how to fill m-commerce security holes
DESCRIPTION
How to fill m-Commerce security holes. 2001. 4. 11 Team : Cores Members : 강희영, 정대민 김범주, 기준백. Contents. 1. The State of wireless business Killer Cocktail of Mobile applications Proliferation of wireless users Mobile Technologies 2. Security Problems - PowerPoint PPT PresentationTRANSCRIPT
How to fill m-Commerce How to fill m-Commerce
security holessecurity holes
2001. 4. 11
Team: Cores
Members: 강희영 , 정대민 김범주 , 기준백
2
1. The State of wireless business Killer Cocktail of Mobile applications Proliferation of wireless users Mobile Technologies
2. Security Problems Security Problems Other Risks
3. Way to go New Protocols Security Solutions
ContentsContents
3
By 2003, 85% of mobile phones will be internet-enabled - source: Nokia
By 2005, more people are expected to access the internet via their mobile phones than via their PCs
- source: UMTS Forum Report 9
“The Internet in Everyone’s Pocket”
4
A “killer Cocktail” of Mobile ApplicationsA “killer Cocktail” of Mobile Applications
Virtual home environment- share your photos, films and
music with friends- sharing experiences
Personal interest- entertainment / edutainment - latest stock price- sports news- mobile games
Payment-Credit card or mobile phone, sir?
- find a friend, the nearest restaurant, the next bus...
Unified messaging
1 1 1 1 11 1 1 1 11 1 1 1 11 1 1 1 11 1 1 1 1
Finding places
Context awareness- don’t disturb me now. I’m in
a meeting- if the sun is shining show me
the way to the beach
- e-mail, videoconference multimedia messages, voicemail
5
Proliferation of wireless usersProliferation of wireless users
Number of wireless subscribers worldwide (in millions)
Year0
200
400
600
800
1000
1200
1400
1600
1800
1995 2000 2005 2010
Rest of World Asia Pacific North America European Union
From UMTS Forum
2000 2001 2002 2003 2004 2005 연평균성장률
데이터 통신 503 856 1458 2008 2526 2964 44.3%
음성 통신 4203 4705 5079 5222 5401 5548 5.8%
총 무선통신 서비스 수입
4706 5561 6537 7230 7927 8512 12.7%
국내 무선 인터넷 시장 성장성 예측 (ETRI) ( 단위 : 10 억 )
6
Device technology( H/W, S/W )
Device technology( H/W, S/W )
Cryptographic backgroundCryptographic background
Mobile SecurityMobile Security
Knowledge of wireless communications
Knowledge of wireless communications
Background of wireless technologyBackground of wireless technology
7
WWireless technologiesireless technologies
War of the Standards Bluetooth vs IrDA WAP vs xHTML GSM(Global System for Mobile Communications) vs CDMA (Code-Division Multiple Access ) 802.11b, a, g … : Wireless LAN
Various devices Mobile phone PDA (Personal Digital Assistant) eBook Laptops IA (Information Appliance = web search + telephone + eMail)
8
WAP Mobile Explorer
iMode
Developed Company
WAP forum
(Nokia, Phone.com,Erricson etc.)
MicroSoft NTT DoCoMo
Used Langugage
WML / WWL Script mobile-HTML compact-HTML
Protocol WSP / WTP / WDP HTTP HTTP
Browser WAP Browser Mobile Explorer Compact NetFront
Security WTLS SSL SSL
Features 사실상 산업체 표준 (90% 점유 )
무선환경에 적합윈도우 제품군과의연동 용이
기존 인터넷과통합 용이최대 사용자 확보
Domestic Company
SK telecom(011), 신세기 통신 (017)
LG 텔레콤 (019)
한통프리텔 (016)
한솔엠닷컴 (018)
MMobile phone Service protocols obile phone Service protocols
9
WAP : structure of transmission WAP : structure of transmission
무선단말과 웹 서버간 end-to-end 보안 지원 안됨
( 무선 구간 )
10
WAP : protocol stacks WAP : protocol stacks
WSP : Wireless Session ProtocolWTP : Wireless Transaction ProtocolWTLS : Wireless Transport Layer SecuritySSL-TLS : Secure Socket Layer – Transport Layer Security
Mobile Terminal WAP Gateway WAP Server
11
Security Problems Security Problems
Limitations of current Mobile Device 전자 서명 , 사용자 인증 애로
: 메모리 / 배터리 용량의 제약 ( 고속 연산 수행 부적절 ) 내부의 작은 프로세서 사용
많은 상용화된 서비스의 독자적 솔루션: 프로토콜 , 단말기 , 브라우저
The biggest problem of Mobile 도난의 용이
: M15 정보국의 사례 단말기의 보안성 취약
New threat Virus for mobile device : 2000.6 텔리포니카 ( 스페인 )
12
Way to goWay to go
New Protocols Smart card : WIM (Wireless Identity Module) Enhanced Protocol : Bluetooth 2 Certification : Mini-certificates of WAP New Proposal : AI-WEB of Samsung
Security Solutions VeriSign : WTLS 용 인증서 발급 솔루션 , Mini-certificates EnTrust : WAP 기반 PKI 솔루션 F-Secure : Anti-Virus for WAP SoftForum : ME 의 SSL 개발 Ai-Net : AnyWeb 의 MMS 개발 패스 21 : 이동 전화용 지문 인증 서버 개발 니트젠 : 무선 인터넷용 지문인증 및 암호화 개발