MSSql MySql Python javascript PHP java DotNet Ruby Hackme Takeawy Code Twitter Facebook

The house of developers, A website to classify and rank developers
 
Login or Register
 
Main Page
Famous Developers
Top Companies
Tech News
Be Ready
Takeaway
Contest
Find & Post
 
 
Country Rank: 65
World Rank: 491
Profile Viewed: 187
Points: 187
16 Feb 2010

M-commarce and security

http://allnewthings.com

 

  1. Abstract:

  

 

 Mobile commerce is a major application domain for mobile devices enabling user to perform commercial transaction where they go. This application needs high level security. We can use devices for transaction the information this devices necessary have wireless communication we can use mobile phone bucket PC. M-commerce can simply be defined as exchange product and services between mobile user and providers. In this paper I want discus and identify special characteristics of m-commerce and reflect on some important security issues.  

 

  1. introduction:

E-commerce meaning business processes on the internet like the paying and selling of goods. There is distinction between B2B and B2C markets. M-commerce is all about wireless  e-commerce add where mobile devices used to do business on the internet. For the B2B or B2C markets. I mean the m-commerce is a subset of e-commerce. The application on m-commerce buying over the phone purchase redemption of ticket and reward schemes. Success of m-commerce need protect user information and keep it more secrets how we can do that ? More protocols using now between PC's and website's to protect the data from crackers we can do or build special protocols for transaction data between user mobile and other providers. In this research I want discuss two main area for m-commerce and security

 

  

 

  • Network technology :in mobile commerce all data transmitted via a mobile telecommunication network. I consider existing network and service technologies and other wireless systems.
  • M-payment (mobile payment) doing business on the internet requires the payment of goods and services. M-payment system have different requirements and characteristic than  e-payment  this characteristic discussed in this research.

This is list m-commerce (Generation): 1G: 1979-1992 wireless technology, 2G: wireless technology and accommodates text, 2.5 G: Interim accommodates graphics , 3G: third generation technology 2001-2005 support rich media (Video clip), 4G: will provide faster multimedia display 2006-2010.

 

  

 

  1. M-commerce and its security challenges
  2.  

3.1 Definition of m-commerce

 

  

 

I see more definition for m-commerce I defined it: use mobile technologies for e-business operations with safety ways .

 

3.2 mobile devices

 

  

 

M-commerce is not just using mobile phone as end user devices this list for some kinds of mobile devices:

 

  

 

  • Mobile phone
  • PDA(Personal Digital Assistant)
  • Smart phone = mobile phone  + PDA
  • Laptop
  • Earpiece (as part of a personal Area Network)
  •  

Each mobile device has certain characteristics such as

 

  

 

  • Size and color of display
  • Input device, available of keyboard and mouse
  • Memory and CPU processing power
  • Network connectivity, bandwidth capacity
  • Supported O.S like (Microsoft pocket PC)
  • Available of internal smart card readers like (SIM card in mobile phone) - three kinds of smart card Single SIM it's available today using to stored  user information on one smart cards , dual chip there are two smart cards in the mobile phone one for user authentication to the network operator and one for value-added services like m-payment or digital signature  , dual slot has SIM card and a card slot for full size external smart card . this card using in ATM terminals.
  •  

3.3 differences to e-commerce

 

  

 

The comparison to e-commerce, m-commerce advantages and disadvantages. the list summaries of advantages m-commerce:

 

  

 

  • Ubiquity – the end user device is mobile, that is meaning the user can access m-commerce applications in real time at any place.
  • Accessibility – accessibility mean the end user  is accessible anywhere at any time.
  • Security – depending on the specific end user device like SIM card stored in dual chop we have  an other chip to authentication key.
  • Localization – a network operator can localize registered users by using positioning system such as GPS or via GSM or UMTS.  Those Services in clued local information services about hotel , restaurants, travel information….and so on .
  • Convenience – the size and weight of mobile devices and their ubiquity and accessibility makes them and ideal tool for performing  personal task .
  • Personalization  - mobile devices are usually not shared between users. This makes it possible to a just a mobile device to the users needs .
  •  

The following list summarizes the main disadvantages of m-commerce:

 

  

 

  • Mobile devices offer limited capability such as limited display between mobile devices these capability very so much that end user services will need to be customized according .
  • The heterogeneity of devices operating systems and network technologies is a challenge for uniform end user platform. We need stander form between the companies to increase the integration between O.S with them.
  • Mobile devices are more prone to theft and destruction.  According to a government report, more than 700000 mobile phones are stolen in the UK each year [[1]] .mobile phones are highly personalized and contain confidential user information, they need to be protected according to the highest security standards.
  • The communication over the air interface between mobile device and network introduces additional security threats.
  •  

3.4 Security challenges

 

  

 

M-commerce is not possible without a secure environment, especially for those transactions involving monetary value. Depending on the point of views of the different participants in an m-commerce scenario, there are different security challenges. These security challenges relate to

 

  

 

  • the mobile device - confidential user data on the mobile device as well as the device itself should be protected from unauthorized use. The security include user authentication (e.g. PIN or password authentication), secure storage of confidential data (e.g. SIM card in mobile phones) and security of the operating system.
  • The radio interface - access to a telecommunication network requires the protection of transmitted data in terms of confidentiality, integrity and authenticity.
  • The network operator infrastructure - security mechanisms for the end user often terminate in the access network. This raises questions regarding the security of the user's data within and beyond the access network.
  • The kind of m-commerce application - m-commerce applications, especially those involving payment, need to be secured to assure customers, merchants, and network operators. For example, in a payment scenario both sides will want to authenticate each other before committing to a payment. Also, the customer will want assurance about the delivery of goods or services. In addition to the authenticity, confidentiality and integrity of sent payment information, non-repudiation is important. [2]

4 Security technologies relevant for m-commerce

 

  

 

4.1 Security of network technologies

 

  

 

Hear I want discuss the security of network technologies using from m-commerce:

 

GSM(global system for mobile communication)it's beginning at 1990, the devices we

 

re very limited respect to their capability other than telephone. Dial-in data sessions over circuit switched connection were possible but relative slow 9.6K/bit/s [3]and required separate devices which reduce mobility. The number of data services were established :

 

  • SMS (short message services ) allow the exchange 160 character short message the signaling channel.
  • WAP (wireless Application protocol ) access to the internet content and application formatted in WML(wireless mark-up languge).
  • HSCSD (high speed circuit switched data) provide higher data rates by channel bundling.
  • GPRS (general packet radio services)  extend GSM with packet oriented services .GPRS can also used bearer services for WAP and SMS.

The basic architecture of GSM including GPRS  , intelligent network and SMS components see figure :

 

 The mobile station communicates over the wireless interface with a base transceiver station (BTS) which is part of a base station subsystem (BSS). The base station controller (BSC) is connected with a MSC (Mobile Switching Centre) and a SGSN (Serving GPRS Support Node). The latter two are the central switching components for circuit and packet switched data.

 

 

UMTS(universal telecommunication System) in the next generation G3 mobile Communication system and further development of GSM. The major defiance to GSM it's radio network (UTRAN) with its transition to the  WCDMA (wideband code division multiple access) radio technology. Two new network component :1)RNC (radio network controller) 2)node B introduced in UTRAN. see   figure 2

 

In general, the security architecture of UMTS is carefully designed to fix the security

 

weaknesses of GSM. In UMTS, authentication is mutual, and encryption is mandatory unless the mobile station and the network agree on an unciphered connection. In addition, integrity protection is always mandatory and protects against replay or modification of signaling messages.

 

 

WLAN

 

The IEEE standard 802.11 specifies families of Wireless Local Area Networks (WLAN) which operate in the unlicensed 2.4 GHz and 5 GHz band. The standards specify the physical layer (PHY) and the medium access control layer (MAC). In the default mode, WLAN does not provide any security. This means that a mobile attacker can eavesdrop and manipulate all the wireless traffic with standard tools.

 

In order to provide a certain level of security, the IEEE defined WEP (Wired Equivalent Privacy). WEP was designed to provide: 

 

 

  • Authentication to protect the association to an AP
  • Integrity protection of MAC frames
  • Confidentiality of MAC frames
  • The protection is based on secret WEP keys of either 40 or 104 bits. See figure

Bluetooth (Bluetooth special interest Group: thhp://www.bluetooth.com.) reference  

 

 

Bluetooth is a wireless technology developed by the Bluetooth Special Interest group and is mainly aiming at ad hoc piconets and connections to peripheral devices. Bluetooth is also operating in the unlicensed 2.4 GHz band and can be considered as a de-facto-standard. The Bluetooth specification defines a complete OSI stack, so, unlike WLAN, it is not restricted to IP connectivity. Although raw bandwidth is limited to 1 MBit/s, the Bluetooth technology will probably often be used in the future to connect devices in the personal environment, which makes it relevant for m-commerce.

 

 

Conclusion

 

There will be no m-commerce without security of underlying technologies.

 


 

 

 

[1] BBC News, Tough penalties for mobile phone theft, 3 May 2002,

 

[[Tttp://news.bbc.co.uk/hi/english/uk/newsid_1966000/1966247.stm

 

[2]  D. O'Mahoney, M. Pierce, and H. Tewari, Electronic Payment Systems for E-Commerce, 2n d

 

Edition, Artech House Computer Security Series.

 

[3] www.ist-shaman.org

 

Facebook Share Delicious Share Digg Share Google Buzz Share My Space Share Reddit Share Stumbleupon Share Technorati Share Twitter Share

Comments

Please, login or register to add a comment.