How to fill m-Commerce How to fill m-Commerce

security holessecurity holes

2001. 4. 11

Team: Cores

Members: 강희영 , 정대민 김범주 , 기준백

2

1. The State of wireless business Killer Cocktail of Mobile applications Proliferation of wireless users Mobile Technologies

2. Security Problems Security Problems Other Risks

3. Way to go New Protocols Security Solutions

ContentsContents

3

By 2003, 85% of mobile phones will be internet-enabled - source: Nokia

By 2005, more people are expected to access the internet via their mobile phones than via their PCs

- source: UMTS Forum Report 9

“The Internet in Everyone’s Pocket”

4

A “killer Cocktail” of Mobile ApplicationsA “killer Cocktail” of Mobile Applications

Virtual home environment- share your photos, films and

music with friends- sharing experiences

Personal interest- entertainment / edutainment - latest stock price- sports news- mobile games

Payment-Credit card or mobile phone, sir?

- find a friend, the nearest restaurant, the next bus...

Unified messaging

1 1 1 1 11 1 1 1 11 1 1 1 11 1 1 1 11 1 1 1 1

Finding places

Context awareness- don’t disturb me now. I’m in

a meeting- if the sun is shining show me

the way to the beach

- e-mail, videoconference multimedia messages, voicemail

5

Proliferation of wireless usersProliferation of wireless users

Number of wireless subscribers worldwide (in millions)

Year0

200

400

600

800

1000

1200

1400

1600

1800

1995 2000 2005 2010

Rest of World Asia Pacific North America European Union

From UMTS Forum

2000 2001 2002 2003 2004 2005 연평균성장률

데이터 통신 503 856 1458 2008 2526 2964 44.3%

음성 통신 4203 4705 5079 5222 5401 5548 5.8%

총 무선통신 서비스 수입

4706 5561 6537 7230 7927 8512 12.7%

국내 무선 인터넷 시장 성장성 예측 (ETRI) ( 단위 : 10 억 )

6

Device technology( H/W, S/W )

Device technology( H/W, S/W )

Cryptographic backgroundCryptographic background

Mobile SecurityMobile Security

Knowledge of wireless communications

Knowledge of wireless communications

Background of wireless technologyBackground of wireless technology

7

WWireless technologiesireless technologies

War of the Standards Bluetooth vs IrDA WAP vs xHTML GSM(Global System for Mobile Communications) vs CDMA (Code-Division Multiple Access ) 802.11b, a, g … : Wireless LAN

Various devices Mobile phone PDA (Personal Digital Assistant) eBook Laptops IA (Information Appliance = web search + telephone + eMail)

8

WAP Mobile Explorer

iMode

Developed Company

WAP forum

(Nokia, Phone.com,Erricson etc.)

MicroSoft NTT DoCoMo

Used Langugage

WML / WWL Script mobile-HTML compact-HTML

Protocol WSP / WTP / WDP HTTP HTTP

Browser WAP Browser Mobile Explorer Compact NetFront

Security WTLS SSL SSL

Features 사실상 산업체 표준 (90% 점유 )

무선환경에 적합윈도우 제품군과의연동 용이

기존 인터넷과통합 용이최대 사용자 확보

Domestic Company

SK telecom(011), 신세기 통신 (017)

LG 텔레콤 (019)

한통프리텔 (016)

한솔엠닷컴 (018)

MMobile phone Service protocols obile phone Service protocols

9

WAP : structure of transmission WAP : structure of transmission

무선단말과 웹 서버간 end-to-end 보안 지원 안됨

( 무선 구간 )

10

WAP : protocol stacks WAP : protocol stacks

WSP : Wireless Session ProtocolWTP : Wireless Transaction ProtocolWTLS : Wireless Transport Layer SecuritySSL-TLS : Secure Socket Layer – Transport Layer Security

Mobile Terminal WAP Gateway WAP Server

11

Security Problems Security Problems

Limitations of current Mobile Device 전자 서명 , 사용자 인증 애로

: 메모리 / 배터리 용량의 제약 ( 고속 연산 수행 부적절 ) 내부의 작은 프로세서 사용

많은 상용화된 서비스의 독자적 솔루션: 프로토콜 , 단말기 , 브라우저

The biggest problem of Mobile 도난의 용이

: M15 정보국의 사례 단말기의 보안성 취약

New threat Virus for mobile device : 2000.6 텔리포니카 ( 스페인 )

12

Way to goWay to go

New Protocols Smart card : WIM (Wireless Identity Module) Enhanced Protocol : Bluetooth 2 Certification : Mini-certificates of WAP New Proposal : AI-WEB of Samsung

Security Solutions VeriSign : WTLS 용 인증서 발급 솔루션 , Mini-certificates EnTrust : WAP 기반 PKI 솔루션 F-Secure : Anti-Virus for WAP SoftForum : ME 의 SSL 개발 Ai-Net : AnyWeb 의 MMS 개발 패스 21 : 이동 전화용 지문 인증 서버 개발 니트젠 : 무선 인터넷용 지문인증 및 암호화 개발