Wireless PKI and Distributed IDS for Securing Intranets and M-Commerce

Recent R/D advances are presented in this keynote address on wireless and security technologies. To access Internet from mobile devices, the existing public key infrastructure (PKI) must be modified to work with limited wireless network bandwidth and low computing and memory capacity of handheld devices. A complete security chain is needed from smart cards to mobile clients, wireless PKI (WPKI) platform, and web servers. A trust model for wireless Internet must be highly scalable, fault-tolerant, and cost-effective in trust-path discovery and in mapping the security policy. At USC, a new WPKI architecture was proposed using a bridge CA cluster to achieve the security goals. Another advance lies in distributed intrusion detection system (DIDS) for protecting exposed Intranets or clusters of computers from malicious attacks. We developed the DIDS with dynamic policy update against changing threat patterns or varying network conditions. Distributed security can effectively counteract both external intruders and insider attacks. XML, IDS, mobile agents, RMI, and CORBA are assessed as policyupdate mechanisms to achieve dynamic security. The optimal choice of the mechanism depends on the tradeoffs among operating speed, Intranet scalability, host robustness, and the security level demanded. The WPKI and DIDS technologies benefit not only M-Commerce (mobile E-Commerce), but also pervasive computing applications in general.