by István Mezgár, Tamás Szabó and Zsolt Kerecsen
A research project to develop a secure communication architecture for mobile communication in virtual enterprises started at SZTAKI in 1999, supported by the Hungarian Scientific Research Fund (OTKA). The operation of virtual enterprises is based on the Internet, thus a large amount of valuable technical-related data moves on the network. Since the management of virtual enterprises will be controlled also from mobile devices in the near future, security problems of mobile communication are of vital importance.
Mobile devices (mainly mobile phones) can be used today for more purposes than just as making phone calls. Additional functions like mobile Internet browsing, ATMs for banking transactions, etc. will be available for daily use and virtual enterprises are candidates for using these types of new functions extensively.
A virtual enterprise (VE) is a co-ordinated network of autonomous production units (factories, firms) with the goal of producing a product while exchanging all needed information via a computer network. The lifecycle of a VE - formation, communication, operation - is strongly connected with the Internet. During communication in a virtual enterprise, a huge amount of extremely valuable technical data and information (development-, product-, process data beside business information) moves through the network, making security a vital concern. Although there are already many applications available, the lack of proper co-operative, effective and secure software tools in this field delays the massive spread of real VEs.
Today, e-commerce represents the best way in efforts of convergence and globalisation. From an information point of view, the future of VEs moves in the same direction. E-commerce is the fore-runner of VE, there are many similarities in their functions and in the techniques they use.
Increasing the security level of virtual enterprise communication in a mobile environment is a vivid demand. Enhanced security can contribute to the growth of the number of realized VE solutions. In the future, management activities in VE will be accessed and controlled from mobile devices as well. This access has to be very secure, and a general tool for safety could be the smart card (SC). Smart cards can be used for a variety of purposes, such as cryptography, identification (combined with biometry), authentication (digital signature).
The aim of our project is to define and describe a software architecture that properly addresses mobility and security related needs of VEs. This includes collecting a protocol set where security is based on smart-card technology and which provides mobility in accessing virtual enterprise services.
The Applied Techniques
In order to fulfil the compatibility requirements, in developing the new software architecture, standardized communication technologies have to be used. The most widely used protocol to deliver the Internet content is HTTP, however, it does not behave in accordance with the mobile environment. Therefore, a new protocol - a de facto standard - has been defined for the wireless world, called WAP (Wireless Application Protocol), which makes reliable and fast access of data and services possible.
Wireless carriers are known for their low bandwidth, high latency, and unpre-dictable reliability. Wireless devices represent limited processing power, memory and simple user interface. All these limitations are addressed by the WAP, making it the most suitable platform for supporting sophisticated telephony and information services on hand-held devices. The most important parts of the WAP protocol stack are outlined in Figure 1.
The security layer in the WAP is WTLS (Wireless Transport Layer Security). This protocol is based on the TLS protocol, which makes client-server authentication possible and performs cryptographic operations. In addition, the application level security can be accessed using the WMLScript (Wireless Markup Language Script). However, in order to address most of the security requirements of the customers, some of the security functionalities have to be performed in a tamper-resistant device. For this purpose WAP uses WIM (WAP Identity Module), usually implemented by a smart card, possibly together with the SIM (Subscriber Identity Module) card.
According to WAP, not only a mobile client is able to access the services, but also the server side is no more localised, so needs of the mobility-based new VE concept are fulfilled. In the case of smart card applications a new technology is smartX that defines a complete framework to develop smart card applications. By separating the application process (the logic of the application) from the application protocol (card-specific layer), smartX makes quick and efficient migration to a new smart card possible (see Figure 2).
SmartX relies on SML (smartX Markup Language), a description language that describes the smart card application data and processes. SML leverages XML technology with a DTD (Document Type Definition), which describes the semantics and the grammar to define application protocols. SML is an implementation of XML for the smart card industry.
Our activities in the close future will include the description of VE functions in XML, since HTML based Internet is moving towards XML. The description of VE in XML including the enterprise resources, data transactions and product flows is a new approach, it will make far more easy the building of the connection between the content and the communication channels. By combining WAP and smartX technology we obtain a very flexible, secure mobile architecture which together with VE represented in XML will provide a safe business communication environment.
HTML and HTTP/TCP standards are not appropriate for mobile communication devices. The WAP and WML have been developed to bridge this problem in such way that wireless devices can be connected to traditional WEB servers, tools and techniques. Secure communication is very important in wireless communication, and as the management of virtual enterprises moves towards the mobile world, the development of a secure mobile communication architecture is a vivid demand. In order to reach a flexible and adaptable communication infrastructure the representations will have to be written in different XML-based languages.
István Mezgár - SZTAKI
Tel: +36 1 209 6143
Tamás Szabó Nokia Hungary Ltd.
Tel: +36 20 984 9074
Zsolt Kerecsen - BablakSoft Ltd.
Tel: +36 1 327 5821