Presentation is loading. Please wait.

Presentation is loading. Please wait.

Magister Manajemen Sistem Informasi 0 Electronic Commerce and Mobile Commerce Dr. Tb. Maulana Kusuma

Similar presentations


Presentation on theme: "Magister Manajemen Sistem Informasi 0 Electronic Commerce and Mobile Commerce Dr. Tb. Maulana Kusuma"— Presentation transcript:

1 Magister Manajemen Sistem Informasi 0 Electronic Commerce and Mobile Commerce Dr. Tb. Maulana Kusuma Internet dan Jaringan Komputer

2 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structure Definition of E-Commerce “A modern business methodology that addresses the needs of organizations, merchants, and consumers to cut costs while improving the quality of goods and services and increasing the speed of service delivery”

3 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structure E-Commerce Framework The Information Superhighway infrastructure (telecom, cable TV, wireless, Internet) Multimedia content and network publishing infrastructure The messaging and information distribution infrastructure Common business services infrastructure (security / authentication, electronic payment, directories / catalogs) Electronic Commerce Applications Supply chain management Video on-demand Remote Banking Procurement and purchasing On-line marketing and advertising Home shopping Public policy, legal and privacy issues Technical standards for electronic documents, multimedia and network protocols

4 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structure E-Commerce & Media Convergence “Convergence, broadly defined, is the melding of consumer electronics, television, publishing, telecommunications, and computers for the purpose of facilitating new forms of information- based commerce”  Convergence of content Translates all types of information content -- books, business documents, videos, movies, music -- into digital information.  Convergence of transmission Compresses and stores digitized information so it can travel through existing phone and cable wiring.  Convergence of information access device To function as both computers and televisions.

5 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structure Anatomy of E-Commerce Applications Video servers Government servers Game servers Corporate servers Libraries Chatlines Software Electronic publishing Network Service Provider Network Internet Information Servers with Variety of Content Computer PDA Telephone TV Printer Consumer Devices

6 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structure Types of Internet Sites There are broadly speaking two main types of commercial Internet sites available to companies at present:  Static Sites It can be used for displaying large amounts of information provided the information does not require regular updating and a high degree of functionality is not required.  Databased Sites Sometimes referred to as Database Front-end Systems or dynamically generated Internet sites. It can be designed to interact with existing systems such as order processing, stock control systems and sources of information such as product databases.

7 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structure Commercial Uses of the Internet The Internet On-line databases (selling information) On-line databases (product & services) Employees in the organization whose tasks range from procurement to payment Financial institutions, banks, credit card companies Global suppliers Customers at home Business customers

8 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structureFirewallFirewall Enterprise LAN or WAN Internet Firewall Firewall bypass should not be allowed Corporate Network

9 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structureEncryptionEncryption Encryption is the mutation of information in any form (text, video, graphics) into a representation unreadable by anyone without a decryption key.  Secret Key Cryptography Involved the use of a shared key for both encryption by the transmitter and decryption by the receiver. This technique suffer from the problem of key distribution, since shared keys must be securely distributed to each pair of communicating parties.  Public Key Cryptography Public-key techniques involve a pair of keys; a private key and a public key associated with each user. Information encrypted by the private key can be decrypted only using the corresponding public key. The private key, used to encrypt transmitted information by the user, is kept secret. The public key is used to decrypt information at the receiver and is not kept secret.

10 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structure Personal Finance and Home Banking Management Home computer The Internet Bank Server ATM

11 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structure Home Shopping

12 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structure Banking & Financial Payments  Large-scale or wholesale payments e.g., bank-to-bank transfer  Small-scale or retail payments e.g., automated teler machines and cash dispenser  Home Banking e.g., bill payment

13 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structure Retailing Payments  Credit cards e.g., VISA or MasterCard  Private label credit / debit cards e.g., J.C. Penney Card, BCA Debit  Charge cards e.g., American Express

14 Internet dan Jaringan Komputer - Universitas Gunadarma 2006 E-Commerce E-Commerce Security Definition Slides prepared by Tb. Maulana Kusuma, Universitas Gunadarma Framework Media Convergence Anatomy Transact. Security Firewall Encryption Consumer Oriented Electronic Payment Internet Sites Commercial Uses E-Commerce & WWW Banking & Financial Retailing On-line E-Commerce Home Banking Home Shopping Magister Manajemen Sistem Informasi Universitas Gunadarma Public Key Infra- structure On-line E-Commerce Payment Systems  Token-based payment systems  Electronic cash (e.g., DigiCash)  Electronic checks (e.g., NetCheque)  Smart cards or debit cards (e.g., Mondex)  Credit card-based payment systems  Encrypted Credit cards (e.g., WWW form- based encryption)  Third-party authorization numbers (e.g., First Virtual)

15 14Magister Manajemen Sistem Informasi Outline m-Commerce Overview Infrastructure m-Commerce Applications Mobile Payment Limitations Security in m-Commerce

16 15Magister Manajemen Sistem Informasi Mobile Commerce: Overview Mobile commerce (m-Commerce, m-Business)—any e-Commerce done in a wireless environment, especially via the Internet Can be done via the Internet, private communication lines, smart cards, etc. Can be done via the Internet, private communication lines, smart cards, etc. Creates opportunity to deliver new services to existing customers and to attract new ones Creates opportunity to deliver new services to existing customers and to attract new ones

17 16Magister Manajemen Sistem Informasi Mobile commerce from the Customer‘s point of view The customer wants to access information, goods and services any time and in any place on his mobile device. He can use his mobile device to purchase tickets for events or public transport, pay for parking, download content and even order books and CDs. He should be offered appropriate payment methods. They can range from secure mobile micropayment to service subscriptions.

18 17Magister Manajemen Sistem Informasi Mobile commerce from the Provider‘s point of view The future development of the mobile telecommunication sector is heading more and more towards value-added services. Analysts forecast that soon half of mobile operators‘ revenue will be earned through mobile commerce. Consequently operators as well as third party providers will focus on value-added-services. To enable mobile services, providers with expertise on different sectors will have to cooperate. Innovative service scenarios will be needed that meet the customer‘s expectations and business models that satisfy all partners involved.

19 18Magister Manajemen Sistem Informasi m-Commerce Terminology Generations 1G: wireless technology 1G: wireless technology 2G: current wireless technology; mainly accommodates text 2G: current wireless technology; mainly accommodates text 2.5G: interim technology accommodates graphics 2.5G: interim technology accommodates graphics 3G: 3 rd generation technology ( ) supports rich media (video clips) 3G: 3 rd generation technology ( ) supports rich media (video clips) 4G: will provide faster multimedia display ( ) 4G: will provide faster multimedia display ( )

20 19Magister Manajemen Sistem Informasi Terminology and Standards GPS: Satellite-based Global Positioning System PDA: Personal Digital Assistant—handheld wireless computer SMS: Short Message Service EMS: Enhanced Messaging Service MMS: Multimedia Messaging Service WAP: Wireless Application Protocol Smart-phones—Internet-enabled cell phones with attached applications

21 20Magister Manajemen Sistem Informasi Attributes of m-Commerce and Its Economic Advantages Mobility—users carry cell phones or other mobile devices Mobility—users carry cell phones or other mobile devices Broad reach—people can be reached at any time Broad reach—people can be reached at any time Ubiquity—easier information access in real-time Ubiquity—easier information access in real-time Convenience—devices that store data and have Internet, intranet, extranet connections Convenience—devices that store data and have Internet, intranet, extranet connections Instant connectivity—easy and quick connection to Internet, intranets, other mobile devices, databases Instant connectivity—easy and quick connection to Internet, intranets, other mobile devices, databases Personalization—preparation of information for individual consumers Personalization—preparation of information for individual consumers Localization of products and services—knowing where the user is located at any given time and match service to them Localization of products and services—knowing where the user is located at any given time and match service to them

22 21Magister Manajemen Sistem Informasi Outline m-CommerceInfrastructure m-Commerce Applications Mobile Payment Limitations Security in m-Commerce

23 22Magister Manajemen Sistem Informasi Mobile Computing Infrastructure Screenphones—a telephone equipped with color screen, keyboard, e- mail, and Internet capabilities handhelds Wirelined—connected by wires to a network Cellular (mobile) phones Attachable keyboard PDAs Interactive pagers Other devices Notebooks Notebooks Handhelds Handhelds Smartpads Smartpads Hardware

24 23Magister Manajemen Sistem Informasi Mobile Computing Infrastructure (cont.) Unseen infrastructure requirements Suitably configured wireline or wireless WAN modem Suitably configured wireline or wireless WAN modem Web server with wireless support Web server with wireless support Application or database server Application or database server Large enterprise application server Large enterprise application server GPS locator used to determine the location of mobile computing device carrier GPS locator used to determine the location of mobile computing device carrier

25 24Magister Manajemen Sistem Informasi Mobile Computing Infrastructure (cont.) Software Micro browser Micro browser Mobile client operating system (OS) Mobile client operating system (OS) Bluetooth—a chip technology and WPAN standard that enables voice and data communications between wireless devices over short-range radio frequency (RF) Bluetooth—a chip technology and WPAN standard that enables voice and data communications between wireless devices over short-range radio frequency (RF) Mobile application user interface Mobile application user interface Back-end legacy application software Back-end legacy application software Application middleware Application middleware Wireless middleware Wireless middleware

26 25Magister Manajemen Sistem Informasi Mobile Computing Infrastructure (cont.) Networks and access Wireless transmission media Wireless transmission mediaMicrowaveSatellitesRadioInfrared Cellular radio technology Wireless systems Wireless systems

27 26Magister Manajemen Sistem Informasi Outline m-Commerce Overview Infrastructure m-Commerce Applications Mobile Payment Limitations Security in m-Commerce

28 27Magister Manajemen Sistem Informasi Mobile Service Scenarios Financial Services. Entertainment.Shopping. Information Services. Payment.Advertising. And more...

29 28Magister Manajemen Sistem Informasi Early content and applications have all been geared around information delivery but as time moves on the accent will be on revenue generation. m-Commerce Entertainment Music Games Graphics Video Communications Short Messaging Multimedia Messaging Unified Messaging Chat rooms Video - conferencing Transactions Banking Broking Shopping Auctions Betting Booking & reservations Mobile wallet Mobile purse Information News City guides Directory Services Maps Traffic and weather Corporate information Market data

30 29Magister Manajemen Sistem Informasi Classes of M-Commerce Applications

31 30Magister Manajemen Sistem Informasi Mobile Application: Financial Tool As mobile devices become more secure Mobile banking Bill payment services m-Brokerage services Mobile money transfers Mobile micro payments Replace ATM’s and credit cards??

32 31Magister Manajemen Sistem Informasi Financial Tool: Wireless Electronic Payment Systems “transform mobile phones into secure, self-contained purchasing tools capable of instantly authorizing payments…” Types: Micro payments Micro payments Wireless wallets (m-Wallet) Wireless wallets (m-Wallet) Bill payments Bill payments

33 32Magister Manajemen Sistem Informasi Examples Swedish Postal Bank Check Balances/Make Payments & Conduct some transactions Check Balances/Make Payments & Conduct some transactions Dagens Industri Receive Financial Data and Trade on Stockholm Exchange Receive Financial Data and Trade on Stockholm ExchangeCitibank Access balances, pay bills & transfer funds using SMS Access balances, pay bills & transfer funds using SMS

34 33Magister Manajemen Sistem Informasi Mobile Applications : Marketing, Advertising, And Customer Service Shopping from Wireless Devices Have access to services similar to those of wireline shoppers Have access to services similar to those of wireline shoppers Shopping carts Price comparisons Order status Future Future Will be able to view and purchase products using handheld mobile devices

35 34Magister Manajemen Sistem Informasi Mobile Applications : Marketing, Advertising, And Customer Service Targeted Advertising Using demographic information can personalize wireless services (barnesandnoble.com) Using demographic information can personalize wireless services (barnesandnoble.com) Knowing users’ preferences and surfing habits marketers can send: Knowing users’ preferences and surfing habits marketers can send: User-specific advertising messages Location-specific advertising messages

36 35Magister Manajemen Sistem Informasi Mobile Applications : Marketing, Advertising, And Customer Service CRM applications MobileCRM MobileCRM Comparison shopping using Internet capable phones Comparison shopping using Internet capable phones Voice Portals Voice Portals Enhanced customer service improved access to data for employees

37 36Magister Manajemen Sistem Informasi Mobile Portals “A customer interaction channel that aggregates content and services for mobile users.” Charge per time for service or subscription based Charge per time for service or subscription based Example: I-Mode in Japan Mobile corporate portal Mobile corporate portal Serves corporations customers and suppliers

38 37Magister Manajemen Sistem Informasi Mobile Intrabusiness and Enterprise Applications Support of Mobile Employees by % of all workers could be mobile employees sales people in the field, traveling executives, telecommuters, consultants working on-site, repair or installation employees sales people in the field, traveling executives, telecommuters, consultants working on-site, repair or installation employees need same corporate data as those working inside company’s offices solution: wireless devices solution: wireless devices wearable devices: cameras, screen, keyboard, touch-panel display

39 38Magister Manajemen Sistem Informasi Mobile B2B and Supply Chain Applications “ mobile computing solutions enable organizations to respond faster to supply chain disruptions by proactively adjusting plans or shifting resources related to critical supply chain events as they occur.” accurate and timely information accurate and timely information opportunity to collaborate along supply chain opportunity to collaborate along supply chain must integrate mobile devices into information exchanges must integrate mobile devices into information exchanges example: “telemetry” integration of wireless communications, vehicle monitoring systems, and vehicle location devices example: “telemetry” integration of wireless communications, vehicle monitoring systems, and vehicle location devices leads to reduced overhead and faster service responsiveness (vending machines)

40 39Magister Manajemen Sistem Informasi Applications of Mobile Devices for Consumers/Industries Personal Service Applications example airport example airport Mobile Gaming and Gambling Mobile Entertainment music and video music and videoHotels Intelligent Homes and Appliances Wireless Telemedicine Other Services for Consumers

41 40Magister Manajemen Sistem Informasi Outline m-Commerce Overview Infrastructure m-Commerce Applications Mobile Payment Limitations Security in m-Commerce

42 41Magister Manajemen Sistem Informasi Mobile Payment for m-Commerce Mobile Payment can be offered as a stand-alone service. Mobile Payment can be offered as a stand-alone service. Mobile Payment could also be an important enabling service for other m-commerce services (e.g. mobile ticketing, shopping, gambling…) : Mobile Payment could also be an important enabling service for other m-commerce services (e.g. mobile ticketing, shopping, gambling…) : It could improve user acceptance by making the services more secure and user-friendly. It could improve user acceptance by making the services more secure and user-friendly. In many cases offering mobile payment methods is the only chance the service providers have to gain revenue from an m-Commerce service. In many cases offering mobile payment methods is the only chance the service providers have to gain revenue from an m-Commerce service.

43 42Magister Manajemen Sistem Informasi Mobile Payment (cont.) the consumer must be informed of: what is being bought, and how much to pay options to pay; the payment must be made payments must be traceable.

44 43Magister Manajemen Sistem Informasi Mobile Payment (cont.) Customer requirements :  a larger selection of merchants with whom they can trade  a more consistent payment interface when making the purchase with multiple payment schemes, like: Credit Card paymentCredit Card payment Bank Account/Debit Card PaymentBank Account/Debit Card Payment Merchant benefits: brands to offer a wider variety of payment brands to offer a wider variety of payment Easy-to-use payment interface development Easy-to-use payment interface development Bank and financial institution benefits to offer a consistent payment interface to consumer and merchants to offer a consistent payment interface to consumer and merchants

45 44Magister Manajemen Sistem Informasi Payment via Internet Payment Provider WAP GW/Proxy SSL tunnel Mobile e-Payment Server GSM Security SMS-C User Browsing (negotiation) Merchant Mobile Wallet CC/Bank IPP

46 45Magister Manajemen Sistem Informasi Payment via Integrated Payment Server WAP GW/Proxy ISO8583 Based CP Mobile Commerce Server GSM Security SMS-C User Browsing (negotiation) CC/Bank Merchant Mobile Wallet Voice Pre-Paid VPP IF SSL tunnel

47 46Magister Manajemen Sistem Informasi Outline m-Commerce Overview Infrastructure m-Commerce Applications Mobile Payment Limitations Security in m-Commerce

48 47Magister Manajemen Sistem Informasi Limitations of m-Commerce Usability Problem small size of mobile devices (screens, keyboards, etc) limited storage capacity of devices hard to browse sites Technical Limitations lack of a standardized security protocol insufficient bandwidth 3G licenses

49 48Magister Manajemen Sistem Informasi Limitations of m-Commerce Technical Limitations… transmission and power consumption limitations poor reception in tunnels and certain buildings poor reception in tunnels and certain buildings multi-path interference, weather, and terrain problems and distance-limited connections multi-path interference, weather, and terrain problems and distance-limited connections WAP Limitations SpeedCostAccessibility

50 49Magister Manajemen Sistem Informasi Limiting Technological Factors Mobile Devices Battery Memory CPU Display Size Networks Bandwidth Interoperability Cell Range Roaming Localization Upgrade of Network Upgrade of Mobile Devices Precision Mobile Middleware Standards Distribution Security Mobile Device Network Gateway

51 50Magister Manajemen Sistem Informasi Potential Health Hazards Cellular radio signals = cancer? No conclusive evidence yet No conclusive evidence yet could allow for myriad of lawsuits could allow for myriad of lawsuits mobile devices may interfere with sensitive medical devices such as pacemakers mobile devices may interfere with sensitive medical devices such as pacemakers

52 51Magister Manajemen Sistem Informasi Outline m-Commerce Overview Infrastructure m-Commerce Applications Mobile Payment Limitations Security in m-Commerce

53 52Magister Manajemen Sistem Informasi Security in m-Commerce: Environment Operator centric model CA Bank (FI) Merchant Content Aggregation Internet SAT GW WAP GW Mobile Network Mobile Bank WAP1.1 (+SIM where avail.) WAP1.2 (WIM) (SIM) Security and Payment Mobile e-Commerce Server Mobile IP Service Provider Network

54 53Magister Manajemen Sistem Informasi WAP Architecture Web Server Content CGI Scripts etc. WML Decks with WML-Script WAP Gateway WML Encoder WMLScript Compiler Protocol Adapters Client WML WML- Script WTAI Etc. HTTPWSP/WTP

55 54Magister Manajemen Sistem Informasi Comparison between Internet and WAP Technologies Comparison between Internet and WAP Technologies HTML JavaScript HTTP TLS - SSL TCP/IP UDP/IP Wireless Application Protocol Wireless Application Environment (WAE) Session Layer (WSP) Security Layer (WTLS) Transport Layer (WDP) Other Services and Applications Transaction Layer (WTP) SMSUSSDCSD IS-136 CDMA CDPDPDC-P Etc.. Bearers:

56 55Magister Manajemen Sistem Informasi WAP Risks WAP Gap Claim: WTLS protects WAP as SSL protects HTTP Claim: WTLS protects WAP as SSL protects HTTP Problem: In the process of translating one protocol to another, information is decrypted and re-encrypted Problem: In the process of translating one protocol to another, information is decrypted and re-encrypted Solution: Doing decryption/re-encryption in the same process on the WAP gateway Solution: Doing decryption/re-encryption in the same process on the WAP gateway Wireless gateways as single point of failure

57 56Magister Manajemen Sistem Informasi Platform Risks Without a secure OS, achieving security on mobile devices is almost impossible Learned lessons: Memory protection of processes Memory protection of processes Protected kernel rings Protected kernel rings File access control File access control Authentication of principles to resources Authentication of principles to resources Differentiated user and process privileges Differentiated user and process privileges Sandboxes for untrusted code Sandboxes for untrusted code Biometric authentication Biometric authentication

58 57Magister Manajemen Sistem Informasi WMLScript Scripting is heavily used for client-side processing to offload servers and reduce demand on bandwidth Wireless Markup Language (WML) is the equivalent to HTML, but derived from XML WMLScript is WAP’s equivalent to JavaScript Derived from JavaScript™

59 58Magister Manajemen Sistem Informasi WMLScript (cont.) Integrated with WML Reduces network traffic Has procedural logic, loops, conditionals, etc Optimized for small-memory, small-CPU devices Bytecode-based virtual machine Compiler in network Works with Wireless Telephony Application (WTA) to provide telephony functions

60 59Magister Manajemen Sistem Informasi Risks of WMLScript Lack of Security ModelLack of Security Model Does not differentiate trusted local code from untrusted code downloaded from the Internet. So, there is no access control!!Does not differentiate trusted local code from untrusted code downloaded from the Internet. So, there is no access control!! WML Script is not type-safe.WML Script is not type-safe. Scripts can be scheduled to be pushed to the client device without the user’s knowledgeScripts can be scheduled to be pushed to the client device without the user’s knowledge Does not prevent access to persistent storageDoes not prevent access to persistent storage Possible attacks:Possible attacks: Theft or damage of personal information Theft or damage of personal information Abusing user’s authentication information Abusing user’s authentication information Maliciously offloading money saved on smart cards Maliciously offloading money saved on smart cards

61 60Magister Manajemen Sistem Informasi Bluetooth  Bluetooth is the codename for a small, low-cost, short range wireless technology specification  Enables users to connect a wide range of computing and telecommunication devices easily and simply, without the need to buy, carry, or connect cables.  Bluetooth enables mobile phones, computers and PDAs to connect with each other using short-range radio waves, allowing them to "talk" to each other  It is also cheap

62 61Magister Manajemen Sistem Informasi Bluetooth Security Bluetooth provides security between any two Bluetooth devices for user protection and secrecy  mutual and unidirectional authentication  encrypts data between two devices  Session key generation configurable encryption key length keys can be changed at any time during a connection  Authorization (whether device X is allowed to have access service Y) Trusted Device: The device has been previously authenticated, a link key is stored and the device is marked as “trusted” in the Device Database. Untrusted Device: The device has been previously authenticated, link key is stored but the device is not marked as “trusted” in the Device Database Unknown Device: No security information is available for this device. This is also an untrusted device.  automatic output power adaptation to reduce the range exactly to requirement, makes the system extremely difficult to eavesdrop

63 62Magister Manajemen Sistem Informasi New Security Risks in m-Commerce Abuse of cooperative nature of ad-hoc networksAbuse of cooperative nature of ad-hoc networks An adversary that compromises one node can disseminate false routing information.An adversary that compromises one node can disseminate false routing information. Malicious domainsMalicious domains A single malicious domain can compromise devices by downloading malicious codeA single malicious domain can compromise devices by downloading malicious code Roaming (are you going to the bad guys ?)Roaming (are you going to the bad guys ?) Users roam among non-trustworthy domainsUsers roam among non-trustworthy domains

64 63Magister Manajemen Sistem Informasi New Security Risks (cont.) Launching attacks from mobile devicesLaunching attacks from mobile devices With mobility, it is difficult to identify attackersWith mobility, it is difficult to identify attackers Loss or theft of deviceLoss or theft of device More private information than desktop computersMore private information than desktop computers Security keys might have been saved on the deviceSecurity keys might have been saved on the device Access to corporate systemsAccess to corporate systems Bluetooth provides security at the lower layers only: a stolen device can still be trustedBluetooth provides security at the lower layers only: a stolen device can still be trusted

65 64Magister Manajemen Sistem Informasi New Security Risks (cont.) Problems with Wireless Transport Layer Security (WTLS) protocolProblems with Wireless Transport Layer Security (WTLS) protocol Security Classes:Security Classes: No certificates No certificates Server only certificate (Most Common) Server only certificate (Most Common) Server and client Certificates Server and client Certificates Re-establishing connection without re-authenticationRe-establishing connection without re-authentication Requests can be redirected to malicious sitesRequests can be redirected to malicious sites

66 65Magister Manajemen Sistem Informasi New Privacy Risks Monitoring user’s private informationMonitoring user’s private information Offline telemarketingOffline telemarketing Who is going to read the “legal jargon”Who is going to read the “legal jargon” Value added services based on location awareness (Location-Based Services)Value added services based on location awareness (Location-Based Services)


Download ppt "Magister Manajemen Sistem Informasi 0 Electronic Commerce and Mobile Commerce Dr. Tb. Maulana Kusuma"

Similar presentations


Ads by Google