A trading model and security regime for mobile e-commerce via ad hoc wireless networking
Abstract
Ad hoc wireless networking offers mobile computer users the prospect of trading
with others in their vicinity anywhere anytime. This thesis explores the potential
for developing such trading applications. A notable difficulty in designing their
security services is being unable to use trusted parties. No one can be guaranteed
present in each ad hoc wireless network session. A side benefit is that their costs
don't have to be paid for.
A reference model is defined for ad hoc m-commerce and a threat model is for-
mulated of its security vulnerabilities. They are used to elicit security objectives
and requirements for such trading systems. Possible countermeasures to address
the threats are critically analysed and used to design security services to mitigate
them. They include a self-organised P2P identity support scheme using PGP cer-
tificates; a distributed reputation system backed by sanctions; a group membership
service based on membership vouchers, quorate decisions by some group members
and partial membership lists; and a security warning scheme.
Security analysis of the schemes shows that they can mitigate the threats to an
adequate degree to meet the trading system's security objectives and requirements
if users take due care when trading within it. Formal verification of the system
shows that it satisfies certain safety properties.