1. INTRODUCTION
Without ways to conduct
secure commercial information exchange and safe electronic financial
transactions over mobile networks, neither service providers nor
potential customers will trust mobile commerce. Various mobile security
procedures and payment methods have been proposed and applied to mobile
commerce. A secure mobile commerce
system must have the following properties: (i) confidentiality, (ii)
authentication, (iii) integrity, (iv) authorization, (v) availability,
and (vi) non-repudiation. A discussion of the security issues related to
the three network paradigms, wireless local area networks, wireless
wide area networks, and WAP, is also included. Among the many themes of
mobile commerce security, mobile payment methods are probably the most
important. A typical mobile payment process includes: (i) registration,
(ii) payment submission, (iii) authentication and authorization by a
content provider, and (iv) confirmation.
2. WIRELESS NETWORKS
Network infrastructure provides essential voice
and data communication capability for consumers and vendors in
cyberspace. As part of the evolution from electronic commerce (EC) to
mobile commerce (MC), it is necessary for the existing wired network
infrastructure, i.e. the Internet, to be augmented by a series of
wireless networks that support mobility for end users. Wireless
networking technologies are advancing at a tremendous pace and each
represents a solution for a certain phase, whether 1G, 2G, and 3G, in a
particular geographical area such as the United States, Europe, or
Japan. In this section, they will be categorized in terms of their radio
coverage as wireless local area networks, wireless metropolitan area
networks, or wireless wide area networks.
Mobile Middleware
The term middleware refers to the software layer
that lies between the operating system and the distributed applications
that interact via the networks. The primary mission of a middleware
layer is to hide the underlying networked environment's complexity by
insulating applications from explicit protocols designed to handle
disjoint memories, data replication, network faults, and parallelism .
Mobile middleware translates requests from mobile stations to a host
computer and adapts content from the host to the mobile station (Saha,
Jamtgaard, & Villasenor, 2001).
WAP and i-mode
According to an article "Frequently asked
questions about NTT-DoCoMo's i-mode" (Eurotechnology Japan K.K., n.d.),
60 percent of the world's wireless Internet users use i-mode, 39 percent
use WAP, and 1 percent use Palm middleware in 2002. Table 1 compares i-mode and WAP, along with details of each.
WAP (Wireless Application Protocol). WAP (2003)
is an open, global specification that allows users with mobile stations
to easily access and interact with information and services instantly.
It is a very flexible standard including most wireless networks, which
comprise CDPD, CDMA, GSM, PDC, PHS, TDMA, FLEX, ReFLEX, iDEN, TETRA,
DECT, DataTAC, Mobitex, and GRPS. It is supported by most operating
systems and was specifically engineered for mobile stations, including
PalmOS, EPOC, Windows CE, FLEXOS, OS/9, and JavaOS. The most important
technology applied by WAP is probably the WAP Gateway, which translates
requests from the WAP protocol stack to the WWW stack so they can be
submitted to Web servers. For example, requests from mobile stations are
sent as a URL through the network to the WAP Gateway; responses are
sent from the Web server to the WAP Gateway in HTML and are then
translated to WML and sent to the mobile stations. Although WAP supports
HTML and XML, its host language is WML (Wireless Markup Language),
which is a markup language based on XML that is intended for use in
specifying content and user interfaces for mobile stations. WAP also
supports WMLScript, which is similar to JavaScript but makes minimal
demands on memory and CPU power because it does not contain many of the
unnecessary functions found in other scripting languages.
Table 1. Comparisons of two major kinds of mobile middleware
| | WAP | i-mode |
|---|
| Developer | WAP Forum | NTT DoCoMo |
| Function | A protocol | A complete mobile Internet service |
| Host Language | WML (Wireless Markup Language) | CHTML (Compact HTML) |
| Major Technology | WAP Gateway | TCP/IP modifications |
| Key Features | Widely adopted and flexible | Highest number of users and easy to use |
i-mode.
i-mode (NTT DoCoMO, Inc. n.d.) is the full-color, always-on, and
packet-switched Internet service for cellular phones offered by NTT
DoCoMo. Introduced in February 1999, it has attracted over 36 million
subscribers worldwide. With i-mode, cellular phone users can easily
access more than 62,000 Internet sites, as well as specialized services
such as e-mail, on-line shopping and banking, ticket reservations, and
personalized ringtones that can be downloaded for their phones. The
i-mode network structure not only provides access to i-mode and
i-mode-compatible contents through the Internet, but also uses a
dedicated leased-line circuit for added security. i-mode is the only
network in the world that currently allows subscribers continuous access
to the Internet via cellular phones. Users are charged based on the
volume of data transmitted, rather than the amount of time spent
connected. In spring 2001, NTT DoCoMo introduced its next-generation
mobile system, based on wideband CDMA (W-CDMA), which can support speeds
of 384Kbps or faster, allowing users to download videos and other
bandwidth-intensive content with its high-speed packet data
communications.
Implementation
Both WAP and i-mode are built on top of
existing network protocols such as Internet Protocol (IP) and
Transmission Control Protocol (TCP). IP provides a network routing
service for upper layer protocols like TCP, which transports data
reliably between two end parties of a network connection. This reliable
data delivery service is crucial to the success of transactions in
mobile commerce systems. In a wireless environment, IP and TCP require
significant modification in order to adapt to features like mobility and
radio communication.
Mobile IP. Mobile IP (The IETF Working Group, 2003)
defines enhancements that permit Internet Protocol (IP) nodes (hosts
and routers) using either IPv4 or IPv6 to seamlessly "roam" among IP
subnetworks and media types. It supports transparency above the IP
layer, including the maintenance of active TCP connections and UDP port
bindings. Two types of mobile-IP capable router, home agent (HA) and
foreign agent (FA), are defined to assist routing when the mobile node
is away from its home network. All datagrams destined for the mobile
node are intercepted by HA and tunneled to FA. FA then delivers these
packets to the mobile node through a care-of-address established when
the mobile node is attached to FA.
TCP for mobile networks. Transmission Control
Protocol (TCP) was designed for reliable data transport on wired
networks and its parameters have been fine-tuned for such environments.
As a result, when it is applied directly to mobile networks, TCP
performs poorly due to factors such as the error-prone nature of data
transmission on wireless channels, which often suffer from frequent
handoffs and disconnections. In order to optimize reliable data
transport performance, a number of variants of TCP have been suggested
for mobile networks. An idea proposed by Yavatkar and Bhagawat (1994)
was to split the path between the mobile node and the fixed node into
two separate sub-paths: one of which covers the wireless links and the
other the wired links. This approach limits the TCP performance
degradation to that incurred in the "short" wireless link connection.
The "packet caching" scheme proposed by Balakrishnan et al. (1995) tries to reduce the TCP retransmission overhead due to handoff, while the "fast retransmission" scheme suggested by Caceres and Iftode (1996)
utilizes the fast retransmission option immediately after handoff is
completed to achieve smooth TCP performance during handoff.
Wireless Local Area Networks
Devices used in wireless local area network (WLAN)
technologies are light-weight, portable, and flexible in network
configuration. As a result, WLANs are suitable for office networks, home
networks, personal area networks (PANs),
and ad hoc networks. In a one-hop WLAN environment, where an access
point (AP) acting as a router or switch is a part of a wired network,
mobile devices connect directly to the AP through radio channels and
data packets are relayed by the AP to the other end of a network
connection. If no APs are available, mobile devices can form a wireless
ad hoc network among themselves and exchange data packets or perform
business transactions as necessary.
Table 2. Major WLAN standards
| Standard | Maximum Data Rate | Typical Range (m) | Modulation | Frequency Band |
|---|
| Bluetooth | 1 Mbps | 5 – 10 | GFSK | 2.4 GHz |
| 802.11b (Wi-Fi) | 11 Mbps | 50 – 100 | HR-DSSS | 2.4 GHz |
| 802.11a | 54 Mbps | 50 – 100 | OFDM | 5 GHz |
| HyperLAN2 | 54 Mbps | 50 – 300 | OFDM | 5 GHz |
| 802.11g | 54 Mbps | 50 – 150 | OFDM | 2.4 GHz |
In Table 2,
major WLAN technologies are compared in terms of their maximum data
transfer rate (channel bandwidth), typical transmission range,
modulation techniques, and operational frequency bands. The various
combinations of modulation schemes and frequency bands make up different
standards, resulting in different throughputs and coverage ranges.
In general, Bluetooth technology supports very
limited coverage range and throughput and is thus only suitable for
applications in personal area networks. In many parts of the world, the
IEEE 802.11b (Wi-Fi) system has become the most popular wireless network
and is widely used in offices, homes, and public spaces such as
airports, shopping malls, and restaurants. However, many experts predict
that with their much higher transmission speeds, 802.11a and 802.11g
will replace 802.11b in the near future.
Wireless Metropolitan Area Network
The most important technology in this category
is the cellular wireless network, with which cellular system users can
conduct mobile commerce operations using their cellular phones. Under
this scenario, a cellular phone connects directly to the closest base
station, where communications are relayed to the service site through a
radio access network (RAN) and other fixed networks. Originally designed
for voice-only communication, cellular systems are evolving from analog
to digital, and from circuit-switched to packet-switched networks, in
order to accommodate mobile commerce and other data applications. Table 3
lists the classifications of standards in first generation (1G), second
generation (2G, 2.5G), and third generation (3G) wireless cellular
networks. 1G systems such as the advanced mobile phone system (AMPS) and
total access control system (TACS) are becoming obsolete, and thus will
not play a significant role in mobile commerce systems. The global
system for mobile communications (GSM) and its enhancement general packet radio service (GPRS)
have primarily been developed and deployed in Europe. GPRS can support
data rates of only about 100 kbps, but its upgraded version—enhanced
data for global evolution (EDGE)—is capable of supporting 384 kbps. In
the United States, wireless operators use time division multiple access (TDMA) and code division multiple access (CDMA) technologies in their cellular networks.
Table 3. Major cellular wireless networks
| Generation | Radio Channels | Switching Technique | Standards (Examples) |
|---|
| 1G | Analog voice channels Digital control channels | Circuit-switched | AMPS TACS |
| 2G | Digital channels | Circuit-switched | GSM TDMA |
| Packet-switched | CDMA |
| 2.5G | Digital channels | Packet-switched | GPRS EDGE |
| 3G | Digital channels | Packet-switched | CDMA2000 WCDMA |
| 4G | Digital channels | Packet-switched | WiMAX |
Currently, most cellular wireless networks
follow 2G or 2.5G standards. However, there is no doubt that in the near
future, 3G systems with quality-of-service (QoS) capability will
dominate wireless cellular services. The two main standards for 3G are Wideband CDMA (WCDMA),
proposed by Ericsson, and CDMA2000, proposed by Qualcomm. Both use
direct sequence spread spectrum (DSSS) in a 5-MHz bandwidth. Technical
differences between them include their different chip rate, frame time,
spectrum used, and time synchronization mechanism. The WCDMA system can
inter-network with GSM networks and has been strongly supported by the
European Union, which calls it the Universal Mobile Telecommunications System (UMTS). CDMA2000 is backward-compatible with IS-95, which is widely deployed in the United States.
In a wireless cellular system, a wired network
known as a radio access network (RAN) is employed to connect radio
transceivers with core networks. Two examples of existing RAN
architectures are UTRAN (UTRAN overall description, 1999) and IOS (MSC to BS interface inter-operability specification, 1999).
Since UTRAN is the new radio access network designed especially for 3G
UMTS, the universal mobile telecommunications system, it deserves
further description.
The architecture and components of UMTS and UMTS Terrestrial Radio Access Network (UTRAN) are shown in Figure 1 (Vriendt et al., 2002).
At the highest level, the UMTS network structure consists of the core
network and UTRAN. The network subsystem (NSS) of GSM/GPRS is reused as
much as possible in the UMTS core network. Two service domains are
supported in the core network, circuit switching (CS) and packet
switching (PS). By moving the NSS transcoder function from the base
station subsystem to the core network, CS provides voice and
circuit-switched data services. Evolving from GPRS, the packet-switched
service provided by PS optimizes functional relationships between the
core network and UTRAN. UTRAN consists of radio network subsystems
(RNS), each of which contains one radio network controller (RNC) and at
least one Node B (base station). The RNC controls the logical resources
for Node Bs in the UTRAN, while the Node Bs in turn manage radio
transmission and reception for one or more cells and provide logical
resources to the RNC.
Wireless Wide Area Networks
In large geographic areas that lack the
infrastructure of wireless cellular networks, satellite systems can be
utilized to provide wireless communication services. Communication
through satellites is very similar to the scenario in cellular systems,
apart from the differences in transmission distance and coverage range.
For example, a user in an airplane can use a satellite communication
system to conduct mobile commerce transactions. The messages will first
be sent to a base station then forwarded to service provider sites.
Satellite systems are generally categorized by the height of the orbit. Table 4 summaries their characteristics.
Table 4. Major satellite systems
| Satellite System | Height of Orbit (km) | Coverage | Latency (ms) |
|---|
| Geosynchronous Earth Orbit (GEO) | 35,863 | 1/3 of earth surface | 270 |
| Medium Earth Orbit (MEO) | 5,000 – 12,000 | A few thousand kilometers | 35 – 85 |
| Low Earth Orbit (LEO) | 500 – 1,500 | Two thousand kilometers | 1 – 7 |
In general, there are
three communication configurations in satellite systems: point-to-point
links, broadcast links, and VSAT. Point-to-point link configuration
means two ground-based antennas establish a point-to-point link through a
satellite. Broadcast links are configured so that a single ground-based
transmitter can establish a multicast channel with a number of
ground-based receivers through the satellite. When subscriber stations
are equipped with a low-cost very small aperture terminal (VSAT)
system, they share satellite transmission capacity for transmission to a
hub station and the hub station can exchange and relay messages between
subscribers. VSAT can thus provide two-way communication among
subscribers.
