MOBILE COMMERCE AND SECURITY ISSUES

Henry Chike Okonkwo

1
Master of Business Administration.
Cyprus International University, Nicosia, Cyprus.
okonkwohenry39@yahoo.com


Osamede Sarah Adenomo
2

Department of Computer Engineering.
Cyprus International University, Nicosia, Cyprus.
sarahosa@yahoo.com
Abstract this paper focuses on Mobile e-commerce and
the benefits of m-commerce, the elements that encompasses
its processes, m-commerce security issues; analysis of its
major vulnerability on data privacy and internal system
implementation.
It goes further to proposes an improved security solution so
at to curtail the security risks that is attached to it using
some proposed model like Dynamically Controlled Model,
WIM Bluetooth earphone, and the use of WAP gateway
based on encryption model.
Keywords
Mobile commerce, Security, Solutions.

INTRODUCTION
1. Electronic commerce
This is a type of business whereby buying and selling of
product are conducted over the electronic system such as
internet and other computer network, a modern electronic
commerce uses the World Wide Web (www) at one point in
the transactions life cycle, it may not encompass a wide
range of the technology such as E-mail, social media, mobile
devices and telephones [2]. Internet and all other type of
telecommunications have being progressively more public in
our daily life aspect since 1990s. It was research that about
964 million internet user and also 2,168 million mobile
phone users worldwide [11]. Electronic commerce is mainly
considered to be the sales aspect of electronic business, E-
commerce also consists of exchanging of data to facilitate
the financing and payment aspects of a business transactions.
It is an actual way of communicating within an organization
and also most effective and useful way of doing business. E-
Commerce also applies to business to business transactions
(b2b), for example, between manufacturers and suppliers or
manufactures and distributors [2], [12], [1].
Electronic commerce can be categories into
Electronic tailing or virtual storefronts on websites with
online catalogs
Buying or selling on various websites or online
marketplaces
The gathering and use of demographic data through social
media and Web contacts
Electronic Data Interchange (EDI) this the business-to-
business exchange of data
E-mail and fax (for example newsletters)
Business to business buying and selling [4]
The growth of internet and other related technologies moved
us to a variety of new opportunities for business, providing
businesses with new ways to demeanor trade and exchange
and interconnect information through the development and
enlargement of e-commerce market(OECD,2001)[12].
Hence, a new sort of communication services using internet
formerly with mobile devices, and that lead to emergent of
new opportunities and to carry diverse digital content or
services called mobile commerce. [12]

Benefits of mobile commerce.
A) Mobile commerce can be carried out from any location
using phones. B) It creates for enterprises to expand and
improve their market reach, down on cost and give
customers a better service. C) The experiences of M-
commerce provide for a user to personalize his/her data for
the purpose of convenience. D) It creates for parameters
where users can buy ringtones and games online and also do
some mobile parking payments and, E) provide for the ease
of purchasing land, houses and cars more conveniently in the
future [12].

M-commerce ecosystem
A leveling m-Commerce solution should have robust
ecosystems which comprehend a number of elaborate
elements including:
a transparent Transaction Process with necessary
official permissions and transfers
covering all the vital Stakeholders (Subscribers,
Mobile Networks Operators (MNO),
Merchants, Retailers, Banks, Micro Finance
Institutions, Service Industries and Utilities,
Government).with an immediate feedback,
clearing, payment and risk management practice;
a progressive Regulatory Framework and,
a well-built and upbeat Data Security
Framework[2].



Tested m-commerce technologies
Below is a table that puts forward the various technologies
identified for m-commerce transaction and could be used by
any operator [2]:

Table 1. M-commerce Technology


E-COMMERCE SECURITY ISSUES
E-commerce security strategies deals with two major
issues: protecting the integrity of the business network
and its internal systems; and also accomplishing
transaction security between the customer and the
business. The main method or tools businesses use to
protect their internal network is the firewall. Firewall is
the hardware and software system that allows only those
external users with specific characteristics to access a
protected network. Although the original design was
supposed to allow only specific Services (e.g., email,
web access) between the Internet and the internal
network. This firewall has now become the main point of
defense in the business security architecture. However,
firewalls should be used as a small part of the business
security infrastructure. There are hacker tools such as
SMTPTunnel and ICMPTunnel that hackers can use to
pass informations through allowed port one of those port
is the ILOVEYOU virus which has successfully
penetrated firewalled networks because firewall allows
the pass through of inbound and outbound email. The
Code Red and NIMDA worms can pass through firewalls
because they can access systems through the standard
WEB server ports.
Example operating system like Windows 9x or Marcos
8.x. Operating systems such as Windows NT, Windows
2000, are still vulnerable to this attack because they do
not have the capability of restricting who can activate the
virus. [5], [1][6][7]
Transaction security
Transaction security is becoming a critical support or
strength of a consumer confidence in a particular
internet business site. Transaction security depends on
the organizations ability to ensure total privacy in all
areas of security, authenticity, integrity, availability and
the blocking of unwanted intrusions. Transaction privacy
is threatened by unauthorized network monitoring
software devices called sniffer programs. These programs
are commonly found at the endpoints of the network
connection.
Mobile Agent mobility
Mobile Agent mobility this has brought a lot of
uncertainty, if Mobile Agent should be widely accepted
and successfully applied to e-commerce, we must first
solve the Mobile Agent's security issues. Mobile Agent
structure mainly consists of three par2ts: the
implementation of the code segment, data segment and
the implementation status segment.
Security holes in application model in short message
services
The security link in this access part is from the mobile
user to SMSC contains two sections, the wireless link
layer between mobile user and base station, and the wire
network from base station to MSC and then to SMSC.
The short massage data packet sent in air link layer has
been plaintext transmitted, and it has the security risk
because it is easier to intercept the signal sent form air by
the simple equipments. And this will cause a security
hole of information about business secret and other
transactions. Also in hand held devices short massage
data are saved as plaintext in the database of the SMSC.
If the database is attack the important data will stole and
this will cause a security bridge to the application based
on SMS.[5],[12]


Cyber crime
Internet fraudsters can access a web site like
www.mapquest.com and enter the enter address of a client to
get information or access the person's personal web page
and most likely get a phone number, photograph and
personal address to build composites about the person for a
malicious
act. For example one can access a person at
www.switchboard.com[1],[4]

Trojan horses
The Trojan horses this program the Back Orifice, Net
bus, BO2K hackers they allow a remote user to control,
examine, monitor any information on a target PC. Reason
because they are especially beguiling is that they are also
capable of using the target PC to send information to the net
as if the legitimate user or administrator had done so. There
are other commercial tools that can perform this same
function
e.g VNCviewer and CUCme. Examples of hacker exploit
web sites are www.portwolf.com, www.rootshell.com and
www.cuitdeadcow.com
Hackers can install these Trojan horse program for
nefarious purposes e.g. like forgery, eavesdropping and data
modification.[5]

Social engineering techniques
This is one of the most exist and profitable attacks base
on tracking the client behavior and gather information about
the client like mother maiden name, password and users
name when visiting sites. Then the attacker call the client
pretending to be a representative of one the site visited and
get information from the client. One technique to scan a
client computer is the SATAN tools.[1],[3]

Snopping
Most client computer are added to the internet without the
vulnerabilities of the system, in addition to this software and
hardware vendors in quest to ensure that their product are
easily installed will ship their product security features and
the client most likely do not bother to check the security
features.[1],[6]

SOLUTIONS TO MOBILE COMMERCE AND
SECURITY
Mobile Commerce is faced with many security and privacy
challenges. It is in view of this fact; solutions are proffered
so as to address the shortcomings associated with it. We
shall consider the solutions from three strands, namely:
1. Dynamically controlled routing [11].
2. WIM Bluetooth earphone [9]
3. 3rd Generation Mobile Communication [10].
Dynamically controlled routing:
This is an offshoot from the Wireless Application Protocol.
Dynamically controlled routing comes with the benefit of an
end to end security in that messages when disseminated by a
WAP client, passes the wireless network, his mobile
network operator, a private IP network of the network
provider, the internet and a lastly access data from the
Private network of the content provider. In short, it
provides for an end to end security between mobile client
and the content provider. It is a more advance WAP
protocol security for Mobile Commerce. The WAP comes
with more than 20 protocols and is calculated to work with
diverse bearers; GSM, SMS, or GPRS [11].
Unlike the previous situation, the inclusion of the
Dynamically Controlled Routing makes the utilization of
WAP applications, cheaper to afford with better security
attached to it. In the bid to ensure that there is no leakage or
intruding into vital information that flows between and
along end to end points, the Dynamically Controlled
Routing comes with an interconnectivity of activities of a
RAS server and a default WAP gateway as well as a NAT
router and are all hosted by the mobile network provider
[11]. The content provider is expected too, to host another
WAP gateway. Encrypted messages coming from the
mobile client are expected to be authenticated from the RAS
server in connection with the AAA server and then
forwarded to the WAP server all within the same network
before it is then sent to the WAP gateway of the content
provider [11].

WIM Bluetooth earphone
The prop up of WPKI is crucial to all personality-based
authentications in mobile commerce, and this is considered
a more potent way of securing the flow of information, since
messages are meant to move around varying routes in an
encrypted form [9]. However, it is important to note that
WPKI is also a security solution that is chosen and followed
by WAP. Our centre of concentration is the use of Bluetooth
earphones as an enhanced tool towards achieving a true end
to end security model [9].
The Bluetooth earphone exist to address Security Gap
problem that arises as a result of the decryption of messages
into plain text which are later re-encrypted along wireless/
wired transmission lines. To this effect, the use of WIM
Bluetooth earphone is to protect messages at the application
layer and the avoiding of security problems to in other to
attain an end to end security [9]. The core competence of
WIM Bluetooth earphone is Embedded Secure Access
Module (ESAM) connect Bluetooth chip through ISO-7816
protocol; a secure WPKI security function, with
Smartphones is easily accessing it [9].
Unlike situations where almost all clients makes use of
PINS in m-commerce, with clients having to identify
themselves using different PINS and Passphrase especially
when they are entering into varying transaction in all sort of
mobile commerce (which is rather tasking as they will have
to remember all of it), the WPKI Bluetooth establishes a
certificate with a passphrase stored on a Bluetooth earphone.
Thus, creating for a reduced burden on the part of the
clients.
3rd Generation Mobile Communication:
3rd Generation Mobile Communication comes to one in
three forms, namely; software-only, hardware-based or
biometrics solutions [10]. The use of biometric
identification is a practice; lacking of evidence and
experience [10]. Many banks take to hardware, and
Individuals software encryption. But security solutions lie
where encryption key is stored [10]. Other than the use of
Mobile device or SIM in storing encryption key, recent
development now brings one to the use of interface and
rapid data interface of (IrDA, Bluetooth, COMM and USB)
possessing isolated external electronic security key (ekey)
with a security enhancement mechanism towards achieving;
User confidentiality, Mutual authentication, Data integrity,
Data confidentiality and ekey development with all
algorithms realized based on two encryption modules:
KASUMI and AES [10].
Fig. 1 Sequence diagram for dynamically
controlled routing



Figure 2. Flow of information along a WPKI with
earphone




REFERENCES

1. Ackerman, M. S., & Davis, D. T. (n.d.). Privacy
and Security Issues in E-Commerce.

2. Irohilla, N. (n.d.). A scaleble M- Commerce
solution/ WP. Retrieved from www. scrbd.com:
www. scrbd.com/mobile/doc/67131821
3. Khusial, D., & McKegney, R. (2005, April 13). e-
Commerce security: Attacks and preventive
strategies.
4. Leeger, P., & Charles, P. (n.d.). A good
introduction to computer security: Security in
computing. (2. Edition., Ed.) Prentice Hall.
5. Li, Y., Chen, M., & Nie, J. (2011). Mobile
Commerce Security Model Construction Based on
SMS.
6. Li, Y., Fu, M., & Yu, L. (2010). E-Commerce
Security Model Construction Based on Mobile
Agent. International Conference on Networking
and Digital Society, 55-58.
7. Marchany, R. C., & Tront, J. G. (2002). E-
Commerce Security Issues. Proceedings of the 35th
Hawaii International Conference on System
Sciences, 1-9.

8. Schneier, & Brue. (n.d.). Learn about social
factors in computing Secret and light: digital
security in Network world.

9. Tiejun, P., & Leina, Z. (2012). New Mobile
Commerce Security Solution Based on WPKI.
2012 International Conference on Communication
Systems and Network Technologies, (pp. 485-488).
Retrieved from
https://ieeexplore.ieee.org/xpl/articleDetails.jsp?arn
umber=6200687&contentType=Conference+Public
ations
10. Tiejun, P., Leina, Z., Fang, C., Wenji, H., & Leilei,
F. (2008). M-commerce Security Solution Based
on the 3rd Generation Mobile Communication.
2008 International Symposium on Computer
Science and Computational Technology, (pp. 364-
367). Retrieved from
http://www.computer.org/csdl/proceedings/iscsct/2
008/3498/02/3498b364-abs.html
11. Tzvetkov, V., & Cubaleska, B. (n.d.). WAP
Protocol Security Solutions for Mobile Commerce.
Retrieved from
http://citeseerx.ist.psu.edu/viewdoc/download?doi=
10.1.1.175.7944&rep=rep1&type=pdf
12. Yazdanifard, R., & Elkhabir, M. S. (2011). Mobile
commerce and related mobile Security Issues.
International Conference on Software and
Computer Applications (pp. 198-201). Singapore:
IACSIT Press