Transcript Ideas for Patterns for wireless web services

Patterns for Wireless Web
Services
Nelly Delessy
January 19, 2006
Secure Systems Research Group - FAU
Agenda
• Reviews
– “Wi-Foo The Secrets of Wireless hacking”
– “Mobile Commerce and Wireless Computing
Systems”
• Ideas of Patterns for Wireless Web Services
Secure Systems Research Group - FAU
“Wi-Foo The Secrets of Wireless
hacking”
• by A. Vladimirov, K. V. Gavrilenko, A. A.
Mikhailovsky
• Summary:
– Mixes theory, tools, and techniques about
how attacks against wireless networks are
performed and how one can defend its
network
– Assume that the reader has a good
technical knowledge of networks (I
particular IEEE 802 standards)
– Intended for system administrators,
network managers, + penetration testing
Secure Systems Research Group - FAU
“Wi-Foo The Secrets of Wireless
hacking”
• Focuses on 802.11:widespread area of network
coverage
• How to use a Pda or laptop, choose a wireless
card, antenna, configure the OS to make a
penetration testing on the network
• Using the penetration testing tools:
– Network discovery and traffic logging
– Traffic decoding and analysis
– Encryption cracking tools (WEP crackers)
– 802.11 frame-generating tools
– Encrypted traffic injection tools
– Access point management software
Secure Systems Research Group - FAU
“Wi-Foo The Secrets of Wireless
hacking”
• Attacks:
– closed ESSID, MAC and protocol filtering
– Cracking WEP
– Wireless man-in-the-middle attack and
rogue access points deployment
– Authentication systems attacks
– DoS attacks
Secure Systems Research Group - FAU
“Wi-Foo The Secrets of Wireless
hacking”
• Defenses:
– Security policies
– Hardened gateway
– Improvements to WEP, use of WPA
– Use of radius, LDAP
– Use Of a VPN (IPSec)
– Wireless IDS systems
• Also chapters about cryptography
Secure Systems Research Group - FAU
“Mobile Commerce and Wireless
Computing Systems”
• by Geoffrey Elliott, Nigel Phillips
• Intended for managers, or beginners in the
technology field
• About the capabilities of the wireless
technology and what people want to do
with it
• M-Commerce = “The mobile devices and
wireless networking environments
necessary to provide location independent
connectivity”
Secure Systems Research Group - FAU
“Mobile Commerce and Wireless
Computing Systems”
• Chapters about:
– M-commerce
– Networks
– wireless protocols
– Wireless programming (WAP)
– Os for micro devices
– Mobile networking (bluetooth)
– Services and products
– Pervasive and embedded mobile systems
– Security
– Mobile applications
Secure Systems Research Group - FAU
Patterns for wireless web services
(ideas)
• Architectural patterns
– Wireless web services gateway
– Direct Use of web services over wireless links
– Mobile agents for wireless devices
• Implementation patterns
– Wireless CallBack
– Format compression
– Device Authentication
– User Authentication
– Wireless attribute provider
Secure Systems Research Group - FAU
Wireless web services gateway
• Context
– portable devices are limited in memory and
computational power.
– the connection bandwidth and reliability of
the wireless connection are limited
compared to wired connections
• Problem
– How to deliver the web service to the
clients?
Secure Systems Research Group - FAU
Wireless web services gateway
• Solution
– Web services are not delivered directly to the
portable device but transformed in a gateway
– The gateway is in charge of transforming the
SOAP messages into a compressed form that will
be used by the mobile device. It can also
implement cache functions.
Secure Systems Research Group - FAU
Wireless web services gateway
• Example
– An example of this compressed format
could be WML (equivalent of HTML in the
WAP stack, available in many phones), or
for basic scenarios such as the “push” of
information, the gateway can transform
SOAP messages into SMS, or voice.
Secure Systems Research Group - FAU
Direct Use of web services over
wireless links
• Context
– portable devices must have built-in
implementations of the web services
technologies. This concerns the high end
market segment, and includes smart
phones, PDAs, and laptops.
• Problem
– How to deliver the web service to the
clients?
Secure Systems Research Group - FAU
Direct Use of web services over
wireless links
• Solution
– the device, that is now a consumer of web
services, can run client applications from
different providers
Secure Systems Research Group - FAU
Mobile agents for wireless devices
• Context
– using a web service can imply multiple
passes between client, server and third
parties (for security purposes for example)
while the wireless link is not reliable and
the bandwidth can be limited.
• Problem
– How to deliver the web service to the
clients?
Secure Systems Research Group - FAU
Mobile agents for wireless devices
• Solution
– The agents act as proxies on behalf of a
client.
Secure Systems Research Group - FAU