Scribd Logo
Upload

Welcome to Scribd!

  • IntrotoM Commerce

    Uploaded by

    pramod_bansal
    4 views27 pages
    M Commerce ppt

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    M Commerce ppt

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views27 pages

    IntrotoM Commerce

    Uploaded by

    pramod_bansal
    M Commerce ppt

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 27

    Introduction to M-Commerce

    Overview

    What is M-Commerce? Security Issues Usability Issues Heterogeneity Issues Business Model Issues Case Studies / Examples Q&A

    What is M-Commerce?

    E-Commerce with mobile devices (PDAs, Cell Phones, Pagers, etc.) Different than E-Commerce? No, but additional challenges:

    Security Usability Heterogeneous Technologies Business Model Issues

    But first, lets learn a little about wireless technologies

    Wireless Technologies

    Link Layer (examples)

    WAN: Analog / AMPS CDPD: Cellular Digital Packet Data TDMA/GSM: Time Division Multiple Access, Global System for Mobile Communications (Europe) CDMA: Code Division Multiple Access Mobitex (TDMA-based) LAN: 802.11 Bluetooth

    Devices: Cell Phones, Palm, WinCE, Symbian, Blackberry,

    Examples of PDA Devices


    PDA Microprocessor Speed

    Palm, Handspring
    RIM Interactive Pager Compaq Aero 1530 HP Jornada 820 Casio Cassiopeia E100 Psion Revo Psion Series 5

    Motorola Dragonball
    Intel 386 NEC/VR4111 MIPS RISC Intel/StrongARM RISC SA1100 NEC/VR4121 MIPS

    16.6 20 MHz
    10 MHz 70 MHz 190 MHz 131 MHz

    ARM 710
    Digital/Arm 7100

    36 MHz
    18 MHz

    Application Layer Technologies

    Micro-browser based: WAP/WML, HDML: Openwave iMode (HTML): NTT DoCoMo Web Clipping: Palm.net XHTML: W3C Voice-browser based: VoiceXML: W3C Client-side: J2ME: Java 2 Micro Edition (Sun) WMLScript: Openwave Messaging: SMS: Part of GSM Spec.

    Example: WAP

    WAP: Wireless Application Protocol Created by WAP Forum

    Founded June 1997 by Ericsson, Motorola, Nokia, Phone.com 500+ member companies Goal: Bring Internet content to wireless devices

    WTLS: Wireless Transport Layer Security

    Basic WAP Architecture


    WTLS SSL

    Web Server

    Internet

    WAP Gateway

    Example: WAP application

    Security Challenges

    Less processing power on devices

    Slow Modular exponentiation and Primality Checking (i.e., RSA) Crypto operations drain batteries (CPU intensive!)

    Less memory (keys, certs, etc. require storage) Few devices have crypto accelerators, or support for biometric authentication No tamper resistance (memory can be tampered with, no secure storage) Primitive operating systems w/ no support for access control (Palm OS)

    Wireless Security Approaches

    Link Layer Security

    GSM: A3/A5/A8 (auth, key agree, encrypt) CDMA: spread spectrum + code seq CDPD: RSA + symmetric encryption
    WAP: WTLS, WML, WMLScript, & SSL iMode: N/A SMS: N/A

    Application Layer Security


    Example: Security Concerns

    Performance: well do an example: should we use RSA or ECC for WTLS mutual auth? Control: WAP Gap data in the clear at gateway while re-encryption takes place

    Example: WTLS ECC vs. RSA?

    WTLS Goals

    Authentication Privacy Data Integrity

    Authentication: Public-Key Crypto (CPU intensive!!!) Privacy: Symmetric Crypto Data Integrity: MACs

    WTLS: Crypto Basics

    Public-Key Crypto

    RSA (Rivest-Shamir-Adelman) ECC (Elliptic Curve)

    Certificates
    Authentication

    None, Client, Server, Mutual

    WTLS w/ Mutual-Authentication

    Mutual-Authentication
    Client Hello -----------> ServerHello Certificate CertificateRequest ServerHelloDone

    <-----------

    1. Verify Server Certificate


    Certificate ClientKeyExchange (only for RSA) 2. Establish Session Key CertificateVerify 3. Generate Signature ChangeCipherSpec Finished -----------> <----------Application Data <----------> Finished Application Data

    WTLS Handshake Timings (Palm VII)

    Mutual-Authentication: RSA
    Operation Cryptographic Primitive(s) Time (ms) Required

    Server Certificate Verification Session Establishment Key

    RSA Signature Verification (Public decrypt, e=3) RSA Encryption encrypt) (Public

    598

    622

    Client Authentication

    RSA Signature Generation (Private encrypt)

    21734

    TOTAL

    22954

    WTLS Handshake Timings (Palm VII)

    Mutual-Authentication: ECC
    Operation Server Certificate Verification Cryptographic Primitive(s) CA Public Key Expansion ECC-DSA Signature Verification Server Public Key Expansion Key Agreement ECC-DSA Signature Generation Time Required (ms) 254.8 1254 254.8 335.6 514.8 2614

    Session Key Establishment

    Client Authentication TOTAL

    The cryptographic execution time for mutually-authenticated 163-bit ECC handshakes is at least 8.64 times as fast as the cryptographic execution time for mutually-authenticated 1024-bit RSA handshakes on the Palm VII.

    WAP Gap: One Alternative

    Dynamic Gateway Connection


    WTLS Class 2 SSL

    Operator

    WAP Gateway

    Internet

    Content Provider

    WAP Gateway

    SSL

    Web Server

    Other alternatives also exist

    Usability Challenges

    Hard Data Entry

    Poor Handwriting Recognition Numeric Keypads for text entry is error-prone Poor Voice Recognition Further complicates security (entering passwords / speaking pass-phrases is hard!)
    i.e., cant show users everything in shopping cart at once!

    Small Screens

    Voice Output time consuming

    Usability Approaches

    Graffiti (Scaled-down handwriting recognition, Palm devices) T9 Text Input (Word completion, most cell phones) Full alphanumeric keypad & scrollbar (Blackberry) Restricted VoiceXML grammars for better voice recognition Careful task-based Graphical User Interface & Dialog Design Lots of room for improvement!

    Heterogeneity Challenges

    Many link layer protocols (different security available in each) Many application layer standards Businesses need to write to one or more standards or hire a company to help them! Many device types:

    Many operating systems (Palm OS, Win CE, Symbian, Epoch, ) Wide variation in capabilities

    Heterogeneity Approaches

    HTML/Web screen scraping Protocol & Mark-up language translators Standardization

    Business Models Issues

    Possible Models:

    Slotting fees Wireless advertising (text) Pay per application downloaded Pay per page downloaded Flat-fees for service & applications Revenue share on transactions

    Trust issues between banks, carriers, and portals Lack of content / services

    Case Studies

    NTT DoCoMos I-Mode Palm.net Sprint PCS Wireless Web

    NTT DoCoMo I-Mode

    20 million users in Japan HTML-based microbrowser (supports HTTPS/SSL) on CDMA-based network 10s of thousands of content sites, ring tones, and screen savers Pay per application downloaded and pay per page models Invested in AT&T Wireless so we may see it here in US in next few years!

    Palm.Net

    Low 100K users in USA Web Clipping (specialized HTML) microbrowser on Mobitex (TDMA) based network run by BellSouth (>98% coverage in urban areas) 100s of content sites (typically no charge for applications) Palm VII devices now selling for $100 due to user adoption problems. (Service plans range from $10 - $40 per month.)

    Sprint PCS Wireless Web

    Low, single-digit millions of US users Multi-device strategy: WAP/HDML based microbrowser on phones, Web Clipping on Kyocera, both on CDMA network ~50 content sites slotted, many others available (very hard to enter URLs, though) Slotting-fee + rev-share on xactions model $10 per month flat-fee to users, most phones already have microbrowser installed.

    You might also like