Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 1 Security of Mobile Transactions Over Wireless Pervasive Networks Hella KAFFEL-BEN.

Similar presentations


Presentation on theme: "E-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 1 Security of Mobile Transactions Over Wireless Pervasive Networks Hella KAFFEL-BEN."— Presentation transcript:

1 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 1 Security of Mobile Transactions Over Wireless Pervasive Networks Hella KAFFEL-BEN AYED Esma HAMED Anis ZOUAOUI CRISTAL Lab ENSI

2 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 2 OUTLINE Wireless systems The m-transactions over hotspots New pervasive systems The security requirements Conclusion

3 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 3 WIFI Hotspots presentation HotSpot (or Hotzone) : Limited public zone covered by a wireless network Allows to connect to the Internet Deployed in high traffic sites: Airports, hotels, squares, conference sites,… Customers types : Mobile professionals needing to connect to their enterprise network through Internet Mobile customers needing to access Internet services: Reservation Tourist information E-Gov + E-commerce…

4 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 4 WIFI Hotspots characteristics b standard Ubiquitous: anywhere anytime High transmission rate : 54Mb/s Ease of use Rapid access Low costs Diversity of mobile communication devices Attractive environment for conducting m-commerce, m-Gov, …m-transactions

5 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 5 M-Commerce over hotspots Wireless device Internet Access Point (AP) Server Catalogs/ Service Navigation Order Request Authorization /Settlement Request Authorization /Settlement Response Order Response Information Phase: Payment Phase:

6 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 6 M-Government / M-Administration …the use of mobile technologies in the provision of the services in the public area strong penetration of mobiles (mobile phones, PDA, etc) + Benefit from of innovative wireless and mobile technologies.

7 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 7 M-Gov System Architecture

8 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 8 The wireless context vulnerabilities Wireless medium of transmission Interferences, mobility, … Exposed wireless communications Multiple attacks : Spoofing Sniffing DoS Possible duplication of payment systems (SIM cards, pre- paid cards, …)

9 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 9 Security requirement services for m-Gov Authentication Confidentiality Integrity Non-repudiation Protection against replay attacks …

10 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 10 Available security solutions Mutual authentication EAP (Extensible Authentication Protocol): Extension of the RADIUS protocol (Remote Access Dial-In User Service) 802.1X: Network standard used in switches Encryption key distribution method with 802.1X protocol AES encryption algorithm Tunneling Ex: Encryption of IP traffic with IPsec protocol

11 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 11 EAP and 802.1X Authentication traffic: The AP encapsulates 802.1X traffic into RADIUS traffic, and vice versa Data traffic: The AP blocks everything but 802.1X to- RADIUS authentication traffic Wireless device Wired Network Access Point RADIUS server EAP over Wireless 802.1X traffic EAP over RADIUS RADIUS traffic

12 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed i security features Mutual authentication Dynamic session keys Message Integrity Check (MIC) TKIP: Temporal Key Integrity Protocol PPK (Per-Packet Key) for encryption Initialization vector sequencing Rapid re-keying Unicast and Broadcast key rotation AES Encryption Authentication and security for control and management frames

13 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 13 New Mobile Environment Embedded and pervasive systems: Restricted resources memory processor Power supply Wireless networks: Bandwidth, frequent disconnexions Relatively cheap and cost sensitive because they often involve high-volume products The extremely diverse nature of embedded Applications a wide range of damage that can be done through abuse in a pervasive world

14 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 14 Embedded Pervasive Systems A wide variety of applications : hand-held devices household appliances RFID tags washing machines, refrigerators or microwave ovens. safety-critical applications e.g., in ITS (intelligent transport systems such as automotive, railroad or airplane), military, control systems …

15 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 15 Potential Threats (1/3) From privacy violation to financial loss or even bodily harm… Risk Potential: the close coupling with the physical environment threats against our real physical environment Financials an increasing number of pervasive applications that involve financial aspects, digital entertainment content in home and mobile devices, location-based services for hand-held devices, smart cards with e-wallet functions.

16 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 16 Potential Threats (2/3) New business models : sophisticated security solutions New pervasive applicationswhere the business model relies on strong security functionality. Manipulation may lead to a loss of revenue. Pay-TV, time-limited feature activation in fielded products, Privacy Pervasive computing :intimate link between human user and computing device = disclosure of a users location or of his/her behavior,

17 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 17 Potential Threats (3/3) Reliability manipulations harm the reliability of a product E.g.. remote software updates of pervasive devices E.g.. chip tuning in the automotive context. Legislation Legislative requirement will force certain pervasive applications to provide strong security, e.g., road toll systems, e-voting systems,or mobile banking applications.

18 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 18 Conclusion Pervasive security : an emerging discipline There is an active academic and industrial community working on strong security solutions.

19 e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 19 Thank you for attending this presentation


Download ppt "E-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 1 Security of Mobile Transactions Over Wireless Pervasive Networks Hella KAFFEL-BEN."

Similar presentations


Ads by Google