A Mobile Coalition Key-Evolving Digital Signature Scheme for Wireless/Mobile Networks

A scheme is proposed in this chapter to apply a secure digital signature scheme in a mobile-IP environment and treats the three entities in a dynamic path as either foreign agents (FA), home agents (HA) or mobile agents (MA), such that a coalition is formed containing each of the individual agents. Each agent has a pair of keys: one private and one public. The private key is evolving with time, and the public key is signed by a certification authority (CA). All the private keys of the three agents in the coalition are needed to sign a signature. Furthermore, all the messages are signed and verified. The signature is verified against a public key, computed as the product of the public keys of all three agents, and readily generated when a new dynamic path is formed. In addition, the key-evolving scheme prevents an adversary from forging past signatures under any circumstances. As a result of the schemes’ proactive refresh capability, an adversary must simultaneously compromise each MA, FA and HA in order to forge future signatures. When a new dynamic path is formed or private keys evolve to new states, an interactive, proactive synchronization scheme is employed among the agents. Thus, the loss of a mobile device, or its information, will cause minimal information damage.

M-Payment Solutions and M-Commerce Fraud Management

Mobile security and payment are central to m-commerce. The shift from physical to virtual payments has brought enormous benefits to consumers and merchants. For consumers it means ease of use. For mobile operators, mobile payment presents a unique opportunity to consolidate their central role in the m-commerce value chain. Financial organizations view mobile payment and mobile banking as a way of providing added convenience to their customers along with an opportunity to reduce their operating costs. The chapter starts by giving a general introduction to m-payment by providing an overview of the m-payment value chain, lifecycle and characteristics. In the second section, we will review competing mobile payment solutions that are found in the marketplace. The third section will review different types of mobile frauds in the m-commerce environment and solutions to prevent such frauds.

A Secure Authentication Infrastructure for Mobile Users

The requirements for an authentication infrastructure for electronic commerce are explained by identifying the partners involved in e-commerce transactions and the trust relationships required. Related security requirements are also explained, such as authentication, access rights, payment credentials, anonymity (in certain cases), and privacy and integrity of message exchanges. Then several general authentication schemes and specific protocols are reviewed and their suitability for mobile users is discussed. Finally, an improved authentication protocol is presented which can provide trust relationships for mobile e-commerce users. Its analysis and comparison with other proposed authentication protocols indicate that it is a good candidate for use in the context of mobile e-commerce.

Secure Multicast for Mobile Commerce Applications

With the rapid growth in mobile commerce (m-commerce) applications, the need for providing suitable infrastructure to support these applications has become critical. Secure multicast is a key element of this infrastructure, in particular, to support group m-commerce applications such as mobile auctions, product recommendation systems, and financial services. Despite considerable attention to m-commerce security, most existing security solutions focus on unicast communications. On the other hand, numerous solutions for secure multicast exist that are not specifically designed with m-commerce as a target environment. Clearly, to address secure multicast in m-commerce, we must start by forming a comprehensive picture of the different facets of the problem and its solutions. In this chapter, we identify system parameters and subsequent security requirements for secure multicast in m-commerce. Attacks on m-commerce environments may undermine satisfying these security requirements resulting, at most times, in major losses. We present a taxonomy of common attacks and identify core services needed to mitigate these attacks and provide efficient solutions for secure multicast in m-commerce. Among these services, authentication and key management play a major role. Given the varying requirements of m-commerce applications and the large number of current key management schemes, we provide a taxonomy and a set of performance metrics to aid m-commerce system designers in the evaluation and selection of key management schemes.

Security Issues and Possible Countermeasures for a Mobile Agent Based M-Commerce Application

With the advent of wireless and mobile networks, the Internet is rapidly evolving from a set of connected stationary machines to include mobile handheld devices. This creates new opportunities for customers to conduct business from any location at any time. However, the electronic commerce technologies currently used cannot be applied directly since most were developed based on fixed, wired networks. As a result, a new research area, mobile commerce, is now being developed to supplement existing electronic commerce capabilities. This chapter discusses the security issues related to this new field, along with possible countermeasures, and introduces a mobile agent based solution for mobile commerce.

Smart Card Based Protocol for Secure and Controlled Access of Mobile Host in IPv6 Compatible Foreign Network

We present a proposal to combine the advantages of IPSec and smart cards in order to design a new protocol for secure bi-directional access of mobile hosts in an IPv6 foreign network using smart cards. The protocol, called Mobile Authentication Protocol (MAP), builds a security association needed for IPsec. An access router in a foreign network contacts an AAA (Authentication, Authorization and Accounting) server in order to authenticate and authorize a mobile host that approaches the router to access services. The access router then acts as a gateway for all subsequent service requirements of the mobile host. The access router interoperates between two protocols, namely, MAP to communicate with clients, and the AAA protocol to communicate with AAA servers. MAP works at the application layer and uses UDP as the transport layer. Therefore, MAP works independently of the data link layer protocols. It also supports features to establish a Local Security Association (LSA) between an access router and mobile hosts. The LSA is used to offer keying material to protect communication between a mobile host and an access router of a visited domain. The proposed design of the access router enables it to control access using IPv6 and to act as an interface between MAP and Diameter (as the AAA protocol). The network access control is secured by using IPSec by utilizing keying material offered by the LSA.

Remote Digital Signing for Mobile Commerce

Mobile agents (MAs) are a promising technology which directly address physical limitations of mobile devices such as limited battery life, intermittent and low-bandwidth connections, with their capability of providing disconnected operation. This chapter addresses the problem of digital contract signing with MAs, which is an important part of any mobile commerce activity and one special challenging case of computing with secrets remotely in public. The authors use a multi-agent model together with simple secret splitting schemes for signing with shares of a secret key carried by MAs, cooperating to accomplish a trading task. In addition to known key splitting techniques of RSA, authors introduce similar techniques for El Gamal and DSS public key cryptosystems. The objective is to achieve a simple and ubiquitous solution by using the well-known public-key cryptosystem implementations, which conform to the established standards.

Multi-Party Micro-Payment for Mobile Commerce

This chapter introduces a new micro-payment scheme that is able to apply to multi-party for mobile commerce, which allows a mobile user to pay every party involved in providing services. The micro-payment, which refers to low-value financial transactions ranging from several cents to a few dollars, is an important technique in m-commerce. Our scheme is based on the hash function and without any additional communication and expensive public key cryptography in order to achieve good efficiency and low transaction costs. In the scheme, the mobile user releases an ongoing stream of low-valued micro-payment tokens into the network in exchange for the requested services. The scheme that is put forward satisfies the requirements for security, anonymity, efficiency and lightweight.

A Comprehensive XML Based Approach to Trust Negotiations

Trust negotiation is a promising approach for establishing trust in open systems like the Internet, where sensitive interactions may often occur between entities at first contact, with no prior knowledge of each other. In this chapter we present Trust-X, a comprehensive XML-based XML framework for trust negotiations, specifically conceived for a peer-to-peer environment. We also discuss the applicability of trust negotiation principles to mobile commerce. We introduce a variety of possible approaches to extend and improve Trust-X in order to fully support mobile commerce transactions and payments. In the chapter, besides presenting the Trust-X system, we present the basic principles of trust negotiation.

Policy-Based Access Control for Context-Aware Services over the Wireless Internet

The spreading wireless accessibility to the Internet stimulates the provisioning of mobile commercial services to a wide set of heterogeneous and limited client terminals. This requires novel programming methodologies to support and simplify the development of innovative service classes. In these novel services, results and offered quality levels should depend on both client location and locally available resources (context). In addition, it is crucial to manage the frequent modifications of resource availability due to wireless client movements during service provisioning. Within this perspective, the chapter motivates the need for novel access control solutions to flexibly control the resource access of mobile clients depending on the currently applicable context. In particular, it discusses and exemplifies how innovative middleware for access control should support the determination of the client context on the basis of high-level declarative directives (profiles and policies) and distributed online monitoring.