Security Issues in M—Commerce: A Usage—Based Taxonomy

  • Suresh Chari
  • Parviz Kermani
  • Sean Smith
  • Leandros Tassiulas
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2033)


M—commerce is a new area arising from the marriage of electronic commerce with emerging mobile and pervasive computing technology. The newness of this area—and the rapidness with which it is emerging—makes it difficult to analyze the technological problems that m–commerce introduces—and, in particular, the security and privacy issues. This situation is not good, since history has shown that security is very difficult to retro—fit into deployed technology, and pervasive m– commerce promises (threatens?) to permeate and transform even more aspects of life than e–commerce and the Internet has. In this paper, we try to begin to rectify this situation: we offer a preliminary taxonomy that unifies many proposed m–commerce usage scenarios into a single framework, and then use this framework to analyze security issues.


Smart Card Security Issue Pervasive Computing Infrastructure Server Physical Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R., Kuhn, M. Tamper Resistance—A Cautionary Note. 2nd USENIX Workshop on Electronic Commerce, 1996.Google Scholar
  2. 2.
    Anderson, R., Kuhn, M. Low-Cost Attacks on Tamper Resistant Devices. Preprint, 1997.Google Scholar
  3. 3.
    Camp, L.J. Reliability, Security, and Privacy in Electronic Commerce. Ph.D. thesis. Engineering and Public Policy, Carnegie Mellon University.Google Scholar
  4. 4.
    Camp, L.J., Sirbu, M., and Tygar, J.D. Token and Notational Money in Electronic Commerce. First USENIX Workshop on Electronic Commerce. July 1995.Google Scholar
  5. 5.
    Chari, S., Kaiserswerth, M., Rao, J.R. Network Security Issues in Pervasive Computing Devices. IBM Research Report RC 21592.Google Scholar
  6. 6.
    Chaum, D. Security without Identi-cation: Transaction Systems to Make Big Brother Obsolete. Communications of the ACM, 28:1033–1044. October 1985.CrossRefGoogle Scholar
  7. 7.
    Dierks, T., Allen, C. The Transport Layer Security Protocol. IETF Request For Comments 2246. Available online at
  8. 9.
    Hochberg, J., Smith, S., et. al. Kiosk Security Handbook. Los Alamos Unclassified Release LA-UR-95-1657, 1995. Los Alamos National Laboratory.Google Scholar
  9. 11.
    Kent, S., Atkinson, R. Security Architecture for the Internet Protocol. IETF Request for Comments 2401. Available online at
  10. 12.
    Kleinrock, L. Nomadic Computing & Smart Spaces. Keynote speak at Infocom 2000, Tel Aviv, Israel, March 2000. rom/infocom2000/.
  11. 13.
    The Mondex Electronic Cash Scheme. Documentation available online at
  12. 15.
    National Institute of Standards and Technology. Security Requirements for Cryptographic Modules, Federal Information Processing Standards Publication 140-1. 1994.Google Scholar
  13. 16.
    The NTT DoCoMo i-mode applications. Documentation available online at
  14. 17.
    The Official Bluetooth SIG Website. Online at
  15. 19.
    Salonidis, T., Bhagwat, P., Tassiulas, L., LaMaire, R. Distributed Topology Construction of Bluetooth Personal Area Networks Preprint.Google Scholar
  16. 20.
    Satyanarayanan, M. Caching Trust Rather than Content. Carnegie Mellon University. Preprint, 2000.Google Scholar
  17. 21.
    Satyanarayanan, M. Fundamental Challenges in Mobile Computing. Fifteenth ACM Symposium on Principles of Distributed Computing May 1996, Philadelphia, PA Revised version appeared as:“Mobile Computing: Where’s the Tofu?” Proceedings of the ACM Sigmobile April 1997, Vol. 1, No. 1.Google Scholar
  18. 22.
    Smith, S. Expressing and Enforcing Robust Behavior for Electronic Objects. The Federal Networking Council/MIT Internet Privacy and Security Workshop. May 1996. (Also: Los Alamos Unclassified Release LA-UR-96-1238.)Google Scholar
  19. 23.
    Smith, S., Weingart, S. Building a High-Performance, Programmable Secure Coprocessor. Computer Networks (Special Issue on Computer Network Security). 31: 831–860. April 1999.CrossRefGoogle Scholar
  20. 24.
    Weingart, S. Physical Security Attacks and Defences. Cryptographic Hardware and Embedded Systems, August 2000.Google Scholar
  21. 25.
    Weiser, M. The World is not a Desktop. Interactions, Jan. 1994, pp. 7–8Google Scholar
  22. 26.
    The Wireless Applications Protocol Suite. Specifications available online at
  23. 27.
    Yee, B.S.. Using Secure Coprocessors. Ph.D. thesis. Computer Science Technical Report CMU-CS-94-149, Carnegie Mellon University. May 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Suresh Chari
    • 1
  • Parviz Kermani
    • 1
  • Sean Smith
    • 2
  • Leandros Tassiulas
    • 3
  1. 1.IBM T.J. Watson Research CenterYorktown HeightsNY
  2. 2.Department of Computer ScienceDartmouth CollegeHanover
  3. 3.Electrical and Computing EngineeringUniv. of MarylandCollege Park

Personalised recommendations