Chapter 1

Wireless Network Security 1.1 Introduction 1.2 Physical Layer Encryption 1.3 802.1X User Authentication 1.4 VPN Security

Chapter 1 Wireless Network Security

1.1

Introduction

Advantage of WLAN technology is that there is no killer app required to deploy wireless networks. WLAN components plug into the existing infrastructure as simply as extending a phone line with a wireless phone. By removing the need to wire a network in the home, the cost of adoption and benefit of mobility and low cost of components make wireless networking a low-cost and efficient way to install a network. We will discuss the 3 layer of wireless security and the options available for securing the network: Physical layer encryption, including WEP which has proven ineffective against hackers 802.1X standards-based security which provides cost effective, easy to use network security; and VPN-based security for the most security conscious requirements. Layered Wireless LAN Security WLAN security should be handled in layers. This provides several advantages: Stronger overall security, the ability to block access at multiple layers of the network, and flexibility in selecting the cost/benefit ratio of the desired solution. By building security in layers, protection can be provided at each layer in the network model. Each layer provides inherent protection against specific attacks for higher layers of security, correlating to the layers of the ISO network model. One of the benefits of 802.1X is the additional strength of layered security. If an intruder is able to break the security at one level, he is presented with an entire new level of security to break again. This allows significantly longer time to detect and foil the intruder. The layered security approach also provides the benefit of selecting the desired level of security, compared against the costs of adding additional layers. Layer 1 Physical layer security is built into wireless equipment, and is essentially free (except for the cost of configuring and maintaining encryption keys) and may be

adequate for a home user who wants to keep out the casual intruder. 802.1Xbased security provides strong corporate security at an incremental cost. 802.1X dramatically increases the security protection of the network and provides the level of protection needed by most business and corporate users. In specific vertical segments such as financial and government users where triple-DES encryption is required, VPNs over 802.1X provide the highest level of wireless security. Each layer adds additional protection on top of the layers below it. The first two layers (physical layer encryption and 802.1X user authentication) are generally recognized as the minimum requirements for strong wireless LAN security, now specified in the Wi-Fi Protected Access (WPA) standard. An additional third layer (VPN) can be added to increase the security levels, if the traffic is sent unencrypted over the network. 1.2 Physical Layer Encryption

The lowest level of security that can be deployed in a wireless network is the Wired Equivalent Privacy standard (WEP). WEP allows for 40-bit or 128-bit keys to be entered in both the access point and the clients to encrypt the traffic between the PC and the access point.

Figure 3.1 WEP standard for securing wireless standards The challenge however, is the inherent weakness of WEP security. With a little digging, unauthorized users can easily find software on the Internet that can be used to crack WEP encryption by capturing the network traffic over the air and deciphering the key (figure Once the WEP key is deciphered, the traffic can be read in the clear, overcoming the encryption on the network traffic. Another challenge of WEP-only encryption is the need to key each client device and each access point with the same encryption key (figure 1). In environments with more than ten users, the management of these keys, and manual rekeying whenever a user is removed from the network can be burdensome.

To address the inherent flaws of WEP, the Wi-Fi Alliance has created a new standard called Wi-Fi Protected Access (WPA). WPA combines two components to provide strong security for wireless networks. The first component is called Temporal Key Integrity Protocol (TKIP), which replaces WEP with a much stronger protocol. TKIP provides data encryption enhancements including a key mixing function, a message integrity check, and a re-keying mechanism that rotates through keys faster than any sniffer software can decode the encryption keys. Through these enhancements, TKIP addresses all of WEP's known encryption vulnerabilities. A more robust replacement for TKIP being debated in the IEEE standards committees is a new encryption standard called 802.11i. The second component of WPA is 802.1X security, which addresses the key management issue with user authentication. 802.1X is the second layer of security which, when combined with TKIP, provides a strong level of wireless security. 802.1X provides a security mechanism through which a user must be authenticated before he is allowed access to the network. 1.3 802.1X User Authentication WEP and TKIP have no user authentication mechanism. Any user that has the encryption key (whether legitimately or illegally obtained) can get free access to the network and the traffic data. To overcome this weakness, 802.1X security is layered on top of the physical layer security. The more recent physical layer security protocols, Wi-Fi Protected Access (WPA) and the emerging 802.11i standard, both specify 802.1x security as a framework for strong wireless security.

Figure 3.2 802.1x Authentication 802.1X user authentication as shown in Figure 2, requires a user to provide credentials to the security server before getting access to the network. The credentials can be in the form of user name and password, certificate, token, or biometric. The security server

authenticates the user's credentials to verify that the user is who he or she claims to be, and is authorized to access the network. If the user is both authenticated and authorized to access the network, and the access point is verified as being part of the network, then the security server communicates directly with the access point to authorize the user's access to the network. The security server also creates a unique pair of encryption keys for this user session, which are sent to both the access point and the client to securely and uniquely encrypt the wireless communication between the two. The security server also verifies that the access point is a valid part of the network. This is done to protect the user from connecting to an unauthorized access point that may have been set up to fraudulently capture network data. 802.1X security overcomes two significant limitations that physical layer security alone presents. It provides unique encryption keys for each user each time they sign onto the network, and eliminates the key management issues associated with maintaining common encryption keys across all access points and users. The security server allows network access to be managed on a user basis. It can tie in to other corporate user databases or directories to authenticate the user against a common set of user credentials, eliminating the need for replicating and maintaining separate databases. Combining 802.1X user authentication with physical layer security provides robust, strong security that cannot be broken with any known off-the-shelf software tools. It can provide wireless LAN users with a high level of assurance that their data will remain protected and that only authorized network users can access the network. In some cases where higher levels of data security is required, VPNs can be layered on top of the security servers to provide an additional level of encryption of the IP data. 1.4 VPN Security In environments where triple DES encryption is required, or the data on the wireless network may be passed through the Internet, VPNs may be used to provide another layer of security over 802.1X based solutions. A word of caution on VPN implementations for wireless security: early wireless implementations used VPNs as the only security layer for wireless LANs. This practice leaves open security vulnerabilities. VPNs only encrypt data between the IP packets, leaving the wireless network vulnerable to a number of lower level attacks on the MAC and IP headers, such as wireless session hijacking and rogue AP, or man-in-the-middle attacks. 802.1X-based security should be used to prevent unauthorized access to the network, and to prevent the sniffing and stealing of IP and MAC addresses. It should also be used to prevent session hijacking and man-in-the-middle attacks through rogue access points. VPNs, while providing very strong IP data encryption, cannot prevent these types of lower level attacks. If VPN security is required, a layered approach in conjunction with an 802.1X security server is the predominately recommended approach.

Figure 3.4 VPN security used in conjunction with 802.1X authentication. Rules for WLAN Security Activate Physical Layer Security. While WEP has its weaknesses, TKIP, specified as part of WPA, provides a base level of security. When combined with 802.1X it provides a very strong level of security. Dont Broadcast or Use Default SSIDs. By changing the default SSID and configuring the access point not to broadcast the SSID, the most common sniffing tools can be rendered useless. Use 802.1X User Authentication. When access points are configured to support 802.1X, users are not allowed on the network without proper credentials. Once authenticated, the client and access point are provided with unique, random session keys to encrypt the data transfers. Implement Personal Firewalls. Even if a hacker is able to associate with an access point, the personal firewall will prevent them from accessing files on a user device on the same WLAN. Use VPNs Where Triple DES Encryption is Required. Specific environments like government and financial industries require 3DES security for all network transmissions. In these environments, VPNs should be used on top of 802.1X security.

Chapter 2 Bluetooth Networks and Security 2.1 2.2 2.3 2.4 2.5 2.6 Introduction Bluetooth components Bluetooth Stacks Links and Elements Bluetooth Networking Reliability and Secure Transmission

Chapter 2 Bluetooth Networks And Security

2.1 Introduction Bluetooth technology was intended to hasten the convergence of voice and data to handheld devices, such as cellular telephones and portable computers. Through the efforts of its developers and the members of the Bluetooth Special Interest Group (SIG), it is now emerging with features and applications that not only remain true to its original intent, but also provide for broader uses of its technology. Bluetooth is an open standard specification for a radio frequency (RF)-based, short-range connectivity technology that promises to change the face of computing and wireless communication. It is designed to be an inexpensive, wireless networking system for all classes of portable devices, such as laptops, PDAs (personal digital assistants), and mobile phones. It also will enable wireless connections for desktop computers, making connections between monitors, printers, keyboards, and the CPU cable-free.

2.2 Bluetooth Components A complete Bluetooth system will require these elements: An RF portion for receiving and transmitting data A module with a baseband microprocessor Memory An interface to the host device (like mobile handset etc) The RF portion can be implemented as a module or as a single chip. Ericsson has a module available that includes a short-range radio transceiver, an external antenna, and a clock reference (required for synchronization). It can be used independently or with a baseband module, which Ericsson also offers. Other transceivers also are available for Bluetooth applications, and those transceivers also can be used with another companys

baseband solution or with a packaged baseband processor. In this type of arrangement, the lower-layer Bluetooth protocols are supported in the baseband module, and the host processor must support the upper-layer protocols (for example, file transfer). In other words, the RF/baseband solution provides the means to communicate with the host, but you need to implement a connection interface, as well as any upper-layer protocols, to use applications supported by the final product. The upper layers of the technology support what are known as the Bluetooth profiles in other words, a set of protocols. A set of protocols is optimized for a class of applications for example, dial-up networking or file transfer. This feature is issue is important, because it enables interoperability among devices. Requiring a specific profile for devices that provide comparable applications ensures interoperability across a spectrum of devices. 2.3 Bluetooth Stack The baseband, or radio module, is the hardware that enables wireless communication between devices. The building block of this technology is the Bluetooth stack, which includes the hardware and software portions of the system. Figure 1-1 shows a graphic representation of the stack. Essentially, the stack contains a physical-level protocol (baseband) and a linklevel protocol (Link Manager Protocol, or LMP) with an adaptation layer (Logical Link Control and Adaptation Layer Protocol, or L2CAP), enabling upperlayer protocols to interact with the lower layer.

Figure 4.1 Overview of the Bluetooth Stack The Bluetooth stack has the following components: RF portion for reception and transmission

Baseband portion with microcontroller Link control unit Link manager to support lower-layer protocols Interface to the host device Host processor to support upper-layer protocols L2CAP to support upper-layer protocols

The radio frequency (RF) portion provides the digital signal processing component of the system, and the baseband processes these signals. The link controller handles all the baseband functions and supports the link manager. It sends and receives data, identifies the sending device, performs authentication, and determines the type of frame to use for sending transmissions. The link controller also directs how devices listen for transmissions from other devices and can move devices into power-saving modes. The link manager, located on top of the link controller, controls setup, authentication, link configuration, and other low-level protocols. Together, the baseband and the link manager establish connections for the network. The host controller interface (HCI) communicates the lower-layer protocols to the host device (mobile computer or mobile phone, for example). The host contains a processor, the L2CAP, which supports the upper-layer protocols and communicates between upper and lower layers. The upperlayer protocols consist of service-specific applications that must be integrated into the host application. Another element in the Bluetooth stack that relates to radio communications is the RFCOMM protocol, which allows for the emulation of serial ports over the L2CAP. The Service Discovery Protocol (SDP) provides the means for Bluetooth applications to discover the services and the characteristics of the available services that are unique to Bluetooth. The Bluetooth device manager provides for device inquiry and connection management services. 2.4 Links and Channels Links and channels are used to transmit data between Bluetooth units. First, the links are established. Bluetooth technology supports two link types: synchronous connectionoriented (SCO) and asynchronous connectionless (ACL) links. The SCO links are used primarily for voice communications. The ACL links are used for packet data. Bluetooth devices can use either link type and can change link types during transmissions, although an ACL link must be established before an SCO link can be used. After the link has been established, Bluetooth uses five logical channels to transfer different types of information between devices: Link control (LC) manages the flow of packets over the link interface. Link manager (LM) transports link management information between participating stations. User asynchronous (UA) carries user data. User isochronous (UI) carries user data. User synchronous (US) carries synchronous (SCO) data.

Protocols Bluetooth protocols are sets of conventions that govern the transmittal of data in upper and lower layers of the system. The lower-layer protocols pertain to establishing connections, and the upper layers correspond to specific types of applications. LINK CONTROL PROTOCOL The link control protocol is responsible for delivery of the basic data elements. All packet information is transmitted in a specific time-slot format (a single time slot in the Bluetooth system lasts 625 s), and specific links are designed to transport a range of data types. The Bluetooth link control protocol can be used to manage the associations and delivery of information between the various units within a Bluetooth network. This format is used for both synchronous (voice) and asynchronous (data) modes of operation, with specific formats specified for voice transport. LINK MANAGER PROTOCOL The link manager protocol (LMP) is a command-response system for transmitting data. It transports packets through the Bluetooth baseband link protocol, which is a time-slotoriented mechanism. LMP packets are limited in size to ensure that they fit into a single time slot. The format of the protocol data unit (PDU) is simple. Two fields are used: The Op Code identifies the type and sequence of the packet. The content field contains application-specific information. The LMP also specifies a collection of mandatory and optional PDUs. Transmission and reception of mandatory PDUs must be supported. Optional PDUs dont need to be implemented, but can be used as necessary. The protocol sequences are similar to clientserver architectures, with the exchange of information following a similar requestresponse pattern. In general, a single response PDU is sent upon receipt of the original request. Because Bluetooth is an RF broadcast technology, a set of request messages can be broadcast to all participants on a network. In this case, one request can elicit several responses. L2CAP Logical link and adaptation protocol (L2CAP) enables transmission of data between upper and lower layers of the stack. It also enables support for many third-party upperlayer protocols such as TCP/IP. In addition, L2CAP provides group management by mapping upper-layer protocol groups to Bluetooth networks. It also is a factor in ensuring interoperability among Bluetooth units by providing application-specific protocols. Other protocols interfacing to the L2CAP include service discovery protocol (SDP), radio frequency communication (RFCOMM), telephony control protocol specification (TCS), and IrDAObject Exchange Protocol (IrOBEX): SDP RFCOMM

TCS OBEX

2.5 Bluetooth Networking The Bluetooth technology provides both a point-to-point connection and a point-tomultipoint connection. In point-to-multipoint connections, the channel is shared among several Bluetooth units. In point-to-point connections, only two units share the connection. Bluetooth protocols assume that a small number of units will participate in communications at any given time. These small groups are called piconets, and they consist of one master unit and up to seven active slave units. The master is the unit that initiates transmissions, and the slaves are the responding units. This type of Bluetooth network can have only one master unit. If several piconets overlap a physical area, and members of the various piconets communicate with each other, this new, larger network is known as a scatternet. Any unit in one piconet can communicate in a second piconet as long as it serves as master for only one piconet at a time. Bluetooth connections The major difference between Bluetooth wireless connectivity and the cellular radio architecture is that Bluetooth enables ad hoc networking. Rather than depending on a broadband system, which relies on terminals and base stations for maintaining connections to the network via radio links, Bluetooth implements peer-to-peer connectivity no base stations or terminals are involved. Using peer-to-peer connectivity, Bluetooth technology simplifies personal area wireless connections, enabling all digital devices to communicate spontaneously. Early applications are expected to include cable replacement for laptops, PDAs, mobile phones, and digital cameras. Because Bluetooth supports voice transmissions, headsets also are in line to become wireless. The Bluetooth technology offers the following advantages: Voice/data access points will allow, for example, mobile phone/Internet connections. Cable is replaced by a Bluetooth chip that transmits information at a special radio frequency to a receiver Bluetooth chip. Ad hoc networking enables personal devices to automatically exchange information and synchronize with each other. For example, appointments made on a PDA calendar automatically appear on a desktop calendar as well.

Figure 4.2 Connecting with Bluetooth 2.6 Reliable and secure transmissions Bluetooth technology also provides fast, secure voice and data transmissions. The range for connectivity is up to 10 meters, and line of sight is not required. The Bluetooth radio unit. Functions even in noisy radio environments, ensuring audible voice transmissions in severe conditions. Protects data by using error-correction methods. Provides a high transmission rate. Encrypts and authenticates for privacy. As with any wireless interface, Bluetooth must address issues involving reliable delivery of information. Noise and interference from other ISM (Industrial, Scientific, and Medical) band transmissions, for example, are factors that come into play. To help deliver accurate information, Bluetooth provides two error-correction mechanisms: forward error correction (FEC) and automatic repeat request (ARQ). Typically, FEC is applied to voice traffic for which the timeliness of the delivery takes precedence over the accuracy late voice traffic being unacceptable. ARQ mechanisms are used for data applications. Because Bluetooth operates in the unlicensed ISM frequency band, it competes with signals from other devices, such as garage door openers and microwave ovens. In order for Bluetooth devices to operate reliably, each Bluetooth network is synchronized to a specific frequency pattern. The Bluetooth unit moves through 1,600 different frequencies per second, and the pattern is unique to each network. Bluetooth also implements various security measures, including authentication and encryption. Authentication is used to verify the identity of the device sending information, and encryption is used to ensure the integrity of the data. To ensure the security of the Bluetooth networks , the Bluetooth technology implements: Low Power Architecture Global compatibility Interoperability , Standards and Specifications Key Management Architectural Security

Chapter 3

Wireless Application Protocol 3.1 3.2 3.3 3.4 3.5 Introduction Protocols Wireless Application protocol WAP Network Architecture WAP Protocol Stack 3.5.1 WAP and Existing Internet Standard 3.5.2 WAP and Scalability 3.6 Key Problem: WAP Network Architecture 3.7 Conclusion

Chapter 3 Wireless Application Protocol

3.1 Introduction The wireless cellular telephony market has experienced tremendous growth worldwide during the last decade. The convergence of traditional telecommunications and Internet technologies suggests that. in the future, citizens will access the Internet from a greater variety of devices than is currently the case. But the first non-PC devices being positioned for Internet access are wireless handheld devices like personal digital assistants, mobile cellular telephones and enhanced pagers. This phenomenon has created a rapidly evolving, dynamic wireless Internet access market, inundated with a plethora of new technologies. An application is an executable program that provides a user access to value-added services that may or may not require network connectivity. An operating system is the primary user interface that serves as the software intermediary between the applications and the handheld device. A handheld device is the actual hardware or mobile communication device on which the operating system runs. A protocol is the "language" that defines how wireless Handheld Devices send and receive data "over the air." A network is the underlying cellular wireless network that supports the voice and data services that users will access using wireless handheld devices.

Why WAP is necessary ? Ensure Interoperability - Service providers must feel secure that their investments will yield benefits in the future. They will not be able to do so until equipment and software offered by different suppliers can be made to work together. The WAP specification has been designed to encourage easy, open interoperability between its key components. Any solution component built to be compliant with the WAP specification can interoperate with any other WAP-compliant component. Bearer and device independence both help foster interoperability. But interoperability goes beyond these two principles to require that each WAP compatible component will communicate with all other components in the solution network by using the standard methods and protocols defined in the specification. Interoperability provides clear benefits for handset manufacturers and infrastructure providers. Handset manufacturers are assured that if their device complies with the WA P specification it will be able to interface with any WAP-compliant server, regardless of the manufacturer. Likewise, the makers of a WAP-compliant server are assured that any WAP-compliant handset will interface correctly with their servers. 3.2 Protocols The protocols market segment is the focus of this paper because it is arguably the most important from a technical perspective. The wireless protocol is the glue that will hold the wireless Internet access market together. Applications and operating systems for handheld devices will be designed to be compatible with a specific protocol; protocol specifications will determine which handheld devices and wireless networks are supported. A single protocol that supports a diversity of handheld devices and wireless networks is most likely to be quickly and widely adopted. Ultimately, it is expected that such a protocol will dominate this market segment, as is the case with the TCP/IP suite of Internet protocols. Currently, however, multiple protocol standards exist. Three of the most important protocol standards SIM Application Toolkit, MExE and WAP are discussed in greater detail and evaluated in this section. A comparative analysis reveals why WAP is expected to emerge as the dominant standard. The applications which play a major part of the protocol functioning are: Subscriber Identity Module Application Toolkit Mobile Station Application Execution Environment 3.3 Wireless Application Protocol The Wireless Application Protocol (WAP) is a communications protocol and an applications environment that will enable Internet and web access from wireless handheld devices. WAP is designed to work with a wide diversity of cellular wireless data transmission networks, wireless handheld devices and device operating systems. Operationally, WAP attempts to make the most of limited computing resources by placing a simple WAP-based browser on wireless handheld devices and by shifting the more computationally intensive tasks onto network servers called WAP Gateways. These Gateways also serve as the intermediaries that can retrieve WAP-specific content or reformat World Wide Web content for display on WAP-based wireless handheld devices.

The WAP Forum, an industry alliance of more than 200 telecommunication hardware, software, network and peripheral companies, is developing the WAP standard. WAP also allows for a standard method for providing access to diverse World Wide Web content on wireless handheld devices using existing wireless telecommunications infrastructure. In addition, companies like Nokia have already released WAP-compliant wireless cellular wireless telephones. WAP does not have the problems associated with the SIM Application Toolkit and the MExE. As mentioned before, WAP runs over a diversity of cellular wireless transmission technologies including GSM, CDMA and TDMA. In addition, the computing resources required to support WAP are currently available on wireless handheld devices today. Coupled with the broad-based support that exists , this makes WAP the data transmission protocol and application environment most likely to succeed in the emerging wireless handheld device data transmission market.

3.4 WAP Network Architecture

Figure 3.1 WAP Network Architecture (AU system)

The WAP specification envisions a three-layered network architecture, as shown in the figure above. The first layer is the client device, which is the wireless handheld device that a subscriber will use to access the Internet. This client device will have a WAP-based micro-browser (analogous to the desktop web-browser) that will serve as the primary user interface, through which the subscriber will make requests for Internet-based information. The second layer is the WAP Gateway, which processes encoded requests for Internetbased information from the client device. The WAP Gateway uses standard HTTP requests to retrieve HTML documents from traditional web servers on the Internet. It employs a filter that encodes these documents with WML (Wireless Markup Language, analogous to HTML) before passing them back to the client device. WAP also defines a scripting language called WML Script (analogous to JavaScript on desktop computers), that extends micro-browser functionality with small applications called scripts. The third layer consists of traditional web servers on the Internet, which store the actual valueadded information and content that subscribers wish to access. As noted above, this content (usually in HTML), must be encoded with WML by a WAP Gateway for viewing on wireless handheld devices. Content may also be stored on web-servers in WML, allowing the WAP Gateway to pass WML documents directly to the client device. 3.5 WAP Protocol Stack The WAP specification defines a multi-layered protocol stack consisting of a set of component protocols [AU-System]. This protocol stack is shown alongside the traditional World Wide Web protocol stack in the figure above. Clearly, the WAP protocol stack appears to inherit its architecture from the ISO OSI reference model and the existing web protocols stack. At the topmost Application layer, WAP defines a Wireless Application Environment (WAE) which includes the WML micro-browser, a WML Script Virtual

Machine and a Wireless Telephony Application Interface (WTAI). At the Session layer, WAP defines a Wireless Session Protocol (WSP) which is analogous to the existing Hyper Text Transfer Protocol (HTTP).

Figure 3.2 WAP Protocol Stack

At the Transaction layer, WAP defines a Wireless Transaction Protocol (WTP) which is analogous to the existing Transmission Control Protocol (TCP). At the Security layer, WAP defines a Wireless Transport Layer Security (WTLS) protocol that is roughly functionally equivalent to the Transport Layer Security (TLS) and IP Security (IPSec) in the traditional Internet protocol stack. At the Transport layer, WAP defines a Wireless Datagram Protocol (WDP) which is analogous to the existing User Datagram Protocol (UDP). 3.5.1 WAP and existing Internet standards The WAP protocol stack inherits its architecture from the existing Internet protocols stack. Analogies were made between TCP and WTP, IPSec and WTLS, and UDP and WDP. The WAP protocol stack inherits its architecture from the existing web protocols stack. To further emphasize the similarity between WAP and existing Internet standards WAP specification relies heavily on existing Internet standards like XML, IP and UDP Despite the public relations efforts of the WAP Forum, one of the greatest criticisms of WAP is that it in fact does not use existing Internet standards. Rather, it redefines them in ways that make wireless environment-specific protocols incompatible with existing Internet standards. In a stinging critique of WAP component protocols in different stack layers do not functionally map to existing Internet protocols in parallel stack layers. For example, WTLS in the WAP protocols stack (which should be parallel to TLS/SSL in the web protocols stack) actually performs some of the functions that are performed by TCP in the web protocols stack. From a purely technical perspective, WAP's redefinition of existing Internet protocols is undesirable because it creates incompatibilities.

3.5.2 WAP and Scalability A key aspect of the argument for WAP over existing Internet standards is that todays handheld devices and cellular wireless networks are not suited for providing users with access to the HTML-based web. However, handheld devices are getting more powerful every day with larger displays and longer battery life. Cellular wireless networks are transitioning from current second-generation technologies to third-generation technologies, which will offer high bandwidth connectivity specifically for data service. It is uncertain whether WAP will be needed in tomorrows wireless market. Some technical analysts believe that WAP is not a truly scaleable protocol solution for the wireless environment. The de facto choice of a non-scaleable protocol as the basis of wireless Internet access technology is a significant policy concern, because it would severely constrain future growth of the wireless Internet access market. 3.6 The Key Problem: WAP Network Architecture Handheld devices, with their less powerful processors, less memory, limited power consumption, small low-resolution displays and limited data input mechanisms are limited in their ability to display HTML-based web pages. Content targeted for mobile users must be encoded in the simpler WML, as defined by the WAP Forum. The WAP Gateway or Proxy server, as described in the Section 3, does this encoding or "filtering". The WAP network architecture also requires that mobile users wishing to access Internetbased content and specific value-added services on their handheld devices must route their requests through the WAP Gateway. Clearly, the WAP Gateway plays an important role within the context of a WAP based network architecture implementation. However, the role of the WAP Gateway as defined in the WAP network architecture has come under serious criticism from various quarters. Specifically, these questions focus on the management and ownership of these WAP Gateways. The deployment of WAP-based services is a new development resulting from the convergence of the Internet and the traditional telecommunications industry. As a result, the initial installment, management and training costs associated with incorporating WAP Gateways into existing telecommunications infrastructure are expected to be significant. Telecommunication carriers will not wish to bear these costs on an unilateral basis. The providers of wireless Internet-based content and value-added services may partner with telecommunication carriers to share the cost of the deployment and management of these WAP Gateways. The WAP Gateway has complete control over the access available to handheld device users. The wireless telecommunications carrier or access provider that owns the WAP Gateway can determine the Internet content, wireless portals, and location-based and time-specific services that wireless subscribers will have access to by selectively configuring the WAP Gateway. Given the expected cost-sharing arrangements , wireless telecommunications carriers and Internet access providers have an incentive to enter into exclusionary agreements with Internet-based content and value-added service providers. These agreements will specify that access providers must configure WAP Gateways such that subscribers only have access to the set of content and value-added services offered by the entities party to the exclusionary agreements. This will effectively shut out all

other Internet-based content and service providers that are not party to these exclusionary agreements. By providing users access to a select subset of the wider diversity of content and services available on the Internet, the owner of the WAP Gateway greatly limits the choices of wireless subscribers and effectively reduces competition in these markets. Besides limiting consumer choice, the WAP network architecture also gives rise to vertically integrated business models. 3.7 CONCLUSION As cellular wireless networks transition to high-bandwidth third generation networks, the diversity and quality of Internet-based content and value-added services will increase. Given the monopolistic control that owners of WAP Gateways have over the content that wireless and subscribers can access today, it is plausible that in the near future this power may be leveraged to gain control of other emerging wireless service markets such as Internet-based streaming media. This will effectively reduce competition in nascent wireless markets, another negative result from a policy perspective. If these anticompetitive actions lead to monopoly control in emerging wireless service markets, antitrust investigations and governmental remedial measures in the wireless Internet space could result. In a few years, wireless handheld devices will be most peoples primary mode of access to the Internet. End-users will begin to demand open access in the wireless world, clamoring for the full set of Internet-based content and services that is currently available to them in the wired world. When that time comes, high-bandwidth wireless networks will make this technically feasible. However, the enthusiasm that surrounds the adoption of WAP today suggests that wireless conduit and content will be tightly vertically integrated by then. If competition does not result in the provision of open access to content and services, government regulation requiring such access for the benefit of consumers may be the only solution.