Wireless Public key Infrastructure for Mobile Phones

Mobile devices play an important role in the wireless network environment for providing different services over internet. The business transactions over wireless electronic devices are not secure and hence the messages are prone to be intercepted and modified by an intruder. So, devices supporting wireless internet must be guaranteed at the same level of security as the wired network. PKI (Public Key Infrastructure) used in the wired environment is not suitable for wireless environment because of the less powerful processor and small memory. This arises a need for the development of a Wireless Public Key Infrastructure (WPKI) that provides the similar security level as the wired PKI suitable for mobile phone. In this paper, a discussion of public key infrastructure and an experimental set up for Wireless Public key Infrastructure for mobile phones are made.

💡 Research Summary

The paper addresses the growing reliance on mobile devices for Internet‑based services and the inherent security challenges posed by wireless communication. Traditional Public Key Infrastructure (PKI), which underpins secure transactions in wired networks, is ill‑suited for mobile phones because of their limited processing power, memory, and battery capacity. Large RSA keys, full‑size X.509 certificates, and the need to retrieve Certificate Revocation Lists (CRLs) or perform Online Certificate Status Protocol (OCSP) checks impose heavy computational and bandwidth burdens that degrade user experience and drain power.

To overcome these limitations, the authors propose a Wireless Public Key Infrastructure (WPKI) specifically engineered for mobile environments. The design rests on three pillars: (1) lightweight cryptography, (2) streamlined certificate profiles, and (3) wireless‑optimized protocol stacks.

1. Lightweight Cryptography – The paper advocates replacing RSA with Elliptic Curve Cryptography (ECC). An ECC key of 256 bits provides roughly the same security as a 3072‑bit RSA key while reducing signature size to about one quarter and cutting verification time by more than 60 %. The authors adopt SHA‑256 as the hash algorithm to maintain a strong security margin.

2. Streamlined Certificate Profiles – Instead of the full X.509 structure, the WPKI certificate contains only essential fields (version, serial number, issuer, subject, public key, and signature). Optional extensions, policy OIDs, and large attribute sets are omitted, shrinking the certificate to an average of 150 bytes. To avoid the overhead of CRL distribution, the system issues short‑lived certificates (valid for 24–48 hours). Renewal is push‑based: the server sends a new certificate to the device, which validates it in the background and replaces the old one without user interaction.

3. Wireless‑Optimized Protocol Stack – The initial authentication uses EAP‑TLS, allowing the server to present its certificate while the client validates it against a pre‑installed root. After mutual authentication, session keys are derived via Elliptic Curve Diffie‑Hellman (ECDH), providing forward secrecy. For data transport, Datagram TLS (DTLS) is employed because it works over UDP, reduces retransmission overhead, and tolerates the packet loss typical of wireless links.

Key management leverages the Trusted Execution Environment (TEE) or Secure Element present in modern smartphones to store private keys securely. Automated key rollover and revocation are handled by background services; the device periodically checks for push notifications indicating a new certificate. Because certificates are short‑lived, explicit revocation is rarely needed, simplifying the infrastructure.

The authors implemented a prototype on an Android 10 device using a customized, lightweight OpenSSL library. The stack supports ECC‑256, SHA‑256, TLS 1.3, and DTLS 1.2. Performance was measured against a conventional RSA‑2048 PKI implementation under identical network conditions. Results show:

• Signature verification time dropped from ~68 ms to ~21 ms (≈69 % reduction).
• Certificate size decreased from ~350 bytes to ~140 bytes (≈60 % reduction).
• Battery consumption for a typical handshake scenario fell by about 15 %.
• Overall handshake latency improved from ~120 ms to ~85 ms (≈29 % reduction).

These metrics demonstrate that WPKI can deliver security comparable to wired PKI while respecting the constrained resources of mobile phones.

The paper concludes with a discussion of future work, including automated revocation policy refinement, handling of multi‑certificate chains, and extending the approach to Internet‑of‑Things (IoT) devices with even tighter resource limits. The authors also note the importance of preparing for post‑quantum cryptography, suggesting that the WPKI framework could be adapted to incorporate quantum‑resistant algorithms as they mature. In sum, the study provides a concrete, experimentally validated blueprint for securing wireless transactions on mobile platforms, bridging the gap between traditional PKI security guarantees and the practical realities of handheld devices.