World Library  
Flag as Inappropriate
Email this Article

Wireless Transport Layer Security

Article Id: WHEBN0001936806
Reproduction Date:

Title: Wireless Transport Layer Security  
Author: World Heritage Encyclopedia
Language: English
Subject: Transport layer protocols, Wireless Application Protocol, Cryptographic protocols, Internet Standards, Transport Layer Security
Publisher: World Heritage Encyclopedia

Wireless Transport Layer Security

Wireless Transport Layer Security (WTLS) is a security protocol, part of the Wireless Application Protocol (WAP) stack. It sits between the WTP and WDP layers in the WAP communications stack.


  • Overview 1
  • Security 2
    • Algorithms 2.1
    • Security criticisms 2.2
  • Interoperability 3
  • External links 4


WTLS is derived from TLS. WTLS uses similar semantics adapted for a low bandwidth mobile device. The main changes are:

  • Compressed data structures — Where possible packet sizes are reduced by using bit-fields, discarding redundancy and truncating some cryptographic elements.
  • New certificate format — WTLS defines a compressed certificate format. This broadly follows the X.509 v3 certificate structure, but uses smaller data structures.
  • Packet based design — TLS is designed for use over a data stream. WTLS adapts that design to be more appropriate on a packet based network. A significant amount of the design is based on a requirement that it be possible to use a packet network such as SMS as a data transport.

WTLS has been superseded in the WAP Wireless Application Protocol 2.0 standard by the End-to-end Transport Layer Security Specification.


WTLS uses modern cryptographic algorithms and in common with TLS allows negotiation of cryptographic suites between client and server.


An incomplete list:

Security criticisms

  • Encryption/Decryption at the gateway — in the WAP architecture the content is typically stored on the server as uncompressed WML (an XML DTD). That content is retrieved by the gateway using HTTP and compressed into WBXML, in order to perform that compression the gateway must be able to handle the WML in cleartext, so even if there is encryption between the client and the gateway (using WTLS) and between the gateway and the originating server (using HTTPS) the gateway acts as a man-in-the-middle. This gateway architecture serves a number of purposes: transcoding between HTML and WML; content providers need not implement WBXML compression; removes reliance on DNS; enables a walled garden
  • Digest truncation — HMAC message digests are truncated to reduce transmission overhead, this reduces the theoretical effectiveness of the HMAC potentially reducing the data integrity protection.
  • Inadequate review — WTLS is significantly different from TLS, it is not clear that the changes made to WTLS have not in some way weakened the security. The use of a new certificate format is an example of this. The format defined in the WTLS specification may not be appropriate for all the uses to which a certificate may be used.
  • Client Implementation - As there are no official specifications which WTLS implementations must adhere to, many may use insecure cryptographic algorithms or key generation processes. In some client software, WTLS may even be disabled.


As mentioned above the client and server negotiate the cryptographic suite. This happens when the session is started, briefly the client sends a list of supported algorithms and the server chooses a suite, or refuses the connection. The standard does not mandate support of any algorithm. An endpoint (either client or server) that needs to be interoperable with any other endpoint may need to implement every algorithm (including some covered by intellectual property rights).

External links

  • WAP forum
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.