
-
ties of WSP. It o
p
erates
o
n to
p
of the wireless transaction
p
rotocol (WTP), su
p
-
p
orts session establishment, method invocation, push messa
g
es, suspend, resume
an
d
sess
i
on term
i
nat
i
on. T
h
e connect
i
on
l
ess serv
i
ce
i
s su
i
ta
bl
e for t
h
ose s
i
tuat
i
ons
where high reliability is not required, or
the overhead of session establishment and
r
re
l
ease can
b
e avo
id
e
d
. It supports on
l
y
b
as
i
c
request-rep
l
y an
d
pus
h
, an
d
d
oes not
re
ly
on WTP.
82
W. Ko
u
4 W
i
re
l
ess App
li
cat
i
on Protoco
l
4.2.4 Wireless Transaction Protocol
T
he wireless transaction
p
rotocol o
p
erates on top of a secure or insecure data
g
ra
m
s
ervice.
W
TP introduces the notio
n
of a transaction that is defined as a re
q
uest
with its res
p
onse. This transacti
o
n
model is well suited for Web content re
q
uests
and res
p
onses. It does not handle st
r
e
am-based a
pp
lications
(
such as telnet
)
well.
W
TP is responsible for delivering the improved reliability over datagram ser
-
v
i
ce
b
etween t
h
e mo
bil
e
d
ev
i
ce an
d
t
h
e s
e
r
ver
b
y transm
i
tt
i
ng ac
k
now
l
e
d
ge mes
-
s
ages to conf
i
rm t
h
e rece
i
pt of
d
ata an
d
b
y retransm
i
tt
i
ng
d
ata t
h
at
h
ave not
b
een
ac
k
now
l
e
d
ge
d
w
i
t
hi
n a s
u
i
ta
bl
e t
i
meout per
i
o
d
. WTP sup
p
orts an a
b
ort funct
i
on
t
h
rou
gh
a pr
i
m
i
t
i
ve erro
r
h
an
dli
n
g
. If an error occurs,
s
uc
h
as t
h
e connect
i
on
b
e
i
n
g
b
ro
k
en
d
own, t
h
e transact
i
on
i
s a
b
orte
d
.
W
TP
i
s messa
g
e or
i
ente
d
an
d
i
t prov
id
es t
h
ree
di
fferent t
y
pes of transact
i
on
services, namely, unreliable one-way, reliable one-way, and reliable two-way. The
t
ransaction type is set by t
h
e
initiator and is contained in the service re
q
uest mes
-
sage sent to t
h
e respon
d
er. T
h
e unre
li
a
bl
e one-way transact
i
ons are state
l
ess an
d
cannot
b
e a
b
orte
d
. T
h
e respo
nd
er
d
oes not ac
k
now
l
e
d
ge t
h
e
message from t
h
e
i
n
i-
ti
ator. T
h
e re
li
a
bl
e one-way transact
i
ons prov
i
d
e a re
li
a
bl
e
d
atagram serv
i
ce t
h
a
t
e
na
bl
es t
h
e app
li
cat
i
ons to prov
id
e re
li
a
bl
e
p
us
h
serv
i
ce. T
h
e re
li
a
bl
e two-wa
y
t
ransact
i
ons prov
id
e t
h
e re
li
a
bl
e request
/
response transact
i
on serv
i
ces.
4.2.5 Wireless Transport La
y
er Securit
y
Th
e w
i
re
l
ess transport
l
a
y
er secur
i
t
y
(
WTLS
)
protoco
l
i
s a secur
i
t
y
protoco
l
b
ase
d
o
n th
e
transport layer security protocol
(TLS) [10] (see Sect. 4.5). TLS is a deriva-
l
t
i
ve
o
f th
e
secure sockets layer
(SSL), a widely used security
r
p
rotocol for Interne
t
applications and pa
y
ment over the Internet. WTLS has been o
p
timized for the
w
i
re
l
ess commun
i
cat
i
on env
ir
o
nment. It operates a
b
ove t
h
e transport protoco
l
l
ayer
.
W
TLS
i
s f
l
ex
ibl
e
d
ue to
i
ts mo
d
u
l
ar
d
es
i
g
n
.
Depen
di
ng on t
h
e requ
i
re
d
secur
i
t
y
l
eve
l
, we can
d
ec
id
e w
h
et
h
er WTLS
i
s to
b
e use
d
or not. WTLS prov
id
es
d
ata
i
nte
g
r
i
t
y
,
d
ata conf
id
ent
i
a
li
t
y
, aut
h
ent
i
cat
i
on, an
d
d
en
i
a
l
-of-serv
i
ce protect
i
on.
Data
i
nte
g
r
i
t
y
i
s to ensure t
h
at
d
ata
se
nt
be
t
wee
n a m
obile
s
tat
io
n an
d
a
wi
r
eless
application server are unchan
g
ed and uncorrupted. Data confidentialit
y
is to en-
su
r
e
that
d
ata tran
s
mitt
ed
be
t
wee
n
t
he mobile station and the wireless a
pp
lication
server are private to the sender and the receiver, and one not
g
oin
g
to be under
-
stoo
d
b
y any
h
ac
k
ers. Aut
h
ent
i
cat
i
on
i
s to c
h
ec
k
t
h
e
id
e
nt
i
ty of t
h
e mo
bil
e stat
i
on
an
d
t
h
e w
i
re
l
ess app
li
cat
i
on server. Den
i
a
l
-of-ser
v
i
ce protect
i
on
i
s to prevent t
h
e
u
pper protoco
l
l
a
y
ers from t
h
e
d
en
i
a
l
-o
f
-serv
i
ce attac
k
s
by
d
etect
i
n
g
an
d
re
j
ect
i
n
g
d
ata t
h
at are rep
l
a
y
e
d
or not successfu
lly
ver
i
f
i
e
d
.
83
4.2.6 Wireless Datagram Protocol
The wireless datagram protocol (WDP) in
the WAP architecture specifies how dif-
n
ferent existing bearer services should be used
to provide a consistent service to the
d
upper layers. WDP is used to hide the
d
ifferences among the underlying beare
r
networks. WDP layer operates above the bearer services and provides a consistent
i
nterface to the WTLS layer.
D
i
fferent
b
earers
h
ave
di
fferent c
h
aract
e
r
i
st
i
cs. T
h
e
b
earer serv
i
ces
i
nc
l
u
d
e
sh
ort message, c
i
rcu
i
t-sw
i
tc
h
e
d
d
ata, an
d
pac
k
et
d
ata serv
i
ces. S
i
nce WAP
i
s
d
e-
si
gne
d
to operate over t
h
e
b
earer serv
i
ces,
a
n
d
s
i
nce t
h
e
b
earers offer
di
fferent
t
y
pes of qualit
y
of service
w
ith respect to throu
g
hpu
t
,
error rate, and dela
y
s, the
WDP is desi
g
ned to adapt the
t
ransport la
y
er to specific fe
a
t
ures of the underl
y
in
g
bearers. The ada
p
tation results in a famil
y
of protocols in the WDP la
y
er, dealin
g
with each supported bearer network protocol. When a message is transmitted
t
hrough WAP stack, depending on the
u
nderlying bearer network, a differen
t
WDP protoco
l
may
b
e use
d
. F
o
r examp
l
e, for an IP
b
earer, t
h
e user
d
atagram pro
-
t
oco
l
(
UDP
)
must
b
e a
d
opte
d
as t
h
e WDP protoco
l
, an
d
for a s
h
ort message ser-
v
i
ce
(
SMS
)
b
earer, t
h
e use of t
h
e source an
d
d
est
i
nat
i
on port num
b
ers
b
ecomes
man
d
ator
y
.
4.2.7 Gateway
F
ig
. 4.
3
W
A
P
g
atewa
y
A WAP
g
atewa
y
(shown in Fi
g
. 4.3) is a prox
y
server that sits between the mobile
network and the Internet. The purpose of this prox
y
server is to translate between
HTTP an
d
WS
P. T
h
e reason for t
h
e trans
l
at
i
on
i
s t
h
at t
h
e
W
e
b
serv
e
r connecte
d
to
t
h
e Internet un
d
erstan
d
s on
l
y t
h
e HTTP protoco
l
, w
hil
e t
h
e WAP-ena
bl
e
d
mo
bil
e
c
li
ent un
d
erstan
d
s on
l
y t
h
e WSP. T
h
e WAP
g
ateway a
l
so converts an HTML f
il
e
i
nto a WML
d
ocument t
h
at
i
s
d
es
ig
ne
d
for sma
ll
-screen
d
ev
i
ces. In a
ddi
t
i
on, t
h
e
W
AP
g
atewa
y
comp
il
es t
h
e WML pa
g
e
i
nt
o
bi
nar
y
WML, w
hi
c
h
i
s more su
i
ta
bl
e
f
or t
h
e mo
bil
e c
li
ent. T
h
e WAP
g
atewa
y
i
s
t
ransparent to
b
ot
h
t
h
e mo
bil
e c
li
en
t
and the Web server.
F
ig. 4.4 shows the WAP model using the WAP gateway. How the WAP gate-
w
ay processes a typ
i
ca
l
request for a
d
ocument can
b
e
ill
ustrate
d
as fo
ll
ows:
.
84 W
.Ko
u
4 W
i
re
l
ess App
li
cat
i
on Protoco
l
WAP Gateway
W
ML Enco
d
er
WMLScr
ipt
C
ompile
r
P
rotocol Adapter
s
Client
WA E
U
ser
A
gent
WSP
HTTP
Web Server
CG
I
S
erv
l
et
s
JSP, etc
c
C
onten
t
Fig
. 4.4
W
AP mo
d
e
l
1. The mobile user makes a request for a specific document usin
g
the WAP
p
hone.
2
. The WAE user agent on the WAP phone encodes the request and sends i
t
to the WAP gateway.
3
. The WAP gateway decodes and
p
arses the encoded re
q
uest.
4. T
h
e WAP gateway sen
d
s an HTTP request for t
h
e
d
ocument.
5
.T
h
e We
b
server answers w
i
t
h
a response to t
h
e WAP gateway.
6. T
h
e WAP gateway parses an
d
enco
d
es t
h
e response.
7. If t
h
e content t
y
pe
i
s WML, t
h
en
th
e
g
atewa
y
comp
il
es
i
t
i
nto
bi
nar
y
WML
.
8. The WAP gateway sends the enc
o
ded res
p
onse to the WAP
p
hone.
9
. The WAE user agent on the WAP phone inter
p
rets and
p
rese
n
ts the docu
-
ment to the mobile user.
4.3 Wireless Application Security
Wi
re
l
ess app
li
cat
i
on secur
i
ty
i
s
b
ecom
i
ng
i
ncreas
i
ng
l
y
i
mportant as transact
i
on-
b
ase
d
mo
bil
e commerce app
li
cat
i
ons
(
suc
h
as mo
bil
e payment,
b
an
ki
ng, an
d
b
uy
i
ng stoc
k
v
i
a ce
ll
u
l
a
r
p
h
ones or ot
h
er
h
an
dh
e
ld
d
ev
i
ces
)
ta
k
e off.
Th
e
b
as
i
c secur
i
t
y
nee
d
s for mo
bil
e commerce are s
i
m
il
ar to t
h
ose for e
l
ec
-
tr
o
n
ic
co
mm
e
r
ce
ove
r t
he
wi
r
ed
I
n
ternet, suc
h
as aut
h
en
t
i
cat
i
on, conf
id
ent
i
a
li
t
y
,
nonrepu
di
at
i
on, an
d
d
ata
i
nte
g
ri
t
y
. However,
i
mp
l
eme
n
t
i
n
g
t
h
em
i
n t
h
e w
i
re
l
ess
world is more difficult than in the wired world. This is simply because of the limi
-
tations that wireless have, including limi
t
ed bandwidth, high latency, and unstable
co
nn
ec
ti
o
n
s.
In addition, the limited battery and processing power that the
w
i
re
l
ess
d
ev
i
ces
h
ave a
l
so ma
k
e t
h
e sop
hi
st
i
cate
d
secur
i
ty a
l
gor
i
t
h
ms
di
ff
i
cu
l
t to
run on t
h
ese
d
ev
i
ces.
As
di
scusse
d
i
n
S
ect. 4
.
2, WAP spec
i
f
i
es an SS
L
-lik
e secur
i
ty protoco
l
,
name
ly
, w
i
re
l
ess transport
l
a
y
er secur
i
t
y
(
WTLS
)
. However, t
h
ere are some
d
raw
-
b
ac
k
s
i
n WTLS. F
i
rst, WTLS prov
id
es on
ly
secur
i
t
y
protect
i
on from t
h
e mo
bil
e
.
85
client to the WAP gateway where the wireless communication ends. In the wire
d
Internet env
i
ronment, w
h
en a We
b
c
li
ent
(
We
b
b
rowser
)
starts an SSL sess
i
on
w
i
t
h
We
b
server, t
h
e We
b
c
li
ent an
d
We
b
server are commun
i
cate
d
di
rect
l
y, an
d
t
h
e en
d
-to-en
d
secur
i
ty protect
i
on
i
s prov
id
e
d
t
h
roug
h
t
h
e SSL sess
i
on. T
hi
s
means that when one sends a credit card number over SSL, onl
y
the receivin
g
W
eb server will be able to receive it. The
s
ituation is different in the
W
TL
S
. The
credit card number will be securel
y
protected
be
t
wee
n th
e
m
ob
il
e
dev
i
ce
an
d
th
e
W
AP gateway. It will be in the clear form at the WAP gateway. Then, an SSL ses-
s
ion will be established between the WAP gateway and the Web server for se
-
curely transmitting the credit card number over the Internet. This means that there
i
s no en
d
-to-en
d
secur
i
ty pr
o
tect
i
on for t
h
e w
i
re
l
ess transact
i
ons s
i
nce t
h
ere
i
s
a
p
otent
i
a
l
secur
i
ty
h
o
l
e
i
n t
h
e WAP gateway. Secon
d
, t
h
e CCITT X509 cert
i
f
i
cate
i
s too
l
ar
g
e for t
h
e mo
bil
e p
h
o
nes, an
d
t
h
e
li
m
i
tat
i
ons o
f
the processing power and
f
b
atter
y
for t
h
e w
i
re
l
ess
d
ev
i
ces ma
k
e
i
t
di
f
f
i
cu
l
t to
p
erform t
h
e so
phi
st
i
cate
d
computat
i
on of t
h
e pu
bli
c-
k
e
y
encr
y
pt
i
on. In summar
y
, WAP secur
i
t
y
h
as two
i
ssues: (1) there is no end-to-end security protection and (2) there is a lack of
certificates for mobile devices.
Research is being done on these two security issues. As a result, simplified cer-
t
i
f
i
cates
h
ave
b
een
d
ef
i
ne
d
for mo
bil
e
d
ev
i
ces. T
h
e researc
h
on
h
ow to use current
l
y
ava
il
a
bl
e mo
bil
e
d
ev
i
ces to perform t
h
e com
p
u
tat
i
on of pu
bli
c-
k
ey encrypt
i
on
i
s on-
going. For example, elliptic curve cry
ptography (ECC) requires far fewer resources
y
y
an
d
i
t
l
oo
k
s ver
y
prom
i
s
i
n
g
for w
id
e
d
ep
l
o
y
ment to CPU-starve
d
w
i
re
l
ess
d
ev
i
ces.
4.4 Summary
T
he conver
g
ence of wireless technolo
g
ies and the e-business over the Internet has
l
ed to emer
g
in
g
and fast
g
rowth of wirel
e
ss e-business, includin
g
mobile commerce.
As a result, wireless e-business has attracted increasing attention of academic
researchers and business leaders. Being able to conduct e-busi
n
e
ss anywhere an
d
anytime is becoming a reality. However, because of the limitations that wireless
h
as, con
d
uct
i
ng e-
b
us
i
ness
i
n t
h
e w
i
re
l
ess wor
ld
i
s more
di
ff
i
cu
l
t t
h
an
i
n t
h
e w
i
re
d
wor
ld
. Un
d
erstan
di
ng t
h
e w
i
re
l
ess app
li
c
a
ti
on protoco
l
t
h
a
t
th
e w
i
re
l
ess e-
b
us
i
ness
re
li
es on
i
s
i
mportant for
d
eve
l
op
i
ng an
d
d
ep
l
oy
i
ng w
i
re
l
ess e-
b
us
i
ness. In t
hi
s
cha
p
ter, our discussion was focused on wir
e
l
ess a
pp
lication
p
rotocol and related
w
ireless securit
y
.
4.5 Appendix
4.5.1 Overview of the Transport Layer Security
T
he transport layer security (TLS) [10] is
a
p
rotocol that provides privacy and dat
a
i
ntegrity between two communicating appli
c
ations. The TLS is a
pp
lication
p
rotocol
86 W
.Ko
u
4 Wireless A
pp
lication Protocol
i
ndependent, that is, hi
g
her-level protocols can la
y
er on top of the TLS protocol
transparently. The TLS protocol is composed of two layers:
1
. TLS recor
d
p
rotocol
.
This protocol provides connection security and is
used for encapsulation of various high
e
r-level
p
rotocols, such as the TLS
h
an
d
s
h
a
k
e protoco
l
di
scuss
e
d
h
ere. It
h
as t
h
e fo
ll
ow
i
n
g
two
b
as
i
c proper
-
t
ies
o
T
h
e connection is privat
e
. Data encr
y
pt
i
on
i
s use
d
for ensur
i
n
g
t
h
e
communication privac
y
and is based on s
y
mmetric cr
y
pto
g
raphic
al
g
orithms, such as DES or RC4. The ke
y
s for s
y
mmetric encr
y
ptio
n
are
g
enerated uniquel
y
for each connection and are based on a secre
t
n
egotiated by another protocol (e.g
.
, the TLS handshake
p
rotocol).
T
he record
p
rotocol can also be u
s
e
d without encryption.
o
T
h
e connection is re
l
ia
bl
e. A messa
g
e
i
nte
g
r
i
t
y
c
h
ec
k
b
ase
d
on
a
k
e
y
e
d
MAC
i
s use
d
for protect
i
n
g
messa
g
e transport. Secure
h
as
h
f
unct
i
ons
,
suc
h
as SHA an
d
MD5
,
a
re use
d
for MAC computat
i
ons.
In such cases, another protocol uses the record protocol and ne
g
oti-
ates securit
y
parameters, and the record protocol can operate without
a MAC.
2
. TLS han
d
shake
p
rotocol. This
p
rotocol allows the server and client to au
-
thenticate each other, and negotiate an encryption algorithm and crypto-
g
raphic keys. It has the following three basic properties
o
Th
e aut
h
ent
i
cat
i
on
b
etween t
h
e server an
d
c
li
ent can
b
e
b
ase
d
on a
p
u
bli
c-
k
ey cryptograp
hi
c a
l
go
ri
t
h
m
,
suc
h
as RSA or DSS. A
l
t
h
oug
h
th
e aut
h
ent
i
cat
i
on can
b
e mutua
l
, t
h
e mutua
l
aut
h
ent
i
cat
i
on
i
s op-
t
ional. Generall
y
speakin
g
, one-wa
y
authentication is required.
o
It is secure for the ne
g
otiation o
f
a
s
har
ed
sec
r
e
t
be
t
wee
n th
e
se
r
ve
r
an
d
c
li
e
nt
.
o
T
he negotiation is reliable.
Because the TSL is a derivative of SSL, the actual handshake exchanges are
similar to that of SSL. Description of the main SSL exchanges can be found late
r
i
n t
hi
s
b
oo
k
.
Acknowled
g
ments
T
his work is su
pp
orted in
p
art by NSFC grant 90304
0
08 from the Nature Science
Foundation of China and the Doctoral Program Foun
d
a
tion gra
n
t 2004071001
f
rom t
h
e M
i
n
i
stry of E
d
ucat
i
on of C
hi
na.
References
1. WAP. htt
p
://www.ini.cmu.edu/netbil.
2
. Wireless A
pp
lication Protocol Forum Ltd (1999) Official Wireless A
pp
lica
-
t
i
on Protoco
l
. W
il
ey, New Yor
k
.
87
3
. S. Mann, S. S
bihli
(
2000
)
T
h
e W
i
re
l
ess App
li
cat
i
o
n
Protoco
l
. W
il
e
y
, New
Yo
rk
.
4
. S. Sin
g
hal, et al. (2001) The W
i
reless A
pp
lication Protocol. Addison
-
Wesle
y
, New York.
5
. J. Sc
hill
er
(
2000
)
Mo
bil
e Commun
i
cat
i
ons. A
ddi
son-Wes
l
ey, New Yor
k
.
6
. U. Hansmann, et a
l
.
(
2001
)
Pervas
i
ve Comput
i
ng Han
db
oo
k
. Spr
i
nger, Ber-
li
n He
id
e
lb
erg New Yor
k
.
7. C. S
h
arma
(
2001
)
W
i
re
l
ess Internet Enterpr
i
se App
li
cat
i
ons. W
il
e
y
, New
Yo
r
k.
8
. Y.B. L
i
n, I. C
hl
amtac
(
2001
)
W
i
reless
an
d
M
obile
N
e
t
wo
r
k
Ar
chi
t
ec
t
u
r
es.
Wile
y
, New York.
9
. Dornan
(
2001
)
The Essential Guide to Wireless Communications A
pp
li
-
c
ations. Prentice-Hall
,
New York.
10. T. Dierks, C. Allen
(
1999
)
The TLS Protoc
o
l Version 1.0. htt
p
:
/
/www.ietf.org/
r
fc/rfc2246.txt.
88 W
.Ko
u
5 RFID Technologies and Applications
D
. Kou
+
,
K. Z
h
ao
*
,
Y. Tao
*
,
an
d
W. Ko
u
*
+
Un
i
vers
i
ty of Water
l
oo, Ontar
i
o, Cana
d
a
*
ISN National Ke
y
Laborator
y
, Xidian Universit
y
, P.R. China
5.1 Introduction
C
ommercialism pla
y
s a critical role in contemporar
y
societ
y
. To sta
y
ahead of
com
p
etitors, businesses must find a better, more cost-effective method of
p
roduc-
tion quickl
y
and efficientl
y
th
r
ou
g
h research and developm
e
n
t, or make invest-
ment toward technological improvement. At the same time, companies mus
t
s
uccessfully adopt these improvements quic
k
l
y in order to respond to the demands
of the market.
C
orporat
i
ons must
di
fferent
i
ate w
hi
c
h
tec
h
no
l
og
i
es are
b
enef
i
c
i
a
l
to t
h
em
,
an
d
w
hi
c
h
are unnecessary
i
n
o
r
d
er to f
l
our
i
s
h
i
n com
p
et
i
t
i
ve mar
k
ets. A
n
y
tec
h
no
l
ogy
t
h
at spee
d
s up
d
ec
i
s
i
on ma
k
i
ng an
d
i
ncreases pro
d
uct
i
v
i
ty, w
hil
e re
d
uc
i
ng pro
d
uc
-
ti
o
n
cos
t
s
i
s
co
n
s
i
de
r
ed
be
n
e
fi
c
ial
.
F
un
damentall
y
important production sta
g
es in
-
clude suppl
y
chain mana
g
ement, warehouse control, product trackin
g
, and securit
y
to name a
f
ew.
Since the birth of modern wireless technolo
g
i
cal era, there is no other tech
-
nology that has drawn more attention to itself than RFID in terms of product
managemen
t
.
R
FID
i
s now rap
idl
y
b
ecom
i
ng prom
i
nen
t
i
n t
h
e contemporary
b
us
i
ness wor
ld
.
It
h
as attracte
d
extens
i
ve attent
i
on from t
h
e
b
us
i
ness commun
i
ty an
d
h
as many
app
li
cat
i
ons suc
h
as access contro
l
, secur
i
t
y
mana
g
ement, purc
h
as
i
n
g
, manufac-
turer, supp
ly
c
h
a
i
n mana
g
ement, an
d
di
str
ib
ut
i
on
l
o
gi
st
i
cs.
Gi
ven t
h
e
b
enef
i
t of commun
i
cat
i
n
g
w
i
t
h
out re
lyi
n
g
on
li
ne-of-s
igh
t access,
RFID offers a genuine solution to handling product management, whether fro
m
the supply chain perspective or from the inventory perspective. RFID provides an
e
ffective way to communicate and transfer data without the need of physical con-
tact. RFID tags on pro
d
ucts are not eas
il
y
d
amage
d
, as t
h
ey can susta
i
n
hi
g
h
amounts of pressure, as we
ll
as surv
i
ve
i
n
v
ary
i
ng temperatures. T
hi
s, a
l
ong w
i
t
h
many a
ddi
t
i
ona
l
b
enef
i
ts
(d
i
scusse
d
i
n
l
ater sect
i
ons
)
t
h
at RFID
b
r
i
ngs to corpora
-
t
i
ons, ma
k
es
i
t a ver
y
rea
l
an
d
v
i
a
bl
e
b
us
i
ness so
l
ut
i
on.
5.1.1 What is RFID?
Ra
di
o Frequenc
y
IDent
i
f
i
cat
i
on
(
RFID
)
is
a
s
tan
d
ar
d
t
e
rm to
d
escr
ib
e tec
h
no
l
o
gi
es
t
h
at
u
t
ili
z
e
ra
diow
a
ves
t
o capture an
d
id
ent
i
f
y
d
ata. RFID uses w
i
re
l
ess tec
h
no-
l
o
gy
to conve
y
data between microchip
-
e
mbedded trans
p
onders and readers. The
90
transpon
d
ers or tags, cons
i
st
i
ng of a m
i
croc
hi
p an
d
an antenna, are attac
h
e
d
to o
b
-
j
ects t
h
at nee
d
id
ent
i
f
yi
n
g
. T
h
e rea
d
er, us
i
n
g
one or more antennae
,
rea
d
s t
h
e
d
ata
h
e
ld
on t
h
e m
i
croc
hi
p. B
y
em
i
tt
i
n
g
ra
di
owaves to t
h
e ta
g
an
d
rece
i
v
i
n
g
s
ig
na
l
s
b
ac
k
, t
h
e rea
d
er
i
s a
bl
e to commun
i
cate w
i
t
h
t
h
e transpon
d
er.
5.1.2 History
RFID s
y
stems have been around for decades and have been used in man
y
differen
t
applications. But it was not until recentl
y
that RFID has started to receive enor
-
m
ous
am
ou
nt
o
f att
e
nti
o
n fr
o
m
bus
in
ess
cor
p
orations and commercial retailers.
One of t
h
e ear
li
est uses of RFID was
d
ur
i
ng WWII, w
h
en t
h
e
l
ong-range
d
transpon
d
er system was exp
l
ore
d
. I
d
ent
i
f
i
cat
i
on, Fr
i
en
d
or Foe
(
IFF
)
was one of
t
h
e f
i
rst pract
i
ca
l
uses of RFID, w
h
ere m
ili
tary
f
orces attempte
d
to
id
ent
i
fy
w
h
et
h
er a
i
rcrafts were fr
i
en
dly
or
h
ost
il
e.
Th
e ear
li
est commerc
i
a
l
i
mpact RFID
h
a
d
was
d
ur
i
n
g
t
h
e
l
ate 1
9
60s
,
w
h
en t
h
e
e
lectronic article surveillance (EAS) equipment was desi
g
ned to counter theft an
d
s
hopliftin
g
. Althou
gh
the EAS e
q
ui
p
ment consiste
d
o
f onl
y
one-bit ta
g
s, it was an
e
ffective method to counter theft. Because onl
y
one-bit ta
g
s were used, the s
y
stem
could only detect whether an item was present, or absent. However, the system
p
roved cost efficient, as the tags were relatively cheap and
p
rovide
d
an effective
way to prevent theft.
One of t
h
e f
i
rst pass
i
ve, rea
d
–wr
i
te RFID ta
g
s was
i
nvente
d
i
n t
h
e ear
ly
1970s.
Th
e transpon
d
er now
i
nc
l
u
d
e
d
a wa
y
to store
d
ata, us
i
n
g
a memor
y
c
hi
p. It a
l
so
respon
d
e
d
to s
ig
na
l
s transm
i
tte
d
to wr
i
te
d
ata
i
nto t
h
e memor
y
, as we
ll
as
d
ata
read from the memor
y
. Furthermore, it tran
s
mitted a return si
g
nal out of the mem
-
or
y
to the reader. The transponder also had a wa
y
to internall
y
g
enerate power to
operate. This new invention was
g
roundbreakin
g
, as it opened the door for man
y
new possibilities. With the ability to alter data in the tag,
R
FID tags became much
more useful in the
p
ractical world.
Following this invention in the 1970s, many tracking applications began to
appear. RFID p
l
aye
d
a s
i
gn
i
f
i
cant ro
l
e
i
n
a
n
i
ma
l
trac
ki
ng, w
hi
c
h
i
s st
ill
use
d
i
n
mo
d
ern soc
i
ety. Spec
i
a
l
tags are app
li
e
d
b
eneat
h
t
h
e s
ki
n of an
i
ma
l
s,
b
e
i
t
d
omes-
ti
c, stoc
k
, or w
ild
. T
h
e ear
li
est form of an
i
ma
l
trac
ki
ng was use
d
to ana
l
yze t
h
e
mi
g
ration route of different species of birds. The ta
g
is usuall
y
in the form of a lit
-
t
le
g
lass pill, where information about the animal pertainin
g
to its a
g
e, ph
y
sical
attributes, and health conditions can be stored and u
p
dated. The
p
ill is
p
laced
u
nder the skin of the animal and can in no way harm the carrier.
W
ith the increasing uses of RFID in the 1980s, RFID systems were beginning
t
o
b
rea
k
out
i
n a s
i
gn
i
f
i
cant way, emerg
i
ng from t
h
e
hidd
en s
h
e
ll
of t
h
e past w
i
t
h
a
b
ang
i
nto t
h
e 1990s an
d
t
h
e twenty-f
i
r
s
t century, w
h
ere commerc
i
a
li
sm p
l
ays suc
h
an
i
nf
l
uent
i
a
l
ro
l
e.
D
.
K
ou
e
t a
l.
5 RFID Tec
h
no
l
o
gi
es an
d
App
li
cat
i
ons
91
5.1.3 Modern World Appl
i
cat
i
ons
One of the key uses of RFID introduced in the 1990s was implementing auto-
mated tollgates. Electronic tollgates began to appear in North America and
across Europe, a
id
e
d
b
y a v
id
eo surve
ill
ance system. Cars are equ
i
ppe
d
w
i
t
h
a
RFID tag t
h
at automat
i
ca
ll
y sen
d
s t
h
e
d
ata once
i
t passes t
h
roug
h
t
h
e to
llb
oot
h
.
Th
e RFID rea
d
ers on t
h
e to
llb
oot
h
s sen
d
a s
i
gna
l
to act
i
vate t
h
e tags on t
h
e cars,
and ta
g
automaticall
y
transmits the data to the reader. Cars could now
p
ass
t
hrou
g
h toll
g
ates without havin
g
to sto
p
at tollbooths, which increased traffic
f
low drasticall
y
.
W
hile RFID is not the leading technology associa
t
ed with product
identification,
t
i
ts
p
otential benefits are evident. While other f
o
rms of
p
roduct identification, such as
barcodes, require line-of-sight readers, the advantage
o
f using RFID to identif
y
p
ro
d
ucts re
li
es
h
eav
ily
on t
h
e w
i
re
l
ess transferr
i
n
g
o
f
d
ata
.
N
o
di
r
ec
t
co
nta
c
t n
eeds
t
o
b
e ma
d
e
b
etween t
h
e ta
g
an
d
t
h
e scanner for t
h
e
i
nformat
i
on to
b
e accesse
d
. T
hi
s
i
s much more efficient and time conservin
g
as compared to barcodes. Instead of hav-
i
n
g
to scan each produc
t
i
ndividuall
y
, the RFID reader
a
utomaticall
y
retrieves the
necessar
y
data from the ta
g
s. Furthermore, barcodes on similar products are identi-
cal, thus there is no way of differentiat
i
ng between one from another, and this can
e
asily be used to duplicate and create counterfeit products.
Because RFID uses wireless technology, it can play a monumental part in terms
of t
h
e supp
l
y c
h
a
i
n. Supp
li
ers of ma
j
or reta
il
ers can use RFID tec
h
no
l
ogy for t
h
e
s
o
l
e
b
as
i
s of
i
nventory
/
ware
h
ouse manageme
n
t
. Instea
d
of
h
av
i
ng to scan t
h
e pro
d
-
uct separate
l
y, a mo
bil
e rea
d
er can
b
e use
d
to scan t
h
e tags to retr
i
eve t
h
e pro
d
uc
t
data. Durin
g
the shippin
g
phase, the
p
roducts can then be tracked from the time
the
y
leave the warehouse to the time the
y
arrive at the retailer. Once the
y
reach the
retailer, the new information will be stored on the ta
g
s.
Since RFID tags can be relatively small in size, they can also have a large effect
on the manufacturing/production chain. By using RFID tags, each step of the pro
-
duction chain can be traced and recorded. Once a phase is finished, the tag can be
up
d
ate
d
an
d
t
h
e new
i
nformat
i
on store
d
.
Thi
s ensures pro
d
uct qua
li
ty,
i
n a
ddi
t
i
on
to fac
ili
tat
i
ng t
h
e pro
d
uct
i
on process. Any error ma
d
e
d
ur
i
ng pro
d
uct
i
on can
b
e
trace
d
b
ac
k
us
i
ng t
h
e RFID tags.
Frau
d
an
d
counterfe
i
t
p
revent
i
on
i
s ano
t
her aspect of RFID technology. In
t
t
man
y
countr
i
es, frau
d
u
l
ent pro
d
ucts are ma
d
e to resem
bl
e
p
ro
d
ucts of
b
ran
d
name
com
p
anies. With the use of RFID,
p
ro
d
ucts can be uniquely branded during pro-
d
d
duction. By embedding or attaching an RF
I
D tag to the product, it is impossible
f
or counterfeiters to forge the product with
o
ut destroying it. For example, during
t
h
e pro
d
uct
i
on p
h
ase an RFID tag
i
s sea
l
e
d
t
o t
h
e
lid
of a v
i
ntage w
i
ne
b
ott
l
e.
Once t
h
e
b
ott
l
e
i
s opene
d
, t
h
e RFID tag
i
s
d
estroye
d
, so
i
t cann
o
t
b
e rea
d
aga
i
n. If
s
omeone attempts to forge t
h
e
b
ran
d
name from t
h
e use
d
w
i
n
e
b
ott
l
e to rese
ll,
t
h
e
RFID ta
g
w
ill
no
l
on
g
er
b
e rea
d
a
bl
e, t
h
ere
b
y
ma
ki
n
g
i
t
i
mposs
ibl
e for t
h
e counter-
f
e
i
ter to s
h
ow t
h
at t
h
e w
i
ne was aut
h
ent
i
c. T
h
e consumer wou
ld
i
mme
di
ate
ly
k
now w
h
et
h
er t
h
e pro
d
uct was rea
l
or not.
92
Table
5
.
1.
Compar
i
son
b
etween
b
arco
d
es an
d
RFID ta
g
s
barcodes RFID
rea
d
a
bili
t
y
(
%
)
80–85 95–9
9
li
ne-of-s
igh
t necessar
y
unnecessar
y
r
esis
tan
ce
t
o
e
n
vi
r
o
n
-
m
e
nt
l
ow
high
resistance to heat low hi
gh
rate of failure hi
g
h lo
w
pro
d
uct
i
on cost
l
ow
hi
g
h
u
n
i
que pro
d
uct
id
ent
i
-
fi
cat
i
on
p
oor goo
d
e
as
y
i
nte
g
rat
i
on
i
nto
o
t
h
er s
y
stems
n
o
y
es
S
ecur
i
t
y
i
ssues
l
ow
high
Th
e popu
l
ar
i
zat
i
on of w
i
re
l
ess an
d
m
o
bil
e commun
i
cat
i
on equ
i
pments
b
r
i
ngs
a
l
ong customers’ nee
d
of
lo
cat
i
on serv
i
ce. Customers nee
d
to conf
i
rm t
h
e goo
d
s’
3
D coor
di
nate an
d
trac
k
t
h
e
i
r movement. T
h
e ex
i
st
l
ocat
i
on serv
i
ce s
y
stem ma
i
n
ly
i
nc
l
u
d
es GPS s
y
stem
b
ase
d
on sate
lli
te
l
ocat
i
on, t
h
e
l
ocat
i
on s
y
stem
b
ase
d
on
i
n-
f
rare
d
or u
l
trason
i
c, an
d
t
h
e
l
ocat
i
on s
y
s
t
e
m
b
a
sed
o
n m
obile
n
e
t
wo
r
k.
T
he
RFID
l
ocation and trackin
g
sy
stem takes advanta
g
e of t
h
e ta
g
s’ unique identification
f
eature to the
g
oods, and measures the
g
oods’ location accordin
g
to the si
g
nal
i
ntensit
y
of radio frequenc
y
between the
r
eader and the ob
j
ect. It is mainl
y
used in
i
n-door locations that are
d
ifficult to be hacked by the GPS system. The typical
RFID location and tracking system includes the Cricket system developed by the
MIT Oxygen project, the LANDM
A
R
C system of the Michigan State University,
an
d
t
h
e RADAR s
y
stem of M
i
crosoft. B
y
a
i
m
i
n
g
at t
h
e RFID ta
g
’s
i
nexpens
i
ve
cost an
d
i
ntro
d
uc
i
n
g
RFID ta
g
s as reference po
i
nts, t
h
e
l
ocat
i
on accurac
y
can
b
e
i
mproved and the s
y
stem cost can be reduced at the same time.
5.2 Components
5.2.1 Bas
i
c
C
omponents
RFID systems cons
i
st of two
b
as
i
c com
p
o
nents: t
h
e rea
d
er
(
or
s
canner
)
an
d
t
h
e tag
(
or transpon
d
er
)
. T
h
e rea
d
er can conta
i
n one or more antennae to commun
i
cate
w
i
t
h
t
h
e tag. T
h
e tag, p
l
ace
d
on t
h
e o
bj
ect to
b
e
id
ent
i
f
i
e
d
, usua
ll
y
i
nc
l
u
d
es a
m
i
croc
hi
p an
d
an antenna.
T
a
bl
e 5.1 s
h
ows a s
i
mp
li
st
i
c compar
i
son
b
etween
b
arco
d
es an
d
RFID tags.
D
.
K
ou
e
t a
l.
5 RFID Technologies and Applications
93
Fig
. 5.1
.
Bas
i
c components of an RFID s
y
stem
T
he communication between the reader and the ta
g
uses a defined radio fre-
quency and protocol. The reader transfers data
to the tag, along with a clock signal
a
f
rom the reader to the ta
g
to effectivel
y
label when the
p
roduct was last checked.
Some readers also
p
rovi
d
e
energy to the transpond
e
r to activate and initiate the
data transfer.
T
he tag itself carries the data used for object identification. Once the reader acti-
vates t
h
e ta
g
,
i
t can
b
e
gi
n to rea
d
or wr
i
te
d
ata onto t
h
e ta
g
. A ta
g
can
b
e act
i
vate
d
di
fferent
ly
d
epen
di
n
g
on t
h
e
t
y
pe of transpon
d
er use
d
.
5.2.2 The Ta
g
Th
ere are t
h
ree ma
i
n types of RFID tags: act
i
ve, pass
i
ve, an
d
sem
i
pass
i
ve. Eac
h
t
y
pe of ta
g
is used for different applic
a
tion purposes, as their ran
g
e and frequenc
y
l
imit th
e
m t
o
ce
rtai
n
v
ia
b
l
e
f
u
n
c
ti
o
n
s.
Active RFID tags have a power source suc
h
as a battery attached to the tag, in
addition to larger memory and longer ranges t
h
a
n passive or semipassive tags. Ac
-
tive tags are able to broad
c
a
st data continuously on a
s
et interval (from every few
s
econ
d
s to a few
h
ours
)
. S
i
nce act
i
ve tags are use
d
w
h
en
id
ent
i
fy
i
ng pro
d
ucts t
h
at
are
d
eeme
d
va
l
ua
bl
e an
d
expens
i
ve, suc
h
as cars, t
h
e act
i
ve tag must
b
e a
bl
e to
commun
i
cate to t
h
e rea
d
er at
l
ong ranges an
d
store muc
h
more
i
nformat
i
on t
h
a
n
p
assive ta
g
s. The t
y
pical read ran
g
e of an active ta
g
is usuall
y
somewhere between
2
0 and 100 m, and the batteries on t
h
e active ta
g
s last up
t
o several
y
ears. The
costs of active ta
g
s can ran
g
e between $10 an
d
$50 dependin
g
on memor
y
size,
the power of the battery, and the m
a
t
erial used to design the tag
.
