Secure Multicast for Mobile Commerce Applications: Issues and Challenges

Abstract

With the rapid growth in mobile commerce (m-commerce) applications, the need for providing suitable infrastructure to support these applications has become critical. Secure multicast is a key element of this infrastructure, in particular, to support group m-commerce applications such as mobile auctions, product recommendation systems, and financial services. Despite considerable attention to m-commerce security, most existing security solutions focus on unicast communications. On the other hand, numerous solutions for secure multicast exist that are not specifically designed with m-commerce as a target environment. Clearly, to address secure multicast in m-commerce, we must start by forming a comprehensive picture of the different facets of the problem and its solutions. In this chapter, we identify system parameters and subsequent security requirements for secure multicast in m-commerce. Attacks on m-commerce environments may undermine satisfying these security requirements resulting, at most times, in major losses. We present a taxonomy of common attacks and identify core services needed to mitigate these attacks and provide efficient solutions for secure multicast in m-commerce. Among these services, authentication and key management play a major role. Given the varying requirements of m-commerce applications and the large number of current key management schemes, we provide a taxonomy and a set of performance metrics to aid m-commerce system designers in the evaluation and selection of key management schemes.