ITU 08215

MOBILE COMPUTING
LEARNING UNIT-

Dr. Bonny Mgawe

 2 LEARNING OUTCOMES

• After completing this topic you should be able to:

— Discuss about Wireless Markup Language (WML)
— Discuss about security in mobile computing
 3 WIRELESS APPLICATION PROTOCOL

• The Wireless Application Protocol (WAP) is an industry-wide specification designed for

applications that operate over wireless networks, primarily targeting mobile devices.
• WAP plays a crucial role in enabling mobile users to access internet-based services and
applications, optimizing content delivery for devices with limited bandwidth and screen size.
 4 COMPONENTS AND LAYERS OF THE WAP STACK

Bearer Protocols
• At the lowest layer of the WAP stack are bearer protocols like IP (Internet Protocol), PPP (Point to
Point Protocol), SMS (Short Message Service), and GPRS (General Packet Radio System).
• These protocols establish the link between WAP and the underlying communication hardware.
5 WAP STACK
 6 COMPONENTS AND LAYERS OF THE WAP STACK

WAP Communications Protocols

• The next layer includes low-level WAP communications protocols such as WTP (Wireless
Transaction Protocol), WTLS (Wireless Transaction Layer Security), and WDP (Wireless Datagram
Protocol).
• WTP and WDP provide connectivity between upper and lower levels, while WTLS ensures security
through encryption and authentication.
 7 COMPONENTS AND LAYERS OF THE WAP STACK

High-level Communications Protocol:

• The highest layer of the stack is occupied by the high-level communications protocol known as
WSP (Wireless Session Protocol).
• WSP serves as a replacement for HTTP (HyperText Transfer Protocol) and facilitates
communication between web servers and mobile browsers.
 8 GENERAL ROLE OF WAP

1. WAP keeps track of the state of a session to ensure continuity even if the connection is lost
temporarily.
2. WAP employs compressed formats for transferred data, optimizing content delivery over networks
with limited bandwidth.
3. It ensures that applications display seamlessly on mobile devices, irrespective of input and output
capabilities.
9
 10 WIRELESS MARKUP LANGUAGE

• WML is a markup language based on XML (eXtensible Markup Language), specifically designed
for creating content and applications for wireless devices, particularly mobile phones.
• Developed and maintained by the WAP Forum, WML serves as a standard for building mobile-
friendly web pages and applications.
 11 SYNTAX AND STRUCTURE OF WML DOCUMENT

Prolog
• The prolog is the first statement within a WML document and is optional. It includes two lines of
code specifying the XML version and the document type definition (DTD) for WML, which ensures
compliance with the WML specification.
 12 SYNTAX AND STRUCTURE OF WML DOCUMENT

Document Element
• In WML, the document element is <wml>, and all other elements are contained within it. This
element serves as the root of the WML document and encapsulates the entire content.
 13 SYNTAX AND STRUCTURE OF WML DOCUMENT

Elements and Attributes

• WML documents consist of predefined elements, such as <card> and <p>, which are used to
structure and present content.
• Elements are denoted by opening and closing tags, while attributes describe the characteristics of
elements.
 14 DIFFERENCE BETWEEN HTML AND WML

Unit of Navigation
• In HTML, the basic unit of navigation is a page, while in WML, it is a card. WML documents can
contain multiple cards arranged in a deck.
• Each card represents a separate screen or page of content.
 15 DIFFERENCE BETWEEN HTML AND WML

Deck/Card Structure
• WML organizes content into decks and cards, with each deck containing multiple cards. When a
user accesses a WAP site, the mobile browser loads a deck of cards, displaying one card at a time.
• This approach minimizes round trips to the server, optimizing performance for wireless devices.
 16 EXAMPLE OF WML DOCUMENT

<?xml version="1.0"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.3//EN"
"[Link]
<wml>
<card id="card1" title="WML Tutorial">
<p>Hello World</p>
 17 EXAMPLE OF WML DOCUMENT

</card>
<card id="card2" title="WML Tutorial">
<p>Welcome to the world of WML</p>
</card>
</wml>
 18 OTHER ELEMENTS

• WML generic metadata <meta>

• comment in WML
• Line breaking in WML
• Font size in WML
 19 OTHER ELEMENTS

• WML preformatted text <pre>

• WML anchor links
• Programming softkeys of mobile phones and the <do> element
 20 SECURITY IN MOBILE COMPUTING

• Security issues in mobile computing environment pose a special challenge. This is because we have
to offer services over the air using networks over which we do not have any control.
• In a mobile computing environment, the user can move from one network to another, one device to
another or one bearer to another. Therefore, theoretically the security implementations need to be
device independent, network independent, bearer independent, and so on. The requirement is to arrive
at a security model, which can offer homogenous end-to-end security.
 21 SECURE MOBILE DEVICE APPLICATION

• Strong security controls must be implemented while creating mobile computing applications in
order to guard against potential threats and weaknesses. Here are some crucial security precautions
to take into account:
1. Secure Coding Practices: Follow secure coding practices, such as avoiding hard-coded
credentials, using secure libraries and frameworks, and properly handling errors, exceptions,
and logging.
 22 SECURE MOBILE DEVICE APPLICATION CONT…

2. Secure Updates and Patch Management: Keep the mobile application up-to-date with the
latest security patches and updates. Regularly monitor for security updates for the operating
system, libraries, and components used in the application, and promptly apply patches to address
known vulnerabilities.
 23 SECURE MOBILE DEVICE APPLICATION CONT…

3. Secure Authentication and Authorization: Implement strong authentication and

authorization mechanisms to ensure that only authorized users have access to the
application and its resources.
 24 SECURE MOBILE DEVICE APPLICATION CONT…

4. Data encryption: To encrypt data, both in transit and at rest, use powerful encryption
algorithms. Data is protected by encryption from illegal access and interception, making sure
that even if data is intercepted, it is difficult to decipher.
 25 SECURE MOBILE DEVICE APPLICATION CONT…

• Threat modeling: is a proactive approach that involves identifying and mitigating potential threats
and vulnerabilities in the mobile application during the development process. The development
team should take into account the mobile application's architecture, design, data flows, user
interactions, external dependencies, and threat scenarios when doing threat modeling.
1. Attacker’s perceptive
2. Architectural perceptive
3. Asset perceptive
 26 SECURE MOBILE DEVICE APPLICATION

• For conducting threat modeling, there are various approaches and frameworks available, including:
1. STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation
of Privilege),
2. DREAD (Damage potential, Reproducibility, Exploitability, Affected users, Discoverability),
3. OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation).