Full Project – The design and development of a secure mcommerce business over global system for mobile communications GSM

Click here to Get this Complete Project Chapter 1-5

CHAPTER ONE

INTRODUCTION

1.1 BACKGROUND OF THE STUDY

Rarely has a new area of business been heralded with such enthusiasm as “mobile commerce”, that is the conduct of business and services over portable, wireless devices. Due to the astronomical growth of the internet users, maturation of the internet technologies, realization of the internet’s capabilities, the power of electronic commerce, and the promising advancement of wireless communication technologies and devices, mobile commerce has rapidly attained the business fore – front. M-commerce, although not fully mature, has the potential to make it more convenient for customers to spend money and purchase, goods and services. Since wireless devices travel with the consumer, the ability or perhaps temptation to purchase goods and services is always present. This is clearly a technique that can be used to raise revenue. Also the successful future of m-commerce depends on the power of the underlying technology drivers and the attractiveness of m-commerce applications.

M-commerce is an e-commerce with wireless access. E- Commerce is the subset of M-commerce. If one wants to operate an M-commerce site, one should make arrangement to facilitate exchange of goods and services via the site. In this regard, buyers or customers could:

View the goods and services available.
Purchase any point if goods and services using the shopping cart. Shopping cart is the electronic site like software that will pick anything you buy from the shop to shopping business.
One should have a means of making payment for goods and services selected for purchase. Typically a number of payment systems are displayed or provided and the user selects the one of most interest to him or her.

Furthermore, each payment system can operate by entirely different

Independent body and not necessary by own M-commerce exchange. Adequately arrangements are however made between the owner M-commerce exchange, the owners of goods and services market through the exchange and payment services providers. Ideally, it is the owner of the M-commerce exchange that should negotiate with each of payment service providers and (as a separate process) negotiate with goods and services provider.

OPERATION FEATURES OF M-COMMERCE

Anyone who has goods and services to market contact the M-commerce, to be included in the online database of the M-commerce exchange.
If there is an approval after processing the online form the goods and services providers is requested to provide information about goods and services and load it to the M-commerce site. Such information include name of each items, item code, brief description, unit cost, delivery items, quality discount and any other information the M-commerce exchange may deem necessary.

It is responsibility of the M-commerce exchange designs to providers a home page featuring a broad classification of goods and services offering. As the user clicks on a choice another page of tittles would come up to reappear the user to see the particular item of interest.

Before negotiating through the available goods and services a user should be requested to choose whether he or she want to view or purchase the item of interest a shopping business would be deployed were item selected by the user replace along with the individual cost and cumulative cost. When the user indicates that he has finish selection, the payment option are them displayed so the user can select a mean of payment.

The payment system operates on the total cost of the item in the shopping chart and handles all aspect of security for such online payment. Depending on the arrangement made by the M-commerce exchange operators each online payment system provider would credit the amount of online exchange operators with the payment made by the buyer less the agreed commission due to payment system provider.

In the context of M-commerce, the normal expectation is that the M-commerce exchange can be accessed via handheld or portable devices from anywhere in the world where there is internet connectivity and at any time of the day, all year round. One major advantage of M-commerce exchange concept explained above is that anyone who decides to use the exchange need not know anything about the internet but can have goods and services are marketed via the M-commerce exchange web sites. Furthermore, anyone (middle men) without their own goods and services can arrange to sell other people’s goods and services via the site. This creates job opportunity for many without transferring the responsibility of internet on online marketing directly to them.

E-commerce (electronic commerce) can be defined as the mutual exchange of perceived or monetary value by electronic means over open accessible networks. This basically means communication over the internet for some or all of the transaction processes (ARC Group 2000).

M- Commerce (M-commerce) can be defined as any transaction with added value for the user, which is carried out by means of mobile/wireless device or infrastructure (ARC Group 2000).

M-finance (m-finance) is a subset of M-commerce that offers a range of banking share dealing and insurance services (ARC group 2000). With the coming of advanced and sophisticated services, mobile communications combined with e-commerce proportions are heightening the attractiveness of M-commerce. The key drivers of this are.

Ubiquity: The anytime anywhere” advantage of M-commerce (ARC group 2000). Smart phone may fulfit the need for both real time information and communication, independent of the user’s physical location (Miiller-veerse, 2000).
Reachability: Using a mobile terminal, a user can be contacted anywhere anytime. Mobile handsets also provide users the ability to restrict their reachability to certain people (Miiller-Veerse, 2000).
Personalization: Handsets are effective personal accessories that are capable to holding data and enabling access to information and services tailored to the needs of each individual (ARC group 2000).
Localization: Nothing where the user is and providing information relating to that location adds a unique value to mobile services.
Convenience: Mobile subscribes have become accustomed to their devices that store data and are always at hand. More advanced applications are driven by technology further enabling the mobile subscriber.
Convergence: Technological applications can be decoyed on the move. This is blurring the divide between mobile phones and PCs. Even increasing sophistication and functionality sustains further handset development.
Internet Access: Instant connectivity to the internet from a mobile device is fast becoming a reality and will take off with the introduction of GPRD. This suggested that mobile devices will become the preferred means of accessing information on the internet.

However there are also several factors that may slow or constrain the progress of M-commerce. These inhibitors include the following.

Security: The public has serious concerns about the security of the internet. This has been s major constraint to consumer e-commerce. This negative perception may be transferred, or potentially magnified to the mobile arena (AGC group 2000).
Interoperability: Due to the range of handset functionalities and operating systems, there are inherent costs associated with delivering a range of services. This may determine some content providers from making the investment and carrying the overheads associated with such a service.
Usability: The internet provides rich content via the large screens and multimedia capabilities of PCs. The constraints imposed on the mobile handset might limit its appeal to users (ARC group 2000).

1.1.2 E-COMMERCE AND M-COMMERCE IN AFRICA.

The internet has been described as the great equalizer, as people can now get information about any conceivable topic at the click of a button, the limitation of this kind of information is that most of it runs over wired networks. In Africa, access to wired networks is not as readily available as in other parts of the world. Wireless networks could be the answer to delivering internet information service to the masses in Africa. Further to this, Africa has traditionally been as under –banked market, as access to bank is very limited. Combining the wireless space with m-commerce can change many of these facts. Not only can one deliver content to the users over GSM, one could also give them access to business services they never had access to before.

1.2 PROBLEM STATEMENT

With the emergence of m-commerce applications came M-finance applications. The financial sector has always put high priority on confidentiality of customer information as well as integrity of transmission data.

During investigations of M-commerce applications did security offered to financial institutions by various vendors, it has come to the attention of the author that little interest it paid to ensuring these kinds transactions. Vendors evangelize the use of GSM for new and exciting payment solutions and the security offered to the institution by using GSM as the carrier of this business.

It is widely accepted in the mobile community, and specifically by (Mynthinen, 2005. Hage, and Vyas 2001: O’ Grady, 2006) that the following services should be available when providing m-commerce opportunities to consumer. The list includes:

Confidentiality: Only the communicating parties can view the communicated data (Pahuya 2005).
Integrity: Unauthorized parties cannot alter the data without the knowledge of the communicating parties (Pahuya 2005, Behrouz 2007).
Non-Repudiation: Neither of the communicating parties can deny ever receiving or sending any of the communications between them (Behrouz, 2007).
Authentication: Each communicating party needs to be able to authenticate the other party in the communications ensuring they are who they say they are.
Authorization: Ensuring a party performing the business is entitled to perform these actions.

In their article titled “enhancing security of GSM” states that although voice data is protected on the radio link between the mobile handset and the GSM base station, there are no protection offered during the transmission of the data through the fixed network of the mobile communication provider. This fact could lead to eaves dropping of the voice data, as well as tampering with short message service (SMS) messages sent between communicating entities.

In Scmidt (2001), the author argues that although SMS messages are encrypted over the air link, it is highly accessible for attacks from the network provider side due to its store and forward technology. He also states that injection of malicious and false SMS messages is possible through poorly protected SMS gateways. This indicates that authentication, authorization, confidentiality and integrity of the SMS communications are at risk.

Different network operators implement various specifications in differing ways due to the high cost involved in securing these networks. Some networks operators even have some proprietary applications running on their networks to try and limit the cost involved in applying the GSM standards. These factors imply that one comment blindly trust the security offered by GSM and its accornpanying applications. An alternative solution is required, and this project investigates the possibilities and proposes a secure solution that is cost effective and applicable to the African environment.

OBJECTIVES OF THE STUDY

The objective of this project is to create an avenue through the web where users can logon to our server and make a selection of whatever goods they like and subsequently pay via the internet or otherwise once the good is delivered depending on the distance of the customer from the office. The home page of this web interface provides the avenue where customers will be able to gather reliable information about what we do and how to transact with us electronically.

The specific objectives of this project are:

Understanding the basic principles of information security and how to obtain them.
Analysis of the security offered by wireless application protocol (WAP).
Applying the basic principles of information security to WAP architecture in order to propose enhancement to the security of these solutions.

1.4 LIMITATIONS OF M –COMMERCE

Lack of standards, with a host of device operating systems and platforms, middleware situations and networks, make application development for the wireless internet a formidable task, versus the level operating environment of the wired web
Networks, current data speeds between 9.6 -14.4kbps are two, expensive versus fixed
Services, M –commerce has flopped in the consumer arena—or at least has failed to live up to the hype. There may be compelling reasons for business users to adopt transaction –based services offered on wireless devices, though – but the mobile commerce tools used by enterprises are nothing like the services pitched to consumer.

1.5 SCOPE OF WORK

This Project only focuses on online business and security of current GSM applications. These include:

GSM security in both over- the air and the fixed network.
Buying products online.

This project specifically only covers online business applications running over GSM. The customers do however have access to GSM technology and handsets. These handsets are usually not capable of accommodating advanced technologies like GPRS etc.

This project does not evaluate future technologies like GPRS. EDGE UMTS, as the author is of the opinion that these are merely different bearer channels and that the arguments described in this project will still hold.

1.6 ASSUMPTIONS FOR THE PROJECT

Some assumptions have been made in writing this project in order to limit the scope of the work. These assumptions are listed below in no specific order. Assumptions made in writing this project include:

Any information or business data flowing across an internet protocol network (IP) is secure. As there are numerous well known mechanisms for securing of data traversing IP networks, it is felt that they are outside of the scope of this project. Some examples include IP security (IP sec) and the secure socked layer (SSL).
The backbone networks of businesses are secure. Although this might not always be the case, for the sake of highlighting the relevant security vulnerabilities in m-commerce this assumption had to be made.
Any party that has a communication channel to business has to pass their network traffic through the firewall of that company.

Get the Complete Project

This is a premium project material and the complete research project plus questionnaires and references can be gotten at an affordable rate of N3,000 for Nigerian clients and $8 for international clients.

Click here to Get this Complete Project Chapter 1-5

You can also check other Research Project here: