Abstract
In current electronic commerce systems, customers have an on-line interaction with merchants via a browser on their personal computer. Also payment is done electronically via the Internet, mostly with a credit card. In parallel to this, e-services via wireless-only systems are emerging. This paper identifies security and functionality weaknesses in both of these current approaches. The paper discusses why and how general-purpose mobile devices could be used as an extension to PC based systems, to provide more security and functionality. General-purpose mobile devices are shown to be an alternative to costly special-purpose hardware. This combined approach has in many cases more interesting properties than when using mobile devices only. As an example of the combined approach, a GSM based electronic payment system is proposed and investigated. The system enables users to order goods through the World Wide Web and pay by using their mobile phone.
Chapter PDF
References
American Express. Private Payments. http://www.americanexpress.com/privatepayments/.
Banxafe. http://www.banxafe.com/.
S. M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communication Review, 19(2):32–48, April 1989.
Simon Blake-Wilson, Magnus Nystrom, David Hopwood, Jan Mikkelsen, and Tim Wright. TLS Extensions. IETF Internet Draft, June 2001.
Bluetooth SIG. http://www.bluetooth.com/.
Nikita Borisov, Ian Goldberg, and David Wagner. Intercepting Mobile Communications: The Insecurity of 802.11. http://www.isaac.cs.berkeley.edu/isaac/wep-draft.pdf.
Clara Centeno. Mobile Payment Industry Fora-Consolidation of Initiatives Expected. Electronic Payment Systems Observatory-Newsletter, ePSO-N, (8):8–12, July 2001. Available at http://epso.jrc.es/.
T. Dierks and C. Allen. The TLS Protocol Version 1.0. IETF Request for Comments, RFC 2246, January 1999.
Digipass. http://www.vasco.com/.
D. Eastlake, J. Reagle, and D. Solo. XML-Signature Syntax and Processing. IETF Request for Comments, RFC 3075, March 2001.
ETSI. Digital cellular telecommunications system (Phase 2+); Security mechanisms for the SIM Application Toolkit; Stage 1. ETSI TS 101 180 (GSM 02.48).
ETSI. Digital cellular telecommunications system (Phase 2+); Security mechanisms for the SIM Application Toolkit; Stage 2. ETSI TS 101 181 (GSM 03.48).
ETSI. Digital cellular telecommunications system (Phase 2+); Specification of the SIM Application Toolkit for the Subscriber Identity Module-Mobile Equipment (SIM-ME) interface. ETSI TS 101 267 (GSM 11.14).
GiSMo. http://www.gismo.net/.
IETF Working Group. IP Routing for Wireless/Mobile Hosts (mobileip).
InternetCash. http://www.internetcash.com/.
Markus Jakobsson and Susanne Wetzel. Security Weaknesses in Bluetooth. In D. Naccache, editor, Progress an Cryptology-Proceedings of the Cryptographers’ Drack at RSA 2001, Lecture Notes in Computer Science, LNCS 2020, pages 176–191. Springer-Verlag, 2001.
Jalda. http://www.jalda.com/.
Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, and Ruth C. Taylor. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. In Proceedings of the 21 st National Information Systems Security Conference, pages 303–314, October 1998.
Mint. http://www.mint.nu/.
Mobile Electronic Signature Consortium. http://www.msign.org/.
NTT DoCoMo. i-mode. http://www.nttdocomo.co.jp/i/.
Paybox. http://www.paybox.de/.
Proton. http://www.protonworld.com/.
E. Rescorla and A. Schiffman. The Secure HyperText Transfer Protocol. IETF Request for Comments, RFC 2660, August 1999.
Eric Rescorla. SSL and TLS: Designing and Building Secure Systems. Addison-Wesley, 2000.
Bruce Schneier. European Cellular Encryption Algorithms. Crypto-Gram, December 1999.
SET Secure Electronic Transaction LLC. SET Secure Electronic Transaction Specification. http://www.setco.org/.
Trusted Computing Platform Alliance. http://www.trustedpc.org/.
The UMTS Forum. http://www.umts-forum.org/.
Klaus Vedder. GSM: Security, Services and the SIM. In B. Preneel and V. Rijmen, editors, State of the Art in Applied Cryptography, Lecture Notes in Computer Science, LNCS 1528, pages 227–243. Springer-Verlag, 1998.
M. Walker. On the security of 3GPP networks. Invited talk at Eurocrypt 2000.
Wireless Application Protocol Forum. WAP Certificate and CRL Profiles. Approved 22-May-2001.
Wireless Application Protocol Forum. WAP Public Key Infrastructure. Version 24-Apr-2001.
Wireless Application Protocol Forum. WAP TLS Profile and Tunneling. Version 11-April-2001.
Wireless Application Protocol Forum. WAP Transport Layer End-to-end Security. Approved Version 28-June-2001.
Wireless Application Protocol Forum. WAP Wireless Identity Module, Part: Security. Version 12-July-2001.
Wireless Application Protocol Forum. WAP Wireless Transport Layer Security. Version 06-Apr-2001.
Wireless Application Protocol Forum. WAP WMLScript Crypto Library. Version 20-Jun-2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Claessens, J., Preneel, B., Vandewalle, J. (2002). Combining World Wide Web and Wireless Security. In: De Decker, B., Piessens, F., Smits, J., Van Herreweghen, E. (eds) Advances in Network and Distributed Systems Security. IFIP International Federation for Information Processing, vol 78. Springer, Boston, MA. https://doi.org/10.1007/0-306-46958-8_11
Download citation
DOI: https://doi.org/10.1007/0-306-46958-8_11
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7558-6
Online ISBN: 978-0-306-46958-9
eBook Packages: Springer Book Archive