This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Communication devices may be simple and designed just to enhance speech output, such as amplifiers. Or they may be more complex, such as communication aids or laptops using communication software, which are designed to augment independent speech for students with severe general mobility difficulties such as in cerebral palsy. A user of augmentative and alternative communication aids (AAC) works through a series of pictures, symbols and words to produce sentences of synthesised speech.
Mobile or adapted telephones can also help communication. A deaf student might use text messaging to confirm appointments or to receive information from you.
Short for the Wireless Application Protocol, a secure specification that allows users to access information instantly via handheld wireless devices such as mobile phones, pagers, two-way radios, smartphones and communicators.
WAP supports most wireless networks. These include CDPD, CDMA, GSM, PDC, PHS, TDMA, FLEX, ReFLEX, iDEN, TETRA, DECT, DataTAC, and Mobitex.
WAP is supported by all operating systems. Ones specifically engineered for handheld devices include PalmOS, EPOC, Windows CE, FLEXOS, OS/9, and JavaOS.
WAPs that use displays and access the Internet run what are called microbrowsers--browsers with small file sizes that can accommodate the low memory constraints of handheld devices and the low-bandwidth constraints of a wireless-handheld network.
Overview of WAP
1. WAP Application Architecture
In addition to the components of the traditional Internet architecture such as web clients, the Internet, and web servers, the WAP application architecture also consists of a wireless network and a WAP gateway. When a user sends a request from her cell phone, the request is first sent in WML (Wireless Markup Language) or WMLScript format to the WAP gateway. The gateway will then translate the request into a corresponding request in the format of an Internet protocol such as HTTP, and send it along to the web server. The requested file sent from the web server also travels via the WAP gateway which again translates and compresses the file before forwarding it to the client. In other words, the WAP gateway acts as a proxy between the client and the server but its existence is transparent to the web server. As we will see later in this paper, the process of translation makes the WAP gateway the weakest link of the wireless communication channel when security measures are required.
2. WAP Protocol Stack
WAP is not just one protocol. It actually defines a stack of protocols similar to the Internet ISO OSI model. But WAP only has five layers. From the top of stack, there are WAE (Wireless Application Environment), WSP (Wireless Session Layer), WTP (Wireless Transaction Layer), WTLS (Wireless Transport Layer Security), and WDP (Wireless Datagram Protocol). WDP provides the interface between the upper layer and the bearer services such as SMS, CDMA, etc.
WTLS is the layer that provides most of the security functionalities for WAP applications. These functionalities include client-server mutual authentication, privacy, data integrity, and non-repudiation. In the following section, I will discuss WTLS in greater detail.
Overview of WTLS
1. WTLS and TLS
The design of WTLS is based upon TLS (Transport Layer Security) that is in turn built upon SSL (Secure Socket Layer). TLS has become de facto security protocol for ensuring end-to-end security for Internet communications. Similar to TLS, WTLS requires the client and the server negotiate and agree on a set of security parameters during the handshake before the communicate channel can be established. Once handshake succeeds, the client and the server can exchange information using the secrets known to both ends of the channel. Since WTLS resembles TLS so much, one could consider that the WTLS provides the same level of security as TLS does. However, due to the limitations of wireless communications and the modifications WTLS made to accommodate to these limitations, it has been shown that WTLS is vulnerable to a variety of known attacks such as plaintext recovery attacks and datagram truncation attacks.
2. Reasons for Modifying TLS
Wireless communications cannot simply adopt the well-established TLS protocol for end-to-end security for the following reasons. First, wireless devices usually do not have large memory or processing power. Some advanced encryption protocols will slow down the process significantly. Second, wireless connections are not as reliable as wired ones, i.e., packet loss ratio is higher; packets are more likely to arrive in disorder; connections can be cut off easily. That is why IVs, an encryption parameter for CBC mode are transferred with individual packets or computed from the packet's data. Third, wireless connections have much narrower bandwidth, so too many message exchanges during the handshake can become a big overhead. Last, some advanced encryption algorithms with large key space are prohibited to be exported outside the United States. WTLS is forced to use weaker algorithms with smaller key sizes.
3. WTLS Architecture
WTLS again can be divided into four specialized protocols. The handshake protocol is by definition responsible for client-server handshake during which the client and the server determine a set of security parameters to be used in the following message exchanges. These parameters contain the bulk encryption algorithm, the MAC algorithm, the compression algorithm, the 20-byte master secret, the 16-byte client random, the 16-byte server random, the time interval of key refresh, and the sequence number mode.
The alert protocol specifies the type of alert messages and the ways to handle them. There are three types of alerts: warning, critical, and fatal. Alerts can be initiated by either the client or the server whenever an error is detected during the handshake, authentication, decryption, or data integrity verification. Fatal alerts will obviously lead to the termination of the connection.
The application protocol defines the interface between the transaction layer and WTLS.
The change cipher specific protocol is usually used in the end of the handshake when the client and the server have agreed upon the security parameters.
4. Handshake Procedure
The clients initiates the handshake by sending a Hello message together with some security settings such as the trusted certificates and supported encryption and MAC algorithms.
Upon receipt of this message, the server sends server hello, server certificate, server key exchange messages. Some required parameter for generating the pre-master secret may not be found in the server certificate. The server key exchange message is to provide this kind of information. If the server needs to authenticate the client, it will also send a certificate request message. Following these messages is the server hello done message.
Once the client receives the server hello done message stating the chosen algorithms, it will sends client certificate message if required. Client key exchange message contains the pre-master secret encrypted by the server's public key. Then the client sends the finish message together with the message digest of all the previously exchanged information signed by the client to ensure that this sensitive information has not been tampered by any intruders. After verifying the message digest, the server responds with finish message and cipher change message if everything is fine. Otherwise, the connection will not be established.
There are also modified ways of handshakes serving different purposes. For example, if the client wants to resume a session, only the session ID is needed in the message exchanges. If both parties have the common session ID, the previously negotiated settings for this session can be reused. This special handshake can largely reduce the number of message exchanges.
5. How Security Is Achieved
Authentication is mainly achieved by the server and client certificates. Currently, WTLS supports X.509v3 and X9.68 certificates. Unlike traditional ones, these certificates have smaller sizes for wireless communications with narrow bandwidths.
Key exchange can be achieved with RSA, Diffie-Hellman, or elliptic curve Diffie-Hellman algorithms. The client first suggests acceptable algorithms. The server decides which one actually to use.
The bulk encryption algorithms currently supported by WTLS are RC5 with 40, 56 or 128 bit keys, DES with 40 or 56 bit keys, 3DES, IDEA with 40, 56 or 128 bit keys, and ECC according to Jormalainen's paper. ECC is the preferred algorithm due to its efficiency with relatively small key space. Steam ciphers are not accepted. The encryption key, IV, and MAC key are generated from the keystreams. Keystreams are previously calculated from the master secret, an expansion label, the packet sequence number, and the server and client random values using a pseudo-random function. The master secret is computed from the pre-master secret and the random values using a pseudo-random function. The sequence number makes the keystream vary between consecutive packets. As we mentioned earlier, the key is refreshed according to frequency determined in the handshake negotiation.
To verify data integrity, WTLS supports SHA-1, MD5, and SHA_XOR_40, a rather incompetent algorithm that cannot really protect messages from unauthorized modifications. In the following section, I will describe an attack that can easily fail SHA_XOR_40.
E-mail is one of the most effective methods for communicating information to students and has a valuable role in an inclusive policy.
Much of the equipment available to aid communication is electronic and uses synthesised speech. However non-electric boards or books that use pictures, symbols and words may also be used.
Trust-Based Security in Pervasive Computing Environments
Pervasive computing strives to simplify day-to-day life by providing mobile users with the means to carry out personal and business tasks via portable and embedded devices. These tasks range from the simple- switching on the lights in a conference room, checking e-mail, and organizing meetings-to the more complex- such as booking airline tickets, buying and selling stock, or managing bank accounts. Pervasive computing environments of the near future will involve the interaction, coordination, and cooperation of numerous, casually accessible, and often invisible computing devices.
Adding security to such open models presents challenges at many levels. How do you decide whether a person who does not work in an office but has access to it-for example, as a consultant or member of a partner firm-can use certain services?
We encountered several problems with providing security in environments using the Centaurs protocol. Having a central authority for a single building or even a group of rooms is infeasible because every possible access right will have to be specified for every user. Authenticating the identity certificate of a previously unknown user doesn't provide any access control information. Simple authentication and access control are only effective if the system knows in advance which users are going to access a Smart Room and what their access rights are.
PERVASIVE COMPUTING SCENARIO
Consider the following example. John is an employee of one of the office's partners, but the security agent in the office doesn't understand his role in the organization, so it denies him access to the Smart Room services. John requests permission from Susan, one of the managers, to use the services. According to the office's security policy, Susan can delegate access rights to anyone she trusts. Therefore, she delegates to John the right to use the lights, coffee maker, and printer-but not the fax machine-for a short period of time. Susan's laptop sends a short-lived signed delegation to John's handheld device. When John enters the Smart Room, the client on his handheld device sends his identity certificate and the delegation to the service manager. Because Susan is trusted and can delegate access rights, the delegation conforms to the policy and John now has access to the lights, coffee maker, and printer. Once the delegation expires, John must ask Susan for another delegation to access services in the room. This scenario demonstrates the importance of trust over traditional security mechanisms in a pervasive computing environment. The system allows John, a foreign user, to access certain services without creating a new identity for him or insecurely opening up the system in any way.
How are they used?
Speech amplification may be useful in students' presentations, or to answer questions in large halls.
Communication aids, as specialist devices or as part of a laptop set up, can provide a student with total oral language support. Vocabulary can be adapted to suit chosen courses and even particular occasions, such as a viva voce, although this may involve specialist support.
Mobile technology, text messaging and e-mailing are relevant to the online support offered to students whether the course has distance learning elements, is based on an e-learning paradigm or involves face-to-face tuition.
Any issues to be aware of?
It may be easier to adapt a learning situation to support a quietly spoken student or one who has voice problems rather than set up special equipment. Amplification or the use of a microphone can help but some students feel embarrassed taking this action. A smaller room or a particular seating position may be all that is needed.
On average we speak at between 140-160 words per minute, whereas those using communication aids can manage around 12-50 words per minute. So allow extra time in question and answer sessions as well as for presentations.
Text tends to be more concise than face-to-face conversations, which also include a considerable amount of non-verbal information. Be aware that some meaning may be lost in SMS or e-mail and misunderstandings can occur.