The key design idea underlying the Wireless Application Protocol (WAP) is to use a gateway at the intersection of the wireless mobile network and the traditional, wired network. The WAP gateway forwards web content to the mobile phone in a way intended to accommodate the limited bandwidth of the mobile network and the mobile phone’s limited processing capability. However, the gateway introduces a security hole which may render WAP unsuitable for m-commerce and other security-sensitive transactions and services on the emerging mobile Internet. The paper explains the security hole and the gateway-based design that has led to it, including the technical and business considerations underlying the design. A number of ways to correct the situation are discussed, including a complete re-design of WAP as proposed for the future version 2.0 of the protocol.
[1]
Shmuel Tomi Klein,et al.
Storing text retrieval systems on CD-ROM: compression and encryption considerations
,
1989,
TOIS.
[2]
Sandeep Singhal,et al.
WAP--the Wireless Application Protocol : writing applications for the mobile Internet
,
2001
.
[3]
Christopher Allen,et al.
The TLS Protocol Version 1.0
,
1999,
RFC.
[4]
Jerome H. Saltzer,et al.
End-to-end arguments in system design
,
1984,
TOCS.
[5]
Shmuel Tomi Klein,et al.
Storing text retrieval systems on CD-ROM: compression and encryption considerations
,
1989,
SIGIR '89.
[6]
Corporate.
Official wireless application protocol: the complete standard with searchable CD-ROM
,
1999
.