Security Issues in M—Commerce: A Usage—Based Taxonomy
M—commerce is a new area arising from the marriage of electronic commerce with emerging mobile and pervasive computing technology. The newness of this area—and the rapidness with which it is emerging—makes it difficult to analyze the technological problems that m–commerce introduces—and, in particular, the security and privacy issues. This situation is not good, since history has shown that security is very difficult to retro—fit into deployed technology, and pervasive m– commerce promises (threatens?) to permeate and transform even more aspects of life than e–commerce and the Internet has. In this paper, we try to begin to rectify this situation: we offer a preliminary taxonomy that unifies many proposed m–commerce usage scenarios into a single framework, and then use this framework to analyze security issues.
KeywordsSmart Card Security Issue Pervasive Computing Infrastructure Server Physical Security
Unable to display preview. Download preview PDF.
- 1.Anderson, R., Kuhn, M. Tamper Resistance—A Cautionary Note. 2nd USENIX Workshop on Electronic Commerce, 1996.Google Scholar
- 2.Anderson, R., Kuhn, M. Low-Cost Attacks on Tamper Resistant Devices. Preprint, 1997.Google Scholar
- 3.Camp, L.J. Reliability, Security, and Privacy in Electronic Commerce. Ph.D. thesis. Engineering and Public Policy, Carnegie Mellon University.Google Scholar
- 4.Camp, L.J., Sirbu, M., and Tygar, J.D. Token and Notational Money in Electronic Commerce. First USENIX Workshop on Electronic Commerce. July 1995.Google Scholar
- 5.Chari, S., Kaiserswerth, M., Rao, J.R. Network Security Issues in Pervasive Computing Devices. IBM Research Report RC 21592.Google Scholar
- 7.Dierks, T., Allen, C. The Transport Layer Security Protocol. IETF Request For Comments 2246. Available online at ftp://ftp.isi.edu/in-notes/rfc2246.txt.
- 9.Hochberg, J., Smith, S., et. al. Kiosk Security Handbook. Los Alamos Unclassified Release LA-UR-95-1657, 1995. Los Alamos National Laboratory.Google Scholar
- 11.Kent, S., Atkinson, R. Security Architecture for the Internet Protocol. IETF Request for Comments 2401. Available online at ftp://ftp.isi.edu/in-notes/rfc2401.txt.
- 12.Kleinrock, L. Nomadic Computing & Smart Spaces. Keynote speak at Infocom 2000, Tel Aviv, Israel, March 2000. http://www.cse.ucsc.edu/ rom/infocom2000/.
- 13.The Mondex Electronic Cash Scheme. Documentation available online at http://www.mondex.com.
- 15.National Institute of Standards and Technology. Security Requirements for Cryptographic Modules, Federal Information Processing Standards Publication 140-1. 1994.Google Scholar
- 16.The NTT DoCoMo i-mode applications. Documentation available online at http://www.nttdocomo.com/imode.
- 17.The Official Bluetooth SIG Website. Online at http://www.bluetooth.com.
- 19.Salonidis, T., Bhagwat, P., Tassiulas, L., LaMaire, R. Distributed Topology Construction of Bluetooth Personal Area Networks Preprint.Google Scholar
- 20.Satyanarayanan, M. Caching Trust Rather than Content. Carnegie Mellon University. Preprint, 2000.Google Scholar
- 21.Satyanarayanan, M. Fundamental Challenges in Mobile Computing. Fifteenth ACM Symposium on Principles of Distributed Computing May 1996, Philadelphia, PA Revised version appeared as:“Mobile Computing: Where’s the Tofu?” Proceedings of the ACM Sigmobile April 1997, Vol. 1, No. 1.Google Scholar
- 22.Smith, S. Expressing and Enforcing Robust Behavior for Electronic Objects. The Federal Networking Council/MIT Internet Privacy and Security Workshop. May 1996. (Also: Los Alamos Unclassified Release LA-UR-96-1238.)Google Scholar
- 24.Weingart, S. Physical Security Attacks and Defences. Cryptographic Hardware and Embedded Systems, August 2000.Google Scholar
- 25.Weiser, M. The World is not a Desktop. Interactions, Jan. 1994, pp. 7–8Google Scholar
- 26.The Wireless Applications Protocol Suite. Specifications available online at http://www.wapforum.org.
- 27.Yee, B.S.. Using Secure Coprocessors. Ph.D. thesis. Computer Science Technical Report CMU-CS-94-149, Carnegie Mellon University. May 1994.Google Scholar