CSCI5939 Independent Study
Wireless Security

Spring 2003

Announcements
Study list & due dates
Projects
References & links
WAP sample project by Yasir (mirror site)
If you have not joined the discussion board yet, you may join at  http://groups.yahoo.com/group/WirelessSecurity/ .
Important!: To be accepted into the discusssion group, make sure you use your full name as your yahoo id.

Objectives:  The focus of this independent study is the development of wireless applications using the Wireless Application Protocols (WAP) and, more importantly, security issues and technologies related  to wireless applications .  The student taking this independent study will participate in setting up a wireless server and other necessary components, such as a micro browser on a mobile device.  The sample applications involving the server and clients will be developed using J2ME and/or WAP.

Evaluation: Three software development projects + a final report + oral presentations + participation.

Team projects & reports
 40%
Individual presentations
 15%
Individual final report
 35%
Participation
 10%

Projects:  The projects are team-based.  Each team should consist of 2 members. A team submits a report for each of the individual projects.   Each individual, however, must submit his/her own final report, which summarizes the projects, including how the systems were set up, problem descriptions of the projects, design of the applications, source codes of the applications, screen snapshots, lessons learned, and possible future extension of the work.  

Presentations:
Each week one or two persons will sign up to present a selected article.  The presentation is followed by group discussion.  You are highly encouraged to use Powpoint or any presentation tools to prepare your presentation slides.  The presenter must prepare and distribute handouts of his presentation to the rest of the class at the beginning of the presentation.  

How to cite published work in your papers?
Important! Read the above before writing your papers or reports.
To obtain articles from the ACM Digital Library or the IEEE Xplore:
Use any of the lab computers in the campus to download the articles from http://www.acm.org/dl  or http://ieeexplore.ieee.org/xpls/VSearch.jsp .  Note: The links may not work outside the campus unless you've got your own digital library subscription from either site.
Meeting Time & Place:    Thursdays 4-6pm (Delta 236).  Sometimes the group may meet in the D156 lab, especially when a demo requires the use of the server(s) in that lab.


Study list & due dates
Week (Date)
 Papers
 Due
 Presenter / Slides + additional material
1 (1/16)


2 (1/23)
3 (1/30)
  • Presenter: Yasir Zahur
4 (2/6)
  • canceled (the room is not available)

5 (2/13)
Project 1
6 (2/20)
 Architecture and configurations of WAP gateway/server in a networking environment:  
7 (2/27)

8 ( )
 <<<spring break (3/3-8).  no meetings.>>>
9 (3/13)
  • <<Canceled due to room availability>>
  • Note: Email project 2 to yang@uhcl.edu .
 Project 2 (new due date)
10A (3/20)
 Design of project 3
10B (3/20)
  • Securing Wireless Data: System Architecture Challenges. By Srivaths Ravi, Anand Raghunathan, and Nachiketh Potlapally. Proceedings of the 15th International Symposium on System Synthesis. year?.
  • http://www.javaworld.com/javaworld/jw-08-2002/jw-0823-wireless_p.html "Access Web services from wireless devices". By Michael Juntao Yuan. August 23, 2002.
11 (3/27)
  • Overview of J2ME, PocketPC, and the existing support for both in the PDA, mobile phone market
  • Securing your J2ME/MIDP apps : How to digitally sign and verify XML documents on wireless devices using the Bouncy Castle Crypto APIs . June 2002.
12 (4/3)

13 (4/10)
14 (4/17)
15 (4/24)
  • Project 3 demo
 Project 3
  • Presenter: each team
16 (5/1)
Final report

Project 1: System set-up and initial testing
A. (25 pts) Download the Java 2 Platform Micro Edition, Wireless Toolkit, from http://java.sun.com/products/j2mewtoolkit/index.html .  Set up the development environments, especially the emulator, on a computer and try out a sample wireless application.  Write a readme.txt file to outline the steps a new user needs to take in order to download, install, and test the J2ME Wireless Toolkit.
Note: Check out the J2ME Development Tutorial , and the Secure Java MIDP Programming Using HTTPS with MIDP .
B. (25 pts) A WAP gateway is a software that converts HTML pages to WML formats such that wireless clients would be able to access the content of HTML based web pages.  Search the web to find and download a WAP gateway.  Install and run it.  Try to use a mobile device emulator to access a HTML page by going through a WAP gateway.  Attach screen snapshots to show how the emulator connects to the HTML page.

C. (25 pts) Do one of the following tasks:
  1. Download and install the Nokia Activ Server (from http://www.nokia.com/ ).  Read the "Getting Started Guide".  Use a mobile device emulator to access a sample WML page from the Activ Server.  Attach the WML page and screen snapshots to show how the emulator connects to the WML page.
  2. Search the Internet to find three to five articles discussing issues, technologies, or research related to wireless security.  Indicate which three of the articles you plan to present to the class.  
D. (25 pts) Obtain the source of the sample wireless application from Yasir.  Go over the installation and program development process to understand how to use the J2ME development environment and the wireless emulator to develop a wireless front end to a N-tier web application.  Give Yasir a demo.   WAP sample project by Yasir (mirror site)
Project 2: (revised)
A. (50 pts) Search the Web or any other sources to find answers for the following questions:
  1. Explain the differences between WAP gateways and WAP proxy servers (as defined in WAP v 2.0 specification), especially their respective security features and implications.
  2. What mobile phones or hand-held devices have support for the WAP 1.0 protocols?  What devices have support for the WAP 2.0 protocols?  List between 3 and 5 devices for each of the questions.
  3. Are there any commercial WAP proxy servers out there?  If possible, find at least three such servers and compare their respective support for the WAP v 2.0 protocols.
  4. Find at least five WAP-enabled web sites and explain their respective features, in terms of their support for WAP v 2.0 protocols.
  5. In order to implement the WTLS (Wireless Transport Layer Security) protocol in the sample wireless application, the WAP gateway or server and the networking environment must be properly configured.  Use at least two sample configurations to explain how that could be done.
B. (50 pts) Assuming a properly configured WAP gateway or server is available for your development, answer the following questions:
  1. Investigate support for WTLS respectively in J2ME and WAP.  If by default WTLS is not supported in either, find out whether there exists any third-party vendors that provide such support.
  2. Draw an UML diagram to illustrate the design of your application and how WTLS would be integrated into the application.  Clearly depict the definition of the classes and their relationships.  Attributes and methods to be defined in the classes should be clearly represented.  In addition to its name,  a method's definition includes its parameters, the type of each of the parameters, and the type of the returned data from the method.  Multiplicity constraints shall be clearly marked for each of the associations.  You may refer to the WTLS papers for week 5 plus other references.
  3. Describe the two security control mechanisms that you plan to implement in project 3.  Explain how J2ME and WAPscript are going to be used in the development.  The discussions at http://www-106.ibm.com/developerworks/java/library/j-midpds.html may offer some insights.
Project 3:
A. (70 pts) Add at least two security control mechanisms into the sample application.
  • Design: an UML diagram illustrating the design of your application and how the security mechanisms would be integrated into the application
  • Implementation: Use J2ME (Midlet) and/or WAPscript to implement the security control.
  • Project demo: Send the source of your project to yang@uhcl.edu as a single zip file and give the class a demo.
B. (30 pts) Determine the topic of your final report.  Write a one-page narrative to describe the title, the significance of the topic, and an outline of your final report.  Attach at least five related references, including papers, tutorials, web pages, etc.  Sample topics include but are not limited to: a) Installation of a WAP gateway/server;  b) MIDP Security;  c) WAP Security and its Implementation;  d) Database Access from Mobile Devices; and e) Accessing Web Services from Mobile Devices.  Please note that final reports are individual reports.  If you have any doubt or questions, feel free to discuss with the instructor.

Collected Papers on Wireless Security: 
Wireless Application Protocol (WAP) et. al.
WAP, J2ME and Wireless Java
Nokia phones, etc.
Wireless Device Security
More information regarding wireless applications and security are available at http://sce.uhcl.edu/yang/teaching/csci5939sum02/csci5939WirelessSecurity.htm .
Announcements
Date Announced
 Description
2/26
 Project #3 was posted.
2/26
 Updated presentation schedule (week 9 and 10)
2/19
 > GSM Tutorial
> A summary of GSM prepared by Yasir Zahur
2/18
 More references were added for week 6 (WAP architecture)
2/14
 Revised presentation schedule
2/13
 Project 2 is revised + new due date
2/13
 A local copy of the WTLS paper by Kwon etc. is available.
2/13
 > 3G: Sprint and Bell Mobility Collaborate on CDMA Wireless (7th November 2002)
2/13
 > Discussions at WirelessAdvisor.com about 'how to set up the WAP settings for T-Mobile in order to access its GPRS access point?'
2/13
 > Nokia Forum FAQs: How can you connect the Nokia Activ Server to the operator's network?
2/13
 > Mobilesys Teams Up With Microsoft to Deliver SQL Server Data to Any Wireless Device (8/26/02)
> Microsoft Mobile Information Server 2002 (MIS):
    Supported Combinations of Hardware, Networks, Browsers, and WAP Gateways
    Using Internet Security and Acceleration Server (ISA) as a Gateway for Mobile Information Server 2002
2/13
 > Latest Global, Handset, Base Station, & Regional Cellular Statistics
> View a web site with online WAP browser (wapalizer)
> Wireless Internet Gateway (WIG)
2/13
 > Nokia success stories: wireless applications
> Nokia Developer Hub (NOT available in the US)
> Nokia Base Stations   ( Nokia MetroSite WCDMA Base Station )
> Nokia Active Server 2.1 , WAP Gateway
2/13
 > Developer.com's "Newest Java J2ME Articles "
2/13
 > Steve Schafer: Learning WML - " WAP Basics ", " Tools and Structure ", " Navigation, User Input, and Graphics"
, " Variables and Scripting ", " WML Scripting Tips and Integration with PHP ", " Delivering HTML To a WML Device ", " Interactive Fun and Games with WAP and WML
2/12
 > Access all areas ...    Cysive white paper on the Interaction Server
2/7
 > Network World's report on declined PDA sales for 2002
> "Study: Handheld shipments fall, Palm maintains lead". By Tom Krazit. IDG News Service, 01/27/03.
2/6
 Updated schedule
2/6
 Mirrored site for the sample WAP project was set up.
2/5
 Due to Voyager break-down, project 1 deadline was extended for a week (to 2/13).
1/30
 > Discussions about J2ME and PocketPC:  
>> "J2ME shortcoming opens door for Microsoft" .  By David Berlind. ZDNet Tech Update. January 21, 2003.
>> "Can Sun's mobile posse ease J2ME developers' woes?" .  By David Berlind. ZDNet Tech Update. January 29, 2003.
1/28
 > A survey of PDAs that support both WLAN and mobile connectivity
1/28
 > WAP 2.0 FAQ: http://jataayusoft.com/WAP2-FAQs.pdf
>  WAP 2.0 Security: http://www.sans.org/rr/wireless/WAP2_sec.php
1/28
 > "The next wireless wave" .  By Olga Kharif.  BusinessWeek Online .  January 21, 2003.
1/23
 Updated project 2 (part B)
1/23
 Updated schedule
1/23
 Updated project 1 (D and E) + project 2 and 3
1/16
 Project 1 was posted.