BizTalk Utilities CV ,   Jobs ,   Code library  
 
 
Page 2 of 8

 

 Previous Page Table Of Contents Next Page
Table of Contents

What Security is About
Concepts
WTLS
Communication Models
WAP Security Issues
Future
Conclusions


WAP Security

What Security is About

We are going to begin the investigation of the topic of security with a discussion of what security is about and why it matters. In this section we will investigate:

 

Ø       The importance of security in mobile applications

Ø       The role of security in protecting data and systems

Ø       The basic issues which security solutions of all types need to address

The Importance of Security

Security has an obvious role to play with regard to m-commerce and the ability to secure transactions. Most people are aware of the need for securing information such as credit card numbers, but the need for security in both the wired and wireless environments is much broader than that.

 

At the moment, information often has a commercial value. Many dot-com organisations make money through the sale or re-sale of information. This is not a new phenomenon - newspapers have been doing it for centuries - but the new channels for this kind of commercial activity have lowered the barriers to entry and increased the amount (and hence the value) of the information available.

 

Information can also be sensitive. There are many reasons why this may be the case, ranging from a justifiable desire for privacy to information that is sensitive on a national security level. Sometimes the sensitivity comes from the content of the information, at other times the timing of the information. For example, it is unacceptable to allow some stock market investors to become aware of an impending profits warning from a company before others, so the information is regarded as sensitive until it is published formally to all investors.

 

The power associated with information must also not be underrated. Some organizations have legal obligations to safeguard certain items of information. In some cases divisions within organizations are subject to similar constraints. There are many examples of information that are intrinsically powerful, for example, information about military weapons.

 

Along with all of the sensitivity that naturally accompanies information, there is a growing need to communicate digitally, because of the speed and convenience of doing so. However, in certain ways these digital communications are more vulnerable to compromise. Two major weaknesses in digital communications arise from the fact that it is notoriously easy to intercept digital messages, and the fact that it is notoriously difficult to establish identity conclusively in an online environment.

 

All of this leads us to two inevitable conclusions that drive the need for robust security implementations: computer systems are critical to the operation of almost every society on earth; and computer systems are very vulnerable to abuse.

The Role of Security

Security is both an enabling and disabling technology. Its purpose is to enable communications and transactions to take place in a secure environment without fear of compromise, while at the same time disabling non-legitimate activities and access to information and facilities. Non-legitimate activities include eavesdropping, pretending to be another party (also known as impostering or spoofing), or tampering with data during transmission. In general these activities are either unacceptable or illegal outside of the digital environment, so security simply helps to enforce the status quo in that sense.

The Basic Issues

There are a number of basic issues around security that have to be addressed. Almost all of these have parallels in the real world, and often the solutions are based on, or similar to, real-world solutions.


These basic issues are:

 

Ø       Authentication - being able to validate that the other party participating in a transaction is who the party claims to be, or a legitimate representative of that party

Ø       Confidentiality - being able to ensure that the content and meaning of communications between two parties do not become known to third parties

Ø       Integrity - being able to ensure that messages received are genuine and have not been tampered with or otherwise compromised

Ø       Authorization - being able to ascertain that a party wanting to perform some action is entitled to perform that action within the given context

Ø       Non-repudiation - being able to ensure that once a party has voluntarily committed to an action it is not possible to subsequently deny that the commitment was given by that party

 

Page 2 of 8

 

 Previous Page Table Of Contents Next Page
 

Recent Jobs

Integration Specialist Needed - Wor
Virtualization Server Infrastructur
A great opportunity to Digital Vide
here is a greate opportunity as a S
A great opportunity as a Network En

View all Jobs (Add yours)
View all CV (Add yours)


swimming pool contractor
chicago web site design
desktop fax online
Domain Names
unlimited conferencing
Dolce&gabbana sunglasses
answering service

    Email TopXML  

Front Page Daily Stuff TopXML Forum XML blogs XML Newsgroups BizTalk Biztalk Utilities Biztalk Utilities Tutorial B2B SAP XML Microsoft .NET Dotnet System XML Soapformatter SQLXML XMLserializer XQuery PHP PHP SimpleXML PHP XML Dom PHP XML RPC PHP XSLT Java Java Java XML Xalan Microsoft ASP ASP Schemas XML SQL Server XML XMLDom XSL XSL Tutorial XSLT Stylesheets General Javascript CSS XHTML WAP