Embed Size (px)
Citation preview
Secure Systems Research Group - FAU
Patterns for Wireless Web Services
Nelly Delessy
January 19, 2006
Secure Systems Research Group - FAU
Agenda
• Reviews– “Wi-Foo The Secrets of Wireless hacking”– “Mobile Commerce and Wireless Computing
Systems”• Ideas of Patterns for Wireless Web Services
Secure Systems Research Group - FAU
“Wi-Foo The Secrets of Wireless hacking”
• by A. Vladimirov, K. V. Gavrilenko, A. A. Mikhailovsky
• Summary:– Mixes theory, tools, and techniques about
how attacks against wireless networks are performed and how one can defend its network
– Assume that the reader has a good technical knowledge of networks (I particular IEEE 802 standards)
– Intended for system administrators, network managers, + penetration testing
Secure Systems Research Group - FAU
“Wi-Foo The Secrets of Wireless hacking”
• Focuses on 802.11:widespread area of network coverage
• How to use a Pda or laptop, choose a wireless card, antenna, configure the OS to make a penetration testing on the network
• Using the penetration testing tools:– Network discovery and traffic logging– Traffic decoding and analysis– Encryption cracking tools (WEP crackers)– 802.11 frame-generating tools– Encrypted traffic injection tools– Access point management software
Secure Systems Research Group - FAU
“Wi-Foo The Secrets of Wireless hacking”
• Attacks:– closed ESSID, MAC and protocol filtering– Cracking WEP– Wireless man-in-the-middle attack and
rogue access points deployment– Authentication systems attacks– DoS attacks
Secure Systems Research Group - FAU
“Wi-Foo The Secrets of Wireless hacking”
• Defenses:– Security policies– Hardened gateway– Improvements to WEP, use of WPA– Use of radius, LDAP– Use Of a VPN (IPSec)– Wireless IDS systems
• Also chapters about cryptography
Secure Systems Research Group - FAU
“Mobile Commerce and Wireless Computing Systems”
• by Geoffrey Elliott, Nigel Phillips • Intended for managers, or beginners in the
technology field• About the capabilities of the wireless
technology and what people want to do with it
• M-Commerce = “The mobile devices and wireless networking environments necessary to provide location independent connectivity”
Secure Systems Research Group - FAU
“Mobile Commerce and Wireless Computing Systems”
• Chapters about:– M-commerce– Networks– wireless protocols – Wireless programming (WAP)– Os for micro devices– Mobile networking (bluetooth) – Services and products– Pervasive and embedded mobile systems– Security– Mobile applications
Secure Systems Research Group - FAU
Patterns for wireless web services (ideas)
• Architectural patterns– Wireless web services gateway– Direct Use of web services over wireless links– Mobile agents for wireless devices
• Implementation patterns– Wireless CallBack– Format compression– Device Authentication– User Authentication– Wireless attribute provider
Secure Systems Research Group - FAU
Wireless web services gateway
• Context– portable devices are limited in memory and
computational power. – the connection bandwidth and reliability of
the wireless connection are limited compared to wired connections
• Problem – How to deliver the web service to the
clients?
Secure Systems Research Group - FAU
Wireless web services gateway
• Solution– Web services are not delivered directly to the
portable device but transformed in a gateway – The gateway is in charge of transforming
the SOAP messages into a compressed form that will be used by the mobile device. It can also implement cache functions.
Mobile device Gateway
Web Service
Web services formatsCompressed formats
Secure Systems Research Group - FAU
Wireless web services gateway
• Example– An example of this compressed format
could be WML (equivalent of HTML in the WAP stack, available in many phones), or for basic scenarios such as the “push” of information, the gateway can transform SOAP messages into SMS, or voice.
Secure Systems Research Group - FAU
Direct Use of web services over wireless links
• Context– portable devices must have built-in
implementations of the web services technologies. This concerns the high end market segment, and includes smart phones, PDAs, and laptops.
• Problem – How to deliver the web service to the
clients?
Secure Systems Research Group - FAU
Direct Use of web services over wireless links
• Solution– the device, that is now a consumer of web
services, can run client applications from different providers
Mobile device
Web Service
Web services formats
Secure Systems Research Group - FAU
Mobile agents for wireless devices
• Context– using a web service can imply multiple
passes between client, server and third parties (for security purposes for example) while the wireless link is not reliable and the bandwidth can be limited.
• Problem – How to deliver the web service to the
clients?
Secure Systems Research Group - FAU
Mobile agents for wireless devices
• Solution– The agents act as proxies on behalf of a
client.
Mobile device
Web Service
Mobile agent
Mobile agent
Mobile agent
Web services formats
Web services formats
Web services formats
