software security privacy risks in mobile e commerce
Skip this Video
Download Presentation
Software Security & Privacy Risks in Mobile E-Commerce

Loading in 2 Seconds...

play fullscreen
1 / 17

Software Security & Privacy Risks in Mobile E-Commerce - PowerPoint PPT Presentation

  • Uploaded on

Software Security & Privacy Risks in Mobile E-Commerce. Kartikeya Kakarala CSCI 5939-Independent Study Wireless Application Protocols. Contents. Introduction New Security & Privacy Risks Addressing the Software Risks Platform Risks Software Application Risks WML Script

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Software Security & Privacy Risks in Mobile E-Commerce' - noelani-mcconnell

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
software security privacy risks in mobile e commerce

Software Security & Privacy Risks in Mobile E-Commerce

Kartikeya Kakarala

CSCI 5939-Independent Study

Wireless Application Protocols

  • Introduction
  • New Security & Privacy Risks
  • Addressing the Software Risks
    • Platform Risks
    • Software Application Risks
  • WML Script
  • Security Risks of WML Script
  • Conclusion
  • M-Commerce : E-Commerce obtained by Accessing the internet through the wireless devices.
  • Major Applications of M-Commerce :
    • Weather Reports,Sport Scores,Flight Info., Navigational Maps,Stock Quotes,email etc.
  • According to Strategy Analytics by 2004, over 1 billion wireless device users, 600 million wireless internet subscribers and a $200 billion mobile e-commerce market is expected.
introduction cont
  • Because of such anticipated growth, new security and privacy risks abound in M-Commerce .
  • Integrating Security and privacy into the M-Commerce applications would give a projected $25 billion market .
  • On the other hand if Security is not properly met than it would cause to significantly dampen the consumer adoption rates.
new security privacy risks
New Security & Privacy Risks
  • New hazards
    • In wireless devices due to their mobility & communication medium.
    • A single malicious domain could potentially compromise wireless devices through malicious downloads or simple denial of service.
    • Rather than an attacker needing to pursue a target, targets can come to attackers in wireless networks by simply roaming through the attacker’s zone.
new security privacy risks cont
New Security & Privacy Risks(Cont..)
  • Most Vendors implementations of the SSL or WTLS do not reauthenticate or recheck certificates once a connection is established.
  • Simply “Refreshing” a browser to re-establish a connection may inadvertently introduce risks by redirection of the URL.
  • Example a hacker can compromise the closest DNS server that route’s a client’s web request from a site ‘X’ and redirect it to the hacker’s site.
new security privacy risks cont1
New Security & Privacy Risks(Cont..)
  • Attacks from the wireless devices would become easy.
  • Another risk unique to mobile devices is the risk of loss or theft.
  • Tracking of users by on-line web usage via Cookies,could lead to loss of privacy.
  • Size &Time limitations make it more unlikely that a user would go through the privacy policies of a web site.
addressing the software risks
Addressing the Software Risks
  • Security risks of wireless devices must be carefully analyzed and addressed.
  • “WAP gap”
    • wireless requests to web pages are translated at the WAP gateway from the WTLS protocol to SSL protocol, widely used in HTTP requests.
    • If an attacker compromises the WAP gateway, could capture data when decryption is done.
  • WAP gap problem
    • Solved by simple modifications to existing protocols.
platform risks
Platform Risks
  • Platform or the Operating system
    • The basic infrastructure for running M-Commerce application.
  • Without a secure infrastructure on the device, it is not possible to attain secure M-Commerce.
  • Present Scenario
    • Many manufacturer’s do not provide with all the necessary requirements.
platform risks cont
Platform Risks(Cont..)
  • Many Manufacturer’s have failed to provide:
    • Memory protection for processes
    • Protected Kernel Rings
    • File Access Control
    • Authentication of principals to resources
    • Differentiated User & process privileges
    • Sandboxes for untrusted code etc.
  • Due to lack of these features the platform becomes vulnerable to attacks.
platform risks cont1
Platform Risks(Cont..)
  • To address these platform risks,the wireless device platforms need to :
    • Enforce memory protection b/w applications.
    • Strong Authentication mechanisms such as fingerprints recognition systems should be built into the devices.
    • Software certificates should be used to authenticate software to the user before installing on the device.
software application risks
Software Application Risks
  • Low level languages
    • In handheld devices cause the continuation of basic flaws like Buffer overflow etc.
  • Application developers may forgo security features like encryption etc
    • Due to Limited power, lack of Processing cycles, memory and bandwidth of the devices
    • To increase online performance.
  • Interesting software development
    • The ability to send & execute mobile code.
  • WML script is used to overcome software application risks.
wml script
WML Script
  • WML Script
    • The WAP equivalent of Java Script.
    • It is used basically to provide a uniform interface to wireless applications.
    • It is used to provide functions independent of the device brand.
  • Achieving Interface functionality & Compatibility uniform for different phones regardless of the brand can be done by the development of WML Script Interpreter.
security risks of wml script
Security Risks of WML Script
  • The security risks associated with WML Script are based on a fundamental lack of a model for secure computation.
  • WML Script
    • not a type-safe language.
    • Without owner’s knowledge it can be pushed to a device by scheduled pulls from web pages or other WML Scripts.
    • To achieve efficiency,it is compiled into a WML script bytecode downloaded by the client and run on a WML script virtual machine.
security risks of wml script cont
Security Risks of WML Script(Cont..)
  • WML Script provides access to telephony functions through the WTAI.
  • Access to a phone’s telephony facilities allows online service providers to :
    • Accept/Initiate calls
    • Send/Receive text messages
    • Add/Search/Remove phonebook entries.
    • Examine call logs
    • Send tones during calls etc.
  • To prevent this Permission functions through WTAI should be created.
  • The Goal here was to highlight Key Security & Privacy Risks already apparent in these devices.
  • The Platforms & Languages being developed for wireless devices have failed to adopt fundamental security concepts on Desktop machines.
  • Encrypted Communication protocols are necessary to provide Confidentiality,Integrity and Authentication services for M-Commerce Applications.
  • The best strategy for addressing security would be to implement it on Platform & Applications themselves , rather than to introduce security patches afterwards.
  • Technical Paper on “Software security & privacy risks in mobile E-Commerce”
    • By Anup K.Ghosh
    • Tara M.Swaminatha