SOFTWARE SECURITY AND PRIVACY RISKS IN MOBILE E-COMMERCE

摘要

While many of the risks of desktop Internet-based commerce will pervade m-commerce, m-commerce itself presents new risks. The nature of the medium requires a degree of trust and cooperation between member nodes in networks that can be exploited by malicious entities to deny service as well as collect confidential information and disseminate false information. Furthermore, the platforms and languages being developed for wireless devices have failed to adopt fundamental security concepts employed in the current generation of desktop machines. Encrypted communication protocols are necessary to provide confidentiality, integrity, and authentication services for m-commerce applications. Perhaps the greatest risk of encrypted communication links, though, is the false sense of security they provide wireless users and purveyors of m-commerce. Probably the most significant risk to m-commerce systems will be from malicious code that is beginning to penetrate wireless networks. Malicious code has the ability to undermine other security technologies such as signing, authentication, and encryption because it runs resident to the device with all the privileges of the owner. The risks presented by malicious mobile scripts to wireless devices are significant. As illustrated here, wireless device manufacturers and language developers have ignored past lessons learned with regard to security and privacy risks in mobile code. Our goal here is to highlight the key security and privacy risks already apparent in these devices and their language platforms in order to influence device and platform manufacturers to build more robust and secure systems. It is important to note here that though the current version of WAP, 1.2 uses WML and WML Script as its language and partner script, WAP version 2.0 is scheduled to be released within the next year. Version 2.0 may retire WML and WML Script in favor of a more robust language such as XHTML and a similar partner script, possibly JavaScript. While we expect many of the same security risks to apply to the scripting language of choice for version 2.0, we hope the specification addresses the weaknesses highlighted in this article. The best strategy for addressing the security and privacy risks of Internet-based content is to build security into the platform and applications themselves, rather than attempt to introduce security patches afterward. For instance, Java provides type safety, memory protection, and sandboxing for untrusted content. While history has shown that various implementations of the Java virtual machine have not been perfect, its model of secure computation is relatively good. The device manufacturers and the language developers for wireless applications should leverage the decades of progress in secure operating system models and secure models of computation before going forward with business-critical and privacy-related wireless applications. Otherwise, we are doomed to repeat the mistakes of the past, and potentially take two steps backward as we move one step forward.