If you order your custom term paper from our custom writing service you will receive a perfectly written assignment on Software Privacy. What we need from you is to provide us with your detailed paper instructions for our experienced writers to follow all of your specific writing requirements. Specify your order details, state the exact number of pages required and our custom writing professionals will deliver the best quality Software Privacy paper right on time.
Out staff of freelance writers includes over 120 experts proficient in Software Privacy, therefore you can rest assured that your assignment will be handled by only top rated specialists. Order your Software Privacy paper at affordable prices!
SOFTWARE SECURITY AND PRIVACY RISKS IN MOBILE E-COMMERCE
Examining the risks in wireless computing that will likely influence the emerging m-commerce market
By Anup K. Gosh and Tara M. Swaminatha
Communications of ACM 44 No.(001)
SUMMARY
Soon, we expect a significant portion of e-commerce will take place via wireless, Internet-enabled devices such as cellular phones and personal digital assistants.Using the Internet from wireless devices has come to be known as mobile e-commerce, or simply "m-commerce." One of the major wireless applications is Web access for retrieval of real-time information such as weather reports, sports scores, flight and reservation information navigational maps, and stock quotes.
Strategy Analytics, among other market research groups, predicts that by 004 there will be over one billion wireless device users, some 600 million wireless Internet subscribers, and a $00 billion mobile e-commerce market.The Gartner group estimates that by that year, forty percent (40%) of consumer-to-business e-commerce will be conducted over Web-enabled phones. It is expected that by 008, the number of wireless Internet devices will outnumber wired devices.
New security and privacy risks particular to the wireless medium and devices abound in m-commerce applications.Integrating security and privacy into online m-commerce applications will enable to a projected $5 billion market in wireless software, content and commerce.On the other hand, failing to provide secure system of m-commerce will significantly dampen consumer adoption rates.
Today's hand held devices have computing power equivalent to their desktop-counterparts of only one generation earlier.This phenomenon, while driving more functionality into handheld wireless Internet-enabled devices, is also driving security risks endemic to desktop computing into wireless devices.
New Security and Privacy Risks
Wireless devices introduce new hazard specific to their mobility and communication medium.Consider that wireless devices can form ad hoc networks where a collection of peer mobile nodes communicates with each other without assistance from a fixed infrastructure.One implication of ad hoc networks is that decision-making is decentralized. As a result, network protocols tend to rely on cooperation among all participating nodes.An adversary can exploit this assumed trust to compromise cooperative nodes.Mobile users will roam through many different cells, ad hoc networks, administrative boundaries, and security domains.As the communication is handed off from one domain to the next, a single malicious or compromised domain can potentially compromise wireless devices through malicious downloads and misinformation or simple denial of service.
Wireless devices pass devices pass through many different, potentially non-trustworthy networks from which service is derived and data is exchanged.Information can be stolen or altered without the end user's knowledge.
Malicious hackers can compromise wireless connections even without exploiting ad hoc networks at the transport level.A malicious hacker can compromise the closest directory name services (DSN) server that routes users Web request to their favorite financial online site such that all requests to, say, Quicken.com, are redirected to the malicious hacker's site.Since the secure DNS has not been widely deployed, let alone in wireless networks, it would not be very difficult to implement such a stealthy man-in-the-middle attack
Mobile devices are vulnerable to theft or loss.Personal information is also vulnerable.In March 000, it was disclosed that AT&T and Sprint PCS were sending uses' phone numbers to the Web sites they accessed from their Web-enabled wireless phones.
Mobile e-commerce systems will introduce new security and privacy risks beyond those currently found in desktop e-commerce systems.Using wireless devices for m-commerce will result in new vulnerabilities and potentially represent a new weak link in e-commerce.Since attackers tend to exploit the weakest link in a chain, the security risks of wireless devices must be carefully analyzed and addressed.
Addressing the Software Risks
Much ado has been made about the security of wireless transport protocols such as Wireless Application Protocol (WAP).The WAP advocates argue that the Wireless Transport Security Layer (WTLS) provides a secure infrastructure for m-commerce applications.Critics have decried the infamous "WAP gap" where wireless requests to Web pages are translated at the WAP gateway from the WTLS protocol to the standard SSL protocol widely used in secure HTTP requests. In the process of translating one protocol to another, the data is decrypted and then re-encrypted. If an attacker is able to compromise the WAP gateway, then simply capturing the data when it is decrypted can compromise the secure session.In reality, these issues are red herrings that draw attention away from the more substantive vulnerabilities in m-commerce systems the software systems that run on both ends of the session.
Platform Risks
The platform or operating system that the device uses provides the basic infrastructure for running m-commerce applications.Without a secure infrastructure for computing on the device, achieving secure m-commerce may not be possible.The manufacturers of many wireless devices have ignored the lessons learned from the past and have failed to include basic operating system features necessary to enable any kind of secure computing.
To address these platform risks, the wireless device operating system needs to enforce memory protection between applications to prevent one application from spying on another. Strong authentication mechanisms such as finger print recognition system should be built in to the devices to authenticate the user to the device.
Software Application Risks
While the operating system provides the basic platform for wireless applications, the software applications that run on the device are equally important.The relation between software flaws and security vulnerabilities is well understood.The daily software bug postings to the Bug Traq list provide ample evidence of security holes introduced by software flaws.Software development for wireless devices will be no different in this respect.Flaws in logic and implementation can certainly result in security holes that will be exploited by attackers or malicious Web sites.
Security Risks of WML Script
Like the developers of the wireless device platforms, the developers of WML Script (WML Script provides a uniform interface to wireless applications among other functions) have ignored the lessons learned from the past security problems with the JavaScript and other mobile code technologies.WML Script is not a type-safe language. Personal identifying information kept on device is susceptible to unauthorized disclosure from malicious WML Script that down load and read the personal information and then ship it off to other sites.
Realizing the potential security risks of WML Script accessing a telephone's telephony functions, the Wireless Telephony Application (WTA) services rely on two assumptions to provide security.First, it is assumed the user will only visit trusted WAP gateways wherein a WTA server may run.If WAP-enabled devices and services grow as predicted, this assumption will rapidly become untenable, as many vendors will launch their own WAP gateways.The second assumption made for secure functionality is that a user will securely configure his or her device to prevent blanket permission for any WML script to access WTA functions.The WTA specifications do not specify any default permission settings.Rather, mobile service providers determine these settings.If history is any indication, service providers will preconfigure devices with liberal permissions to permit access to their own scripts without regard for other potentially malicious scripts.
Conclusion
While many of the risks of desktop Internet-based commerce will pervade m-commerce, m-commerce itself presents new risks.The nature of the medium requires a degree of trust and cooperation between member nodes in networks that can be exploited by malicious entities to deny service as well as collect confidential information and disseminate false information.Furthermore, the platforms and languages being developed for wireless devices have failed to adopt fundamental security concepts employed in the current generation of desktop machines.
Encrypted communication protocols are necessary to provide confidentiality, integrity and authentications services for m-commerce applications.
The best strategy for addressing the security and privacy risks of Internet-based content is to build security into the platform and applications themselves, rather than attempt to introduce security patches afterward.The device manufacturers and the language developers for wireless applications should leverage the decades of progress in secure operating system models and secure models of computation before going forward with business-critical and privacy-related wireless applications.Otherwise, we are doomed to repeat the mistakes of the past, and potentially take two steps backward as we move one step forward.
Personal Reflection on Authors' views and conclusion
Indeed, wireless e-commercial activities and transactions will comprise dominant section of the e-commerce industry.E-commerce has experienced may issues regarding individual privacy and ISP use of clients personal identification information. Last August 84% of ,117 Americans polled said they were concerned about their personal information on the Internet, according to The Pew Research Center, a Washington-based nonprofit group funded by Philadelphia-based The Pew Charitable Trusts. Last May, the Federal Trade Commission made its annual report to Congress about the information practices of online businesses. The report included a survey by New York-based Nielsen Media Research Inc. in which % of 40,000 people sampled said they were concerned about privacy on the Internet.
I cannot speak intelligently on the technical software and platform issues regarding m-commerce; however, the authors' view that manufactures and software developers should be proactive about hacker proofing their software applications is valid and relevant. I believe the authors' conclusion about roaming on "many different cells" is misguided.Mobile roaming is an agreement between neighboring Wireless Service Providers where neighboring provider's customers are allowed to use the other provider's cell systems. Connections are not randomly handed-off to other cell sites.Each mobile phone has a system identification code (SID) that identifies it.If a competitor's cell site does not recognize the SID code the user's connection will not be handed-off; the call or connection will be dropped.
The authors' did not mention anything about the e-commerce regulatory activities or the activities of other stakeholders than the developers, users and wireless providers.They also did not mention anything about these stakeholders' ethical responsibilities.From additional research, it is my conclusion that the authors' view disproportionately exploits the technical vulnerabilities of m-commerce and wireless devices while ignoring the contribution the FTC and other IT interest groups mandates and code of ethics.Health Insurance Portability and Accountability Act (HIPAA), the Childrens Online Privacy Act and the Gramm-Leach-Bliley Act are all laws intended to protect Internet users and their vulnerability to unethical practices that would exploit their vulnerability to e-commerce shortcomings. IT managers at large companies are already preparing for an onslaught
of regulations and standards, says Brian Tretick, principal at New York-based Ernst & Young Internationals privacy assurance and advisory services practice. Theyre conducting internal reviews to see where they may need to make improvements. And theyre already more disciplined about their information usage, he says.
There are also inputs from the following organizations.
§ The Information Systems Audit and Control Association (www.isaca.org)
in October 1 published Control Objectives for Net Centric
Technology.
§The International Standards Organization in Geneva approved ISO
177, an international security standard, early this ear.
§ The Center for Internet Security in Bethesda, Md., is planning to release security standards late this year.
While the authors' spoke intelligently on the technical aspects of m-commerce, some of the security issues they raised are not as alarming to the extent they would have them appear.Even on the issue of privacy research as show that most consumers do allow for the proper use of their personal information.Consider the following
§ Fifty-eight percent of respondents would agree to have their visits to Web sites used to personalize banner ads to them, if privacy notice and opt-out choice were provided.
§ Fifty-one percent of users would agree to have their online purchase information used to personalize banner ads to them, if privacy notice and opt-out choice were provided.
§ Fifty-three percent of users would be willing to have their offline purchase information from catalogs and stores used to personalize banner ads to them, if privacy notice and opt-out choice were provided.
§Fifty-two percent would agree to have their offline and online purchasing information combined to personalize banner ads to them, if privacy notice and opt-out choice were provided.
§ Fifty-three percent of respondents say they would agree to the combination of personal information, Web site visits, and offline and online purchases to personalize banner ads to them, if privacy notice and opt-out choice were provided.
Am I ignoring the security and privacy issues inherent in e-commerce? No, I am not ignoring these issues. But I am convinced that the industry is progressing in a positive direction.A collaborative ethical approach form each stakeholder will ensure that this convenience and consumer trend are not exploited.Monday quarterbacking is easy and convenient so I understand the authors' view but am also aware that the industry is volatile and that it is futile to attempt to stop all security abuse potential; that the weak link in a system is not always known until it is discovered.Hence, only after its discovery can efforts to strengthen it be implemented.
BIBLIOGRAPHY
Gosh, Anup K.and Tara M. Swaminatha. Communications of ACM 44 No.(001
Hemphill, Thomas A. Business and Society Review v. 105 no (Fall 000)
Radcliff, Deborah. No Laughing Matter Computerworld 56 5, no. 11 (Mar 1, 001)
Please note that this sample paper on Software Privacy is for your review only. In order to eliminate any of the plagiarism issues, it is highly recommended that you do not use it for you own writing purposes. In case you experience difficulties with writing a well structured and accurately composed paper on Software Privacy, we are here to assist you.Your cheap custom college paper on Software Privacy will be written from scratch, so you do not have to worry about its originality.
Order your authentic assignment Live Paper Helpand you will be amazed at how easy it is to complete a quality custom paper within the shortest time possible!
