3.5. Understanding Mobile Devices

Mobile devices, including pagers and personal digital assistants (PDAs), are popular. Many of these devices use either RF signaling or cellular technologies for communication. If the device uses the Wireless Application Protocol (WAP), the device in all likelihood doesn't have security enabled. Several levels of security exist in the WAP protocol:

• Anonymous authentication, which allows virtually anyone to connect to the wireless portal

• Server authentication, which requires the workstation to authenticate against the server

• Two-way (client and server) authentication, which requires both ends of the connection (client and server) to authenticate to confirm validity

Many new wireless devices are also capable of using certificates to verify authentication. Figure 3.12 shows a mobile systems network; this network uses both encryption and authentication to increase security.

Figure 3.12. A mobile environment using WAP security

The Wireless Session Protocol (WSP) manages the session information and connection between the devices. The Wireless Transaction Protocol (WTP) provides services similar to TCP and UDP for WAP. The Wireless Datagram Protocol (WDP) provides the common interface between devices. Wireless Transport Layer Security (WTLS) is the security layer of the Wireless Application Protocol and is discussed in detail in Chapter 4.