Addressing the Security-Privacy Paradox in E- and M-Commerce · including SAP, Oracle, PeopleSoft,...

Stefan Weiss

Deloitte & Touche GmbH Johann Wolfgang Goethe Universität, Frankfurt am Main

Security Services Group Mobile Commerce & Multilateral Security

January 10, 2006

University of St. Gallen, Switzerland

Addressing the Security-Privacy Paradoxin E- and M-Commerce

Security and Privacy in E- and M-Commerce2 ©2005 Johann Wolfgang Goethe Universität

Johann Wolfgang Goethe University, Frankfurt am MainM-Commerce and Multilateral Security

Prof. Dr. Kai Rannenberg

• from 1999-2002: Microsoft Research Cambridge UK, responsible for “Personal Security Devices and Privacy Technologies“;

• since 2002: Professor of the T-Mobile Chair for Mobile Commerce and Multilateral Security

Research Topics

• Multilateral security–Security and privacy

–Personal devices

• Mobile life and work–M-Payment/M-Brokerage

–Portals for mobility

–Location based services

• Infrastructures–Combination, integration, regulation

• Application-oriented research

T-Mobile Chair for Mobile Commerce and Multilateral Security at the Johann Wolfgang Goethe University in Frankfurt/Main


DeloitteSecurity Services Group

CapabilitiesCapabilitiesMore than 1000 Security Practitioners

world-wide• North America• Europe• Asia-Pacific• Latin America

Industry, Process and Policy ExpertiseExtensive Architecture Experience

• SAP and other ERPs• Directory Technologies• Identity Management• eBusiness, Supply-Chain, Exchanges• Technology Infrastructure• Data Quality

Security R & D Technology CentersStrategic Vendor Relationships

More than 1000 Security Practitioners world-wide

• North America• Europe• Asia-Pacific• Latin America

Industry, Process and Policy ExpertiseExtensive Architecture Experience

• SAP and other ERPs• Directory Technologies• Identity Management• eBusiness, Supply-Chain, Exchanges• Technology Infrastructure• Data Quality

Security R & D Technology CentersStrategic Vendor Relationships

ServicesServices

Security Strategy• Define Security Strategy• Implement Security Program and

Organization• Define and Implement Security

Policies/StandardsApplication Integrity

• Implement Security and Controls in ERP and E-Business Application Implementations including SAP, Oracle, PeopleSoft, Siebel, JD Edwards, and Ariba

Identity Management• Implement Identity Management Solutions

and Single Sign-On Technologies• Implement User Directories

Infrastructure Security• Perform Risk Assessments • Develop and Enforce Security Policy• Perform Attack & Penetration Testing• Design and Implement Infrastructure

Security SolutionsPrivacy

• Perform Diagnostics and Gap Analysis• Design Global Privacy Strategies/Roadmaps• Implement Privacy Solutions

Security Strategy• Define Security Strategy• Implement Security Program and

Organization• Define and Implement Security

Policies/StandardsApplication Integrity

• Implement Security and Controls in ERP and E-Business Application Implementations including SAP, Oracle, PeopleSoft, Siebel, JD Edwards, and Ariba

Identity Management• Implement Identity Management Solutions

and Single Sign-On Technologies• Implement User Directories

Infrastructure Security• Perform Risk Assessments • Develop and Enforce Security Policy• Perform Attack & Penetration Testing• Design and Implement Infrastructure

Security SolutionsPrivacy

• Perform Diagnostics and Gap Analysis• Design Global Privacy Strategies/Roadmaps• Implement Privacy Solutions


Basics on E-Commerce and M-Commerce

Security

Addressing Security and Privacy in M-Commerce

M-Commerce Example: Reachability Management

Conclusion

Privacy

The Security-Privacy Paradox

Agenda


Basics on E-Commerce and M-CommerceDefinition

• E-Commerce or Electronic Commerce consists primarily of the distributing, buying, selling, marketing, and servicing of products or services over electronic systems such as the Internet and other computer networks

• M-Commerce or Mobile Commerce stands for electronic commerce enabled through mobile devices or in our definition as:

“The usage of mobile terminals and communication and interaction possibilities for mobile applications and business areas”


E-CommerceBackground

• Originally, „electronic commerce" meant the facilitation of commercial transactions electronically, using technology like Electronic Data Interchange (EDI, introduced in the late 1970s) which describes the computer-to-computer exchange of structured information

• Later it came to include activities more precisely termed "Web Commerce" – the purchase of goods and services over the World Wide Web

• Only after the development of secure transmission protocols (HTTPS), the importance of E-Commerce through the Internet gained importance for commercial enterprises

• The low penetration rates of Internet access in Third-World countries are preventing the world-wide spread of E-Commerce

Concerns over security are still preventing a stronger general acceptance of E-Commerce


M-CommerceBackground

• Mobile Commerce historically came into being during the late 1990s (dotcom boom) while the first new mobile telephony applications were developed

• Large investments by cellphone providers were made during the past years for example in UMTS and 3G licenses and in building appropriate provider architectures to enable mobile services

• Examples for M-Commerce applications are on-demand services like news and stock quoting services, location-based services, SMS and banking or brokerage applications

• Practically anyone’s geographic location can now be determined through mobile devices

• Mobile devices like a mobile phone or a PDA have become personalitems and have changed the way we communicate

As someone’s mobile device has become a true personal item (similar for example to your wallet or house keys) and location-based services have become an important M-Commerce service, privacy has become one of the top user concerns


Basics on E-Commerce and M-CommerceEconomic characteristics

E-Commerce M-Commerce

Advantages

Automation Location independence

Time flexibility Personalisation

Interactivity Continuous connectivity

Individualisation Context sensitivity

Easy and low-cost usage Comfortable, light-weighted devices

Disadvantages

Dependence on Internet access / locationDevice restrictions require simple applications

Commerce typically limited to low-value items

High initial costs for providers

Security and privacy issues Security and privacy issues


• 87% of the interviewed E-Commerce users name the security of their personal and financial data as the most important pre-requisite to transact with the E-Commerce provider

• 59% regard the transfer of one‘s own personal information to less known companies on the Internet as the biggest perceived problem during E-Commerce transactions

• 68% stop the online purchase pre-maturely if the E-Commerce provider is perceived as non-trustworthy

Basics on E-Commerce and M-CommerceWhy is security and privacy important?

Source:

Marktforschungs- und Beratungsunternehmen Fittkau & Maaß,

16. w3B-Studie 2003


0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

no busin

ess r

ules

regulat

oryde

ficits

uncle

ar leg

al sta

tus

repud

iation

no co

nfiden

tial

commun

icatio

n

Source: Electronic Commerce Enquête, Universität Freiburg, 1998(32 options + free text for choice, 6 options listed with highest accordance)

71.7%70.0% 66.8% 65.5% 63.8%

ungu

arante

edpa

ymen

ts

65.9%

Basics on E-Commerce and M-CommerceLack of security and privacy are usage barriers


“Trust is the real value of the internet.”

Scott McNealy, CEO Sun Microsystems



Security



Conclusion

Privacy


Agenda


GOALS

SECURITY GOALS

Availability

Accountability

Confidentiality

Integrity

Assurance

SECURITY

Security is defined as a condition of a system that results from the establishmentand maintenance of measures to protect that system (RFC 2828).

Broadly speaking, security is keeping anyone from doing things you don’t want them to do, with, or from your computers, networks, applications or any peripherals. A secure system is one that you can trust with sensitive information.

Security can be characterised by a set of interdependent goals that include:

•Confidentiality

•Integrity

•Availability

•Accountability

•Assurance

SecurityWhat is security?

RFC 2828 – Request for Comment in the Internet Security Glossary


SECURITY GOALS

Availability

Accountability

Confidentiality

Integrity

Assurance

CONFIDENTIALITY(of data and system information)

Confidentiality is the assurance that information is not disclosed to inappropriate entities (FIPS 140). Confidentiality protection applies to data in storage, during processing and while in transit.

Why preserve confidentiality…

•Protect intellectual capital

•Avoid legal liability due to unauthorised disclosure of personal data

•Maintain competitive advantage

•Maintain public trust and image

•Avoid financial losses as a consequence of unauthorised access to proprietary information

FIPS 140 – Federal Information Processing Standards Publication 140

SecurityWhat is confidentiality?


INTEGRITY(of system and data)

Integrity refers to the correctness and appropriateness of the content and/or source of a piece of information (FCv1) in two facets:

•Data integrity – data has not been altered in an unauthorised manner while in storage, processing, or in transit

•System integrity – the system performs its intended function in an unimpaired manner, free from unauthorised manipulation

Why preserve integrity…

•Avoid financial, reputation and/or legal losses due to

- the processing, dissemination and transmission of incorrect or incomplete data

- reduced product quality as a consequence of data corruptions or unauthorised changes

- business decisions that are based on inaccurate information

- data alteration while in storage or transit

SECURITY GOALS

Availability

Accountability

Confidentiality

Integrity

Assurance

FCv1 – Federal Criteria Volume 1

SecurityWhat is integrity?


AVAILABILITY(of systems and data for intended use only)

Availability is the property of a system or a system resource being accessible and usable upon demand by an authorised entity, according to performance specifications for the system (RFC 2828).

Why ensure availability…

•Avoid losses due to the inability to process transactions

•Avoid contractual penalties due to the inability to meet service levels

•Ensure service continuity

•Avoid negative publicity or sentiment due to lack of service availability

•Meet deadlines and obligations in a timely manner

SECURITY GOALS

Availability

Accountability

Confidentiality

Integrity

Assurance

SecurityWhat is availability?


ACCOUNTABILITY(to the individual level)

Accountability is the property of a system (including all of its system resources) that ensures that the actions of an entity may be traced uniquely to that entity, which can be held responsible for its actions (RFC 2828).

Why ensure accountability…

•Prevent and/or deter fraud

•Facilitate legal action when required by providing irrefutable evidence

•Ensure traceability of actions

•Facilitate segregation of duties

•Meet statutory and/or regulatory obligations

SECURITY GOALS

Availability

Accountability

Confidentiality

Integrity

Assurance

SecurityWhat is accountability?


ASSURANCE(that the other 4 goals have been adequately met)

Assurance is the basis for confidence that the security measures, both technical and operational, work as intended to protect the system and the information it processes (ITSEC and IATF).

Why assurance…

Assurance* is essential; without it the other goals cannot be met with absolute certainty:

•The required functionality is present and working according to specification,

•There is sufficient (proportional to risk being managed) protection against unintentional errors (by users or software), and

•There is sufficient (proportional to risk being managed) resistance to intentional penetration or by-pass.

SECURITY GOALS

Availability

Accountability

Confidentiality

Integrity

Assurance

*The amount of assurance needed varies between systems and depends on the sensitivity of data within that system and that system’s criticality in the context of the enterprise.

SecurityWhat is assurance?

ITSEC - European Information Technology Security Evaluation CriteriaIATFF – Information Assurance Technical Framework Forum


SECURITY GOALS

Availability

Accountability

Confidentiality

Assurance

Confidentiality is dependent on Integrity in that if the integrity of the system is lost, then there is no longer a reasonable expectation that the confidentiality mechanisms are still valid.

Integrity is dependent on Confidentiality in that if the confidentiality of certain information is lost (e.g., the administrative password), then the integrity mechanisms are likely to be by-passed.

Availability and Accountability are dependent on Confidentiality and Integrity in that:

1. If confidentiality is lost for certain information (e.g., administrative password), the mechanisms implementing these objectives are easily by-passable.

2. If system integrity is lost, then confidence in the validity of the mechanisms implementing these objectives is also lost.

All of these objectives are interdependent with Assurance. When designing a system, an architect or engineer establishes an assurance level as a target. This target is achieved by:

1. defining and meeting the functionality requirements in each of the other four objectives and

2. doing so with sufficient ‘quality’.

Assurance highlights the fact that for a system to be secure, it must not only provide the intended functionality, but also ensure that undesired actions do not occur.

1

2

3

4

13

3

3

3

4

Integrity2

44 4

Source: NIST (National Institute for Standards and Technology) – Underlying technical models for information Technology Security (May 2001).

SecurityInterdependency of all 5 security goals


Class of Threat

ThreatAccidental

ThreatsIntentional

ThreatsPassive Threats

Active Threats

Modification of data in transit or in storage

Denial of Service

Theft of information

Unauthorised use of resources

Impersonation of user or service

Eavesdropping

Introduction of Malicious code

Misuse of access privileges

CLASSES OF THREATS INCLUDE THE FOLLOWING:

Accidental threats

•Losses due to malfunction of error

Intentional threats

•Intentional damage or corruption of assets, sabotage

Passive threats

•Those that do not change the state of the system (these may include the loss of confidentiality but not of integrity or availability)

Active threats

•Those that change the state of the system (this includes changes to data and to software)

SecurityIt’s all about realising goals and managing threats



Security



Conclusion

Privacy


Agenda


“You have zero privacy anyway. Get over it.”

Scott McNealy, CEO Sun Microsystems


PrivacyHow to define privacy?

• Many interpretations:

– EU Data Protection Directive

– Canadian Standards Association’s Model for the Protection of Personal Information

– Gramm-Leach-Bliley Act

– Federal Trade Commission

• All are concerned with what you can or cannot do with personal information, what protections must be provided, and how the rights of the individual are affected and enforced.

• Fundamental cultural/legal tensions:

* IN THE U.S. ** IN THE U.S. *The prevailing concept is that once an

individual provides personal information to an organisation, the

organisation becomes the data owner.Barring any sector specific privacy legislation, the organisation can

determine the use of that information.

* OUTSIDE THE U.S. ** OUTSIDE THE U.S. *The prevailing concept is that the data

subject retains the rights to his/her personal information.

The organisation has the responsibilities of a custodian for

protecting the personal information and using it only in accordance with

the rights conveyed by the individual.


PrivacyExamples for Privacy Definitions

• “Privacy is the right to be left alone without unwarranted intrusion by government, media, or other institutions or individuals.“Columbia University Press, Encyclopedia, 2005.

• “Privacy typically applies to the information-handling practices of an organisation and the processing of personal information through all stages of its (the information’s) life cycle, including collection, recording, organisation, storage, adaptation as alteration, retrieval, consultation and use, disclosure and dissemination, and erasure or destruction.”Tretick, B., “Can you keep a secret?” Intelligent Enterprise, January 2001, 68.

• “Privacy is an interaction, in which the information rights of different parties collide. The issue is of control over information flow by parties that have different preferences over information permeability.”Noam, E.M., “Privacy and Self-Regulation: Markets for Electronic Privacy, in Privacy and Self-Regulation in the Information Age”, 1997, US Department of Commerce.


Personal information is defined as any information relating to an identified or identifiable natural person. Examples include:

PERSONAL

• Name, Gender, Date of birth• Home address, Personal telephone number or Email• Social security number (or any other government identifier)• Biometric identifier• Photograph or video identifiable to an individual• Behavioral information (e.g., in a CRM system)

HEALTH

• Medical records, Health plan beneficiary information• Physical or mental health information• Provided health services or any information collected during the health

service

FINANCIAL• Account numbers (bank accounts, credit cards, etc.)• Financial history• Salary information

SENSITIVE

• Racial or ethnic origin• Religious or philosophical beliefs• Trade-union membership• Sexual orientation• Offenses, criminal convictions or security measures• Combinations of certain information (e.g., name and SSN)

PrivacyWhat is considered to be personal information?


PrivacyFair Information Practices (FIPs)

• Collection Limitation• Data Quality• Purpose Specification• Use Limitation• Security Safeguards• Openness• Individual Participation• Accountability

In 1980, the Fair Information Practices, developed by the OECD, were the first attempt to give recommendations on how enterprises should protect a person’s privacy.

They included the following 8 principles:


PrivacyEU Privacy Directive 95/46/EC

• Data quality

• Legitimate data processing

• Processing of special data categories

• Information to be given to the data subject

• Data subject‘s right to access data

• Specific exemptions and restrictions

• Data subject‘s right to object

• Confidentiality and security of processing

• Notification

• Judicial remedies, liability and sanctions

• Transfer of personal data to third countries

• Codes of conduct

• Supervisory authority and implementing measures

The EU Privacy Directive is much more detailed and includes veryspecific requirements for the following topics:


PrivacyPrivacy Standardisation Activities

• Privacy Framework

• Privacy Reference Architecture

• Specific Privacy-Enhancing Technologies (PETs)

• Privacy Management

• Privacy Impact Assessments

There are various national and global standardisation initiatives underway that currently study and develop privacy standards.

For example, the ISO/IEC JTC 1/SC 27 (International Organisation for Standardisation) is currently performing a study on privacy standardisation.

Possible areas for privacy standardisation could be:


BRAND RISK

• Risk to brand from privacy breach

• Potential inconsistencies between policies and practices

• Comparison against privacy practices of competitorsand other cohorts

• Employees based around the globe and data distributed throughout the organisation

• Requires localised and tailored approach

• Multiple jurisdictions of privacy regulations

• Dynamic and aggressive legislative stance

• Managing relationships with regulators (e.g. Data Protection Authorities)

EmployeeData Mgmt

IncreasedRegulation

Customer/Employee Sensitivity

• Existing privacy policies as well as customer and employee expectations

• Differing cultural perspectives and expectations

• Procedures for responding to privacy complaints

• Relationships with service providers, vendors, and partners

• Inconsistent implementation of privacy practices among independent organisations

• Who has responsibility and associated liability for privacy?

• ERP systems aggregate personal information from throughout the organisation

• M-Commerce applications interact with users and distribute data to various parties

• Use of personalisation technologies such as online profiles, cookies, smart tags, session identifiers, etc.

• CRM and HRIS systems centralise customer/employee data from around the world into global data centres

• Increased cross-border data flows

• Difficult to identify source of personal information and associated privacy obligations

Globalisation

Advances in

Technology

ExtendedEnterprise

PrivacyBusiness Drivers for Privacy


??

?? ??

??

An adequate understanding of the movement of personal information must be gained:

– What data exists?

– How is it collected?

– How is it protected?

– Where is it stored?

– How is the data used?

– Who do you share it with?

– How is it destroyed?

PrivacyData life cycle issues have to be managed


CollectionPersonal information from either the individual directly, such as a web form, or from another party, such as a business partner.

DestructionA phase of the data lifecycle that pertains to how the company removes or destroys an individual’s personal information.

Use/TransferA phase of the data lifecycle that pertains to what the company does with an individual’s personal information.

StorageA phase of the data lifecycle that pertains to the actual storing of an individual’s personal information.

- Consumer data collected

- Collection methods

- Entities that collect data

- Consumer data stored

- Storage locations

- Storage media

- Business use of data

- Data transactions,analysis, etc.

- Data transfer between entities.

- Retention periods

- Entities that destroy data

- Destruction requirements

- Notice- Choice- Access- Security- Information

Management- Monitoring &

Enforcement

-Access- Security- Information


Enforcement

- Access- Transfer- Security- Information


Enforcement

- Security- Monitoring &

Enforcement

Sample attributes in each phase of the data lifecycle :

Privacy principles mapped to phases of the data lifecycle:

Establish Intended Use

and Transfer of Data

PrivacyComplexity of Privacy Management



Security



Conclusion

Privacy


Agenda


The Security-Privacy ParadoxIntroduction

• Existing misconception:

“Privacy is a policy issue – Security is a technology issue”

• An organisation can end up with technology solutions that allow the misuse of personal information by authorised personnel and authorised third parties

• In the minds of many corporate executives, privacy is a lose-lose issue, viewed solely as risk aversion

• As a positive viewpoint, though, privacy deals with brand image and trust


“I think that we in the technology industry have fallen in love with technology. And in the end it is not about the technology .... Privacy and security, or trust, are vital to consumers, and that is what we should focus on.”Carleton Fiorina, Former CEO, Hewlett Packard


Data PrivacyCollection LimitationData QualityPurpose SpecificationUse LimitationOpennessIndividual ParticipationAccountabilityNotice & ChoiceSecurity Safeguards

Information SecurityConfidentialityIntegrityAccuracyAvailabilityAuthenticationAuthorizationAuthenticationNon-repudiation

Shared Practices:

Data Quality (Integrity, Accuracy), Security Safeguards, Openness (Availability), Use Limitation

(Authorisation)

The Security-Privacy ParadoxRelationship between Security and Privacy


The Security-Privacy ParadoxWhy the Paradox?

• Some security functions may hinder or even threaten necessary privacy protection

• Some privacy measures may weaken or threaten justified security measures


Examples:

- Collection Limitation vs. Authentication

- Notice & Choice vs. Confidentiality

- Purpose Specification vs. Availability


Data PrivacyCollection LimitationData QualityPurpose SpecificationUse LimitationOpennessIndividual ParticipationAccountabilityNotice & ChoiceSecurity Safeguards

Information SecurityConfidentialityIntegrityAccuracyAvailabilityAuthenticationAuthorizationAuthenticationNon-repudiation

Security is only one, albeit an important,

component of privacy. Without security, there can be no privacy.

The Security-Privacy ParadoxThere is no privacy without security

+



Security



Conclusion

Privacy


Agenda


Addressing Security and Privacy in M-CommerceIntroduction


Addressing Security and Privacy in M-CommerceIntroduction

• Our workplaces and our private life will change thoroughly through the use of mobile technologies

• The speed of technological change in M-Commerce first results in basic security features – privacy features will be an afterthought

• Today’s technical view on security mechanisms need to be expanded to the mobile user’s expectations on privacy

• Just as the growth of E-Commerce is still hindered through users’security and privacy uncertainties today, M-Commerce will only reach long-term success if both, security and privacy, become a natural consideration in each mobile use scenario.


Addressing Security and Privacy in M-CommerceEconomic issues related to mobile technology

• In E-Commerce, one computer is sufficient to become a provider, whereas in M-Commerce large investments are required to provide services

• In E-Commerce, industry-alliances and marketing partnerships have been adopted quickly, in M-Commerce recent developments move towards a co-opetition model

• Co-opetition means that competitors in a traditional economy now become complementors (= the value of a service is greater when two parties complement each other as if they would compete with one another).

• In M-Commerce, the benefit of the commodity “traffic” or “content”depends on the number of other users of this commodity (= network effects)


Addressing Security and Privacy in M-CommerceSecurity challenges in M-Commerce

• Immature technology standardisation

• Large variety of mobile terminals and wireless transmission technologies

• Vulnerabilities are less known than for example in E-Commerce

• User identification possible only by the network operator

• Multitude of partners, operators, complementing service providers etc. exist

?


Different parties with different interests:

– clients, providers

– citizens, public authorities

– communication partners Subscriber

ServiceProvider

NetworkOperator

Subscriber

...

Addressing Security and Privacy in M-CommerceThe Concept of Multilateral Security


ContentProvider

Subscriber

ServiceProvider

NetworkOperator

Subscriber

… in today’s M-Commerce world, we need to add a number of alliance partners such as content providers

– the number of partners increases

– the relationships become more complex

Addressing Security and Privacy in M-CommerceThe Concept of Multilateral Security


Addressing Security and Privacy in M-CommerceOpposing Security Interests of Involved Parties

• Multilateral Security considers that there are a number of stakeholders in an electronic transaction with completely contrasting – sometimes opposite – interests for the security and privacy of data/information at stake.

Examples of these opposing interests could be:

Service Provider Subscriber/Client

Payment information of subscriber upfront to reduce unpaid services

Payment information on a use-by-use case to avoid unwanted payments

Completed client profile to avoid unauthorized usage

Limited personal information to avoid misuse of data

Behavioral client information on typical calls for early fraud detection

Disguise of calling patterns, caller IDs etc. to assure privacy

etc. etc.


Subscriber

ServiceProvider

NetworkOperator

Subscriber

...

• Protection of different partiesand their interests» Options for negotiation

» Offering “smart” terminals to give control to the user

• Protection of the communication circumstances and of the communication contents» Secure infrastructure

Addressing Security and Privacy in M-CommerceImplementation Modes


Addressing Security and Privacy in M-CommerceDesign Concepts

• Economic data creation – creating as little susceptible data as possible reduces data misuse and the cost for data protection.

• Careful allocation of data – distributing data among different parties (decentralization) makes misuse less attractive.

• User ability to control – providing easy configuration features and useful status information gives subscribers self-control.

• Usable security mechanisms – building in security mechanisms for agreed-upon purposes assures buy-in of involved parties.

• Opportunities for individual negotiation – offering options to determine and negotiate the particular party’s own security goals (where possible) enhances the overall security level.

• Build-in product security – building in enhanced and proven security mechanisms drives M-Commerce applications towards more standardization, thus, to a higher level of security.



Security



Conclusion

Privacy


Agenda


M-Commerce Example: Reachability ManagementAssumptions

The example:

• has been selected to visualise, how only one specific privacy topic could be solved in a mobile communication setting,

• does not cover all areas for security and privacy measures and

• for the purpose of a simplified example, is only limited to the two parties involved in the selected calling example (does not involve operators, service providers, content providers etc.)


The problem• increased reachability

because of new communication services

• time scarcity• annoying calls• conflict on (ISDN)-calling

number display

deny

accept

CalleeCaller or

Callee-> Reachability Management (RM)

M-Commerce Example: Reachability ManagementNegotiation Tools


The features• automatic and user

configured call filtering• privacy for both caller

and callee• choice of different ways

to express urgency• Choice of different

reactions to different situations

Caller

Callee

Negotiation

Call Call

M-Commerce Example: Reachability ManagementReachability Management


• Urgency of the call

• Extent of identification

• Security requirements

– authentication

– confidentiality

– non-repudiation

M-Commerce Example: Reachability ManagementTopics of Negotiation


Statement of urgency

“It is really urgent!”

Specification of a function

“I am your boss!”

Specification of a subject

“Let’s have a party tonight.”

Presentation of a voucher

“I welcome you calling back.”

Provision of a reference

“My friends are your friends!”

Offering a guarantee

“Satisfaction guaranteedor this money is yours!”

M-Commerce Example: Reachability ManagementWhy should your call go through?


• Bell is ringing!

• Callee notified

• Callee can still decide to accept or deny the call

M-Commerce Example: Reachability ManagementRMS accepted call (Callee Display)


• Call not connected

• Caller gets information (configured by callee)

• Caller can leave a message or request a call back

M-Commerce Example: Reachability ManagementRMS denied call (Caller Display)


M-Commerce Example: Reachability ManagementConfiguring your RMS

• Situations– Set of rules how to deal with an incoming call

• Rules– Combination of features

– Users can reconfigure initial rules and situations as they like



Security



Conclusion

Privacy


Agenda


The Security-Privacy Paradox in E-/M-CommerceConclusion

• Privacy is a major consumer concern, in the online, mobile and offline world, domestically and globally– E-Commerce statistics, surveys, social studies

– Identity theft

– Dynamic pricing strategies in M-Commerce

• Loss of reputation and credibility are major risks for any business and trust building through brand image transfers more and more into the online and mobile world

• Privacy violations may be unintentional, accidental or unforeseen – the press and the public will not care

• Investments in security solutions may be worthless if privacy is not a major part of the security management strategy


References

• Kakihara, M./ SØrensen, C. (2001): Expanding the ‘Mobility’ Concept, in: SIGGROUP Bulletin, December 2001/Vol 22, No. 3

• Kristoffersen, S./ Ljungberg, F. (1998): Your mobile computer is a stationary computer, Viktoria Research Institute, Gothenburg, Sweden, www.teco.edu/hcscw/sub/110.Ljungberg/CSCW98.html

• Reichwald/Meier/Fremuth (2002): Die Mobile Ökonomie – Definition und Spezifika, in: Mobile Kommunikation, Gabler, Wiesbaden, 4-15.

• Mizuko Ito (2001): Mobile Phones, Japanese Youth and the Replacement of Social Contact, www.itofisher.com/PEOPLE/mito/mobileyouth.pdf

• Shapiro/Varian (1998): Information Rules, Harvard Business Press, pp. 13-15.

• Rheingold, H. (2002): Smart Mobs – The Next Social Revolution

• Müller, G./Rannenberg, K. (1999): Multilateral Security in Communications; Addison-Wesley-Longman; München et al. 1999.

• Deloitte & Touche LLP, USA/Office of the Information and Privacy Commissioner, Ontario (2003): The Security-Privacy Paradox.


Contact Details

Stefan WeissSenior Manager Security Services

Franklinstrasse 5060486 Frankfurt am MainTel.: + 49 69 75695 6355 Fax: + 49 69 75695 6719Mobile + 49 172 3590 674email: [email protected]/de/security

Addressing the Security-Privacy Paradox in E- and M-Commerce · including SAP, Oracle, PeopleSoft,...

Documents

Transcript of Addressing the Security-Privacy Paradox in E- and M-Commerce · including SAP, Oracle, PeopleSoft,...