Addressing the Security-Privacy Paradox in E- and M-Commerce · including SAP, Oracle, PeopleSoft,...
Transcript of Addressing the Security-Privacy Paradox in E- and M-Commerce · including SAP, Oracle, PeopleSoft,...
Stefan Weiss
Deloitte & Touche GmbH Johann Wolfgang Goethe Universität, Frankfurt am Main
Security Services Group Mobile Commerce & Multilateral Security
January 10, 2006
University of St. Gallen, Switzerland
Addressing the Security-Privacy Paradoxin E- and M-Commerce
Security and Privacy in E- and M-Commerce2 ©2005 Johann Wolfgang Goethe Universität
Johann Wolfgang Goethe University, Frankfurt am MainM-Commerce and Multilateral Security
Prof. Dr. Kai Rannenberg
• from 1999-2002: Microsoft Research Cambridge UK, responsible for “Personal Security Devices and Privacy Technologies“;
• since 2002: Professor of the T-Mobile Chair for Mobile Commerce and Multilateral Security
Research Topics
• Multilateral security–Security and privacy
–Personal devices
• Mobile life and work–M-Payment/M-Brokerage
–Portals for mobility
–Location based services
• Infrastructures–Combination, integration, regulation
• Application-oriented research
T-Mobile Chair for Mobile Commerce and Multilateral Security at the Johann Wolfgang Goethe University in Frankfurt/Main
Security and Privacy in E- and M-Commerce3 ©2005 Johann Wolfgang Goethe Universität
DeloitteSecurity Services Group
CapabilitiesCapabilitiesMore than 1000 Security Practitioners
world-wide• North America• Europe• Asia-Pacific• Latin America
Industry, Process and Policy ExpertiseExtensive Architecture Experience
• SAP and other ERPs• Directory Technologies• Identity Management• eBusiness, Supply-Chain, Exchanges• Technology Infrastructure• Data Quality
Security R & D Technology CentersStrategic Vendor Relationships
More than 1000 Security Practitioners world-wide
• North America• Europe• Asia-Pacific• Latin America
Industry, Process and Policy ExpertiseExtensive Architecture Experience
• SAP and other ERPs• Directory Technologies• Identity Management• eBusiness, Supply-Chain, Exchanges• Technology Infrastructure• Data Quality
Security R & D Technology CentersStrategic Vendor Relationships
ServicesServices
Security Strategy• Define Security Strategy• Implement Security Program and
Organization• Define and Implement Security
Policies/StandardsApplication Integrity
• Implement Security and Controls in ERP and E-Business Application Implementations including SAP, Oracle, PeopleSoft, Siebel, JD Edwards, and Ariba
Identity Management• Implement Identity Management Solutions
and Single Sign-On Technologies• Implement User Directories
Infrastructure Security• Perform Risk Assessments • Develop and Enforce Security Policy• Perform Attack & Penetration Testing• Design and Implement Infrastructure
Security SolutionsPrivacy
• Perform Diagnostics and Gap Analysis• Design Global Privacy Strategies/Roadmaps• Implement Privacy Solutions
Security Strategy• Define Security Strategy• Implement Security Program and
Organization• Define and Implement Security
Policies/StandardsApplication Integrity
• Implement Security and Controls in ERP and E-Business Application Implementations including SAP, Oracle, PeopleSoft, Siebel, JD Edwards, and Ariba
Identity Management• Implement Identity Management Solutions
and Single Sign-On Technologies• Implement User Directories
Infrastructure Security• Perform Risk Assessments • Develop and Enforce Security Policy• Perform Attack & Penetration Testing• Design and Implement Infrastructure
Security SolutionsPrivacy
• Perform Diagnostics and Gap Analysis• Design Global Privacy Strategies/Roadmaps• Implement Privacy Solutions
Security and Privacy in E- and M-Commerce4 ©2005 Johann Wolfgang Goethe Universität
Basics on E-Commerce and M-Commerce
Security
Addressing Security and Privacy in M-Commerce
M-Commerce Example: Reachability Management
Conclusion
Privacy
The Security-Privacy Paradox
Agenda
Security and Privacy in E- and M-Commerce5 ©2005 Johann Wolfgang Goethe Universität
Basics on E-Commerce and M-CommerceDefinition
• E-Commerce or Electronic Commerce consists primarily of the distributing, buying, selling, marketing, and servicing of products or services over electronic systems such as the Internet and other computer networks
• M-Commerce or Mobile Commerce stands for electronic commerce enabled through mobile devices or in our definition as:
“The usage of mobile terminals and communication and interaction possibilities for mobile applications and business areas”
Security and Privacy in E- and M-Commerce6 ©2005 Johann Wolfgang Goethe Universität
E-CommerceBackground
• Originally, „electronic commerce" meant the facilitation of commercial transactions electronically, using technology like Electronic Data Interchange (EDI, introduced in the late 1970s) which describes the computer-to-computer exchange of structured information
• Later it came to include activities more precisely termed "Web Commerce" – the purchase of goods and services over the World Wide Web
• Only after the development of secure transmission protocols (HTTPS), the importance of E-Commerce through the Internet gained importance for commercial enterprises
• The low penetration rates of Internet access in Third-World countries are preventing the world-wide spread of E-Commerce
Concerns over security are still preventing a stronger general acceptance of E-Commerce
Security and Privacy in E- and M-Commerce7 ©2005 Johann Wolfgang Goethe Universität
M-CommerceBackground
• Mobile Commerce historically came into being during the late 1990s (dotcom boom) while the first new mobile telephony applications were developed
• Large investments by cellphone providers were made during the past years for example in UMTS and 3G licenses and in building appropriate provider architectures to enable mobile services
• Examples for M-Commerce applications are on-demand services like news and stock quoting services, location-based services, SMS and banking or brokerage applications
• Practically anyone’s geographic location can now be determined through mobile devices
• Mobile devices like a mobile phone or a PDA have become personalitems and have changed the way we communicate
As someone’s mobile device has become a true personal item (similar for example to your wallet or house keys) and location-based services have become an important M-Commerce service, privacy has become one of the top user concerns
Security and Privacy in E- and M-Commerce8 ©2005 Johann Wolfgang Goethe Universität
Basics on E-Commerce and M-CommerceEconomic characteristics
E-Commerce M-Commerce
Advantages
Automation Location independence
Time flexibility Personalisation
Interactivity Continuous connectivity
Individualisation Context sensitivity
Easy and low-cost usage Comfortable, light-weighted devices
Disadvantages
Dependence on Internet access / locationDevice restrictions require simple applications
Commerce typically limited to low-value items
High initial costs for providers
Security and privacy issues Security and privacy issues
Security and Privacy in E- and M-Commerce9 ©2005 Johann Wolfgang Goethe Universität
• 87% of the interviewed E-Commerce users name the security of their personal and financial data as the most important pre-requisite to transact with the E-Commerce provider
• 59% regard the transfer of one‘s own personal information to less known companies on the Internet as the biggest perceived problem during E-Commerce transactions
• 68% stop the online purchase pre-maturely if the E-Commerce provider is perceived as non-trustworthy
Basics on E-Commerce and M-CommerceWhy is security and privacy important?
Source:
Marktforschungs- und Beratungsunternehmen Fittkau & Maaß,
16. w3B-Studie 2003
Security and Privacy in E- and M-Commerce10 ©2005 Johann Wolfgang Goethe Universität
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
no busin
ess r
ules
regulat
oryde
ficits
uncle
ar leg
al sta
tus
repud
iation
no co
nfiden
tial
commun
icatio
n
Source: Electronic Commerce Enquête, Universität Freiburg, 1998(32 options + free text for choice, 6 options listed with highest accordance)
71.7%70.0% 66.8% 65.5% 63.8%
ungu
arante
edpa
ymen
ts
65.9%
Basics on E-Commerce and M-CommerceLack of security and privacy are usage barriers
Security and Privacy in E- and M-Commerce11 ©2005 Johann Wolfgang Goethe Universität
“Trust is the real value of the internet.”
Scott McNealy, CEO Sun Microsystems
Security and Privacy in E- and M-Commerce12 ©2005 Johann Wolfgang Goethe Universität
Basics on E-Commerce and M-Commerce
Security
Addressing Security and Privacy in M-Commerce
M-Commerce Example: Reachability Management
Conclusion
Privacy
The Security-Privacy Paradox
Agenda
Security and Privacy in E- and M-Commerce13 ©2005 Johann Wolfgang Goethe Universität
GOALS
SECURITY GOALS
Availability
Accountability
Confidentiality
Integrity
Assurance
SECURITY
Security is defined as a condition of a system that results from the establishmentand maintenance of measures to protect that system (RFC 2828).
Broadly speaking, security is keeping anyone from doing things you don’t want them to do, with, or from your computers, networks, applications or any peripherals. A secure system is one that you can trust with sensitive information.
Security can be characterised by a set of interdependent goals that include:
•Confidentiality
•Integrity
•Availability
•Accountability
•Assurance
SecurityWhat is security?
RFC 2828 – Request for Comment in the Internet Security Glossary
Security and Privacy in E- and M-Commerce14 ©2005 Johann Wolfgang Goethe Universität
SECURITY GOALS
Availability
Accountability
Confidentiality
Integrity
Assurance
CONFIDENTIALITY(of data and system information)
Confidentiality is the assurance that information is not disclosed to inappropriate entities (FIPS 140). Confidentiality protection applies to data in storage, during processing and while in transit.
Why preserve confidentiality…
•Protect intellectual capital
•Avoid legal liability due to unauthorised disclosure of personal data
•Maintain competitive advantage
•Maintain public trust and image
•Avoid financial losses as a consequence of unauthorised access to proprietary information
FIPS 140 – Federal Information Processing Standards Publication 140
SecurityWhat is confidentiality?
Security and Privacy in E- and M-Commerce15 ©2005 Johann Wolfgang Goethe Universität
INTEGRITY(of system and data)
Integrity refers to the correctness and appropriateness of the content and/or source of a piece of information (FCv1) in two facets:
•Data integrity – data has not been altered in an unauthorised manner while in storage, processing, or in transit
•System integrity – the system performs its intended function in an unimpaired manner, free from unauthorised manipulation
Why preserve integrity…
•Avoid financial, reputation and/or legal losses due to
- the processing, dissemination and transmission of incorrect or incomplete data
- reduced product quality as a consequence of data corruptions or unauthorised changes
- business decisions that are based on inaccurate information
- data alteration while in storage or transit
SECURITY GOALS
Availability
Accountability
Confidentiality
Integrity
Assurance
FCv1 – Federal Criteria Volume 1
SecurityWhat is integrity?
Security and Privacy in E- and M-Commerce16 ©2005 Johann Wolfgang Goethe Universität
AVAILABILITY(of systems and data for intended use only)
Availability is the property of a system or a system resource being accessible and usable upon demand by an authorised entity, according to performance specifications for the system (RFC 2828).
Why ensure availability…
•Avoid losses due to the inability to process transactions
•Avoid contractual penalties due to the inability to meet service levels
•Ensure service continuity
•Avoid negative publicity or sentiment due to lack of service availability
•Meet deadlines and obligations in a timely manner
SECURITY GOALS
Availability
Accountability
Confidentiality
Integrity
Assurance
SecurityWhat is availability?
Security and Privacy in E- and M-Commerce17 ©2005 Johann Wolfgang Goethe Universität
ACCOUNTABILITY(to the individual level)
Accountability is the property of a system (including all of its system resources) that ensures that the actions of an entity may be traced uniquely to that entity, which can be held responsible for its actions (RFC 2828).
Why ensure accountability…
•Prevent and/or deter fraud
•Facilitate legal action when required by providing irrefutable evidence
•Ensure traceability of actions
•Facilitate segregation of duties
•Meet statutory and/or regulatory obligations
SECURITY GOALS
Availability
Accountability
Confidentiality
Integrity
Assurance
SecurityWhat is accountability?
Security and Privacy in E- and M-Commerce18 ©2005 Johann Wolfgang Goethe Universität
ASSURANCE(that the other 4 goals have been adequately met)
Assurance is the basis for confidence that the security measures, both technical and operational, work as intended to protect the system and the information it processes (ITSEC and IATF).
Why assurance…
Assurance* is essential; without it the other goals cannot be met with absolute certainty:
•The required functionality is present and working according to specification,
•There is sufficient (proportional to risk being managed) protection against unintentional errors (by users or software), and
•There is sufficient (proportional to risk being managed) resistance to intentional penetration or by-pass.
SECURITY GOALS
Availability
Accountability
Confidentiality
Integrity
Assurance
*The amount of assurance needed varies between systems and depends on the sensitivity of data within that system and that system’s criticality in the context of the enterprise.
SecurityWhat is assurance?
ITSEC - European Information Technology Security Evaluation CriteriaIATFF – Information Assurance Technical Framework Forum
Security and Privacy in E- and M-Commerce19 ©2005 Johann Wolfgang Goethe Universität
SECURITY GOALS
Availability
Accountability
Confidentiality
Assurance
Confidentiality is dependent on Integrity in that if the integrity of the system is lost, then there is no longer a reasonable expectation that the confidentiality mechanisms are still valid.
Integrity is dependent on Confidentiality in that if the confidentiality of certain information is lost (e.g., the administrative password), then the integrity mechanisms are likely to be by-passed.
Availability and Accountability are dependent on Confidentiality and Integrity in that:
1. If confidentiality is lost for certain information (e.g., administrative password), the mechanisms implementing these objectives are easily by-passable.
2. If system integrity is lost, then confidence in the validity of the mechanisms implementing these objectives is also lost.
All of these objectives are interdependent with Assurance. When designing a system, an architect or engineer establishes an assurance level as a target. This target is achieved by:
1. defining and meeting the functionality requirements in each of the other four objectives and
2. doing so with sufficient ‘quality’.
Assurance highlights the fact that for a system to be secure, it must not only provide the intended functionality, but also ensure that undesired actions do not occur.
1
2
3
4
13
3
3
3
4
Integrity2
44 4
Source: NIST (National Institute for Standards and Technology) – Underlying technical models for information Technology Security (May 2001).
SecurityInterdependency of all 5 security goals
Security and Privacy in E- and M-Commerce20 ©2005 Johann Wolfgang Goethe Universität
Class of Threat
ThreatAccidental
ThreatsIntentional
ThreatsPassive Threats
Active Threats
Modification of data in transit or in storage
Denial of Service
Theft of information
Unauthorised use of resources
Impersonation of user or service
Eavesdropping
Introduction of Malicious code
Misuse of access privileges
CLASSES OF THREATS INCLUDE THE FOLLOWING:
Accidental threats
•Losses due to malfunction of error
Intentional threats
•Intentional damage or corruption of assets, sabotage
Passive threats
•Those that do not change the state of the system (these may include the loss of confidentiality but not of integrity or availability)
Active threats
•Those that change the state of the system (this includes changes to data and to software)
SecurityIt’s all about realising goals and managing threats
Security and Privacy in E- and M-Commerce21 ©2005 Johann Wolfgang Goethe Universität
Basics on E-Commerce and M-Commerce
Security
Addressing Security and Privacy in M-Commerce
M-Commerce Example: Reachability Management
Conclusion
Privacy
The Security-Privacy Paradox
Agenda
Security and Privacy in E- and M-Commerce22 ©2005 Johann Wolfgang Goethe Universität
“You have zero privacy anyway. Get over it.”
Scott McNealy, CEO Sun Microsystems
Security and Privacy in E- and M-Commerce23 ©2005 Johann Wolfgang Goethe Universität
PrivacyHow to define privacy?
• Many interpretations:
– EU Data Protection Directive
– Canadian Standards Association’s Model for the Protection of Personal Information
– Gramm-Leach-Bliley Act
– Federal Trade Commission
• All are concerned with what you can or cannot do with personal information, what protections must be provided, and how the rights of the individual are affected and enforced.
• Fundamental cultural/legal tensions:
* IN THE U.S. ** IN THE U.S. *The prevailing concept is that once an
individual provides personal information to an organisation, the
organisation becomes the data owner.Barring any sector specific privacy legislation, the organisation can
determine the use of that information.
* OUTSIDE THE U.S. ** OUTSIDE THE U.S. *The prevailing concept is that the data
subject retains the rights to his/her personal information.
The organisation has the responsibilities of a custodian for
protecting the personal information and using it only in accordance with
the rights conveyed by the individual.
Security and Privacy in E- and M-Commerce24 ©2005 Johann Wolfgang Goethe Universität
PrivacyExamples for Privacy Definitions
• “Privacy is the right to be left alone without unwarranted intrusion by government, media, or other institutions or individuals.“Columbia University Press, Encyclopedia, 2005.
• “Privacy typically applies to the information-handling practices of an organisation and the processing of personal information through all stages of its (the information’s) life cycle, including collection, recording, organisation, storage, adaptation as alteration, retrieval, consultation and use, disclosure and dissemination, and erasure or destruction.”Tretick, B., “Can you keep a secret?” Intelligent Enterprise, January 2001, 68.
• “Privacy is an interaction, in which the information rights of different parties collide. The issue is of control over information flow by parties that have different preferences over information permeability.”Noam, E.M., “Privacy and Self-Regulation: Markets for Electronic Privacy, in Privacy and Self-Regulation in the Information Age”, 1997, US Department of Commerce.
Security and Privacy in E- and M-Commerce25 ©2005 Johann Wolfgang Goethe Universität
Personal information is defined as any information relating to an identified or identifiable natural person. Examples include:
PERSONAL
• Name, Gender, Date of birth• Home address, Personal telephone number or Email• Social security number (or any other government identifier)• Biometric identifier• Photograph or video identifiable to an individual• Behavioral information (e.g., in a CRM system)
HEALTH
• Medical records, Health plan beneficiary information• Physical or mental health information• Provided health services or any information collected during the health
service
FINANCIAL• Account numbers (bank accounts, credit cards, etc.)• Financial history• Salary information
SENSITIVE
• Racial or ethnic origin• Religious or philosophical beliefs• Trade-union membership• Sexual orientation• Offenses, criminal convictions or security measures• Combinations of certain information (e.g., name and SSN)
PrivacyWhat is considered to be personal information?
Security and Privacy in E- and M-Commerce26 ©2005 Johann Wolfgang Goethe Universität
PrivacyFair Information Practices (FIPs)
• Collection Limitation• Data Quality• Purpose Specification• Use Limitation• Security Safeguards• Openness• Individual Participation• Accountability
In 1980, the Fair Information Practices, developed by the OECD, were the first attempt to give recommendations on how enterprises should protect a person’s privacy.
They included the following 8 principles:
Security and Privacy in E- and M-Commerce27 ©2005 Johann Wolfgang Goethe Universität
PrivacyEU Privacy Directive 95/46/EC
• Data quality
• Legitimate data processing
• Processing of special data categories
• Information to be given to the data subject
• Data subject‘s right to access data
• Specific exemptions and restrictions
• Data subject‘s right to object
• Confidentiality and security of processing
• Notification
• Judicial remedies, liability and sanctions
• Transfer of personal data to third countries
• Codes of conduct
• Supervisory authority and implementing measures
The EU Privacy Directive is much more detailed and includes veryspecific requirements for the following topics:
Security and Privacy in E- and M-Commerce28 ©2005 Johann Wolfgang Goethe Universität
PrivacyPrivacy Standardisation Activities
• Privacy Framework
• Privacy Reference Architecture
• Specific Privacy-Enhancing Technologies (PETs)
• Privacy Management
• Privacy Impact Assessments
There are various national and global standardisation initiatives underway that currently study and develop privacy standards.
For example, the ISO/IEC JTC 1/SC 27 (International Organisation for Standardisation) is currently performing a study on privacy standardisation.
Possible areas for privacy standardisation could be:
Security and Privacy in E- and M-Commerce29 ©2005 Johann Wolfgang Goethe Universität
BRAND RISK
• Risk to brand from privacy breach
• Potential inconsistencies between policies and practices
• Comparison against privacy practices of competitorsand other cohorts
• Employees based around the globe and data distributed throughout the organisation
• Requires localised and tailored approach
• Multiple jurisdictions of privacy regulations
• Dynamic and aggressive legislative stance
• Managing relationships with regulators (e.g. Data Protection Authorities)
EmployeeData Mgmt
IncreasedRegulation
Customer/Employee Sensitivity
• Existing privacy policies as well as customer and employee expectations
• Differing cultural perspectives and expectations
• Procedures for responding to privacy complaints
• Relationships with service providers, vendors, and partners
• Inconsistent implementation of privacy practices among independent organisations
• Who has responsibility and associated liability for privacy?
• ERP systems aggregate personal information from throughout the organisation
• M-Commerce applications interact with users and distribute data to various parties
• Use of personalisation technologies such as online profiles, cookies, smart tags, session identifiers, etc.
• CRM and HRIS systems centralise customer/employee data from around the world into global data centres
• Increased cross-border data flows
• Difficult to identify source of personal information and associated privacy obligations
Globalisation
Advances in
Technology
ExtendedEnterprise
PrivacyBusiness Drivers for Privacy
Security and Privacy in E- and M-Commerce30 ©2005 Johann Wolfgang Goethe Universität
??
?? ??
??
An adequate understanding of the movement of personal information must be gained:
– What data exists?
– How is it collected?
– How is it protected?
– Where is it stored?
– How is the data used?
– Who do you share it with?
– How is it destroyed?
PrivacyData life cycle issues have to be managed
Security and Privacy in E- and M-Commerce31 ©2005 Johann Wolfgang Goethe Universität
CollectionPersonal information from either the individual directly, such as a web form, or from another party, such as a business partner.
DestructionA phase of the data lifecycle that pertains to how the company removes or destroys an individual’s personal information.
Use/TransferA phase of the data lifecycle that pertains to what the company does with an individual’s personal information.
StorageA phase of the data lifecycle that pertains to the actual storing of an individual’s personal information.
- Consumer data collected
- Collection methods
- Entities that collect data
- Consumer data stored
- Storage locations
- Storage media
- Business use of data
- Data transactions,analysis, etc.
- Data transfer between entities.
- Retention periods
- Entities that destroy data
- Destruction requirements
- Notice- Choice- Access- Security- Information
Management- Monitoring &
Enforcement
-Access- Security- Information
Management- Monitoring &
Enforcement
- Access- Transfer- Security- Information
Management- Monitoring &
Enforcement
- Security- Monitoring &
Enforcement
Sample attributes in each phase of the data lifecycle :
Privacy principles mapped to phases of the data lifecycle:
Establish Intended Use
and Transfer of Data
PrivacyComplexity of Privacy Management
Security and Privacy in E- and M-Commerce32 ©2005 Johann Wolfgang Goethe Universität
Basics on E-Commerce and M-Commerce
Security
Addressing Security and Privacy in M-Commerce
M-Commerce Example: Reachability Management
Conclusion
Privacy
The Security-Privacy Paradox
Agenda
Security and Privacy in E- and M-Commerce33 ©2005 Johann Wolfgang Goethe Universität
The Security-Privacy ParadoxIntroduction
• Existing misconception:
“Privacy is a policy issue – Security is a technology issue”
• An organisation can end up with technology solutions that allow the misuse of personal information by authorised personnel and authorised third parties
• In the minds of many corporate executives, privacy is a lose-lose issue, viewed solely as risk aversion
• As a positive viewpoint, though, privacy deals with brand image and trust
Security and Privacy in E- and M-Commerce34 ©2005 Johann Wolfgang Goethe Universität
“I think that we in the technology industry have fallen in love with technology. And in the end it is not about the technology .... Privacy and security, or trust, are vital to consumers, and that is what we should focus on.”Carleton Fiorina, Former CEO, Hewlett Packard
Security and Privacy in E- and M-Commerce35 ©2005 Johann Wolfgang Goethe Universität
Data PrivacyCollection LimitationData QualityPurpose SpecificationUse LimitationOpennessIndividual ParticipationAccountabilityNotice & ChoiceSecurity Safeguards
Information SecurityConfidentialityIntegrityAccuracyAvailabilityAuthenticationAuthorizationAuthenticationNon-repudiation
Shared Practices:
Data Quality (Integrity, Accuracy), Security Safeguards, Openness (Availability), Use Limitation
(Authorisation)
The Security-Privacy ParadoxRelationship between Security and Privacy
Security and Privacy in E- and M-Commerce36 ©2005 Johann Wolfgang Goethe Universität
The Security-Privacy ParadoxWhy the Paradox?
• Some security functions may hinder or even threaten necessary privacy protection
• Some privacy measures may weaken or threaten justified security measures
The Security-Privacy Paradox
Examples:
- Collection Limitation vs. Authentication
- Notice & Choice vs. Confidentiality
- Purpose Specification vs. Availability
Security and Privacy in E- and M-Commerce37 ©2005 Johann Wolfgang Goethe Universität
Data PrivacyCollection LimitationData QualityPurpose SpecificationUse LimitationOpennessIndividual ParticipationAccountabilityNotice & ChoiceSecurity Safeguards
Information SecurityConfidentialityIntegrityAccuracyAvailabilityAuthenticationAuthorizationAuthenticationNon-repudiation
Security is only one, albeit an important,
component of privacy. Without security, there can be no privacy.
The Security-Privacy ParadoxThere is no privacy without security
+
Security and Privacy in E- and M-Commerce38 ©2005 Johann Wolfgang Goethe Universität
Basics on E-Commerce and M-Commerce
Security
Addressing Security and Privacy in M-Commerce
M-Commerce Example: Reachability Management
Conclusion
Privacy
The Security-Privacy Paradox
Agenda
Security and Privacy in E- and M-Commerce39 ©2005 Johann Wolfgang Goethe Universität
Addressing Security and Privacy in M-CommerceIntroduction
Security and Privacy in E- and M-Commerce40 ©2005 Johann Wolfgang Goethe Universität
Addressing Security and Privacy in M-CommerceIntroduction
• Our workplaces and our private life will change thoroughly through the use of mobile technologies
• The speed of technological change in M-Commerce first results in basic security features – privacy features will be an afterthought
• Today’s technical view on security mechanisms need to be expanded to the mobile user’s expectations on privacy
• Just as the growth of E-Commerce is still hindered through users’security and privacy uncertainties today, M-Commerce will only reach long-term success if both, security and privacy, become a natural consideration in each mobile use scenario.
Security and Privacy in E- and M-Commerce41 ©2005 Johann Wolfgang Goethe Universität
Addressing Security and Privacy in M-CommerceEconomic issues related to mobile technology
• In E-Commerce, one computer is sufficient to become a provider, whereas in M-Commerce large investments are required to provide services
• In E-Commerce, industry-alliances and marketing partnerships have been adopted quickly, in M-Commerce recent developments move towards a co-opetition model
• Co-opetition means that competitors in a traditional economy now become complementors (= the value of a service is greater when two parties complement each other as if they would compete with one another).
• In M-Commerce, the benefit of the commodity “traffic” or “content”depends on the number of other users of this commodity (= network effects)
Security and Privacy in E- and M-Commerce42 ©2005 Johann Wolfgang Goethe Universität
Addressing Security and Privacy in M-CommerceSecurity challenges in M-Commerce
• Immature technology standardisation
• Large variety of mobile terminals and wireless transmission technologies
• Vulnerabilities are less known than for example in E-Commerce
• User identification possible only by the network operator
• Multitude of partners, operators, complementing service providers etc. exist
?
Security and Privacy in E- and M-Commerce43 ©2005 Johann Wolfgang Goethe Universität
Different parties with different interests:
– clients, providers
– citizens, public authorities
– communication partners Subscriber
ServiceProvider
NetworkOperator
Subscriber
...
Addressing Security and Privacy in M-CommerceThe Concept of Multilateral Security
Security and Privacy in E- and M-Commerce44 ©2005 Johann Wolfgang Goethe Universität
ContentProvider
Subscriber
ServiceProvider
NetworkOperator
Subscriber
… in today’s M-Commerce world, we need to add a number of alliance partners such as content providers
– the number of partners increases
– the relationships become more complex
Addressing Security and Privacy in M-CommerceThe Concept of Multilateral Security
Security and Privacy in E- and M-Commerce45 ©2005 Johann Wolfgang Goethe Universität
Addressing Security and Privacy in M-CommerceOpposing Security Interests of Involved Parties
• Multilateral Security considers that there are a number of stakeholders in an electronic transaction with completely contrasting – sometimes opposite – interests for the security and privacy of data/information at stake.
Examples of these opposing interests could be:
Service Provider Subscriber/Client
Payment information of subscriber upfront to reduce unpaid services
Payment information on a use-by-use case to avoid unwanted payments
Completed client profile to avoid unauthorized usage
Limited personal information to avoid misuse of data
Behavioral client information on typical calls for early fraud detection
Disguise of calling patterns, caller IDs etc. to assure privacy
etc. etc.
Security and Privacy in E- and M-Commerce46 ©2005 Johann Wolfgang Goethe Universität
Subscriber
ServiceProvider
NetworkOperator
Subscriber
...
• Protection of different partiesand their interests» Options for negotiation
» Offering “smart” terminals to give control to the user
• Protection of the communication circumstances and of the communication contents» Secure infrastructure
Addressing Security and Privacy in M-CommerceImplementation Modes
Security and Privacy in E- and M-Commerce47 ©2005 Johann Wolfgang Goethe Universität
Addressing Security and Privacy in M-CommerceDesign Concepts
• Economic data creation – creating as little susceptible data as possible reduces data misuse and the cost for data protection.
• Careful allocation of data – distributing data among different parties (decentralization) makes misuse less attractive.
• User ability to control – providing easy configuration features and useful status information gives subscribers self-control.
• Usable security mechanisms – building in security mechanisms for agreed-upon purposes assures buy-in of involved parties.
• Opportunities for individual negotiation – offering options to determine and negotiate the particular party’s own security goals (where possible) enhances the overall security level.
• Build-in product security – building in enhanced and proven security mechanisms drives M-Commerce applications towards more standardization, thus, to a higher level of security.
Security and Privacy in E- and M-Commerce48 ©2005 Johann Wolfgang Goethe Universität
Basics on E-Commerce and M-Commerce
Security
Addressing Security and Privacy in M-Commerce
M-Commerce Example: Reachability Management
Conclusion
Privacy
The Security-Privacy Paradox
Agenda
Security and Privacy in E- and M-Commerce49 ©2005 Johann Wolfgang Goethe Universität
M-Commerce Example: Reachability ManagementAssumptions
The example:
• has been selected to visualise, how only one specific privacy topic could be solved in a mobile communication setting,
• does not cover all areas for security and privacy measures and
• for the purpose of a simplified example, is only limited to the two parties involved in the selected calling example (does not involve operators, service providers, content providers etc.)
Security and Privacy in E- and M-Commerce50 ©2005 Johann Wolfgang Goethe Universität
The problem• increased reachability
because of new communication services
• time scarcity• annoying calls• conflict on (ISDN)-calling
number display
deny
accept
CalleeCaller or
Callee-> Reachability Management (RM)
M-Commerce Example: Reachability ManagementNegotiation Tools
Security and Privacy in E- and M-Commerce51 ©2005 Johann Wolfgang Goethe Universität
The features• automatic and user
configured call filtering• privacy for both caller
and callee• choice of different ways
to express urgency• Choice of different
reactions to different situations
Caller
Callee
Negotiation
Call Call
M-Commerce Example: Reachability ManagementReachability Management
Security and Privacy in E- and M-Commerce52 ©2005 Johann Wolfgang Goethe Universität
• Urgency of the call
• Extent of identification
• Security requirements
– authentication
– confidentiality
– non-repudiation
M-Commerce Example: Reachability ManagementTopics of Negotiation
Security and Privacy in E- and M-Commerce53 ©2005 Johann Wolfgang Goethe Universität
Statement of urgency
“It is really urgent!”
Specification of a function
“I am your boss!”
Specification of a subject
“Let’s have a party tonight.”
Presentation of a voucher
“I welcome you calling back.”
Provision of a reference
“My friends are your friends!”
Offering a guarantee
“Satisfaction guaranteedor this money is yours!”
M-Commerce Example: Reachability ManagementWhy should your call go through?
Security and Privacy in E- and M-Commerce54 ©2005 Johann Wolfgang Goethe Universität
• Bell is ringing!
• Callee notified
• Callee can still decide to accept or deny the call
M-Commerce Example: Reachability ManagementRMS accepted call (Callee Display)
Security and Privacy in E- and M-Commerce55 ©2005 Johann Wolfgang Goethe Universität
• Call not connected
• Caller gets information (configured by callee)
• Caller can leave a message or request a call back
M-Commerce Example: Reachability ManagementRMS denied call (Caller Display)
Security and Privacy in E- and M-Commerce56 ©2005 Johann Wolfgang Goethe Universität
M-Commerce Example: Reachability ManagementConfiguring your RMS
• Situations– Set of rules how to deal with an incoming call
• Rules– Combination of features
– Users can reconfigure initial rules and situations as they like
Security and Privacy in E- and M-Commerce57 ©2005 Johann Wolfgang Goethe Universität
Basics on E-Commerce and M-Commerce
Security
Addressing Security and Privacy in M-Commerce
M-Commerce Example: Reachability Management
Conclusion
Privacy
The Security-Privacy Paradox
Agenda
Security and Privacy in E- and M-Commerce58 ©2005 Johann Wolfgang Goethe Universität
The Security-Privacy Paradox in E-/M-CommerceConclusion
• Privacy is a major consumer concern, in the online, mobile and offline world, domestically and globally– E-Commerce statistics, surveys, social studies
– Identity theft
– Dynamic pricing strategies in M-Commerce
• Loss of reputation and credibility are major risks for any business and trust building through brand image transfers more and more into the online and mobile world
• Privacy violations may be unintentional, accidental or unforeseen – the press and the public will not care
• Investments in security solutions may be worthless if privacy is not a major part of the security management strategy
Security and Privacy in E- and M-Commerce59 ©2005 Johann Wolfgang Goethe Universität
References
• Kakihara, M./ SØrensen, C. (2001): Expanding the ‘Mobility’ Concept, in: SIGGROUP Bulletin, December 2001/Vol 22, No. 3
• Kristoffersen, S./ Ljungberg, F. (1998): Your mobile computer is a stationary computer, Viktoria Research Institute, Gothenburg, Sweden, www.teco.edu/hcscw/sub/110.Ljungberg/CSCW98.html
• Reichwald/Meier/Fremuth (2002): Die Mobile Ökonomie – Definition und Spezifika, in: Mobile Kommunikation, Gabler, Wiesbaden, 4-15.
• Mizuko Ito (2001): Mobile Phones, Japanese Youth and the Replacement of Social Contact, www.itofisher.com/PEOPLE/mito/mobileyouth.pdf
• Shapiro/Varian (1998): Information Rules, Harvard Business Press, pp. 13-15.
• Rheingold, H. (2002): Smart Mobs – The Next Social Revolution
• Müller, G./Rannenberg, K. (1999): Multilateral Security in Communications; Addison-Wesley-Longman; München et al. 1999.
• Deloitte & Touche LLP, USA/Office of the Information and Privacy Commissioner, Ontario (2003): The Security-Privacy Paradox.
Security and Privacy in E- and M-Commerce60 ©2005 Johann Wolfgang Goethe Universität
Contact Details
Stefan WeissSenior Manager Security Services
Franklinstrasse 5060486 Frankfurt am MainTel.: + 49 69 75695 6355 Fax: + 49 69 75695 6719Mobile + 49 172 3590 674email: [email protected]/de/security
©2005 Johann Wolfgang Goethe Universität