Secure Mobile Commerce based on XML Security
JOO-YOUNG LEE, KI-YOUNG MOON, and SUNG-WON SOHN
Information Security Technology Division
Electronics and Telecommunications Research Institute
161 Gajeong-dong, Yuseong- gu, Daejeon
Abstract: - Companies across the world are turning to mobile commerce because mobility brings competitive
advantages through personal contact, resource flexitbility and streamlined processes enabling comapanies to
enhance revenue generation. Therefore success in the mobile commerce is dependent on the development and
deployment of an end-to-end security solution that protects wireless network, devices, application and data. In
order to fulfill such needs, currently some security technologies have been developed. While there are a plethora of
security tools on the market, no one has offered an end-to-end security solution tailored to the specific demands of
wireless environment. Therefore, in this paper, we’ll propose an XML security method to help the secure mobile
commerce and discuss some implementation issues to bring the XML security to mobile devices. As it allows
protecting the data not only transferred over the network, but also stored within devices, it can provide end-to-end
security. Additionally it serves full compatibility, flexibility, and extensibility by using XML.
Key-Words: - XML Security, Wireless Devices, Mobile Commerce, Java
1 Introduction urgently need an end-to-end security strategy for
Companies across the world are turning to mobile mobile e-business.
commerce because mobility brings competitive End-to-end security and full compatibility with
advantages through personal contact, resource large installed base of secure web severs are
flexitbility and streamlined processes enabling compelling reasons to consider the existing security
comapanies to enhance revenue generation. But solution for wireline, such as SSL/TLS for next
wireless e-business creates a whole new set of security generation wireless devices. However, each wireless
risks and challenges. So they want to keep private, security has it shortcomings. For example, SSL is too
such as mobile e-commerce transactions, e-mail, and heavy weight for comparatively weak CPUs, low
corporate data transmissions. Therefore success in the bandwidth, and high latency wireless system. For the
mobile environment is dependent on the development reason, it is challenging to implement security in small
and deployment of an end-to-end security solution that foot-print devices with low processing power and
protects your wireless network, devices, application small memory capacities and that use unreliable, low
and data. bandwidth networks.
However, wireless devices, including cellular ll
In this paper, we’ propose an XML security
phones and personal digital assistant (PDA) with method for wireless devices to help the secure mobile
Internet access, were not originally designed with commerce and discuss some implementation issues to
security as a top priority. Furthermore most mobile bring the XML security to mobile devices. As it allows
devices have little or no built-in security functions. protecting the data not only transferred over the
Users who chose to deactivate their passwords could network, but also stored within devices, it can provide
inadvertently allow unauthorized access to end-to-end security. Additionally it serves full
applications and plain data in device. Additionally compatibility, flexibility, and extensibility by using
wireless devices may have Over The Air (OTA) XML.
remote configuration facilities that could be exposed
and abused. In such a situation, success hinges upon
careful selection of feature subsets without destroying 2 Related Works
compatibility. Any gap in defenses could be exploited Currently some security technologies have been
to the detriment of companies, so organizations e
developed for wirel ss network and devices. While
there are a plethora of security tools on the market, integrity, and availability. For example, protecting
until now no one has offered an end-to-end security your secrets with encryption does little good if the true
solution tailored to the specific demands of wireless identity of your recipient is not what you anticipated.
environment. Digital signatures are used to identify the author of a
message; people who receive the message can verify
the identity of the person who signed them. They can
2.1 WAP based on WTLS be used in conjunction with passwords or as an
Wireless Transport Layer Security (WTLS) is similar alternative to them.
to the Internet’s transport layer security protocol. It
provides authentication, data integrity, and private 3.2 Confidentiality
services within wireless technologies’ limited Confidentiality is to prohibit eavesdropping during
processing power, memory capacity, and data communication or disclosure from application or
bandwidth. But because many e-commerce and storage media. It is important to protect the
corporate sites use SSL-based security, a transmission confidentiality of the data held in device. Data must be
to such a site from WAP phone must first pass through kept private, safe from interception and only available
a gateway that converts the encryption formatting to users that are authorized to access it. One solution is
from WTLS to SSL. During this conversion process, protecting within the device any long-term keys used
however, the message is very briefly unencrypted and to encrypt private data. However, while it is
thus is subject to interception. straightforward to protect the confidentiality of
wireless traffic, it is much harder to protect the
2.2 SSL for small devices confidentiality of the information held in the devices
Secure Socket Layer (SSL) for small devices may be themselves.
one solution. It not only offers authentication, data
integrity, and private services, but also clears the 3.3 Data Integrity
above-mentioned problem that may happen during Integrity is to verify that data has not been altered in
conversion processing[ 3]. But it is too heavy weight transit by a third party, and to prevent forgery and
for comparatively weak CPUs and low-bandwidth, unauthorized alteration. Data must not be tampered
high latency wireless networks and chatty handshakes with, because if it is modified it can become useless or
involve some long messages. Additionally SSL dangerous, for example, false stock exchange
memory requirements, both static and runtime, are information. Any electronic communication contains a
known to be high. theoretical risk that the data could be corrupted while
in transit. The basic integrity problem is to ensure that
the message from one principal to another are not
3 Security Issues for Mobile Commerce corrupted by a malicious third principal.
Customers demand for an end-to-end package that
allows security policies already in place for wired 3.4 Non-Repudiation
networks to be extended to wireless network. In order Parties of a transaction need to be able to confirm the
to provide end-to-end wireless security, it is necessary identities of the other parties and the date and time of
to cover all of these following issues. the transaction. For example a service provider may
want to prove to its customer that a human, in which
3.1 Authentication case the authentication mechanism must verify that it
Authentication is to ensure that users, clients and is a valid computer belonging to the legitimate
servers establish their identity. At some fundamental organization. Non-repudiation is to prevent parties
level, you want to be sure that the people you deal with from falsely denying data transactions after they were
are really who they say they are. The process of supposedly done, enforcing accountability for
proving identity is called authentication. A key electronic transactions.
aspect of security for activities such as mobile
e-commerce and mission critical corporate 3.5 Availabilty
communications is the ability to authenticate a Availability is violated when the system is prevented
message sender’s identity. A failure of authentication from performing its intended function, as when
can easily lead to violations of confidentiality, someone brings down the web site of an online
store. Data and machines must be accessible when In this section, we’ll present components for XML
needed. If resources are not available there is denial of security for mobile commerce. Fig. 1 depicts the XML
service, which may cause frustration and financial loss. security model. It consists of XML signature module,
In some cases – such as systems that are connected to XML encryption module and cryptography module.
production lines, where continuous service is essential XML signature and XML encryption will be described
– denial of service has much more serious based on XML digital signature specification and
consequences. XML encryption specification by W3C, respectively
because they have already defined as the international
standards and we need to conform to them. Next, we’ll
4 XML Security for Mobile Commerce discuss some implementation issues to bring them to
Security protocols dominant on the Internet wireless devices having relatively small system
commonly perceived as too big for small devices, and resources.
today’s wireless architectures are proxy based and
lack end-to-end security. An end-to-end security 4.1 XML Signature
strategy needs to encompass an increasingly complex XML signature aims to guarantee the integrity and
technology chain, including mobile phones, laptops authentication to any digital content including XML
and PDAs from multiple venders, multiple operating documents. It allows generating and verifying a
systems, various network standards, wireless signature for the entire document or specific parts of it.
e-business applications, and IT management In order to generate a signature, it is the first step
frameworks. Additionally companies need to be kept that resources to be signed are accessed and
abreast of current and future risk in order to react appropriately transformed. For example, enveloped
efficiently and effectively with minimal disruption to signature transform removes the signature structure
service and quality. from the document prior to digesting. Next, Reference
The approach to the security model based on XML elements that contain URI, Transform Method, Digest
is a secure and resilience solution design that meets the Method and Digest Value can be generated after
business’ security and privacy requirements. It fulfills message digests are computed over each entity. When
the security issues such as authentication, integrity, multiple resources are signed together, Reference
confidentiality, non-repudiation, and availability elements for each resource can be included in the
required for mobile commerce using wireless devices. SignedInfo directly or contained in the Manifest
In addition, due to the features of XML and Java, it element. In the latter case, the Reference element for
offers compatibility, extensibility, and flexibility. the Manifest is only included in the SignedInfo
A Manifest is a list of entity References along with
their digests, just like the main SignedInfo structure.
This Manifest is included within the signature
structure and is signed by including a Reference to it
within the main signed info structure. During
verification, however, the References within the
Manifest need not be verified. A recipient can check
these References secondarily, if required.
SignedInfo element is generated, containing
Canonicalization Method information for SignedInfo
itself, Signature Method information, Manifest,
Signature Properties, Object and References for other
resource. This element allows a signature recipient to
ensure that no signed entity has been modified. The
location information allows the recipient to locate the
signed entity. A new message digest can then be
Fig. 1 The XML security model for secure mobile computed over this entity and compared with the
commerce. message digest in the SignedInfo. By the properties of
cryptographic message digest algorithms, if the
document has changed, the message digest will have
changed. Therefore, if the two match, the document
has not changed from the time of signing.
A digital signature is computed over this SignedInfo
fragment using the signature method indicated by
SignatureMethod element in the SignedInfo.
Canonicalization has to be performed before the
digital signature computation using the
canonicalization method indicated by
CanonicalizatonMethod element in the Signed Info.
The digital signature allows the recipient to ensure that
the signed info fragment has not changed and that the
document was signed by a particular person. An XML
signature element is produced, containing the
SignedInfo element, the digital signature value and
various additional pieces of information such as the
signer's key information, Object element, etc.
Verification of a signature thus involves both checking
the digital signature on the signed info fragment and
checking the message digest of each entity listed in the
The verification of XML signature is processed by Fig. 2 The processing flow of XML signature
following flow. Resources are accessed for generation and the structure of signature.
verification using the URI information in the
corresponding Reference element. Then they are 4.2 XML Encryption
transformed using the transform algorithm specified in XML Encryption is a method whereby XML content
the Transform Method element in the Reference. can be transformed such that it is discernible only to
Digest Values of the resources are computed using the the intended recipients and opaque to all others.
digest algorithm specified in the Digest Method Similar with XML signature, XML encryption
element in the corresponding Reference. Computed specification describes a process for encrypting and
Digest Values are compared with the Signature Value decrypting digital content (including XML documents
in the SignedInfo element. All the References a re and portions thereof) and an XML syntax used to
verified in this way. represent the encrypted content and information that
SignedInfo is canonicalized using the algorithm enables an intended recipient to decrypt it.
specified in the Canonicalization Method element in In order to encrypt an XML document, it requires
the SignedInfo. The signature is verified. First the two-step encryption process. One is for documents to
public key information is obtained from the KeyInfo be sealed, and the other is for a secret key used in
element and the signature value of the SignedInfo is encryption of document. For first step encryption,
calculated using the signature algorithm specified in most of all, it is necessary to generate a secret key
the Signature Method element. The value is compared using Pseudo-Random Number Generator. The other
with the value in the SignatureValue ele ment. hand, an XML document is encoded in a stream of
Manifest is verified. Digest Values of each Reference bytes and compressed. It has advantages of reducing
in the Manifest are verified. The verification the size of a ciphertext generated as a result and
processing is up to application program. The preventing attacker from getting information related
processing flow of XML Signature is depicted in Fig.2. with the plaintext. Next, the compressed byte stream is
In this flow, the structure of XML Signature is encrypted using a symmetric encryption algorithm and
conformed to that of XML Signature Draft. the secret key generated right before, and then the
ciphertext bytes are encoded in an XML node.
The second step encryption is for the secret key that
is used in encrypting an XML document. It is
encrypted usin g a particular recipient’s public key.
The ciphered secret key is also encoded in an XML
node and Ancillary information (such as the
encryption algorithm used, etc) is encoded as further 5 Implementation Issues
XML nodes. XML nodes generated previously are In this section, we’ll discuss some implementation
organized into a DTD-defined XML structure and issues to bring XML security to wireless devices
returned to the caller. The following Table 1 having relatively poor system resources.
summarizes the encryption process described right
before. To unseal the encrypted document, first of all,
the ancillary information is decoded to check what 5.1 XML Parser
algorithm was used to encrypt the document. The We need to parse XML as part of J2ME application.
recipient’s private key is used to decrypt the As XML parsing, traditionally, is a relatively intensive
embedded secret key contained within the XML task in terms of processing power and memory, we’ll
document. The embedded XML ciphertext is need to be careful in selecting a parser for a MIDP
decrypted using the selected symmetric encryption environment. To select a proper parser, we can
algorithm and the deciphered secret key. If the consider following conditions.
decrypted stream of bytes was compressed, it needs to First, we can take an account its code is small and it
be decompressed. Finally, the resulting stream of doesn’t take gobs of memory to parse a document.
bytes is decoded back into an XML structure to form Small parsers for J2ME devices are evolving rapidly,
the nodes of the hierarchy. and there are already nice choices of decent parsers
that don’t take up a lot of space, such as ASXMLP,
4.3 Cryptography Algorithm kXML, MinXML, TinyXML and so on.
In order to support XML signature and encryption, a Second, we have to give up on running a validating
cryptography library contains symmetric and parser in a MIDP environment. Validation is fairly
asymmetric cipher algorithms, hash algorithms, digital intensive work, and the extra memory and processing
signature algorithms, and key generation algorithms. requirements will reduce mobile phone to a
The security services and cryptographic algorithms smoldering heap of scrap metal before you can finish
basically required are listed in Table 2. parsing a document. But we need not to give up on
validation entirely it may still be useful during
development cycle. We can use J2SE client with
Table 1. The process of making an encrypted XML validating parsers to emulate our MIDP clients. We
document. may well flush out bugs in XML documents this way.
1. Generate a symmetric key Once everything is running smoothly, switch over to
2. Encode an XML document to byte stream the nonvalidating parsers in the MIDP clients.
3. Compress byte stream Optional
4. Encrypt byte stream 5.2 Cryptographic Algorithm
5. Encode byte stream Base64 We need a cryptography package, which is organized
6. Encrypt the symmetric key with asymmetric key so that it constrains a light- weight API suitable for use
7. Encode the encrypted the symmetric key with in mobile environment with the additional
Base64 infrastructure to conform the algorithms to the JCE
8. Encode the ancillary information framework. Although J2ME provides a few security
classes such as Cipher class, they can’t be public for
Table. 2 The required security services and export clearance and are no open crypto APIs.
cryptographic algorithms by default. Therefore we need to implement our own security
Cryptographic service APIs and algorithms.
Algorithms Like XML parsing, cryptographic operations are
Message Digest SHA1, MD5 intensive task in terms of processing power and
memory. As one solution, we can consider exploring
Block Cipher DES, DESede, AES support for Elliptic Curve Cryptography (ECC). It
Cipher (Asymmetric) RSA provides a high level of security while demanding
Signature DSA fewer computing and memory resources than other
encryption approaches. This is an important
consideration for the small-footprint handheld devices.
In addition to this, we have to amortize the cost of performance. Careful implementations of Internet
expensive operations by reusing their results multiple security have acceptable performance on today’s
times. wireless, mobile devices.
Although PKI is not the direct component of the XML References:
security for wireless devices which we have proposed  The wireless security acceleration team,
until now, we consider this mechanism as an indirect “End-to-end wireless security: Integrated solutions
participant because it provides a set of technologies that protect your business and your customer,”
that relies on encryption and digital certificates for a www-3.ibm.com/security/ index.shtml, Dec. 2001.
digital signature. The certificates are message  S. K. Miller, “Facing the challenge of wireless
attachments, issued by a certificate authority, that security,” IEEE Computer, pp.16~18, July 2001.
authenticate a sender’s identity and provide  PWH, E-Business Technology Forecast,
encryption keys. PriceWaterHouse Coopers, May 1999.
PKI is difficult to implement in the wireless world.  Ovum, E-Business Security: New Directions and
Although there are several ways to accomplish them Successful Strategies, 2000.
using variations of wireline PKI mechanism, the  S. Garfinkel and G. Spafford, Web Security &
challenges have been designing PKI to work on Commerce, O’Reilly & Associates Inc., 1999.
devices with low throughput and computational power  IETF/W3C, “XML-Signature Syntax and
and developing wireless PKI systems that can interact Processing (Working Draft)”, October 2000,
with their wire line counterpart. There are several PKI http://www.w3.org/TR/2000/WD-xmldsig-core-2
products for wireless communications. Using 0001012/
technology from security v enders such as Certicom,  IETF/W3C, “XML-Encryption Syntax and
eTrust, and VeriSign, Neomar is shipping a Processing (Working Draft)”, March 2002,
commercial wireless browser that can store and http://www.w3.org/TR/2002/CR-xmlenc-core-200
manage PKI keys. 20304/
 J. Knudsen, “XML going wireless,” XML Journel,
vol. 2, issue. 11, Nov. 2001.
6 Concluding Remarks and Further  J. Knudsen, Java Cryptography , O’Reilly &
Associates Inc., 1998.
In this paper, we have proposed the security model
based on XML for secure mobile commerce. Because
today’s wireless architectures lack end-to-end security,
a truly effective, future-proofed wireless security need
to offer integrated technology, processes and
organizational solutions. Extending XML security to
wireless environment can meet all of the challenges
required of wireless security. It provides end-to-end
security by protecting data when they are not only
transferred over the network, but also stored in
wireless devices. Additionally, properties of XML and
Java allow full compatibility with large installed base
of secure web servers, extensibility, and flexibility.
These are compelling reasons to consider XML
security as for wireless device as the security solution
for next generation smart phones or PDAs.
Although we have proposed an end-to-end security
solution for wireless devices, there are still many
things to do. First, we have to develop a demo
application for wireless devices, test its performance,
and think of the reuse method to improve the