Professional Documents
Culture Documents
Overview
What is M-Commerce?
Security Issues
Usability Issues
Heterogeneity Issues
Business Model Issues
Case Studies / Examples
Q&A
What is M-Commerce?
E-Commerce with mobile devices (PDAs, Cell
Phones, Pagers, etc.)
Different than E-Commerce?
No, but additional challenges:
Security
Usability
Heterogeneous Technologies
Business Model Issues
But first, lets learn a little about wireless
technologies
Wireless Technologies
Link Layer (examples)
WAN:
Analog / AMPS
CDPD: Cellular Digital Packet Data TDMA/GSM:
Time Division Multiple Access, Global System for
Mobile Communications (Europe)
CDMA: Code Division Multiple Access
Mobitex (TDMA-based)
LAN:
802.11
Bluetooth
Devices: Cell Phones, Palm, WinCE, Symbian,
Blackberry,
Examples of PDA Devices
PDA Microprocessor Speed
Web Server
Internet
WAP
Gateway
Example: WAP application
Security Challenges
Less processing power on devices
Slow Modular exponentiation and Primality Checking
(i.e., RSA)
Crypto operations drain batteries
(CPU intensive!)
Less memory (keys, certs, etc. require storage)
Few devices have crypto accelerators, or
support for biometric authentication
No tamper resistance (memory can be tampered
with, no secure storage)
Primitive operating systems w/ no support for
access control (Palm OS)
Wireless Security Approaches
Link Layer Security
GSM: A3/A5/A8 (auth, key agree, encrypt)
CDMA: spread spectrum + code seq
CDPD: RSA + symmetric encryption
Application Layer Security
WAP: WTLS, WML, WMLScript, & SSL
iMode: N/A
SMS: N/A
Example: Security Concerns
Performance:
well do an example:
should we use RSA or ECC
for WTLS mutual auth?
Certificates
Authentication
None, Client, Server, Mutual
WTLS w/ Mutual-Authentication
Mutual-Authentication
Client Hello ----------->
ServerHello
Certificate
CertificateRequest
<----------- ServerHelloDone
1. Verify Server Certificate
Certificate
ClientKeyExchange (only for RSA) 2. Establish Session Key
CertificateVerify
ChangeCipherSpec 3. Generate Signature
Finished ----------->
<----------- Finished
Mutual-Authentication: RSA
Operation Cryptographic Primitive(s) Time Required
(ms)
TOTAL 22954
WTLS Handshake Timings (Palm VII)
Mutual-Authentication: ECC
Operation Cryptographic Time Required
Primitive(s) (ms)
Server Certificate CA Public Key Expansion 254.8
Verification
ECC-DSA Signature 1254
Verification
Session Key Server Public Key 254.8
Establishment Expansion
Key Agreement 335.6
Operator WAP
Gateway
Internet
WAP Web
Content Gateway
SSL
Server
Provider