Security Measures in Mobile Commerce: Problems and Solutions

Due to the advent of the Internet, electronic business transactions have exploded around the globe. Along with the Internet, wireless technology has exponentially developed as well. Today, new technologies that allow mobile (cellular) phones and other handheld devices to access the Internet have made wireless business transactions possible. This phenomenon is known as mobile commerce or M-Commerce. It has been predicted that the number of mobile phones connected to the mobile Internet will exceed the number of Internet-connected PCs before 2007. The mobile phone will therefore become the most prevalent device for accessing the Internet. Several industry analysts predict that Mcommerce will constitute a multibillion dollar business by 2005. However, M-Commerce brings new challenges in providing information security as information travels through multiple networks often across wireless links. What must be done to secure financial transactions via mobile commerce? Generally speaking, M-Commerce creates more security concerns than traditional E-Commerce. In this paper, security measures in M-Commerce, wireless security, and the application of cryptography for key generation, authentication, digital signature and digital certificate are discussed

Reducing the computational cost of the authentication process in SET protocol

SET es un protocolo seguro de pago, con tarjeta de crédito, que proporciona un modelo robusto de seguridad para entregar información personal y financiera a través de Internet, basado en la integridad de los datos, su confidencialidad y la autenticación mutua. Sin embargo, las partes involucradas en una transacción deben llevar a cabo diversas operaciones criptográficas, lo que puede ser un problema cuando se usan dispositivos móviles con baja capacidad de almacenamiento y procesamiento. Este artículo muestra como se puede reducir el coste computacional de SET, mediante el uso de otro protocolo llamado TRUTHC en conjunto con una Infraestructura de Clave Pública (PKI). Los resultados muestran que, usando TRUTHC, el tiempo total de ejecución puede ser reducido un 3% desde el punto de vista del cliente. Esta reducción se mantiene aunque aumente la longitud del camino de certificación.Postprint (published version

A Framework for M-Commerce Implementation in Nigeria

The Internet has brought about the concept of grobalilation, which has revolutionized the way business is transacted all over the world. The E-comnterce is of particular interest, though widely used but still has some security challenges in terms of transparency and confidentiality of transactiorts. This papei focuses on M-contnrcrce as an extensiott to E-commerce hnplementatiott with the Bankiltg industry proposed as core implementation consideration in ortler to guarantee high level security. We have reviewed some cqses of onlilrc frauds and eliscussed tlte emerging critical issues afficting software development of M-cornmerce applicatiotts. Afranrcworkfor M-commerce implementationis therefore,proposed for countries such as Nigeria, Romania and Indonesia where cases of online scam are alanning

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future

WPKI Certificate Verification Scheme Based on Certificate Digest Signature-Online Certificate Status Protocol

Aiming at the problems of the WPKI certificate verification schemes based on online certificate status protocol (OCSP), this paper proposes a WPKI certificate verification scheme based on the certificate digest signature-online certificate status protocol (CDS_OCSP). Compared with the existing schemes, the proposed scheme optimizes the number of communication connections between the communication entities and the network, reduces the consumption of the wireless network bandwidth in the certificate verification process, and uses the elliptic curves cipher- (ECC-) based encrypting/decrypting functions to sign and verify the certificate digest, which ensures the consistency of the verified certificates among the communication entities. The proposed scheme makes the certificate verification process more efficient and secure. The experimental results show that the proposed scheme effectively reduces the communication consumption of the wireless network and saves the storage space of the wireless entities

Development of a Secure Mobile E-Banking System

Mobile banking refers to the usage of a telephone or different cellular device to carry out on-line banking responsibilities. Those responsibilities encompass account balance enquiry, funds transfer, bill payment, finding an ATM, etc. Considering the excessive fee of adoption of this technology, quite a few concerns are raised as regards user authentication, data confidentiality, non-repudiation, data integrity and service availability. This research, therefore, introduces a more advantageous comfortable model to help conquer challenges mentioned earlier. In other to attain the set goals, the proposed model uses a popular salted Secure Hash Algorithm (SHA-512) Cryptographic Hash Algorithm to hash personal information, which include account information, and passwords. Advanced Encryption Standard (AES) approach was used for encryption and decryption, One Time Password (OTP) also turned into used to beef up user authentication. The design was carried out using Hypertext Preprocessor (PHP), JavaScript, CSS and MySQL database. Cain and Abel that is a password recovery tool that allows smooth recovery of various passwords by sniffing the network, cracking encrypted password using dictionary, brute-force and cryptanalysis attacks, revealing password bins, uncovering cached passwords and analyzing routing protocols was used to envision the validity and dependability of the model and also to obtain result. Results obtained suggests that the model is viable as data encrypted and hashed could not be decrypted by an attacker compared to other existing models

Mobile and Wireless Information Systems: Applications, Networks, and Research Problems

Mobile and Wireless Information Systems received considerable interest in research and development communities. As a result, significant advances were made, which will affect our life both as users and researchers of mobile and wireless technologies. In this paper, we discuss both the current state of mobile and wireless information systems and the challenges in the wide-scale deployment and use of these systems. In particular, we address applications, wireless networks, mobile payments, security, challenges and research problems

Cloud Computing Adoption for E-Commerce in Developing Countries: Contributing Factors and Its Implication for Indonesia

This study examines literature in cloud computing adoption for e-commerce in developing countries. The goal is to investigate contributing factors affecting cloud computing adoption of e-commerce in developing countries, in particular its implication for Indonesia. Ten themes have been identified: business size and type, customer service improvement, security, economic value, infrastructure, business process improvement, cloud computing framework, regulatory framework, user acceptance, and stakeholders’ support. Among these ten themes, the infrastructure, security, stakeholders’ support, regulatory framework, user acceptance and business size/types themes are particularly relevant to Indonesia. The paper also presents efforts and projects that are currently in place, at the governmental level, that facilitates cloud computing adoption and e-commerce in Indonesia