Document Sample
                                                   Gai Jianhua
                 School of Economy and Finance, Xi’an Jiaotong University, Shanxi, PRC, 710061
Abstract: This article introduces the status quo of the security problems of mobile commerce and clarifies that the
main obstacle for the development of mobile commerce lies in people’ s worry about the security problems. The
security problems of mobile commerce evidently differ from those of traditional e-commerce for the specialization of
mobile network. By analyzing factors that influence the security of mobile commerce, this article develops a system
frame for secure end-to-end mobile commerce. This system frame has definite referential value for designing
schemes to solve the security problems of mobile commerce.
Keywords: Mobile commerce, Security
1. The Status Quo Of The Security Problems                  e-commerce achieve a series of strategies and
Of Mobile Commerce                                          processes for secret keys, authentication
     The rush developments of wireless                      management and enciphering, etc. By combining
communication technology made the application               the designing and use of WAP, WTLS, WML and
of Internet extend from wired to wireless and               WAPGATE, we may apply to mobile commerce
made e-commerce expand to mobile commerce.                  with higher security.
Using handheld device such as mobile phone and              2. The Comparison Of Security Problems
personal data assistant (PDA), one may achieve              Between Mobile Commerce And Traditional
information exploration, security transaction,              E-commerce
on-line payment, ticket ordering and purchase and                 Not only mobile commerce but also
mobile businesses.                                          traditional e-commerce finally needs to connect to
     The security problems of wired world mostly            Internet via router, so both of them face up with
centralize on data steal and virus. While the               many common security problems. Relative to
security problems of wireless world put forward a           commercialized Internet, the history of wireless
series of new problems because of the                       industry is much longer. Therefore, if we want to
characteristics of wireless technology. Because             carry out some security strategies in mobile area,
wireless technology may achieve transmission                we may need to make stand against many
anywhere anytime, people will invent more                   technological and non-technological factors.
Internet transmission channels, especially those            Furthermore, for the resource limitations of
used by more sensitive data related to banks,               handheld mobile devices, it is more difficult for us
games, commerce and health. Such circumstance               to solve the security problems based on mobile
makes it more important for us to solve the                 platform.
problems of wireless security.                                     The reason for the large differences of
     Security is a key problem deciding the                 security problems between mobile network and
development of e-commerce, while the continuous             wired network lies in the limitations of mobile
development of mobile commerce poses new                    network devices. Compared to desktop computers,
challenges for the security problems. The existing          mobile devices are limited to the computing
security technologies for mobile commerce                   environments, including lower-power CPU, less
include firewall, encryption, digital signing, and          memory and smaller monitor, inferior input
identity authentication, etc. At present the most           devices and power limitations. In contrast to wired
mature and most effective method to achieve                 network, wireless network is restricted to
secure mobile commerce is drawing support from              communications environment, including lower
Public Key Infrastructure (PKI). PKI is a kind of           bandwidth, longer time delay, more insecure
enciphering     or    deciphering    and    digital         connection and less possible to be forecasted. Not
authentication that uses a set of completed policy,         only that, because mobile network will be
human, process, technology and service to conduct           connected to wired Internet in the end, special
large-scale management and makes use of public              security problems arise between the seam of the
secret keys system to complete data transmission            connection and the protocol of the connection
and communication. The PKI used for wireless                sides. For example, the connection between PDA
communication is called Wireless Public Key                 and computer, the seam of WAP and the
Infrastructure (WPKI). WPKI optimizes and                   connection between WTLS and TLS are the very
expands wired PKI according to wireless                     places more possibly attacked.
communication environment, and makes mobile                 3. Secure System Frame For Mobile
Commerce                                                user, mobile communications network, Internet
     At present, there are two common ways for          and server end, and poses an enterprise-level
implementing such wireless channels--the mobile         system frame of secure mobile commerce.
phone network and wireless LAN. Nevertheless,
                                                                                                 Iris Scanning、
considering the typical profile of target mobile                                                 Hand Geometry
commerce users, mobile phone channel is believed                              CA Certificate、
to have a much higher penetration and                                         Intelligent Card
development prospect compared to wireless LAN.              User Name、
In this article, we mainly discuss security                  Password
problems of end-to-end mobile phone transactions.           Normal Security
                                                               Scheme         Middle Security
3.1 Analysis For Insecure Factors Of Mobile
                                                                                 Scheme          High Security
Commerce                                                                                           Scheme
     Kinds of insecure factors exist in wireless
communications network, including pack spying             Figure 2、Security Scheme of Different Level
(stealing wireless transmission data), identity               Secure mobile e-commerce platform is
counterfeit (faking as end user or service end to       open-ended. It may support multi-form of call
attack), data revising (change the data of the          service and makes different users connect to
wireless transmission channel) and service denial       service supplier through different devices such as
(promise break on user end or server end), etc. As      Pocket Pc and Mobile Phone.
one kind of wireless communications network,                  Mobile devices connect to mobile applied
mobile communications network also involves             servers through Internet. Applied servers check
such insecure factors. As figure 1 shows, to            user’s identity according to user’ s disposable files
analyze the insecure factors of mobile commerce,        and tabulation of calling control. Then applied
one may start separately from the end user, the         servers transform data into right patterns. This way
mobile communications network, the Internet and         mobile devices can call for commerce database.
the server end.                                         Moreover, as figure 3 shows, we can also build
                                                        VPN channel between m-commerce application
                                                        programs and commerce data. The particular
                                                        procedures are as follows:
                                                              (1) Users input data demanded by applied
                                                        service supplier from mobile end, then encipher
                                                        the data and sign;
Figure 1、Main Components of Mobile Commerce                   (2) Through mobile network, transfer data
3.2 Secure System Frame For Mobile                      enciphered and signed to WapGate of secure
Commerce                                                platform of mobile e-commerce;
     As illustrated in figure 2, different users need         (3) Transfer to corresponding applied server;
different security level of solution scheme.                  (4) The secure server located in applied
                                                        service supplier deciphers and verifies the data
Usually general individual users only need to set
                                                        enciphered and signed;
users name and password on their own mobile                   (5) The end-point results dealt with by
devices or on the servers to connect. While             applied server are enciphered by secure server and
enterprise users need enciphering or deciphering        are transferred to distribution platform. The
authentication under PKI system or security             distribution platform takes the data apart into
                                                        enciphered data pack and transmits them to mobile
combined with intelligent card strengthening
                                                        end through mobile network;
system. Bio-characteristic identification (iris               (6) After having received the enciphered data,
scanning, hand geometry) has high security level.       the mobile end recomposes the data pack,
With price of such devices lowering,                    deciphers the enciphered data, and shows the final
bio-characteristic authentication technology will       results to users.
be widely applied to. This article combines end
                        Figure 3、Security Frame for End-to-end Mobile Commerce
     End-to-end security means that the               using mobile devices should know clearly the
enciphered data can only be deciphered on             amount and quality of the existing mobile data.
executing point. This way data are not exposed to     Otherwise they may not sense the seriousness of
transmission process and even to server.              losing data. Moreover, mobile devices should be
End-to-end security has no secure gap on data         installed enciphered software to protect data from
channel because its data channel is built between     being stolen by other persons. From beating
the mobile end and the server to call for and the     keyboard to inputting data through sounds mobile
data are being enciphered continuously during the     devices, people are more possibly exposed to
process of transmission. Data are enciphered with     security problems.
WTLS between mobile end and WAP Server.               5. Prospects
There is no protocol transfer on data channel. As           Network security and insecure factors seem
one part of end server, WAP gateway is no longer      to be contradictions that cannot be reconciled
a segment of the whole process. Data are              forever. New security technologies or methods are
deciphered and are submitted to server to be dealt    possibly faced up with new security threats as
with. This way, the end-to-end security is            soon as they are developed. Wireless technology is
achieved.                                             absolutely not simple as mobile phone and PDA.
     Developed from security protocol TLS1.0,         The greatest significance of wireless technology
WTLS provides the communications counterparts         for commerce lies in that every product or every
with data’ s secrecy and completeness, and            management process may be connected to Internet
authentication system of one another. On the basis    by wireless technology. So corporations’ competitive
of TLS, and according to wireless environment,        capability is improved to a great extent. At present,
long distance, and applicable scope of lower          mobile Internet and mobile e-commerce develop
bandwidth, WTLS adds some new peculiarities           very soon. Mobile e-commerce based on WPKI
such as supports for data pack, optimization of       involves many-faceted technologies. Future work
shaking hands protocol, and renovation of             will focus on developing schemes based on WAP to
dynamic enciphered keys, etc. WTLS functions to       solve problems of mobile e-commerce system.
ensure the security of transmission layer, and as a   Future mobile commerce network will develop
layer of WAP protocol depot, it provides upper        towards high transmission efficiency and small-sized
layer with secure transmission interface.             network. The development and application of 3G/4G
4. Other Security Problems Worth                      networks, carried computers and WLAN/WASP will
Considering                                           bring about new security problems of mobile
     What’ s the biggest hidden danger for the        commerce.
security of mobile commerce? Is it transmitting
personal or financial information through mobile      Bibliography
devices? In fact, during this process, the danger is  The Open Mobile Alliance Ltd, Wireless
very small because it is almost impossible for           Application Protocol,
                                                      K. Christopher, Public key infrastructure:
people to steal information without foundation.          end-to-end security,Business Communications
The answer should be the person who takes part in        Review 27 (11) (1997).
mobile commerce. For security problems, the           C. Ajluni, Secure your wireless future, Wireless
weakest part is the user.                                Systems Design 6 (4)(2001).
                                                      S. Ginevan, Networking in the palm of your hand,
     If the mobile devices held by individuals           Network Computing 13 (16) (2002).
store a lot of important data, then dangers that data Corradi, R. Montanari, C. Stefanelli, Security of
are lost by individuals arise. Therefore, individuals    mobile agents on the Internet, Internet Research
11 (1) (2001).

Shared By: