1 / 12

How to fill m-Commerce security holes

How to fill m-Commerce security holes. 2001. 4. 11 Team : Cores Members : 강희영, 정대민 김범주, 기준백. Contents. 1. The State of wireless business Killer Cocktail of Mobile applications Proliferation of wireless users Mobile Technologies 2. Security Problems

totie
Download Presentation

How to fill m-Commerce security holes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. How to fill m-Commerce security holes 2001. 4. 11 Team: Cores Members: 강희영, 정대민 김범주, 기준백

  2. Contents 1. The State of wireless business • Killer Cocktail of Mobile applications • Proliferation of wireless users • Mobile Technologies 2. Security Problems • Security Problems • Other Risks 3. Way to go • New Protocols • Security Solutions

  3. “The Internet in Everyone’s Pocket” • By 2003, 85% of mobile phones will be internet-enabled - source: Nokia • By 2005, more people are expected to access the internet via their mobile phones than via their PCs -source: UMTS Forum Report 9

  4. 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Payment -Credit card or mobile phone, sir? A “killer Cocktail” of Mobile Applications Virtual home environment Finding places • share your photos, films and music with friends • sharing experiences - find a friend, the nearest restaurant, the next bus... Context awareness - don’t disturb me now. I’m in a meeting - if the sun is shining show me the way to the beach Personal interest • - entertainment / edutainment • - latest stock price • sports news • mobile games Unified messaging • e-mail, videoconference multimedia messages, voicemail

  5. Proliferation of wireless users 1800 1600 Number of wireless subscribers worldwide (in millions) 1400 1200 1000 800 Rest of World 600 Asia Pacific 400 North America 200 European Union 0 From UMTS Forum Year 1995 2000 2005 2010

  6. Background of wireless technology Device technology ( H/W, S/W ) Knowledge of wireless communications Mobile Security Cryptographic background

  7. Wireless technologies • War of the Standards • Bluetooth vs IrDA • WAP vs xHTML • GSM(Global System for Mobile Communications) vs CDMA (Code-Division Multiple Access ) • 802.11b, a, g … : Wireless LAN • Various devices • Mobile phone • PDA (Personal Digital Assistant) • eBook • Laptops • IA (Information Appliance = web search + telephone + eMail)

  8. Mobile phone Service protocols

  9. WAP : structure of transmission ( 무선 구간 ) 무선단말과 웹 서버간 end-to-end 보안 지원 안됨

  10. WAP : protocol stacks WAP Gateway WAP Server Mobile Terminal WSP : Wireless Session Protocol WTP : Wireless Transaction Protocol WTLS : Wireless Transport Layer Security SSL-TLS : Secure Socket Layer – Transport Layer Security

  11. Security Problems • Limitations of current Mobile Device • 전자 서명, 사용자 인증 애로 : 메모리/ 배터리 용량의 제약 (고속 연산 수행 부적절) 내부의 작은 프로세서 사용 • 많은 상용화된 서비스의 독자적 솔루션 : 프로토콜, 단말기, 브라우저 • The biggest problem of Mobile • 도난의 용이 : M15 정보국의 사례 • 단말기의 보안성 취약 • New threat • Virus for mobile device : 2000.6 텔리포니카 (스페인)

  12. Way to go • New Protocols • Smart card : WIM (Wireless Identity Module) • Enhanced Protocol : Bluetooth 2 • Certification : Mini-certificates of WAP • New Proposal : AI-WEB of Samsung • Security Solutions • VeriSign : WTLS 용 인증서 발급 솔루션, Mini-certificates • EnTrust : WAP 기반 PKI 솔루션 • F-Secure : Anti-Virus for WAP • SoftForum : ME의 SSL 개발 • Ai-Net : AnyWeb의 MMS 개발 • 패스21 : 이동 전화용 지문 인증 서버 개발 • 니트젠 : 무선 인터넷용 지문인증 및 암호화 개발

More Related