128 IntJ Mobile communications. Vol 4 No. 2. 2006 An onion ring framework for developing and assessing mobile commerce security June Wei Management Information Systems College of Business, University of West Florida Pensacola. Florida 32514 USA E-mail: wei@uwf. edu Corresponding author Lai C Liu and Kai s Koong Department of Computer In Quantitative Methods College of Business administration The University of Texas-Pan American Edinburg, Texas 78541, USA E-mail: liul @ utpa. edu E-mail: koongk utpa edu Abstract: A five-layer 'onion ring framework for analysing mobile commerce curity requirements and for improving system security performance is resented in this research. Two quantifiable approaches, based on weighted scores applied to either a spider diagram or a decision solution matrix, are used to demonstrate how the security level can actually be objectively measured and evaluated in addition to the technical discussions on the framework's architecture eywords: mobile commerce security; evaluation matrix: spider and relative weighted methods. Reference to this paper should be made as follows: Wei, J, Liu, L C. and oon loping and assessing Biographical notes: June Wei is Assistant Professor in the Department of Management and Management Information Systems at the University of West Florida. She has published extensively and is an Editorial Board Member of the Interdisciplinary Journal of Knowledge and Learning Objects, Journal formation Privacy and Security, Interdisciplinary Journal of Information Knowledge and Management, and International Journal of Mobile learning Lai C. Liu is Associate Professor of Computer Information Systems and Quantitative Methods at the University of Texas Pan American and is also a Fellow of the Computing and Information Technology Center. She has published extensively and is an Editorial Board Member of E-Govermment and Interdisciplinary Journal of Knowledge and Learning Objects. opyright o 2006 Inderscience Enterprises Ltd
128 Int. J. Mobile Communications, Vol. 4, No. 2, 2006 Copyright © 2006 Inderscience Enterprises Ltd. An onion ring framework for developing and assessing mobile commerce security June Wei* Department of Management and Management Information Systems College of Business, University of West Florida Pensacola, Florida 32514, USA E-mail: jwei@uwf.edu *Corresponding author Lai C. Liu and Kai S. Koong Department of Computer Information Systems and Quantitative Methods College of Business Administration The University of Texas-Pan American Edinburg, Texas 78541, USA E-mail: liul@utpa.edu E-mail: koongk@utpa.edu Abstract: A five-layer ‘onion ring’ framework for analysing mobile commerce security requirements and for improving system security performance is presented in this research. Two quantifiable approaches, based on weighted scores applied to either a spider diagram or a decision solution matrix, are used to demonstrate how the security level can actually be objectively measured and evaluated in addition to the technical discussions on the framework’s architecture. Keywords: mobile commerce security; evaluation matrix; spider and relative weighted methods. Reference to this paper should be made as follows: Wei, J., Liu, L.C. and Koong, K.S. (2006) ‘An onion ring framework for developing and assessing mobile commerce security’, Int. J. Mobile Communications, Vol. 4, No. 2, pp.128–142. Biographical notes: June Wei is Assistant Professor in the Department of Management and Management Information Systems at the University of West Florida. She has published extensively and is an Editorial Board Member of the Interdisciplinary Journal of Knowledge and Learning Objects, Journal of Information Privacy and Security, Interdisciplinary Journal of Information, Knowledge and Management, and International Journal of Mobile Learning and Organization. Lai C. Liu is Associate Professor of Computer Information Systems and Quantitative Methods at the University of Texas Pan American and is also a Fellow of the Computing and Information Technology Center. She has published extensively and is an Editorial Board Member of E-Government and Interdisciplinary Journal of Knowledge and Learning Objects
An onion ring framework Kai S. Koong is faculty member in the Department of Computer Information Systems and Quantitative Methods at the University of Texas-Pan American nd is a Fellow and Associate Director of Economic Development of the Computing and Information Technology Center. He has published extensively and is an Editorial Board Member of international Journal of Management and Enterprise Development, International Journal of Services and Standards, Journal of Computer Information Systems, international rmation and Operations Management Education, Journal of tems Education, and Journal of International Technology and 1 Introduction Most people can now easily afford to own one, if not more, of the many varieties of available mobile devices. In addition to the traditional audio text and video features many of the latest mobile devices can facilitate real-time business transactions around the globe. It is now common to see individuals, be they at an airport or on a ship in the open seas, engaged in communicative as well as collaborative activities with customers, suppliers, and partners with portable hand-held mobile devices. Given the popularity and technological advancements in these types of mobile devices, their future contributions and roles in the proliferation of internet commerce are expected to be critical However, just as mobile devices can be used to help businesses to facilitate commercial activities, they can also be used by perpetrators and criminals to victimise the same businesses. Such possibilities and threats are inherent in the basic characteristics of mobile commerce(m-commerce) because of its utilisation of any wireless device and some data connection to exchange information, services, or goods(Abuelyaman and Wen, 2004; Andreou et al., 2002). In operating terms, an m-commerce transaction is any type of transaction of an economic value which is conducted via a mobile device that uses a wireless telecommunications network with an e-commerce infrastructure (Tsalgatidou and Veijalainen, 2000). However, without a proven security infrastructure in their wireless communications, companies involved with internet commerce practices can very easily experience internal and external security breaches. All it takes is a fairly competent perpetrator and some innovative approaches to exploit the transmission processes and steal critical business intelligence from network devices. Businesses have good reasons to be worried about the growing problem with online ommerce security, particularly m-commerce. Each year, the increasing number of internet fraud cases reported by the Federal Trade Commission has indeed been alarming Drawing from the dramatic increases in fraud reports in the recent few years, internet fraud is definitely expected to rise as the amount of commerce increases on the Net (Manuel, 1999).As online services are becoming more ubiquitous, the volume of m-commerce activity is expected to easily equal those of e-business. Put together, businesses should be seriously concerned on m-commerce security because perpetrators can now use the anonymous advantage of the internet to cause harm in real-time mode from anywhere on the globe. Worst of all, the victim or business can be harmed much more easily and quickly. It is even possible for the criminal to repeatedly harm the same
An onion ring framework 129 Kai S. Koong is faculty member in the Department of Computer Information Systems and Quantitative Methods at the University of Texas-Pan American and is a Fellow and Associate Director of Economic Development of the Computing and Information Technology Center. He has published extensively and is an Editorial Board Member of International Journal of Management and Enterprise Development, International Journal of Services and Standards, Journal of Computer Information Systems, International Journal of Information and Operations Management Education, Journal of Information Systems Education, and Journal of International Technology and Information Management. 1 Introduction Most people can now easily afford to own one, if not more, of the many varieties of available mobile devices. In addition to the traditional audio, text, and video features, many of the latest mobile devices can facilitate real-time business transactions around the globe. It is now common to see individuals, be they at an airport or on a ship in the open seas, engaged in communicative as well as collaborative activities with customers, suppliers, and partners with portable hand-held mobile devices. Given the popularity and technological advancements in these types of mobile devices, their future contributions and roles in the proliferation of internet commerce are expected to be critical. However, just as mobile devices can be used to help businesses to facilitate commercial activities, they can also be used by perpetrators and criminals to victimise the same businesses. Such possibilities and threats are inherent in the basic characteristics of mobile commerce (m-commerce) because of its utilisation of any wireless device and some data connection to exchange information, services, or goods (Abuelyaman and Wen, 2004; Andreou et al., 2002). In operating terms, an m-commerce transaction is any type of transaction of an economic value which is conducted via a mobile device that uses a wireless telecommunications network with an e-commerce infrastructure (Tsalgatidou and Veijalainen, 2000). However, without a proven security infrastructure in their wireless communications, companies involved with internet commerce practices can very easily experience internal and external security breaches. All it takes is a fairly competent perpetrator and some innovative approaches to exploit the transmission processes and steal critical business intelligence from network devices. Businesses have good reasons to be worried about the growing problem with online commerce security, particularly m-commerce. Each year, the increasing number of internet fraud cases reported by the Federal Trade Commission has indeed been alarming. Drawing from the dramatic increases in fraud reports in the recent few years, internet fraud is definitely expected to rise as the amount of commerce increases on the Net (Manuel, 1999). As online services are becoming more ubiquitous, the volume of m-commerce activity is expected to easily equal those of e-business. Put together, businesses should be seriously concerned on m-commerce security because perpetrators can now use the anonymous advantage of the internet to cause harm in real-time mode from anywhere on the globe. Worst of all, the victim or business can be harmed much more easily and quickly. It is even possible for the criminal to repeatedly harm the same
130 J. Wei, L C Liu and K.S. Koong victim or business because the fraudulent electronic transactions can be repeatedly processed within a short period of time. Given the types as well as amount of damages online perpetrators can cause to m-commerce,a major need and challenge for online commerce, at this time, is the development of new models and information systems that can secure resources from unauthorised access and prevent fraud(Olden, 2002). In particular, wireless systems that can secure networks and transmit reliable transactions in m-commerce have been identified as an area of priority by security software developers( olla and Patel, 2003) Like all business practices, there is always a need for holistic models and evaluation approaches for assessing system effectiveness. Several researchers have examined the issue of computer security and m-commerce and proposed some noteworthy models and issues that are centered on security mechanisms and performance, environmental mplementation issues, application requirements, and assessment of business key components. Some of these earlier studies and their contributions include Jansen and Karygiannis (1999) and their development of a mobile agent security system that can be used in mobile agent-based commerce applications such as contract negotiations, service brokering, auctions, and stock trading. Security requirements such as confidentiality, integrity, availability, and accountability are applied to this agent framework Andreou et al.(2002)and their study on the performance of various mobile systems can confirm that mobile systems with lower security do allow their perpetrators to imply attack. For example, the radio wireless interface is one such device that is vulnerable to attacks. This is one good reason why wireless access should al ways include encryption, authentication, and other security mechanisms. The downside of his is the increase in complexity and delay in m-commerce transmissions Vinaja(2002)and his three-dimensional framework can be used to identify security requirements for a specific mobile environment. The three dimensions include mobile users, mobile hardware, and mobile software. This framework is a useful beginning step to determine the specific implementation characteristics and needed security measures Olla and Patel(2003)and their design of a context-aware mobile system which supports users with location-specific information servers and applications. The system uses the non-intrusive Push concept to deliver information to mobile users using cell-broadcast technology Siau and Shen(2003 )and their thoughtful discussions of the challenges of mobile communications and mobile services their contribution is inherent in the mplications that were drawn from progress-to-date in technology as well as Yuan and Shang(2003)and the development of a framework to analyse m-commerce business models. Based on key business components, their taxonomy can be a useful model for businesses which need a systems approach to assess their operations
130 J. Wei, L.C. Liu and K.S. Koong victim or business because the fraudulent electronic transactions can be repeatedly processed within a short period of time. Given the types as well as amount of damages online perpetrators can cause to m-commerce, a major need and challenge for online commerce, at this time, is the development of new models and information systems that can secure resources from unauthorised access and prevent fraud (Olden, 2002). In particular, wireless systems that can secure networks and transmit reliable transactions in m-commerce have been identified as an area of priority by security software developers (Olla and Patel, 2003). Like all business practices, there is always a need for holistic models and evaluation approaches for assessing system effectiveness. Several researchers have examined the issue of computer security and m-commerce and proposed some noteworthy models and issues that are centered on security mechanisms and performance, environmental implementation issues, application requirements, and assessment of business key components. Some of these earlier studies and their contributions include: • Jansen and Karygiannis (1999) and their development of a mobile agent security system that can be used in mobile agent-based commerce applications such as contract negotiations, service brokering, auctions, and stock trading. Security requirements such as confidentiality, integrity, availability, and accountability are applied to this agent framework. • Andreou et al. (2002) and their study on the performance of various mobile systems can confirm that mobile systems with lower security do allow their perpetrators to simply attack. For example, the radio wireless interface is one such device that is vulnerable to attacks. This is one good reason why wireless access should always include encryption, authentication, and other security mechanisms. The downside of this is the increase in complexity and delay in m-commerce transmissions. • Vinaja (2002) and his three-dimensional framework can be used to identify security requirements for a specific mobile environment. The three dimensions include mobile users, mobile hardware, and mobile software. This framework is a useful beginning step to determine the specific implementation characteristics and needed security measures. • Olla and Patel (2003) and their design of a context-aware mobile system which supports users with location-specific information servers and applications. The system uses the non-intrusive Push concept to deliver information to mobile users using cell-broadcast technology. • Siau and Shen (2003) and their thoughtful discussions of the challenges of mobile communications and mobile services. Their contribution is inherent in the implications that were drawn from progress-to-date in technology as well as policy advancements. • Yuan and Shang (2003) and the development of a framework to analyse m-commerce business models. Based on key business components, their taxonomy can be a useful model for businesses which need a systems approach to assess their operations
An onion ring framework While it can be agreed that the many noteworthy applications, models, and analyses identified in the research efforts indicated above have indeed been useful. studies that can address m-commerce security technical components, as well as application processe together, are still lacking. In addition, there is also a need for proven quantifiable approaches that m-commerce experts can actually use to assess effectiveness. This study is a pioneer effort aimed at addressing both those areas of need in the m-commerce security literature. First, this study will propose and validate an onion ring framework that can logically link together all factors affecting m-commerce security performance Second, two proven assessment methods are used to demonstrate how m-commerce security can be measured and evaluated. Finally, several suggestions are offered on where future research agendas of m-commerce security should be focused given the many incidences of internet fraud in the electronic marketplace 2 The 'onion ring m-commerce security framework The notion of a multi-layer architecture for m-commerce security is definitely not a new one. The VAX/OS architecture is an excellent example of a popular operating software system which uses such an approach. Besides conceptual simplicity, the onion ring architecture offers excellent security by organising and matching access rights to increasing levels of responsibility and accountability. The research framework introduced in this paper classifies m-commerce security into five levels: mobile device security. m-commerce language security, wireless network access control security, m-commerce access management security, and m-commerce transaction security. This five-layer generic architecture was first applied to m-commerce security by Wei et al.(2003). In this study, technical specifications as well as application processes are added to explain how the proposed model can actually be developed. In addition, two assessment methods are used to demonstrate how the respective layers can be measured and evaluated. The key to understanding the success of the framework is inherent in the notion that protection needs to be in place in several layers. Each succeeding layer should also act as a kind of enclosure for the next layer thereby increasing effectiveness. This new multi-level framework to m-commerce security is depicted in Figure 1 Figure 1 Nonion ring framework for m-commerce security Transaction security
An onion ring framework 131 While it can be agreed that the many noteworthy applications, models, and analyses identified in the research efforts indicated above have indeed been useful, studies that can address m-commerce security technical components, as well as application processes together, are still lacking. In addition, there is also a need for proven quantifiable approaches that m-commerce experts can actually use to assess effectiveness. This study is a pioneer effort aimed at addressing both those areas of need in the m-commerce security literature. First, this study will propose and validate an ‘onion ring’ framework that can logically link together all factors affecting m-commerce security performance. Second, two proven assessment methods are used to demonstrate how m-commerce security can be measured and evaluated. Finally, several suggestions are offered on where future research agendas of m-commerce security should be focused given the many incidences of internet fraud in the electronic marketplace. 2 The ‘onion ring’ m-commerce security framework The notion of a multi-layer architecture for m-commerce security is definitely not a new one. The VAX/OS architecture is an excellent example of a popular operating software system which uses such an approach. Besides conceptual simplicity, the onion ring architecture offers excellent security by organising and matching access rights to increasing levels of responsibility and accountability. The research framework introduced in this paper classifies m-commerce security into five levels: mobile device security, m-commerce language security, wireless network access control security, m-commerce access management security, and m-commerce transaction security. This five-layer generic architecture was first applied to m-commerce security by Wei et al. (2003). In this study, technical specifications as well as application processes are added to explain how the proposed model can actually be developed. In addition, two assessment methods are used to demonstrate how the respective layers can be measured and evaluated. The key to understanding the success of the framework is inherent in the notion that protection needs to be in place in several layers. Each succeeding layer should also act as a kind of enclosure for the next layer thereby increasing effectiveness. This new multi-level framework to m-commerce security is depicted in Figure 1. Figure 1 An ‘onion ring’ framework for m-commerce security Transaction security Device security Language security Network access security Access management security
132 J. Wei, L C Liu and K.S. Koong 2.1 Layer 1: m-commerce device security The root layer to enable m-commerce security is inherent in all the mobile communication devices because they can become a front-end security tool for m-commerce. Such devices may include, but are not limited to mobile phones, palmtops, handheld computers, and PDAs. For example, the integrated SIM card in mobile phones can be augmented using the private key digital signature of a Public Key Infrastructure (PKI) system. Wireless terminals can also act as security devices for gaining access into buildings by using the Global System for Mobile(GSM) part of the mobile phone or via an authentication mechanism called Bluetooth technology(May, 2002). Based on these front-end setups, the SIM cards can access the gSm network and identify the wireless device to the network. The smartcard operating system can be adapted to run on a SIM chip, which allows GSM communications phones to contain digital signatures and credit card numbers It should be pointed out here that the use of wireless devices to serve as front-end security devices is still at the infant stage of development. First, some of the more common operational uncertainties include altered information, denial of access, interrupted transactions, transmission delays, and power outage. Second, instances of modified electronic signature-signing programmes on mobile devices and stolen or modified smart cards have also been found to exist. Third. an attacker can distribute malicious code. cause denial of service. and reestablish connections without reauthentication due to intermittent service failures and unreliable conditions( Ghosh and Sawinatha, 2000). Fourth, determining where a hacker is from can be a relatively difficult task because an attacker can quickly get on or off-line and not be linked to any specific geographic location(Chess, 1998). Fifth, narrow bandwidth and capacity can force developers to give up security and encryption to simplify the process(vinaja, 2002) astly, there is always the possibility for the loss of the wireless devices and the data in it While it is true that these uncertainties can be overwhelming the good news is there are already some solutions that can be used to enhance security enforcement at this layer. Some of the proven methods include strict authentication protocols, cross-platform agent authentication mechanisms so the server can verify if the agent is coming from a trusted source, password authentication, smartcards or token authentication, and biometric authentication. At the receiving end, memory protection for processes, protected kermel rings, file access control, authentication of principals to resources, differentiated user and process privileges, sandboxes for untrusted code, and biometric authentication can be also added. Put together, this is why user authentication, merchant authentication, secure (encrypted)channels, user-friendly payment schemes supporting micro payments, receipt delivery, and simple user interfaces are critical in the design and development of mobile devices(Thanh, 2000) 2.2 M-commerce language security The second layer concerns language security: that is, those elements dealing with m-commerce security system development. Proven security software applications and tested programme modules are the key to the successful functioning of this layer. The possibility of using a language where all programmes are safe is to develop a 'safe language in which all codes have restricted access to operations that can affect
132 J. Wei, L.C. Liu and K.S. Koong 2.1 Layer 1: m-commerce device security The root layer to enable m-commerce security is inherent in all the mobile communication devices because they can become a front-end security tool for m-commerce. Such devices may include, but are not limited to mobile phones, palmtops, handheld computers, and PDAs. For example, the integrated SIM card in mobile phones can be augmented using the private key digital signature of a Public Key Infrastructure (PKI) system. Wireless terminals can also act as security devices for gaining access into buildings by using the Global System for Mobile (GSM) part of the mobile phone or via an authentication mechanism called Bluetooth technology (May, 2002). Based on these front-end setups, the SIM cards can access the GSM network and identify the wireless device to the network. The smartcard operating system can be adapted to run on a SIM chip, which allows GSM communications phones to contain digital signatures and credit card numbers. It should be pointed out here that the use of wireless devices to serve as front-end security devices is still at the infant stage of development. First, some of the more common operational uncertainties include altered information, denial of access, interrupted transactions, transmission delays, and power outage. Second, instances of modified electronic signature-signing programmes on mobile devices and stolen or modified smart cards have also been found to exist. Third, an attacker can distribute malicious code, cause denial of service, and reestablish connections without reauthentication due to intermittent service failures and unreliable conditions (Ghosh and Sawinatha, 2000). Fourth, determining where a hacker is from can be a relatively difficult task because an attacker can quickly get on or off-line and not be linked to any specific geographic location (Chess, 1998). Fifth, narrow bandwidth and capacity can force developers to give up security and encryption to simplify the process (Vinaja, 2002). Lastly, there is always the possibility for the loss of the wireless devices and the data in it. While it is true that these uncertainties can be overwhelming, the good news is there are already some solutions that can be used to enhance security enforcement at this layer. Some of the proven methods include strict authentication protocols, cross-platform agent authentication mechanisms so the server can verify if the agent is coming from a trusted source, password authentication, smartcards or token authentication, and biometric authentication. At the receiving end, memory protection for processes, protected kernel rings, file access control, authentication of principals to resources, differentiated user and process privileges, sandboxes for untrusted code, and biometric authentication can be also added. Put together, this is why user authentication, merchant authentication, secure (encrypted) channels, user-friendly payment schemes supporting micro payments, receipt delivery, and simple user interfaces are critical in the design and development of mobile devices (Thanh, 2000). 2.2 M-commerce language security The second layer concerns language security; that is, those elements dealing with m-commerce security system development. Proven security software applications and tested programme modules are the key to the successful functioning of this layer. The possibility of using a language where all programmes are safe is to develop a ‘safe’ language in which all codes have restricted access to operations that can affect
An onion ring framework 133 the environment. Such language are Java and Telescript because they both use object-oriented programming languages to allow libraries to offer a secure interface to incoming code. Java also provides a byte-code verifier that can be utilised to check programmes at load time. The byte-code verifier assures an interpreter that a newly arrived piece of byte-code satisfies the same type-correctness properties that a correct compiler would enforce. At the machine level, a subset of language primitive operations can also be used to secure an incoming or untrusted piece of code( farmer et al., 1996) 2.3 M-commerce network access control security The third layer deals with wireless network access control security that provides access to m-commerce network access. In particular, the main function of this security layer is to restrict users accessing the wireless network. The good news is there are two existing technologies that can be used for security for this layer. For example 1 GSM communication can provide a relatively secure connection through the PiN when turning on the handset and authentication protocol between handset and the network through Secure Sockets Layer(SSL)encryption of voice and data 2 The smartcard is a better and preferred way of gaining access to a secure system. The smartcard can be in the form of a credit card or a SIM-like miniature card by using encryption to ensure confidentiality through a secure key. The key should be kept secret between the two parties. Two methods, symmetric and asymmetric, can be used to encrypt a document. In the symmetric method, the same key is used for encryption and decryption. However, the problem is that a third party could access the key during the transmission of a key to the recipient of the message. The asymmetric method is becoming more and more popular in m-commerce. It has two keys: a private and a public key Information encrypted using the public key can only be retrieved using the corresponding private key, and the public keys of all users can be published in open directories, facilitating communications between all parties Besides encryption, the public and private keys can also be used to create and verify In addition to gsm and smartcards. it is critical that the wireless network solutions should have a Wireless Applications Protocol(WAP), a distinctive higher session security layer for mobile commerce transaction (Tan et aL., 2003). WAP elements provide privacy, authentication/authorisation, integrity and non-repudiation. Specifically, in WAP, privacy is supported by Wireless Transport Layer Security (WTLS) Class 1 to encryption of mobile networks such as GSM. Authentication or authorisation is supported by WTLs Class 2 and Class 3. WAP Identity Module(WIM) in the mobile terminal can also provide an application-level security such as passwords/user names. Integrity and non-repudiation are provided by WTLS Class I via digital signature using WMLScript Crypto Library and WIM(Nokia, 2000) Actually, WAP has undergone three evolutions: WAP 1.1, WAP 1. 2, and ne neration WAP. WAP 1.1 includes WTLS, a layer used for server authentication and data encryption. WAP 1.1 can provide confidentiality and integrity through WTLS Class 1, and WTLS server authentication through WTlS Class 2(Nokia, 2000). WAP gateways can manage access to web servers, provide encryption through the WTLS
An onion ring framework 133 the environment. Such ‘safe’ language are Java and Telescript because they both use object-oriented programming languages to allow libraries to offer a secure interface to incoming code. Java also provides a byte-code verifier that can be utilised to check programmes at load time. The byte-code verifier assures an interpreter that a newly arrived piece of byte-code satisfies the same type-correctness properties that a correct compiler would enforce. At the machine level, a subset of language primitive operations can also be used to secure an incoming or untrusted piece of code (Farmer et al., 1996). 2.3 M-commerce network access control security The third layer deals with wireless network access control security that provides access to m-commerce network access. In particular, the main function of this security layer is to restrict users accessing the wireless network. The good news is there are two existing technologies that can be used for security for this layer. For example: 1 GSM communication can provide a relatively secure connection through the PIN when turning on the handset and authentication protocol between handset and the network through Secure Sockets Layer (SSL) encryption of voice and data (Vihinen, 2004). 2 The smartcard is a better and preferred way of gaining access to a secure system. The smartcard can be in the form of a credit card or a SIM-like miniature card by using encryption to ensure confidentiality through a secure key. The key should be kept secret between the two parties. Two methods, symmetric and asymmetric, can be used to encrypt a document. In the symmetric method, the same key is used for encryption and decryption. However, the problem is that a third party could access the key during the transmission of a key to the recipient of the message. The asymmetric method is becoming more and more popular in m-commerce. It has two keys: a private and a public key. Information encrypted using the public key can only be retrieved using the corresponding private key, and the public keys of all users can be published in open directories, facilitating communications between all parties. Besides encryption, the public and private keys can also be used to create and verify digital signatures. In addition to GSM and smartcards, it is critical that the wireless network solutions should have a Wireless Applications Protocol (WAP), a distinctive higher session security layer for mobile commerce transaction (Tan et al., 2003). WAP elements provide privacy, authentication/authorisation, integrity and non-repudiation. Specifically, in WAP, privacy is supported by Wireless Transport Layer Security (WTLS) Class 1 to encryption of mobile networks such as GSM. Authentication or authorisation is supported by WTLS Class 2 and Class 3. WAP Identity Module (WIM) in the mobile terminal can also provide an application-level security such as passwords/user names. Integrity and non-repudiation are provided by WTLS Class 1 via digital signature using WMLScript Crypto Library and WIM (Nokia, 2000). Actually, WAP has undergone three evolutions: WAP 1.1, WAP 1.2, and next generation WAP. WAP 1.1 includes WTLS, a layer used for server authentication and data encryption. WAP 1.1 can provide confidentiality and integrity through WTLS Class 1, and WTLS server authentication through WTLS Class 2 (Nokia, 2000). WAP gateways can manage access to web servers, provide encryption through the WTLS
134 J. Wei, L.C. Liu and K.S. Koong specification and authenticate users to enable a secure connection between the mobile device and the application server(Olden, 2002). WAP 1.2 can improve WAP security by using WIM and client/user certificates. WAP 1. 2 provides Wtls client authentication through WTLS Class 3, and non-repudiation through WMLScript Crypto Library signText. WIM includes key pairs, certificates, and PIN numbers. WIM stores the private key securely in the mobile device, which can be used for client authentication, secure session handling, and digital signatures. All key operations are performed inside the WIM. WIM can be incorporated in a GSM phone's SIM (Subscriber Identity Module smartcard to implement schemes such as SsL. Security is a key feature of siM Application Toolkit(SAT) technology, since data confidentiality and integrity are included in the sim standard. wap 1.2 also allows a wap client to add a signature solution by adding Sign Text function to WMLscript. This is an alternative to the SIM-based signature solution used in digital signatures The digital signature can then enable authentication of payments. WAPs next generation will provide end-to-end security via WAP gateway, WIM and client certificates, and WAP client's XHTML and WML browsers(Nokia, 2000) 2.4 M-commerce access management security The function of the fourth layer is to control authorised resource access, audit a users actions provide non-repudiation of transaction and access control for wireless web applications, and provide a scalable user administration model to support the much higher volume of mobile commerce users. In other words, there is a need for an application-level m-commerce access management system once a user has been allowed to access a mobile commerce network, enterprises and services, -to Control of resources that the user can access and the transactions he or she can execute Audit a users actions to provide non-repudiation of transaction; provide access control for both web and wireless web applications from the same infrastructure so that the organisation can deploy and manage one security system for both m-commerce and e-commerce and provides a single point of control for setting, Provide a scalable user administration model to support the much higher volume of Protect individual resources and control user access such as the rule-based model. to eliminate the need for human intervention every time a users profile changes Allow enterprises and service providers to delegate routine administration tasks such as adding, modifying and deleting users, changing passwords, and updating personal profiles Prevent fraudulent access in wireless applications through the real-time monitoring of business rule violations to track wireless web user activity (Olden, 2002) Again, the good news is there are already a variety of proven technologies that can fulfill these functions. Multiple authentication methods, including PINS, passwords, WTLS mini certificates and PKI. can control the resources and transactions that the user can
134 J. Wei, L.C. Liu and K.S. Koong specification and authenticate users to enable a secure connection between the mobile device and the application server (Olden, 2002). WAP 1.2 can improve WAP security by using WIM and client/user certificates. WAP 1.2 provides WTLS client authentication through WTLS Class 3, and non-repudiation through WMLScript Crypto Library signText. WIM includes key pairs, certificates, and PIN numbers. WIM stores the private key securely in the mobile device, which can be used for client authentication, secure session handling, and digital signatures. All key operations are performed inside the WIM. WIM can be incorporated in a GSM phone’s SIM (Subscriber Identity Module) smartcard to implement schemes such as SSL. Security is a key feature of SIM Application Toolkit (SAT) technology, since data confidentiality and integrity are already included in the SIM standard. WAP 1.2 also allows a WAP client to add a digital signature solution by adding SignText function to WMLscript. This is an alternative to the SIM-based signature solution used in digital signatures. The digital signature can then enable authentication of payments. WAP’s next generation will provide end-to-end security via WAP gateway, WIM and client certificates, and WAP client’s XHTML and WML browsers (Nokia, 2000). 2.4 M-commerce access management security The function of the fourth layer is to control authorised resource access, audit a user’s actions provide non-repudiation of transaction and access control for wireless web applications, and provide a scalable user administration model to support the much higher volume of mobile commerce users. In other words, there is a need for an application-level m-commerce access management system – once a user has been allowed to access a mobile commerce network, enterprises and services, – to: • Control of resources that the user can access and the transactions he or she can execute • Audit a user’s actions to provide non-repudiation of transaction; provide access control for both web and wireless web applications from the same infrastructure so that the organisation can deploy and manage one security system for both m-commerce and e-commerce and provides a single point of control for setting, monitoring, and enforcing security policies • Provide a scalable user administration model to support the much higher volume of m-commerce users • Protect individual resources and control user access, such as the rule-based model, to eliminate the need for human intervention every time a user’s profile changes • Allow enterprises and service providers to delegate routine administration tasks such as adding, modifying and deleting users, changing passwords, and updating personal profiles • Prevent fraudulent access in wireless applications through the real-time monitoring of business rule violations to track wireless web user activity (Olden, 2002). Again, the good news is there are already a variety of proven technologies that can fulfill these functions. Multiple authentication methods, including PINs, passwords, WTLS mini certificates, and PKI, can control the resources and transactions that the user can
An onion ring framework access an d provide non-repudiation of transaction. Wireless PKI covers the infrastructure and the required procedures for trust provisioning in mobile transactions. PKI combines three aspects of security: authentication, confidentiality, and non-repudiation. Since mobile commerce architecture combines specialist authorities, digital certificate management systems, and directory facilities to create secure networks on top of unsecured networks PKI can be used to enable authentication for servers and clients and digital signatures based on asymmetric cryptography(public and private keys ); and to manage the keys, certificates, etc. Furthermore, wireless PKI infrastructure can be used to provide end-user friendly solutions, i.e., user needs to remember and type only two PINS (authentication and digital signature) instead of several usernames and passwords and one-time password lists. An assumption here is the legal recognition of digital signatures will receive a broader support for digital certificates. If not, a credit card company can be held liable(May, 2002) 2.5 M-commerce transaction security The fifth and last layer concerns m-commerce application level transaction security functions that secure sensitive data throughout the transmission, and logs all transactions An application-level security system can achieve this by authenticating a user's identity authorising the transaction, logging the transaction details and generating a digital receipt, and providing customers with detailed transaction reports 3 Validation of the m- commerce security frame As pointed out earlier, several noteworthy research works were used for the construction of the five-layer onion ring topology in this study. Of particular importance to the development of the current framework include research by Andreou et al(2002), Farmer et al.(1996), Garfinkel (2002), Jansen and Karygiannis(1999), Norris(2001), Olden (2002), Tsalgatidou et al. (2000), Vinaja (2002) and Wei et al.(2003). These earlier research efforts were used because they provided the needed technical perspectives as well as process-oriented structures that are critical for validating the proposed construct. A more practical perspective for the framework can be done by using the i nformation system components as the base concept. Information system resources can also be defined as any organised combination of five components; e.g., hardware, software, data, networks, and people. Together, these components gather, transform, and disseminate information in an organisation(O'Brien, 2002). People have to rely on information systems to communicate using physical devices(hardware), information processing instructions and procedures(software), communications channels(networks ) and stored databases(data). Similarly, the m-commerce information systems that have these four non-human factor resource components will need to be protected by security measures to ensure their information quality and beneficial use, through which the business value of m-commerce security can be achieved (O Brien, 2002). Table 1 illustrates how these five modules are interrelated to the resource components in information systems. The 'X symbol means that the particular resource component has been covered in this framework. As can be seen in Table l, the hardware resource is covered by the first
An onion ring framework 135 access and provide non-repudiation of transaction. Wireless PKI covers the infrastructure and the required procedures for trust provisioning in mobile transactions. PKI combines three aspects of security: authentication, confidentiality, and non-repudiation. Since mobile commerce architecture combines specialist authorities, digital certificate management systems, and directory facilities to create secure networks on top of unsecured networks, PKI can be used to enable authentication for servers and clients and digital signatures based on asymmetric cryptography (public and private keys); and to manage the keys, certificates, etc. Furthermore, wireless PKI infrastructure can be used to provide end-user friendly solutions, i.e., user needs to remember and type only two PINs (authentication and digital signature) instead of several usernames and passwords and one-time password lists. An assumption here is the legal recognition of digital signatures will receive a broader support for digital certificates. If not, a credit card company can be held liable (May, 2002). 2.5 M-commerce transaction security The fifth and last layer concerns m-commerce application level transaction security functions that secure sensitive data throughout the transmission, and logs all transactions. An application-level security system can achieve this by authenticating a user’s identity, authorising the transaction, logging the transaction details and generating a digital receipt, and providing customers with detailed transaction reports. 3 Validation of the m-commerce security framework As pointed out earlier, several noteworthy research works were used for the construction of the five-layer ‘onion ring’ topology in this study. Of particular importance to the development of the current framework include research by Andreou et al (2002), Farmer et al. (1996), Garfinkel (2002), Jansen and Karygiannis (1999), Norris (2001), Olden (2002), Tsalgatidou et al. (2000), Vinaja (2002) and Wei et al. (2003). These earlier research efforts were used because they provided the needed technical perspectives as well as process-oriented structures that are critical for validating the proposed construct. A more practical perspective for the framework can be done by using the information system components as the base concept. Information system resources can also be defined as any organised combination of five components; e.g., hardware, software, data, networks, and people. Together, these components gather, transform, and disseminate information in an organisation (O’Brien, 2002). People have to rely on information systems to communicate using physical devices (hardware), information processing instructions and procedures (software), communications channels (networks), and stored databases (data). Similarly, the m-commerce information systems that have these four non-human factor resource components will need to be protected by security measures to ensure their information quality and beneficial use, through which the business value of m-commerce security can be achieved (O’Brien, 2002). Table 1 illustrates how these five modules are interrelated to the resource components in information systems. The ‘X’ symbol means that the particular resource component has been covered in this framework. As can be seen in Table 1, the hardware resource is covered by the first
136 J. Wei, L C Liu and K.S. Koong module(device)of this framework. The software component is covered by two modules (language and transaction). The network is covered by three modules(device, network access control, and access management), while the data is covered by four modules (device, network access control, access management and transaction). The people resource in information systems is required in all the five layers. Since these resources are mutually dependent on each other and encompass the earlier layers, it can concluded that the proposed framework does have high theoretical construct validity. Table 1 Comparisons of five layers in the framework with five resource components in Four component Five lavers Hardware Sofware Network Data People X X Language 4 Assessment of the m-commerce security framework In this study, two assessment methods are used to demonstrate how the m-commerce security framework proposed can actually be measured and evaluated. Both the methods are based on weighted performance scores that can be easily obtained from a variety of sources such as records in corporate archives or surveys of experts using a Delphi technique. The two examples are the spider-weighted and relative-weighted methods 4.1 The spider-weighted assessment method Based on the 5-S concept that originated in Japan, the spider-weighted method calls for regularly scoring each area within a facility on five characteristics related to good housekeeping and organisation of work space. Western companies have adapted and chosen their own meanings for implementing this assessment tool. For example, Boeings version of the 5-Ss covers sorting, sweeping, simplifying, standardising, and self-discipline. The 5-S system usually entails public display of scoring against the 5-Ss. Some companies employ spider diagrams as the display device(Knod and Schonberger, 2001) Similarly, in the first assessment example here, a spider diagram is also used as the display device(M) of the proposed model. The raw diagram has five arms that extends outward from a central point. Each arm representing one of the M,'s has a scale from zero to five points. A five at the outer boundary for each arm is the target for perfect security. a designated outside rater can be asked to rate each unit. The rater could be higher-level manager, a quality engineer, or security manager. When the scores or dots are connected to the arms, the rater will find a simple web. The larger the web, the closer it is to the five points at the outer boundary. Incidentally, along with the discipline of
136 J. Wei, L.C. Liu and K.S. Koong module (device) of this framework. The software component is covered by two modules (language and transaction). The network is covered by three modules (device, network access control, and access management), while the data is covered by four modules (device, network access control, access management and transaction). The people resource in information systems is required in all the five layers. Since these resources are mutually dependent on each other and encompass the earlier layers, it can be concluded that the proposed framework does have high theoretical construct validity. Table 1 Comparisons of five layers in the framework with five resource components in information systems Four components Five layers Hardware Software Network Data People Device X X X X Language X X Network access control X X X Access management X X X X Transaction X X 4 Assessment of the m-commerce security framework In this study, two assessment methods are used to demonstrate how the m-commerce security framework proposed can actually be measured and evaluated. Both the methods are based on weighted performance scores that can be easily obtained from a variety of sources such as records in corporate archives or surveys of experts using a Delphi technique. The two examples are the spider-weighted and relative-weighted methods. 4.1 The spider-weighted assessment method Based on the 5-S concept that originated in Japan, the spider-weighted method calls for regularly scoring each area within a facility on five characteristics related to good housekeeping and organisation of work space. Western companies have adapted and chosen their own meanings for implementing this assessment tool. For example, Boeing’s version of the 5-Ss covers sorting, sweeping, simplifying, standardising, and self-discipline. The 5-S system usually entails public display of scoring against the 5-Ss. Some companies employ spider diagrams as the display device (Knod and Schonberger, 2001). Similarly, in the first assessment example here, a spider diagram is also used as the display device (M) of the proposed model. The raw diagram has five arms that extends outward from a central point. Each arm representing one of the M’s has a scale from zero to five points. A five at the outer boundary for each arm is the target for perfect security. A designated outside rater can be asked to rate each unit. The rater could be a higher-level manager, a quality engineer, or security manager. When the scores or dots are connected to the arms, the rater will find a simple web. The larger the web, the closer it is to the five points at the outer boundary. Incidentally, along with the discipline of
An onion ring framework 137 rating the Ms, it is often a good idea to dedicate certain people as responsible for rating certain security layers. Figure 2 illustrated the M,'s spider diagram displaying scores against the five ms Figure 2 Spider diagram displaying scores against the five M,'s 5 4 54321 Once the layers and the ratings have been identified, the next step is to assess the m-commerce security of the system. To that end, a weighted measuring method can be developed to measure the respective m-commerce security levels. Given the five layers the complete formula can be simply stated as: where sl is the level of the m-comn This cumulative score is the summation of each individual layers security level. Such a security level can be measured by multiplying the security weight of the ith layer(Wi) with the security scale of that particular layer(Si). It is important to note that the weight of the ith layer(Wi)may vary among m-commerce systems because those numbers are based on the arbitrarily selected importance level given by experts or managers which satisfies the criteria 2i=l Wi=l. The scale of individual layers security(S)can be measured by asking the subject matter experts to answer some five-scale measurement
An onion ring framework 137 rating the Ms, it is often a good idea to dedicate certain people as responsible for rating certain security layers. Figure 2 illustrated the M’s spider diagram displaying scores against the five M’s. Figure 2 Spider diagram displaying scores against the five M’s Once the layers and the ratings have been identified, the next step is to assess the m-commerce security of the system. To that end, a weighted measuring method can be developed to measure the respective m-commerce security levels. Given the five layers, the complete formula can be simply stated as: SL = Σi = 15 Wi * Si where SL is the security level of the m-commerce system. This cumulative score is the summation of each individual layer’s security level. Such a security level can be measured by multiplying the security weight of the ith layer (Wi) with the security scale of that particular layer (Si). It is important to note that the weight of the ith layer (Wi) may vary among m-commerce systems because those numbers are based on the arbitrarily selected importance level given by experts or managers which satisfies the criteria Σi = 15 Wi = 1. The scale of individual layer’s security (Si) can be measured by asking the subject matter experts to answer some five-scale measurement question such as: 1 1 1 1 1 2 2 2 2 2 3 3 3 3 3 4 5 4 4 4 4 5 5 5 5