Lecture Notes in Computer Science 1

Secure M-Commerce with WPKI

Chan Yeob Yeun and Tim Farnham

Toshiba Research Europe Limited, Toshiba Telecommunication Research Laboratory,

32 Queen Square, Bristol, BS1 4ND, England
{chan.yeun,tim.farnham}@toshiba-trel.com

Abstract. The huge success of mobile telephone is about to transform e-

business and the Internet. As a Personal Trusted Device PTD, the mobile
phone, will be able to handle secure transactions in a wireless world. The Wire-
less Application Protocol (WAP) suite enables secure e-commerce services and
applications. This paper present an overview of the PKI and the WAP envi-
ronments and their relation to the Internet, the security standards specified for
WAP and how WPKI standards and technologies have been adapted to ensure
security for M-Commerce requirements. This paper also addresses some short-
comings of WAP and shows how these problems may be overcome, recent de-
velopments and changes, as well as future impacts of this new development for
operators, manufacturers and users.

1 Introduction

Wireless communication has rapidly evolved in search of reliable, simple and busi-
ness-oriented solution to consumer demands for fast, easy and inexpensive informa-
tion access.
One of the wireless communication solutions is the i-mode that was developed by
NTT DoCoMo. i-mode uses compact HTML for delivery of content and packet switch-
ing to sustain a continuous connection at a data transfer speed of 9.6 kbps and it has
been very successful in Japan. However, -imode is a proprietary NTT DoCoMo
scheme and no detailed information, such as security issues, authentication and au-
thorization, has been made publicly available. The press has reported that DoCoMo is
working on strengthening i-mode security [1]. While no details have been given, the
information suggests that DoCoMo has experienced Internet attacks [2,3] on its serv-
ers.
Thus, this paper focuses on the Wireless Application Protocol (WAP) [4] that is
currently the only publicly available solution for wireless communication and enables
M-Commerce where Internet data moves to and from wireless devices. People are be-
ginning to use wireless applications more widely and, as a consequence, the face of
the Internet is rapidly changing. Mobile devices are now starting to challenge the
 Lecture Notes in Computer Science 2

dominance of PCs. One powerful argument in favor of mobile devices has been the
ability to connect to a communications network wherever the end user is located.
Moreover, mobile devices are rapidly evolving into platforms other than wireless
telephones. It is transforming into a Personal Trusted Device (PTD). This is not neces-
sarily the case with PCs, which are used collectively in organizations, households, and
public places. Mobile devices are much less expensive than PCs and are easily carried
by their owners.
Furthermore, the numb er of mobile phone subscribers worldwide is expected to
reach one billion by 2002. A significant share of these users will be equipped with
Mobile Internet-enabled terminals. For example, recent forecasts indicate that the
penetration of mobile phones may reach 83% of the population in Western Europe by
2003 (EMC World Cellular Databases, January 2000). This means that by 2003 mobile
Internet users will outnumber fixed line Internet users. Several industry analysts pre-
dict that mobile E-Commerce will constitute a multi-billion dollar business by 2005 [5].
With mobile devices constantly online via GPRS (2.5G technology) [6] and 3G tech-
nologies [7, 8, 9], instant shopping, further enabled by payment services, mobile bank-
ing, ticketing and secure access-based operations, will be fully realized.
Since mobile devices are location-independent, widely distributed personal trusted
devices (PTDs), they are well suited to becoming one of the dominant enablers for
carrying out financial transactions and other activities related to M-Commerce. Conse-
quently, mobile devices will feature in applications that also demand adequate security
functions. Meeting these demands is the Wireless Application Protocol Public Key
Infrastructure (WPKI) as specified by the WAP Forum [4]. The purpose of WAP stan-
dards is to bring more advanced data services, such as Internet content and transac-
tions, to wireless devices. The term “Mobile Commerce”, or M-Commerce, and E-
Commerce have their own specific requirements for security. These security require-
ments are best met by cryptographic technology and WPKI services. WPKI encom-
passes the necessary cryptographic technology and a set of security management
standards that are widely recognized and accepted for meeting the security needs of
M-Commerce.
One of the essential advantages offered by some mobile devices that are available
today is that they already employ a security module such as a SIM (Subscriber Iden-
tity Module) card in GSM mobile phones. SIM is a tamper proof hardware module
consists of all user’s personal information and can store private keys. In the future,
many mobile devices will probably have one or more integrated security modules.
At present, wireless environments are not completely safe. No mobile network op-
erator can guarantee that confidential information (such as credit card numbers, per-
sonal financial data, trade secrets, or business documents) can be transmitted over the
mobile net in a secure way. Currently it is not possible to reliably verify the wireless
device user’s identity with a reliable authentication process expect for the network
operator that issued the SIM card to the user. In other words, trust is inherent in the
wireless devices.
This paper gives a brief overview of PKI in general and WPKI in particular. PKI
consists of two basic elements: public key cryptography and public key certification
practice. This paper also addresses some shortcomings of WAP and how these prob-
 Lecture Notes in Computer Science 3

lems may be overcome and the future directions of WAP that provide secure commu-
nications and unilateral or mutual authentication to implement M-Commerce applica-
tions in order to ensure worldwide interoperability in wireless environments.

2 Overview of Public Key Infrastructure (PKI)

A PKI [10] is commonly understood as a set of policies, processes, software, hard-

ware, and technologies that use public key cryptography and the certificate manage-
ment to secure communication. PKI’s trusted services enables the secure transfer of
information and supports a wide variety of E-Commerce applications.
In order to provide secure Mobile E-Commerce applications, a PKI must ensure the
followings:
• Confidentiality: communication between two parties must remain secret.
• Integrity: no unauthorized modification of information between two parties.
• Authentication: the process of reliably determining the identity of a communica-
tion party.
• Non-repudiation: it must be impossible for communicating parties to falsely deny
the signed digital signatures and the agreements.
A PKI is able to offer all four of the security services for Mobile E-Commerce. A PKI
uses digital signatures and digital certificates based on asymmetric encryption, such
as RSA [11] or Elliptic Curves (ECC) [12]. This type of encryption requires a pair of
cryptographic keys. One of these keys is public, and is thus revealed to the third par-
ties. The other key is private, and is not revealed to anyone.
The main advantage of PKI is that it guarantees the legal status of digitally signed
agreements. Identities are usually established by issuing digital certificates by the
Certificate Authority (CA) that provide a public key with an end user’s terminal or an
application server.
Two main components of PKI are now analysed in detail: one is a public key cryp-
tography and the other is a public key certification management.
The definition of the public key cryptography is that it is computationally infeasible
to determine a private key given a public key. Thus, a public key made public by pub-
lishing it in a directory. The advantage of a public key system is that Alice can send an
encrypted message to Bob by using Bob’s public key. Moreover, depending on the
mode of operations, the public key/private key pair can be used to perform mathemati-
cal operations such as “encryption/decryption” or “signature verification/signature”
operations respectively.
Initially, it would appear that public key cryptography is an ideal system, not requir-
ing a secure channel to pass the encryption key. Unfortunately, this is not the case.
For example, the adversary impersonates entity Bob by sending Alice a public key e’
which Alice assumes to be the public key of Bob. The adversary intercepts the en-
crypted message from Alice to Bob, decrypts with its own private key d’, re-encrypts
the message under Bob’s public key e, and sends it to Bob. This shows that it is nec-
essary to authenticate public keys to achieve data origin authentication of the public
 Lecture Notes in Computer Science 4

keys themselves. Fortunately, we can use the public key certificate management to
overcome this problem.
Digital certificates are a means of unambiguously binding one person to a public
key. At its simplest, the idea is that an external body such as a Trusted Third Party
(TTP) or CA takes your personal details (may be including the user’s name, email ad-
dress and company name, similar information about the issuer’s certificate, the serial
number of certificate, an issue date and expiration date) and public key, packages them
together and then signs the package with the CA private key. Thus, one can use the
public key of the other party only if the certificate signature verifies successfully.
Anyone who receives a signed message from you can safely assume that you sent
it. However, this opens up the possibility of a replay attack. For example, if someone
sends a signed message to their bank, saying “Pay Alice $100”, if Alice happens to
intercept this message then Alice can keep sending it to the bank. This attack can be
easily overcome by including a precise time, a serial number, or a unique identifier in
the signed message. For example, the TLS/SSL protocol gives each message an ID to
prevent reply attacks.
The widespread adoption of PKI could control every aspect of a certificate’s life
cycle. The Internet X.509 PKIX Working Group [10] defines a PKI as “The set of
hardware, software, people and procedures needed to create, store, distribute and
revoke certificates based on public key cryptography”.
A PKI consists of the following components:
• Certificate Authorities (CAs): These are responsible for issuing and revoking
certificates.
• Registration Authorities (RAs): These verify the binding between public keys
and the identities of their holders.
• Certificate holders (or subjects): People, machines or software agents that
have been issued with certificates and can use them to sign digital docu-
ments.
• Clients: These validate digital signatures and their certificate paths from a
known public key of a trusted CA.
• Repositories: These store and make available certificates and Certification
Revocation Lists (CRLs).
The following functions are typically supported within a PKI:
• Registration: The CA verifies the details supplied by the subject are correct,
before issuing a certificate.
• Certification: CA issues a certificate that contains the subject’s public key,
delivers this certificate to the subject, and publishes it in suitable reposito-
ries.
• Key generation: In some case, the subject generates a key pair in its local en-
vironment, before passing the public key to the CA for certification. If CA
generates a key pair then the keys should be supplied to the subject as an
encrypted file or a hardware module such as a smart card.
• Key update: All key pairs, and their associated certificates, should be up-
dated at regular intervals.
 Lecture Notes in Computer Science 5

• Cross-certification: The cross certification process allows users in one admin-

istrative domain to trust certificates issues by a CA operating in a different
administration domain.
• Revocation: In most cases, a certificate remains valid until its validity period
expires. However, there are some scenarios that necessitate the early revoca-
tion of certificate’s validity.
Once an X.509 certificate has been obtained, the public key is made available by
publishing it to the CA’s certificate directory where it is stored. The Lightweight Direc-
tory Access Protocol (LDAP) [13] is a standard protocol that can be used for access-
ing CA directories containing X.509 certificates and CRLs [14]. LDAP has become very
popular in the past few years and is heavily promoted by vendors such as Microsoft
and Netscape.
Checking the revocation status or validity of a certificate, by checking the CA’s
CRL, is only one mechanism for determining the current status of a certificate. The
other mechanism is to use the Online Certificate Status Protocol (OCSP) described in
detail in the following section.

2.1 CRL vs. OCSP

OCSP [15] is an automated status checking protocol. This protocol specifies the data
that needs to be exchanged between an application checking the status of a certificate
and the server providing that status. It queries a remote server for the status of a par-
ticular certificate, returning whether the certificate is still trusted by the CA that issued
it.
The previous method of checking a certificate’s status was through CRLs. Using
this method, certificates revoked by CA are placed on a CRL. The list comprises serial
numbers of revoked certificates, maintained by the CA. The CA usually makes the CRL
available by placing it in a known location, such as an X.500 server. You can then
check the revocation status of a certificate by checking the CRL.
However, this method has several drawbacks. To check if a certificate is in a CRL,
the whole CRL should be retrieved from the directory and then search through it for
the serial number in question. This becomes inefficient when only the information on
one serial number is wanted in the CRL, which may contain thousands. In addition,
there is often a lag between the time a certificate is revoked and the time that informa-
tion is made known via the CRL. Another drawback could be the management of repli-
cated CRL lists, which is required to enable scalability. This must ensure that all repli-
cas are consistent.
Two requirements evolve from this: firstly, the ability to request just the revocation
status of the certificates in question, and secondly, to greatly reduce the lag between
revocation time and revocation publication. OCSP has addressed both of these re-
quirements by providing a mechanism that allows you to ask for the status of particu-
lar certificates and to get information on just those certificates in a more timely manner.
Speed is particularly important, for instance, in large fund transfers or stock trades.
 Lecture Notes in Computer Science 6

An OCSP client issues a status request to an OCSP responder and suspends accep-
tance of the certificate in question until the responder acknowledges. You can use
OCSP instead of traditional CRL checking, or as a supplement to it.

3 The WAP Environment

WAP is an industry-wide specification for developing applications that operate over

wireless communication networks. It is a single, open standard that has been devel-
oped by some of the world’s leading wireless telecommunications companies in a
democratic consortium known as the WAP Forum [4]. The WAP Forum states that
WAP is “an open, global specification that empowers mobile users with wireless de-
vices to easily access and interact with information and services instantly.”
WAP-enabled phones can access interactive services such as information, loca-
tion-based services, corporate information and interactive entertainment. WAP is
targeted at various types of handheld devices, including PTDs and Bluetooth [16]
enabled mobile phones.
The best analogy for the WAP environment is the Web environment. The Web en-
vironment consists of three primary components: a Web Client, an IP network and a
Web Server. Components with clients communicate over IP network, and a Web server
provides information in the form of pages written in HyperText Markup Language
(HTML) data. There are several primary differences between the WAP and Web envi-
ronments:
• WAP was designed to operate over any wireless network. Therefore it has a re-
liable transport layer that can recover lost or corrupted packets and re-sequnce
them. This is something that IP does not do. TCP has mechanism to recover
lost packets, and can cope with packets delivered out of sequence, but does
not do this very well because it assumes that these irregularities are caused by
network congestion and not the radio link.
• WAP also has transaction support to enable reliable transactions to take place,
which could otherwise be difficult with an unreliable wireless medium.
• Currently WAP also uses WML rather than HTML, which is a binary encoded
markup language. This enables WML pages (or forms) to be smaller than
HTML, but also means that special content has to be created specifically for
WAP devices.
• Limited processing power in wireless devices means that services and software
in the WAP environment must be extremely efficient, requiring minimal CPU
cycles, memory, and storage. Likewise data objects and transactions must be
compact, requiring only small amounts of storage, memory, and processing cy-
cles.
• Since Web based and WAP based protocols are not directly interoperable, a
component knows as the WAP Gateway is needed in order to translate Web
based protocols to/from WAP based protocols. However, the recent WAP 2.0
 Lecture Notes in Computer Science 7

protocol has an all-IP capability and provides end-to-end security by using

TLS/SSL [17] from mobile handsets to servers.
Future version of the WAP specification will extend the Internet to the wireless en-
vironment. The WAP 2.0 [18, 19] provides for protocols such as TCP and HTTP. By
adding these Internet protocols and standards and providing interoperable optimiza-
tion suitable to the wireless telecommunications environment, the WAP specifications
provide an environment that permits wireless device utilize existing Internet technolo-
gies. In addition, continue the legacy supports of WAP 1.x by permitting applications
and services to operate over all existing and foreseeable air interface technologies and
their bearers: This includes the new, higher-speed technologies known as General
Packet Radio Service (GPRS) [6] and 3rd Generation cellular and beyond [7, 8, 9]. Thus,
the WAP Forum works closely with organizations such as the W3C [20] and the IETF
to develop specifications that meet the objectives listed above.
The following items represent the major architectural components of WAP 2.0 [18,
19]:
• Protocol Stack Support: In addition to the WAP Stack introduced in WAP 1.x,
WAP 2.0 adds support and services on a stack based on the common Inter-
net stack including support for TCP, TLS and HTTP. By encompassing both
stacks, WAP 2.0 provides a connectivity model on a broader range of net-
works and wireless bearers.
• WAP Application Environment: Nominally viewed as the ‘WAP browser’, the
WAP 2.0 Application Environment has evolved to embrace developing stan-
dards for Internet browser markup language. WML2 is based on the eXtensi-
ble HyperText Markup Language (XHTML) developed by the W3C to replace
and enhance the currently used HTML language that is common today. The
use of Internet technologies is not new for WML, as WML1 is fully confor-
mant XML language in its own right.
• Additional Services and Capabilities: The WAP specifications have had items
that were part of the ‘WAP browser’ but helped to enrich the environment
defined in the WAP specifications. With WAP 2.0, there is considerable in-
crease in the number of features available to developers, operators and users.
A key part of the WAP 2.0 release is the introduction of support for Internet proto-
col when IP connectivity is available to the mobile device. This is in addition to con-
tinued support for the legacy ‘WAP Stack,’ which is used over those networks that do
not provide IP as well as low-bandwidth IP bearers. Both stacks are supported in WAP
2.0 and provide similar services to the application environment.
WAP 2.0 also supports other features to improve the user experience. These fea-
tures expand the capabilities of the wireless devices and improve the ability to deliver
useful applications and services. Some of these new and enhanced services are as
follows:
WAP Push: This services allows content to be sent, or “pushed”, to devices by
server-based applications, such as messaging traffic updates alerts and stock prices,
via a Push Proxy.
User Agent Profile: This service supports the client-server transaction model by
sending client and user information to servers with the request as well as providing
 Lecture Notes in Computer Science 8

value-added services by providing these adaptation services directly. For example,

user could control the user’s privacy, personal information and etc.
Data Synchronization: The SyncML [21] message are supported over both the
WSP and HTTP protocol.
Multimedia Messaging Services (MMS): This service provides features and func-
tionality that permits delivery of varied types of content.

4 WAP Security

This section will look at the security measures that exist in the WAP and the recent
developments as well as the future directions. The basis of WAP 1.x security is in the
Wireless Transport Layer Security (WTLS) protocol, which is analogous to the Inter-
net’s Transport Layer Security (TLS) [17]: the standardized name for the widely used
Secure Socket Layer (SSL) 3.1. WTLS is based on TLS, but there are a few differences
in the wireless version but TCP/IP is now integrated into WAP 2.0 due to the demand
of end-to-end security as the previous versions could not provide this service.
WAP encompasses several standards that apply security at the application, trans-
port and management levels in the wireless environment. These standards are known
as follows:
• WIM: The WAP Identity Module [22] is a tamper-resistance computer chip
that optionally resides in the WAP enabled device such as mobile phones
and PTD. It can store key material like the PKI root public key and user’s pri-
vate key. WIMs are most commonly implemented using smart card chips.
Smart card chips have memory and storage for data and programs.
• WMLSCrypt: WML Script Crypto API (WMLSCrypt) [23] is an application
programming interface that allows access to basic security functions in the
WML Script Crypto Library (WMLSCLib), such as key pair generation, digital
signatures and the functions that process objects commonly found in the PKI
for example, keys and public key certificates. WMLSCrypt allows WAP appli-
cations to access and use the security objects and basic security services
managed by other WAP security standards. The basic functions in the
WMLSCrypt and WMLSLib include generate key pairs, store keys and other
personal data, control access to stored keys and data, generate and verifying
digital signatures and encrypt and decrypt data. WML Script can utilize an
underlying WIM Module to provide the crypto functionality.
• WTLS/TLS: Wireless Transport Layer Security [24] is a transport level secu-
rity protocol based on the Internet security protocol known as Transport
Layer Security (TLS). A new WAP 2.0 uses TLS instead of WTLS due to re-
quiring end-to-end security with all-IP based technology in order to over-
come the WAP gateway security breaches. For example, sensitive information
can be translated into clear texts so the operator may read sensitive informa-
tion at the gateway. That’s way the WAP 2.0 overcomes this problem by us-
ing TLS tunneling to support end-to-end security at the transport level. TLS
 Lecture Notes in Computer Science 9

is a PKI enabled protocol that provides the services such as authentication

by using digital signatures and public key certificates, confidentiality by en-
crypting wireless data, integrity by employing hashing of wireless data for
detecting data modifications and denial of service protection by TLS that de-
tect and reject data that has been replayed or not successfully verified.
• WP-TCP: Wireless Profiled TCP provides connection-oriented services. It is
optimized for wireless environments and is fully interoperable with standard
TCP implementations in the Internet. Research in optimizing TCP has resulted
in a number of mechanisms to improve performance.
• WPKI: Wireless Application PKI (WPKI) [25] is not an entirely new set of
standards for PKI; it is an optimized extension of traditional PKI for the wire-
less environment. To learn more about traditional PKI, see section 2. WPKI
and PKIs enforce M-Commerce business policies by managing relationships,
keys and certificates. WPKI is concerned primarily with the polices that are
used to manage E-Business and security environment by WTLS/TLS and
WMLSCrypt in the wireless application environment. In the case of wired
networks, IEFT PKI standards are the most commonly used; for wireless net-
works, WAP Forum WPKI standards are the most commonly used.

4.1 Overview of WPKI

The fundamentals of a PKI do not change in environments with different transport

channel characteristics. The same concepts that have already been successfully em-
ployed in the fixed TCP/IP network environment also applied directly to the wireless
environment, of course, access over the air transmission channel to the PTD does
poses some unique challenges. PTDs are generally resource constrained both in terms
of processing power and battery power and memory. TCP/IP and PKI are computa-
tionally intensive solutions with can also incur a large communication overhead, which
are undesirable in wireless environments. Nevertheless, the basic elements of PKI and
certificate remain the same.
A PKI is considered wireless when at least the client devices that are employed by
end users to communicate with other parties are wireless. For example, a wireless client
could be implemented by using a mobile phone network or Bluetooth [16]. The server
could be wired networks such as Internet.
WPKI can be used for the same applications as those found on the Internet. How-
ever, the characteristics of the wireless environment (a truly personal and time-place
independent environment) can give rise to the development of a whole new set of
revolutionary applications including banking, payments, ticketing and receipt, stock
trading, gambling and public administration.
Compared to a PKI, WPKI applications have to work in an environment with less
powerful CPUs, less memory, restricted power consump tion, smaller displays, and
diverse input devices. Despite these shortcomings, the wireless equipment must be
able to generate and register keys, manage end user mobile identities, encrypt and
decrypt messages, and receive, verify, store and send certificates/digital signed data.
 Lecture Notes in Computer Science 10

In many cases, PTDs are not able to fulfill all these requirements. For example, ordi-
nary PTDs do not have sufficient memory to perform all of the above-mentioned func-
tions. Sometimes the client’s functionality has to be implemented outside the mobile
equipment. For this reason, some WPKI solutions are very likely to employ “network
agents” that take care of some of these tasks. The PTDs must at least be able to per-
form a digital signature function to permit the establishment of a WPKI.
Network agents can perform all other PKI-related tasks such as validation, archiving
or certificate delivery. An implementation in which the private keys are stored in proxy
server or alternatively embedded into the tamper resistant modules such as
WIM/SWIM of PTDs. Unfortunately, the WIM/SWIM solutions require more im-
provements particularly the area of key pairs generation by end users, rather than
being assigned by the network operators. In addition, a lack of standardization pre-
sents a major barrier in the development of wireless PKI. In other words, establishing
trust in a WPKI is crucial for the success of applications that will exploit the opportu-
nities created by PTDs. This trust is based on the reliability of the technology, but
also on a carefully implemented system of laws, policies, standards, and procedures
which includes the management of certificates by trusted certificate authorities. The
questions of anonymity, privacy, government surveillance and industry based policies
and standards represent challenges that we must face if we are to strengthen the level
of trust that recent legislation has already made possible in important economic re-
gions throughout the world. Please read more detailed information regarding the global
status report on PKI legislation in [26, 27].
An end user has not yet registered with a PKI and attempts to connect to a service
provider or content server. Since the service provider requires digital signatures on its
transactions and secure communications, it notifies the user that it must contact a PKI
Portal, which provides PKI ID information such as URL, CA service name and etc.
WPKI requires the same components used in traditional PKI. However, the end de-
vice’s applications and registration are implemented differently, and a new component
referred to as the PKI Portal is also required.
The end device application in WPKI is implemented as optimized software that runs
in the WAP device. It relies on the WMLSCrypt API for key services and crypto-
graphic operations as well as including the traditional PKI functionalities such as gen-
erate, store and allow access to a user’s public key pair and complete, sign and submit
first time certificate applications, certificate renewal requests, and certificate revocation
requests, and search for and retrieve certificates and revocation information, validate
certificates and read the certificate contents and generate and verify digital signatures.
The PKI Portal is a network server, like the WAP Proxy, it logically functions as the
Registration Authority (RA) and is responsible for translating requests made by the
WAP client to the RA and CA in the PKI. The PKI Portal will typically embed the RA
functions and interoperate with the WAP devices on the wireless network and the CA
on the wired network.
 Lecture Notes in Computer Science 11

4.2 Enhancements of WPKI

WML2.0 [28] uses XHTML, which is in reality optimised HTML and WTLS is now
changed to TLS to provide end-to-end security, WPKI is an optimization of the tradi-
tional IETF PKIX [10] standards for the wireless environment. In particular, it has op-
timized the PKI protocols, certificate format as well as cryptographic algorithms and
keys. Let us look at these areas in more details, as follows:

WPKI Protocols. The traditional method used to handle PKI service requests relies
on the ASN.1 Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER).
BER/DER require more processing resources than a WAP device should effectively
have to handle. WPKI protocols are implemented using WML2.0 and WMLSCrypt.
WML2.0 AND SignText function in WMLSCrypt provide for significant savings when
encoding and submitting PKI service requests as compared to the methods used in
traditional PKI.

WPKI Certificate Format. The WPKI certificate format specification sought to reduce
the amount storage required for a public key certificate. One of the mechanisms was to
define a new certificate format for sever side certificates, which significantly reduces
the size as compared to a standard X.509 certificate. Another significant reduction in
the WPKI certificate can be attributed to Elliptic Curve Cryptography (ECC). With
ECC, the saving in the overall size of the certificate is typically more than 100 bytes
due to the smaller keys needed for ECC vs. other signature schemes. WPKI has also
limited the size of some of the data fields of the IETF PKIX certificate format. Because
the WPKI certificate format is sub-profile of the PKIX certificate format, it is possible
to maintain interoperability between standard PKIs.

WPKI Cryptographic Algorithms and Keys. While traditional signature schemes are
optionally supported by the WAP security standards, they are viewed as impractical
to implement in the wireless environment from a performance and resource viewpoint.
Traditional signature schemes demand much more processing, memory, and storage
resources in the WAP device when compared to the resource requirements of more
efficient cryptographic-ECC. ECC techniques are recognized as the most optimized,
and therefore the best suited for supporting security in the wireless environment. The
keys for elliptic curve are typically of the order of six times smaller than equivalent
keys in other signature schemes, for example 164 bits vs. 1024 bits. This creates great
efficiencies in key storage, certificate size, memory usage and digital signature proc-
essing. ECC is fully supported by the WAP security standards and has been widely
accepted by WAP device manufacturers. However, one must carefully choose good
Elliptic Curves otherwise it might be prone to various attacks. Please see more detail in
[29, 30, 31].
 Lecture Notes in Computer Science 12

5 Conclusions

The number of mobile devices in use is rising rapidly, and is projected to reach one
billion by 2002 so multiple competing roughly equivalent protocols are developed in
an attempt to develop the next effective solution in the new platform.
Wireless communication plays an important role in M-Commerce. The wireless envi-
ronment is no longer isolated; the WAP standards have made it possible to extend
Internet content and transactions to wireless devices such as PTDs. Security require-
ments of E-Commerce remain the same in both the wired and wireless environment and
PKI plays an important role in meeting these requirements. WPKI is an extension of,
and includes most of the technologies and concepts that are present in traditional PKI.
WPKI must be optimized using more efficient cryptography such as ECC but one must
carefully select the good curves in order to prevent known attacks.
Employing the above-mentioned public key cryptography based on key pairs and
digital certificates have proven themselves on the wired Internet and are now moving
on to the wireless world of mobile communications. An infrastructure of security ser-
vices will ensure that transactions are confidential, that the parties involved are clearly
identified, and those agreements are non-reputable. This will establish a reliable and
convenient framework for valid contracts signed with digital signatures. In other
words, PTDs will be able to generate legally binding digital signatures and also enable
you to authenticate yourself remotely over networks. These moves will quickly make
M-Commerce a part of everyday life for many. Businesses will be able to extend their
services to customers on the move.
In the near future, mobile operators face the challenge of providing secure authenti-
cation and value added services between the PTDs and service/content providers.
Their task will be to perform such function as encryption/decryption, certificate valida-
tion and key generation.
Moreover, manufacturers also face the challenge of making wireless devices that
are compact, powerful, easy to use and with single log-on security mechanisms em-
ploying biometric techniques. Each of these attributes will contribute to the success of
WPKI, and companies that are to develop, produce, and sell these products inexpen-
sively and with the required quality will play an important role to gain an extremely
large market. WIM/SWIM cards are an example of tamperproof hardware used to store
cryptographic keys and perform other cryptographic functions. Future 3G devices will
host these smart cards.
One of the issues with getting WPKI widely accepted is the management of certifi-
cates via CA’s. Currently, there is no centrally trusted entity that manages certificates
and companies seem to be reluctant to provide and/or trust these services.
Establishing a WPKI will generate potential for additional services such as those
that will be required for managing the financial risk involved in certification practices.
Another major area of potential business will be found in offering and packaging a
variety of certificate-related services such as a directory services, a notary service, or
services for key generation, key-escrow, or archiving. Others will be involving in
monitoring technical compliance with policies and regulations.
 Lecture Notes in Computer Science 13

Currently the WAP specification is evolving continually, and WAP 2.0 reflects
adoption of the latest standards and protocols, accommodates change in the wireless
environment, such as increases in bandwidth, data speeds, processing power, screen
sizes, and other technologies, and anticipates market requirements. Now WAP 2.0
allows further integration with the Internet by using Mobile IP from one end to the
other. This moves overcome the security problems in the WAP Gateway by using TLS
all the way from mobile devices to the service providers. Thus, it provides a true end-
to-end security and enables deployment of advanced functions and services, while
leveraging and extending benefits of previous versions of WAP via managed back-
ward compatibility.
WAP 2.0 allows backward compatibility with the previous Wireless Markup Lan-
guage (WML) rather than making it an option, mobile manufacturers will have to bear
the burden of doubling code size thus doubling the memory required in a handset to
support separate WML and XHTML enabled browsers.
The future challenge is to establish trust in WPKI as a new medium and the success
of wireless applications will depend on their usefulness. The easy-to-use solutions are
more likely to succeed than complicated ones, the main goal is to set up invisible infra-
structures that provides WPKI services at the stroke of a few buttons by the end user.
In order to enable secure M-Commerce solutions, one must consider the need for
qualified legal expertise in every environment and the continuous enhancement of the
WPKI standards throughout the world.

References

1. Williams, M.: DoCoMo gets serious about i-mode security, http://www.security-informer.

com/english/crd_security_442184.html (2001)
2. Creed, A.: DoCoMo warns i-mode users of E-mail attacks, http://www.newsbytes.com/news
/01/166834.html (2001)
3. Sundgot, J.: i-mode virus alert, http://www.infosync.no/en/news/n/470.asp (2001)
4. WAP Forum: Wireless Application Protocol, http://www.wapforum.org
5. Main, H.: Europe's mobile services market faces major overhaul, according to Gartner
Group's Dataquest, http://gartner11.gartnerweb.com/dq/static/about/press/pr-b9932.html
(2000)
6. GSM World: An Overview of GPRS, http://www.gsmworld.com/technology/gprs.html
7. 3GPP: Third Generation Partnership Project, http://www.3gpp.org/
8. 3GPP2: Third Generation Partnership Project 2, http://www.3gpp2.org/
9. UMTS Forum: Universal Mobile Telecommunications System Forum: http://www.umts-
forum.org/
10. Public-Key Infrastructure (X.509) pkix: http://www.ietf.org/html.charters/pkix-charter.html
11. Rivest, R.L., Shamir, A, Adleman, L.: A method for obtaining digital signatures and public
key cryptosystems. Communications of ACM, 21 (1978), 120-126
12. Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation, 48 (1987), 203-
209
 Lecture Notes in Computer Science 14

13. The Lightweight Directory Access Protocol: http://www.umich.edu/~dirsvcs/ldap/

14. X.509 certificates and CRLs: http://java.sun.com/products/jdk/1.2/docs/guide/security/cert3.
html
15. Online Certificate Status Protocol: http://www.openssl.org/docs/apps/ocsp.html
16. Bluetooth: http://www.bluetooth.com/
17. Transport Layer Security: http://www.ietf.org/html.charters/tls-charter.html
18. WAP Forum: The WAP 2.0 conformance release, http://www.wapforum.org/what/
technical.htm
19. WAP Forum: WAP 2.0 Technical White Paper, Version August 2001, http://www.wap
forum.org/
20. W3C: World Wide Web Consortium (W3C), http://www.w3.org/
21. SyncML: http://www.syncml.org/
22. WAP Forum: Wireless Identity Module, Version July 2001, http://www.wapforum.org/
23. WAP Forum: WML Script Crypto Library, Version November 1999, http://www.wap
forum.org/
24. WAP Forum: Wireless Transport Layer Security, Version April 2001, http://www.wap
forum.org/
25. WAP Forum: Wireless Application Protocol Public Key Infrastructure, Version April 2001,
http://www.wapforum.org/
26. Project digital signatures: http://www.law.kuleuven.ac.be/icri/projects/digisig_lb_eng.htm
27. Avellan, J.A.: Links on Law, Cryptography and Electronic Communications, http://www.
qmw.ac.uk/~tl6345/
28. WAP Forum: Wireless Markup Language Version 2.0, Version June 2001, http://www.wap
forum.org/
29. Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms
in a finite field. IEEE Transactions on information Theory, 39 (1993), 1639-1646
30. Wiener, M., Zuccherato, R.: Faster attacks on elliptic curve cryptosystem. Selected Area in
Cryptography, Lecture Notes on Computer Science, 1556 (1999), Springer-Verlag, 190-200
31. Semaev, I.: Evaluation of discrete logarithms in a group of p-torsion points of an elliptic
curve in characteristic p. Mathematics of Computation, 67 (1998), 353-356