CertiGuide to Security+

WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Like what you see? Get it in one document for easy printing!

Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!

Get It Here!

CertiGuide to Security+
9 Chapter 2: Communication Security (Domain 2.0; 20%)
9 2.6 Wireless

2.6 Wireless

2.6.2 802.11x

2.6.1 WTLS

The Wireless Application Protocol is another wireless technology that was created for wireless resources with limited capability such as a cellular phone. Among the protocols within WAP is the security layer, Wireless Transport Layer Security (WTLS), which provides privacy, data integrity and authentication for WAP communication. It is an evolution of the TLS/SSL protocols specifically suited for the low-bandwidth, high-latency, less robust, wireless scenario. It uses both conventional symmetric and public key cryptography.

As pointed out by Markku-Juhani Saarinen²³² at the University of Jyvaskyla, Finland the WTLS protocol design limits the effectiveness a Certificate Authority such as VeriSign can have while supporting WTLS. It appears that this research has been taken to heart as seen in the papers available from the wapforum.org²³³. If you visit the site you may notice the group is in the process of quietly renaming itself to the Open Mobile Alliance.

WAP/WTLS

WAP (Wireless Application Protocol) is a protocol for communication between low-bandwidth, high-latency wireless devices.

WTLS (Wireless Transport Layer Security) is the WAP security protocol that provides privacy, data integrity and authentication for WAP communication.

[spacer] Better Wireless Security²³⁴

The Wi-Fi Alliance's specification, called WPA (Wireless Protected Access), includes mechanisms from the emerging 802.11i standard for both data and network access control. For encryption, WPA has TKIP (Temporal Key Integrity Protocol), which uses the same algorithm as WEP but constructs keys in a different way. For access control, WPA will use the IEEE 802.1X protocol, a recently completed standard for controlling entry to both wired and wireless LANs.

With WPA, each user will have his or her own encryption key, and that key can be set to change periodically. In enterprises, user authentication will be handled by an authentication, a system that can be expanded to handle more users much more easily than could WEP.

In the future some enterprising firm may use digital infrared²³⁵ for short range communication.

__________________

232. http://www.cc.jyu.fi/~mjos/wtls.pdf

233. http://www.wapforum.org/what/technical.htm

234. http://www.infoworld.com/articles/hn/xml/02/10/31/021031hnwifi.xml?s=IDGNS

235. http://www.sony.net/Products/SC-HP/cx_news/vol27/pdf/diat.pdf

2.6 Wireless

2.6.2 802.11x

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!

Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.