Why They Merged and Why the Merger Was Unsuccessful

In 1997 University of California, San Francisco (UCSF) merged its two public hospitals with Stanford’s two private hospitals. The two separate entities merged together to create a not-for-profit organization titled UCSF Stanford Health Care. The merger between the health systems at UCSF and Stanford seemed like a good idea due to the similar missions, proximity of institutions, increased financial pressure with cutbacks in Medicare reimbursements followed by a dramatic increase in managed care organizations.The first year UCSF Stanford Health Care produced a profit of $22 million, however three years later the health system had lost a total of $176 million (â€Å"UCSF-Stanford Merger,† n. d. ). The first part of this paper will address reasons why the two institutions decided to pursue the merger by looking through the theoretical lens of bounded rationality, prospect theory and resource dependence theory (RDT). The second half of the paper will purpose reasons why the merger was unsuccessful by considering key concepts in organizational behavior such as power and culture.The threatening and uncertain fiscal times led the leaders to select the option that they believed maximized their chances for survival. The theory of bounded rationality, proposed by Herbert A. Simon, suggests that people are largely limited by time, information and cognitive limitations(Simon, 1997). The merger between the two medical schools seemed to make sense, both institutions shared a common mission of treating the uninsured, training the next generation of innovative doctors, and remain at the forefront of breaking research and technology.Since both were going to be competing for increasingly scarce resources, joining forces made sense. Together they would be able to reduce spending on administrative costs, and better prepared to negotiate contacts with large insurance companies(â€Å"UCSF-Stanford Merger,† n. d. ). Simon suggests that people, bounded by time, cog nitive ability and information, are more likely to make satisfactory decisions rather than optimal ones(Simon, 1997).Instead of focusing time and energy outlining potential ways to remain separate amongst the shifting payment structure UCSF and Stanford, both limited by time and fearful of the potential losses, agreed to merge. The merger was UCSF and Stanford’s way to mitigate risk and manage uncertainty. Prospect theory is a behavioral economic theory developed by Daniel Kahneman that holds that people are more likely to take higher risks when decisions are framed in negative terms(Kahneman & Tversky, 1979). Although mergers are complex and risky the looming fear of decreased reimbursements made the leaders focus on the benefits of merging.Kahneman argues that people do not base their decisions on final outcomes, instead they base their decisions on the potential value of losses and gains(Kahneman & Tversky, 1979). Instead of analyzing the risk of the merger, leadership foc used on the more pressing burden, the bottom line. To stay alive in the era of managed care, university hospitals across the country were seeking mergers with private hospitals. Calculations showed that hospitals lost $4 million annually for each 1 percent drop in indemnity patient population(Etten, 1999).Since the 1990’s, indemnity insurance was on a drastic decline in San Francisco opening the market for managed care organizations(Etten, 1999). RDT looks at how the behavior of organizations is affected by their external resources. The theory, brought about in the 1970s, addresses organizations demand for resources, resources and power are directly linked(Pfeffer & Salancik, 2003). RDT holds that organizations depend on resources thus the idea of merging, due to increasing resource scarcity, appealed to both institutions(Pfeffer & Salancik, 2003).On paper, the merger between these two institutions made sense – both institutions were close to one another and competing for diminishing resources. Together they could reduce administrative costs and join forces to negotiate with large insurance companies. The need to create a new culture and dissolve historically existent power struggles were two large tasks that needed to be addressed in order to ensure a successful merger. However, the way in which the merger was organized did not lead to a successful merger.UCSF Health Care did not spend adequate time creating a shared culture in which the two organizations would see one joint organization with shared power (resources). On paper both organizations agreed to share power, however both parties behavior showed otherwise. Dr. Rizk Norman, co-chair of the combined physician group of UCSF and Stanford faculty, attests that neither institution was ever comfortable enough to share financial information(â€Å"UCSF, Stanford hospitals just too different,† n. d. ). UCSF did not fully disclose their fiscal concerns regarding one of their sinking hospita ls, while Stanford was also guilty of ithholding information (â€Å"UCSF, Stanford hospitals just too different,† n. d. ). Merging into one should eliminate the sense of two separate entities, however not enough was done to shape the merger in such a way that facility and staff felt like equal partners. Loyalties existed within the organization, beginning at the top with the Board of Directors. Structurally the board was split between seven Stanford board members and seven USCF board members and three non partisan members, however loyalties to ones particular institution never dissolved(â€Å"UCSF-Stanford Merger,† n. d. ).As outlined, RDT, holds that organizations depend on resources, which originate from their environment. Resources are an organizations power used to compete in their environment. The two health systems shared an environment, thus competed with one another for power (resources) (â€Å"UCSF-Stanford Merger,† n. d. ). Because Stanford was a for-p rofit organization, they held more fiscal power over UCSF. Pfeffer and Salancik argue that the way to solve problems of uncertainty and interdependence is to increase coordination, more specifically, to increase shared control of each other’s activities(Pfeffer & Salancik, 2003).Had the two institutions worked from the beginning to increase coordination and communication between both institutions the merger may have more changes in succeeding. Increased coordination between the two institutions could have lead to the creation of a strong culture. Culture is the shared belief, expectations and values shared by members of an organization. (â€Å"Leading by Leveraging Culture – Harvard Business Review,† n. d. ). Employing a new culture starts from the top, management must model in accordance with the new culture.This was not done at UCSF Stanford Health Care due to existing loyalties. Adding to the culture struggle, the institutions were far enough away from one an other to merit concern. For an organization to flow smoothly, clear communication channels need to be established. Without open communication and collaboration a shared culture cannot emerge. Weak cultures harm the workplace by increasing inefficiencies that lead to increased costs. UCSF Health Care model from the top down to create a shared culture.Had leadership spent adequate time addressing ways to dissolve existing power struggles, and creating a shared culture that would set the foundation to achieve a new-shared vision, the merger could have been successful. Engaging leaders in creating a strategic plan to merge two separate existing cultures would have encouraged them to show support and dissolve power struggles. Shared resources, open communication and a culture of oneness may have set the foundation for a successful merger between the two organizations. References Etten, P. V. (1999). Camelot or common sense? The logic behind the UCSF/Stanford merger.Health Affairs, 18(2), 143–148. doi:10. 1377/hlthaff. 18. 2. 143 Kahneman, D. , & Tversky, A. (1979). Prospect Theory: An Analysis of Decision under Risk. Econometrica, 47(2), 263. doi:10. 2307/1914185 Leading by Leveraging Culture – Harvard Business Review. (n. d. ). Retrieved October 16, 2012, from http://hbr. org/product/leading-by-leveraging-culture/an/CMR260-PDF-ENG Pfeffer, J. , & Salancik, G. (2003). The External Control of Organizations: A Resource Dependence Perspective. Stanford University Press. Simon, H. A. (1997). Models of Bounded Rationality, Vol. 3: Emperically Grounded Economic Reason.The MIT Press. UCSF-Stanford Merger: A Promising Venture. (n. d. ). SFGate. Retrieved October 16, 2012, from http://www. sfgate. com/opinion/article/UCSF-Stanford-Merger-A-Promising-Venture-2975174. php#src=fb UCSF, Stanford hospitals just too different. (n. d. ). Retrieved October 16, 2012, from http://www. paloaltoonline. com/weekly/morgue/news/1999_Nov_3. HOSP03. html ——â€⠀Ã¢â‚¬â€Ã¢â‚¬â€Ã¢â‚¬â€Ã¢â‚¬â€Ã¢â‚¬â€œ Fall 16 PM 827 A1 Strategic Management Of Healthcare Organizations UCSF Stanford Healthcare – Why They Merged and Why The Merger Was Unsuccessful Sofia Gabriela Walton Mini Exam #1 08

Contemporary approaches to leadership theory Essay Example

Contemporary approaches to leadership theory Essay Example Contemporary approaches to leadership theory Paper Contemporary approaches to leadership theory Paper Trait theory based on the qualities of the leaders where it means that ‘leaders are born, not made. ’ Leaders consist of different qualities where for an effective leader some qualities like judgment, drive, fairness, energy, initiative, human relation skill and foresight. This theory is discredited more or less. Behavioral theories The styles of leadership are the collections of leadership behavior that are used in different conditions in different ways. Among many classifications of styles, leadership styles are extent to the focus to the leaders whether this is task/performance based or relationship/people based. Two models describes the key terms: Asridge model: Tells: Here all the decisions are made and issues are instructed by the leader that must be followed. Sells: though still all the decisions are made by the leader but subordinates are motivated here to accept those rather than being emphasized. Consults: here ideas are conferred by the leaders with subordinates by taking their view though the final saying is retained by the leaders. Joins: leaders and subordinates both take part in decision making based on the consensus. Blake and Mounton’s managerial grid: Two basic dimensions of leadership have been observed by Robert Blake and Jane Mouton through their research one of which is concern for production and the other is concern for people. Mangers could be located from very low to very high concern at any point on a continuum along any of these two dimensions. Various permutations are observed in these two concerns that are not correlated. These permutations are modeled as a grid by Blake and Mouton. Concerns for people are represented by one axis and concern for production is represented by another. Nine points from 1(low) to 9 (high) are allotted to each axis. 1. Transformational theories are based on the reaction of a leader in any transactional situation in contrast with the transformational situation. Where transactional theory is based on the rewards and punishment system, transformational leadership focuses on the other hand to a bigger picture heading to the achievement of a common goal. Again the types of leadership style are also focused by the transformational theory. MS Leadership case: MS is the leading UK retail giant especially in the clothing sector. The company was founded in 1884 in Leeds by Michael Marks and Thomas Spenser in Leeds. Now the company has 700 outlets United Kingdom and another 300 stores are flagged in 40 countries throughout the world. Company’s headquarter is based in London. Different attributes of MS leaders are as follows: Greenbury acted like a task manager (9,1) in respect to some aspects like unilateral, push people for only profit, eavesdropping and good reward in finance based on the team morale. The action of Bostock and Rose were like a team manager (9,9). They insisted on the unity of the team, motivation and confidence of people for the effective results. They used both directive/task focused and supportive/ people-focused attitude. Again, Greenbury and Salesbury are considered as autocratic where Rose played a role of a consultive leader. Bostock was democratic in his leadership approach. The history of MS is based on the autocracy culture. Though Greenbury tried to alter it to the consults/join approach by encouraging of board meeting and involving people but due to the strong base of autocratic style, he stepped behind. Rose followed tells style especially during solving problems. Both of them used sells and consult approach in some contexts. Determine leadership approaches relevant for the 21st century, drawing on theories and tools as practiced by leading international organizations. In the 21st century, a new leadership approach has emerged based on the bottom-up transformation that is inspired by building community and also by shared power. Three themes are implicated in this framework: Shared leadership: According to this leadership, everybody has the qualities of leadership inside and can pool and drawn upon this during necessity specially while working in a group on any vital common issue. Leadership as relationship This theme is based on the idea of relationship network and on the concepts of partnership, empowerment and service. Leadership in community This leadership assumes the community as the conceptual setting where the relationship of leadership occurs. According to Farkas and De Becker, leaders can lead in five ways: Strategic Approach The top strategist is the Chief Executive of any company who envisions the future systematically and map out specifically the way to get there. Human Asset Approach Success is managed by the Chief Executive with the help of policies of people, principles and programs. Expertise Approach A particular propriety expertise is championed by the Chief Executive what is then utilized for focusing the organization. Box Approach A set of rules, procedures, systems and values are developed by the Chief Executive in order to control behavior and results within the well defined constrains. Change Approach The Chief Executive behaves as a radical change agent with the transformation of bureaucracies within the organization embracing the new and different approach. With the entrance of 21st century, the predictions of the concept of leadership development are seemed as follows: 1. Leadership is for all – every individual in the present organization is a team member and a manager as well. For this reason, leadership is needed to be learnt and exhibited by everyone. 2. Learning is involved in leadership – leaders always discover new knowledge and know the way of sharing it with others. With the spread of learning culture, leadership can be shown more than ever before. 3. Leadership is based on team – Though every organization maintains the hierarchy and it will be exist, but the best organizations always empower their members to become a leader. 4. Leadership is not authoritarian – in this 21st century, the authority of an individual is counted by his/her saying but not with his/her status. Here, leaders communicate with people but to people. New way of leadership is the outcome of new way of communication. 5. Followership is included in Leadership– leadership responsibility may be more or less person to person but every individual will learn from others. The experience of becoming a contributor will be possessed by everybody. Explore and examine your own personal and managerial effectiveness within an organisation through a process of personal reflection. Leadership Development Through Experience 1. The people I personally work with I am stimulated to the development by the people I always work with. They play a vital role both in my personal and professional life. According to Kouzes and Posner, ‘‘other people have always been important guidance sources. Our parents always provide us with advice and supports, our curiosity for any favourite subject was developed by any particular teacher, we tinkered in the garage with the help of our neighbour, we were motivated and promised to give our best to our coaches, we were given important feedback by our counsellor on our attribute and its affect, the master of art instructs us in the basic of craft, our first boss taught us to skip the ropes and hoops to jump. ’ I am learning about the leadership whether it is effective or not by being attentive to my surrounding models who may be my immediate boss. I am taught what to do or not to do with help of watching the leadership roles of others. Again, through the close alliance with any experienced individual who is referred as mentor and by taking me under his/her wing, valuable perspectives and insights can be achieved by me. Executive coaching is extensively becoming a common responsibility of all the executives to the managers who report them and it is also relevant to monitoring. Again it is regarded as an investment to change counterproductive attribute, always interpersonal which is the threat of derailing a valued manger. Development of Leadership Through Task 1. The task itself The task of development is always vague and more complex. The development of leadership can be increased with changing of work environment. New and creative solutions may be needed for the nature of task. The strategic planning project can be intellectually challenging and can contribute to the development of the leaders. Those development opportunities are the best where individuals are stretched and allowed to test themselves against any new and hard task. Some factors impacts on any task whether it is developmentally challenging or not or high level of pressure is generated. These factors include deadlines, requirements of travel, more hours and an unpredictable task where both there is a possibility of both success and failure. All the employees may not be provided with the same development opportunities by the organization what is the aspect of the task of leadership development. There is an outstanding difference between large and small organizations in particular in what opportunities they offer. Leadership Development Through Education 1. Courses of University in leadership The training program of leadership is now a day included in many universities particularly in the extracurricular activities. Personality traits, behaviours of leadership, motivation, values and different leadership theories are included in those courses for describing the process of leadership. Method of standard lecture is used in several courses. Again students are provided with individualised feedback in some courses in the form of intelligence, values, personality and ratings of leadership behaviour. Several situations of leadership are described in the case studies that are used as the conveyer of the leadership discussions. Another method is role playing where participants are assigned to play a role in a job related scenario. Trainees are thus helped to practice relevant skills. 1. Training programmes of leadership The contents of such programs are more focused and the programs are normally very short. They include lectures, case studies and role playing exercise for the improvement of leadership. Four different teaching methods provide effective training. These include personal growth, building of skill, feedback and conceptual awareness. Develop an in-depth understanding of the principles of change and the organisational change process. Change management is termed as a structured way for the transition of individuals, teams and organizations from the present to expected desired future state. There are 10 principles of change management according to John Jones, DeAnne Aguirre and Mathew Calderone : Systematically addressing the human side: 1. The approach of change management should be fully integrated into the design of program and making decision that leads to make strategic decision. Any people issues should be dealt step by step for putting speed, morale and outcome at any risk. Start at the top 1. Change should be embraced first by the top leader of any organization like CEO for taking challenge and for motivating others. They should be model to the expected behaviors and should speak in one voice. Involving each layer 1. Leaders should be identified and trained in each layer of change efforts and they must be aligned to the vision of the company. they also should be equipped for executing particular mission and should be motivated for making change happened. Making the formal case 1. As the individuals are rational inherently, formal case can be articulated and written version statement can be created that will ensure the alignment between team and leadership. Creating ownership 1. Ownership can be best created with the involvement of people to identify problems and to craft solutions. It can be tangible or psychological and is is reinforced by incentives and rewards. Communicating the message 1. Change programs can be best where core messages are reinforced through regular and timely advice which is both practical and inspirational. The flow of communication moves out from the top to bottom and employees are provided with the right information at the right time that helps soliciting their input and feedback. This communications require multiple and redundant channels. Evaluating the cultural landscape 1. Leaders are accounted for culture at each organizational level through the successful change program where speed and intensity are picked up when they flow down. Cultural diagnostics helps to assess the readiness of organization to the change, bring key issues, identify conflicts and define factors of recognizing the leadership and resistance sources. Addressing culture clearly 1. The culture and underlying behaviors should be cleared by the leaders that support the new business method. Opportunities for rewarding those behaviors are also found by the leaders. A cultural change can be kicked start effectively with the understanding that all companies posses a cultural centre. Preparation for the unexpected 1. Effective change management continuously reassesses the impact of the unexpected reaction of people, willingness of organization and ability of adopting the next transformation. Momentum can be maintained with the real data from the field and solid decision making. Speaking to the people 1. People want to know about the change, the expectation towards them and their performance assessment process. Leaders need to be cleared and honest about this all. Rewards should be promoted as dramatic reinforcement to embrace change.

A child called it Essay Example | Topics and Well Written Essays - 1000 words

A child called it - Essay Example In many cases, the child, because of illness, irritability, or the parents incorrect choice of actions, would not return the desired and expected response. In such an interaction, the child’s purpose can be seen as blameworthy. Pelzer writes that his mother often found any excuse to bit him: â€Å"SMACK!. Mother bits me in the face and I topped to the floor. I know better than to stand there and take the bit, I learned the bard way that she takes as an act of defiance, which means more bits, or worst of all, no food † (Pelzer, 1995, p. 3). As a child, Pelzer cannot resist domestic violence and psychical abuse. This situation creates feelings of helplessness, frustration and anger. A hasty move of children can also generate stresses for both the children and caretakers alike, with the children suddenly uprooted and the caretakers unprepared to meet their needs. In contrast to his siblings, favored by his mother, Pelzer was beaten, bruised and sometimes tortured for a long time. In some instances his injuries threatened his life: For instance, once Dave was stubbed in the chest, and â€Å"the pain from the pinching was more than I could stand. With my teeth clamped tightly on the rag, my screaming was muffled. I felt as though I was hanging from a cliff† (Pelzer, 1995, p. 23). This book is about emotional abuse and psychological distress caused by parents. Pelzer was subjected to emotional abuse and neglect, including malnutrition, being left alone and living in squalid conditions. It seems likely that Pelzer subjected to violent parenting repeatedly asserted his needs and his dependency only to find his caretakers unable to meet them. In such cases, the childrens immaturity would have been experienced by the parents as an intolerable extra demand that competed with the parents own dependency wishes. Frustration and violence to the children then resulted. The author describes: â€Å"I knew if I wanted to live, I would have to think ahead. I could no longer cry like

Virtual lab 3 Assignment Example | Topics and Well Written Essays - 250 words

Virtual lab 3 - Assignment Example However, if they grew independently, each would utilize the readily available natural resources and develop most favorable strength, leading to both surviving. On the tenth day, the Paramecium caudatum population reached the carrying capacity of the environment when grown alone. This is given that, subsequent to counting them repeatedly the number remained the same. On the fourth day, the Paramecium aurelia population reached the carrying capacity of the environment. This is given that, subsequent to the fourth day, the Paramecium Aurelia started dying out, whereas the others remained strong. When the two Paramecium species utilize the available food resources, then one of them has the likelihood of benefiting from more of the available resources over the other one, further leaving it to scramble for the fast depleting food (survival of the fittest). In this regard, the weak Paramecium species will lose the fight and die out. This will enable the strong one to grow strong to maturity while utilizing the readily available resources. Another observation entails the existence of chemical components that may lead to the death of one of the Paramecium species. Upon mixing the paramecium population in one test tube, one started dying out gradually. The other one attained its carrying capacity, further growing steadily leading to the death of the other

Marketing Techniques Essay Example | Topics and Well Written Essays - 750 words

Marketing Techniques - Essay Example Customers are attracted by luring with many free offers so that they will fall into the trap. By this the company can increase their market share and when they have considerably large customer base the company will remove the free offers given to the customer. This is a very common tactic used in business these days. The following are the Telephone services offered to customers. 2. Cell phones offered free with many months incoming free and hundreds of minutes free talk time with camera phone all the advanced features like blue tooth, wireless internet, giga bytes of storage, mega pixel camera and many more. Ice cream: No dought ice creams are the most sought after impulse buying eatable since invention and it continues to be. Ice creams are liked by people of all ages and irrespective of gender, cast creed nationality and. Customers are attracted to buy ice creams by offering many flavors and with large varieties of making. Though all ice creams sweet the way there are made and with what ingredients it is made makes it the most desirable delicacy. The latest way of attracting the customers is by offering diet ice cream, which has low calories and which can be eaten by even sugar patients. Tennis Shoes: It is well known that sports shoes need to be of high precision so that players can rely on them. What makes shoes differ is that for which sport they are used. For every sport the making of the shoes differ. Tennis shoes are made in a manner so that they can glide on the grass court giving the player the extra mile to access the ball from a far distance and at the same time it should hold the ground firmly giving the player that extra confidence. It is this feature, which is used to attract the customers by the company and at the same time pricing them with exorbitant rates. Global players like Adidas and Nike use high end engineering to manufacture sports shoes. Hair Saloons: The most interesting part about hair saloons is that it needs the minimum investment and the returns are very high. Hair Saloons offer the latest fashion and trends set by the fashion houses. They offer wide varieties of hair color, manicure, massage, facial, grooming required for even bridal make up and etc. It not only women who are now interested but also more men are showing interest in their personal grooming. This attention is being cashed by the boutiques and hair saloons. Hair saloons offer the costumers with the latest technologies in personal grooming. The astonishing part is that hair saloons charge exorbitantly for the services offered. Frozen Pizza: The segmentation used in frozen pizza is in four categories. Regular pizza, premium pizza, Gourmet pizza and the general fill-im up pizzas. The pizza giants offer with delicious toppings on the pizza to the customer, which lures the customers to grab one at the same time getting so many categories to choose with. They offer with many toppings if selected for five persons like family packs at fewer prices. Apart from this frozen pizza are also available as break fast pizzas and bite size snacks

Factors Involved in the Tanker Contract Essay Example for Free

Factors Involved in the Tanker Contract Essay Issues that relate to security are of key concern to all nations (Meyer, 2007). The national security and internal defense are some of the sectors that are allocated lump sums of resources in the budgetary allocation (Meyer, 2007). Such allocations are in line with the perceived importance that the area of defense has. The united states as a country is no stranger to conflict and is one of the country that has been involved in external conflict for long periods of time both in the 20th and 21st century (Meyer, 2007). The politics involved in the security are some of the most interesting and widely covered happenings in the US press. Financial power is seen to go in line with military power in that countries that have the financial ability tend to develop their military capabilities and the same can be said of countries that have military abilities. National security is an area of key concern and therefore there is lots of secrecy involved in its dealings (Meyer, 2007). The nature of the deals often require utmost confidentiality from the parties involved and therefore many transactions happen in well defined and approved channels. The military association are developed with time and may be extended to association in other areas since its better to develop good relations with persons with security details that could be detrimental to the country if leaked (Meyer, 2007). The military world has been developing with technological improvements and the military equipments currently being used are characterized by more accuracy and considerable throughput (Verkuil, 2007). These two factors are but a few of the considerations in choosing a partner or a contractor that will help in developing certain aspects of the security system (Verkuil, 2007). It therefore does not come as a surprise that military procurement procedures and processes have considerable controversy since people have varied views on efficiency and security implications (Verkuil, 2007). This research paper analyses the issues involved in the airforce contract tender to build tankers between Boeing and Northrop Grumman with the aim of highlighting key issues involved in addressing security critical details. Background Boeing KC-767 is one of the military aerial refueling strategy that had been developed by Boeing 767-200 (CBS News, 2008). The tanker was designated KC-767 after it was selected by the US airforce to replace the KC-135s. However, in December of 2003, the contract was frozen after corruption allegation on the bidding process were forwarded. The development of the project is said to have cost Boeing over $ 1 Billion as the project was based on the assumption that the US airforce will be the chief consumer. Ever since the freezing of the project the Italian and the Chinese government have each ordered a number of these tankers. To address the KC-X competition the Boeing offered the 7627-200 Long range freighter which is based on the KC-767 (Online News Hour, 2008). However, the Department of defense selected KC-30 which was developed by Northrop Grumman (CBS News, 2008). The Boeing company on the 11th March 2008 submitted a protest on the decisions made by the airforce, the United States accountability office upheld their protests and in so doing the status of the KC-45A was placed in doubt and therefore the Boeing company was again in position to bid for the contract (CBS News, 2008). This was no to be since the US government in September 2008 terminated all bids on the KC-X (CBS News, 2008). In March 2002, the US airforce selected Boeings KC-767 on the grounds that it had clearly demonstrated the abilities to meet their requirements. The United States Airforce (USAF) in their acceptance statement brought out four points that they cited as being behind their decision (CBS News, 2008). The Boeings design was designated KC-767A and was included in DODs 2004 model designation report. Approximately 100 KC-767 tankers were leased from Boeing for the air refueling program. Even though the refueling program was in place in many countries in the US, many had questions about its effectiveness and cost implications especially the idea of leasing crafts which may never have any buyer once the lease period was over. This argument brought forward by senator McCain was however countered by the number of US allies who were more than willing to buy their used crafts (CBS News, 2008). The congressional budget office was next in line as they criticized the budget stressing on its fiscal irresponsibility (United States Government Accountability Office, 2008). This led to the striking of a deal where the state would buy 80 KC-767 and lease twenty (United States Government Accountability Office, 2008). However, in December of 2003, the pentagon announced that the project had to be frozen due to a corruption allegation brought against one of its former staffer (CBS News, 2008). Furthermore, documentations that proved that the A330 based tankers were more suited to the task specifications of the airforce were more cost effective relative to Boeing tankers were found (CBS News, 2008). The scandal led to the sentencing of the culprit who pleaded guilty to corruptions and led to the resignation of Boeings CEO. Donald Rumsfeld in 2006 announced the cancellation of the KC-767A leases as a measure aimed at cutting the costs and a redefinition of the USAF mission (United States Government Accountability Office, 2008). The defense secretary further stated that the move will not in any way affects the mission of the KC-767A as the upgrade of the KC-135s fleets will help in moving towards the goals (United States Government Accountability Office, 2008). However, the development did no affect the relationships between Boeing and its other customers. The development were however short lived and Boeing and Northrop were soon back in the ring fighting for a big defense contract. The basis of Boeings arguments was that the KC-30 was more versatile and had a large furl capacity than the KC-135 that were being used by the airforce. The KC-135 was developed by Boeing who were bidding for an airforce contract against their nemesis Northrop Grumman . The latter won this round of battle as the departments of defense announced that it has won the tender to procure 179 new KC-45A tankers (Online News Hour, 2008). The Boeing company almost immediately took to the Government Accountability Office and filed a protests claiming the evaluation of its KC-30 was unfair (Online News Hour, 2008). Boeing further claimed that its refueling tanker could easily be reconverted to a passenger plane compared to Northrops version as shown in the Air forces post decision briefing. According to Boeings vice president they had more strengths than their competitors was all he heard from the post decision briefing. Boeings protests led to a review of the selection process by the accountability office which forced Northrop to freeze the project which it had already allocated $ 35 billion (Online News Hour, 2008). Northrop Grumman executives are on the other hand highlighting the irresponsibility involved in freezing a critical project to the development of the military for expensive lobbying in the congress that will inevitably lead to a change of the decisions made by the airforce (Online News Hour, 2008). Northrop Grumman executives further claim the decision is ironic since they put their best efforts in ensuring that the airforce receives a products that they consider the best in consideration of the design (Online News Hour, 2008). They are pushing for the public knowledge of the facts of what they represents and what they are not. The congress was divided sharply on this issue and so was the general public. Boeing supporters claim that the Northrop Grumman design was a basic passenger airbus plane (Online News Hour, 2008). A Kansas congress man was cited claiming that the decisions made by the airforce was a bad one as the airforce as it has bend backwards to deal with a French company (Online News Hour, 2008). Boeings die hards near its main production facility claimed that it is the only true tanker manufacturers and a mistake had been made (Online News Hour, 2008). A Washington senator supported this point of view and claimed that offering a military contract to a foreign company was suicidal and would incapacitate Americas ability to develop their own fleet if they should ever pull out of the deal (Online News Hour, 2008). An Alabama state senators is of a different view and approached the subject from a resource allocations view point (Online News Hour, 2008). People near Northrop are bound to benefit more that those near the Boeing plants and therefore there senators have opinions that display their satisfaction or dissatisfaction with the resource allocations (Online News Hour, 2008). She further states that there have to be losers and winner either way (Online News Hour, 2008). The Boeing group further accuse the airforce of a change in parameter in order to accommodate the design put up by Northrop Grumman so as to ensure two bidders are present (Online News Hour, 2008). Even though many are of the view that the airforce was trying to lock out Boeing due to the scandals it previously had, Boeing executives were of the view that was not the case as the specifications that were asked by the airforce were changed considerably to ensure Northrop was in the race (Online News Hour, 2008). They further claim that the large sized tanker proposed by the Northrop was a liability and only countries not interested in their taxi ways would allow for such aircrafts. The Northrop group however counter this argument by stating that their design is more sophisticated and has advantages that are yet to be seen (Online News Hour, 2008). Issues Boeing is one of the worlds best known manufactures of aircrafts and so is Northrop Grumman who are the manufacturers of the airbus (Online News Hour, 2008). These are two top brands who are obviously competing in other areas of business and therefore any decision that involve them is bound to raise considerable heat. It should b noted that both are American companies though Northrop Grumman is partly owned by a French company. The nature of the contract which involves the security of America as a nation is a matter of national concern as it involves the development of structures that could ensure the growth of security systems. Boeing and Grumman being business structures, such a big contract will obviously attract the interest of stakeholders from both sides. There are a number of key issues that have been brought out by the airforce contracts which include: i. Politics Military contracts are a matter of public concern since it is in place to protect the public, the resources used in the military contracts are derived from taxpayers and therefore the failure of such projects will be a waste of taxpayers money (Meyer, 2007). When McCain questioned the cost effectiveness in leasing planes that would otherwise have no values when their lease period was over his motive as the senator of Alabama was to ensure that the taxpayers money is channeled to useful projects. Furthermore, it is quite clear that the politicians have the ability to shoot down potentially useful deals due to what Northrop Grumman executives refer to as expensive lobbying. Politics is not always objective for there are situations where the stakes involved are shielded from the public and though the politics and viewpoints will be developed to suit the public, the real reasons are often personal (Meyer, 2007). The inclusion of politics in such cases therefore has both advantages and disadvantages and should be weighed carefully. Military procurement just like any other public procurement scheme is prone to corruption, this was the case in the original contract that was brought to an end by Rumsfeld in 2006. Moreover, the big money involved in military procurement processes act as a natural catalysts for corruption, therefore there is need to come up with a robust self regulated systems that will ensure that such unethical practices are not in anyway included in the procurement process, the congress thus comes into the picture (Meyer, 2007). However, the political system is not known for its objectivity. In the cases, some of the reasons brought out against Northrop Grumman are flimsy and lack in objectivity. The fact that there will be lobbying is a clear sign that there will be loss in objectivity thus the decision will tend to favor groups that are be able to garner enough political support in the congress. Furthermore, the political system is one of the most corrupt system there is and the rationale in placing such a system to guard against corruption is questionable. ii. Security Military procurement is a security critical matter (Meyer, 2007). The military is in place to ensure that the US is protected against its external enemies (Meyer, 2007). The seriousness with which the equipment tendering process is treated and the keen eye that the media watches the unfolding of such events relay the importance placed on the military by the American people. The US is traditionally a fighting nation and the effectiveness of its military and equipments is one of the factors that has cemented its place as a world power. Military activities require high levels of secrecy (Meyer, 2007). There is need to come up with effective equipments that can be used in varied situations. It should be noted that the arguments brought forward by the executives from both sides are centered around the superiority of their products or the weaknesses of their opposite. The need for accuracy and well developed products that have the required reputation are some of the considerations that led to the two big companies making it to the final stage. The two companies are multinationals that have developed their brands all over the globe. It is noteworthy that when the US defense secretary cancels Boeings leases other nations still seek their products and are continues seeking the products that have been labeled cost ineffective due to the reputation associated with their brand name. The importance of the security system is seen in the number of avenues and legislative systems that have been put in place to ensure that the process is done in a just manner (Krishnan, 2008). When the airforce declares that Northrop Grumman had won the bid for the airforce tankers, Boeing seeks redress through a different avenue: Public accountability office. The office looks at their complaints and decides to freeze the process. It should be noted that it was the same office that had early in the decades frozen a billion dollar Boeing contract due to corruption charges. Even though there are systems put in place to ensure proper procedures in procurement of services and services, they can be outdone easily (Krishnan, 2008). The corruption allegations made in the initial Boeing contracts are a clear case where the protocols were overridden and it only came to realization a couple of months after the contracts had been signed. Furthermore, the fact that is was later found out that a different design could meet the specifications made by the airforce with reduced costs clearly show that even though the guidelines are put in place they are rarely followed thus the need for a system or authority that will follow up on the recommendations and processes to ensure that they conform to the laid out guidelines. Some politicians have argued that the French affiliation of the airbus manufacturer is in itself a security risk and therefore a purely American company should be contracted. However, such a contracting systems will obviously lock out other capable companies and therefore bring about questions on the integrity of the bidding process. America has prided itself as being a liberalized nation, putting up measures that will lock out other qualified members on the basis of the compositions of its investors is contrary to the spirit of liberalization. Furthermore, being involved with a company that has partnered with a success story in Europe shields the tanker project from American economic downtimes though it effectively ensures that the project is affected by the happening in Europe. It is unrealistic to lobby for Boeing on the basis of confidentiality; a company that has already shown traces of corruption cannot be trusted and neither can a company that is yet to prove its worth in the military sector. Therefore, system should be put in place to ensure that the projects are monitored and compared to some given standards if either is to be awarded the contract. iii. Stability The US is the father of capitalism and is therefore a country that is characterized by intense competition between industry players who will always be on the look for additional finances that will ensure their development into the future (Verkuil, 2007). On the day it was reported that Northrop Grumman had won the military contracts its share prices rose by over 20 cents and Boeings shares fell by a couple of cents (CBS News, 2008). Note, the development in the contract procurement were being watched by investors who will then make their decisions on which company to invest in. Even though the large money involved in the transactions may be enough to lure investors into channeling their resources to a particular company, the reputation involved in being a company contracted with one of the worlds best airforce to develop its aircraft tankers is enough to cause significant changes in the companys share index. Being a capitalistic economy where entities gain at the expense of others, Boeing is bound to feel the pinch. The situation is made worse by the consideration that Boeing has a well developed reputation and therefore failure to win a contract from a partner that it has associated with for a long time may be taken by the investors and its consumers in the wrong light. It may imply that the partner does not trust its capacity to develop superiors products or has doubts on its potential to remain productive. To bring the idea of reputation into perspective, many are of the notion that the corruptions charges brought against Boeing may have affected its chances of successfully bidding for the contract (Verkuil, 2007). This holds considerable weight in that the military is not all about facilities but also reputation. The American people and its enemies will always keep a keen eye on the military and any transactions conducted with a partner who is proved to be corrupt will dent on its integrity thus its reputation. Conclusion Awarding a contract to a company to deliver services that are of public interest is a complex process and will always involve the media and many other systems that have been put in place to ensure the safety of the public. Individual good and interest will always be central in the arguments brought forward by most people, this is more pronounced if the contract will significantly affect many people. It is therefore upon the government and the social systems to ensure that the systems put in place to ensure effectiveness of the bidding process are functioning properly and are robust enough to deal with the dynamism associated with such processes. If need be, changes must be instituted to ensure that the system are functioning. The products delivered must measure up to some predetermined standards to ensure quality and accountability. These measures and other quality management measures if well integrated into the bidding and implementation of contracts that are of public interest will ensure that the public benefits in the best possible way. Word Count: 3271 Reference List CBS News (2008). Boeing Spurned On Huge Air Force Contract. Retrieved 13 October 2008 from http://www. cbsnews. com/stories/2008/02/29/business/main3894669. shtml? source=RSSattr=Business_3894669 Krishnan, A. (2008). War as Business: Technological Change and Military Service Contracting. Aldershot: Ashgate Publishing, Ltd. Meyer, J. (2007). Working in a War Zone: Military Contractors. New York: The Rosen Publishing Group. Online News Hour (2008). Boeing, Northrop Grumman Clash Over Tanker Contract. Retrieved 13 October 2008 from http://www. pbs. org/newshour/bb/military/jan-june08/tanker_05-06. html. United States Government Accountability Office (2008). Statement Regarding the Bid Protest Decision Resolving the Aerial Refueling Tanker Protest by The Boeing Company. Retrieved 13 October 2008 from http://www. governmentexecutive. com/pdfs/061808cd1. pdf Verkuil, R. (2007). Outsourcing Sovereignty: Why Privatization of Government Functions Threatens Democracy and what We Can Do about it. New York: Cambridge University Press.

Security Issues Associated With Mobile Commerce Information Technology Essay

Security Issues Associated With Mobile Commerce Information Technology Essay The report investigates the current state of the Mobile-commerce based on its security and examines the predicted future developments of the system. A brief background of the M-commerce and its applications is initially outlined. The discussion will then focus on the security issues and solutions based on the five security objectives (standards): Confidentiality, Authentication, Authorisation, Integrity and Non-repudiation. The applications of these security standards will then be applied on two M-commerce applications, both involving mobile transaction: Mobile-Payment and Mobile-Banking. It is concluded that further technological development in M-commerce system will be required, in order to improve the quality of service and ensure the user that such a system is safe to use. Nestor Mfuamba Introduction The term M-commerce (mobile-commerce) derives from E-commerce (e-commerce) which denotes business transactions over the internet. The transactions could be buying and selling goods/services by accessing the internet. Both M-commerce and E-commerce are part of two districts business markets: B2B (Business to Business) and B2C (Business to Consumer), the two distinct from dealing with business for the first and dealing end consumer for the last. From these business concepts, we can see that a B2B market, is more like E-commerce, where a business / user, accessing the internet for business transactions from an unstated devices. The technology used for this system could either be wireline (home PC, end user devices) or wireless (via mobile phones, PDAs, end user devices). In fact the term M-commerce, is all about a wireless E-commerce that is where a mobile device is used to access the internet for business transactions either in B2B or B2C markets. With the ubiquitous availability of mobile phones (other end user devices), M-commerce services have a promising future, especially in the B2C market. Future development applications include buying over the phone, purchase and redemption of tickets and reward schemes, travel and weather information, and writing contracts on the move. However, the success of M-commerce today, very much depends on the security of the underlying technologies. For example, credit card charges for transactions on the internet are 15%, versus 1% for POS (Point-of-Sales) credit card transactions. The chargeback rates grow to 30% digital product are sold. For M-commerce to take off, fraud rates have to be reduced to an acceptable level. As much security can be regarded as an enabling factor for the success of M-commerce applications. In this report, I discuss the security issues associated with M-commerce and their solutions based on two existing M-commerce applications, namely: Mobile Payment Systems: business transactions on the internet require the payments of either goods or services. M-payment systems have different requirements and characteristics than E-payment systems (electronic-payment). Mobile-Banking Systems: types of execution of financial services in the course of which within an electronic procedure the consumer uses mobile communication techniques in conjunction with mobile devices for banking transactions. M-commerce Definition The term m-commerce can be defined in many ways. From own experience and research, m-commerce is just an electronic commerce system that is accessed from mobile phones. Both e-commerce and m-commerce are B2C (Business to Consumer) systems. According to the OECD (Organisation for Economic Co-operation Development), e-commerce follows two criteria that are: Automation of transaction Spatial separation of transactions and delivery By definition m-commerce is a business commerce system using mobile device for business transactions performed over a mobile telecommunication network, possibly involving the transfer of money. Based on research done by Kalkota Ravi and Robinson Maria, they have actually divided m-commerce into five descriptive phases: Messaging m-commerce (SMS)-based m-commerce) Info connectivity m-commerce (web based m-commerce) Transactions m-commerce (strategy for organisations in order to evolve revenue generating mcommerce) Transformation m-commerce (m-commerce is interconnected and implemented into business processes within and between organisations) Infusion -m-commerce (and m-commerce is a normal way to do business this means a culture change from one, in which technology is occasionally handed over to the other one where technology is an accepted part) Technology and Applications The technology of M-commerce is built on several key technologies. They distinguish by their common uses. Mobile phones have developed gradually, making significant changes to their standards, starting from the first generation (analogue phones) to the third generation (3G): first-generation or analogue phones good for voice calls second-generation phones use digital technology and are typical of the average phone in use today 2.5G digital phones support the transmission of data using general packet radio service (GPRS) third generation (3G) digital phones support voice and data transmission at greatly increased speeds 3G supports services that were not possible with earlier technologies: video calls can be made and received from other 3G users video and other types of media can be downloaded to play on your phone 3G phones often have cameras, so you can take and transmit digital pictures location-based services can be accessed in order to see a map of where you are, or find out the nearest garage, restaurant, bank, etc M-commerce developments are focused very strongly on the use of 3G phone technology. Wireless application protocol (WAP) enables mobile devices to browse the internet because the web browsers built into these devices support hypertext markup language (HTML) and extensible markup language (XML) the key languages used for internet content. WAP-enabled devices run microbrowsers. These are applications that suit the: small screen and small memory size of handheld devices low bandwidths that are a feature of wireless networks for handheld devices Another important m-commerce technology is short message service (SMS), also known as texting. This popular service allows short text messages of up to 160 characters to be sent from and to mobile devices at a low cost. This has a wide application in m-commerce technology. Improvements to the service, such as T9 predictive text to help you type faster, have helped to improve the service, and a number of enhancements such as enhanced messaging (EMS) led to multimedia messaging service (MMS) messaging. With an MMS-enabled phone, you can: take digital photographs and store photographs on the internet send and receive full color pictures add a text message to your picture send and receive voice clips purchase pictures and sounds from the internet have enhanced polyphonic ringtones Mobile Application Types Communications: E-mail Clients IM Clients Mobile Web and Internet Browsers News/Information Clients On-Device Portals (Java Portals) Social Network Clients Games: Puzzle/Strategy (e.g., Tetris, Sudoku, Mah-jong, Chess, Board Games) Cards/Casino (e.g., Solitaire, Blackjack, Roulette, Poker) Action/Adventure (e.g., Doom, Pirates of the Caribbean, Role-Playing Games) Sports (e.g., Football, Soccer, Tennis, Basketball, Racing, Boxing, Skiing) Leisure Sports (e.g., Bowling, Pool, Darts, Fishing, Air Hockey) Multimedia: Graphics/Image Viewers Presentation Viewers Video Players Audio Players Streaming Players (Audio/Video) Productivity: Calendars Calculators Diary Notepad/Memo/Word Processors Spreadsheets Directory Services (e.g., yellow pages) Banking/Finance Travel: City Guides Currency Converters Translators GPS/Maps Itineraries/Schedules Weather Mobile System Architecture The figure bellow shows the architecture of an m-commerce system: from the design, we can clearly see that a user/client access the web via an xml server connected to a database. Figure1. Proposed M-commerce system architecture Mobile devices The applications of M-commerce can be implemented on different kinds of end user devices other than only mobile phones: Mobile phones PDA (Personal Digital Assistant) Smart phone the smart phone combines mobile phone and PDA technology into one device Laptop Earpiece device such as Bluetooth (as part of a Personal Area Network) The choice of devices in M-commerce is mainly based on the device features, and network technology used for transmission, the last allows the bandwidth capacity to vary and influence the kind of services the end user is able to receive. In mobile phones, the technology differs from other end user devices by their ability to have internal smart cards that determine their memory capacities. Nowadays, three solutions exist: Single SIM widely used around the world and confidential user information is stored one smart card. Dual Chip, means two smart cards in one mobile phone, as one used for user authentication to the network operator as the other, is used for value-added services such as m-payment or digital signature. Dual Slot, this type of mobile phones, has a SIM card and card slot for fully-sized external smart card. This solutions consists on using different cards one after the other. e.g. POS and ATM terminals. M-commerce vs. E-commerce This part of the report doesnt compare the two business systems. However, present advantages and disadvantages of M-commerce system over and E-commerce system. As defined in part 1.1., M-commerce is subset of the E-commerce but using end user devices as transaction platforms. The following list summarises, the advantages: Accessibility accessibility is related to ubiquity and means that the end user is accessible anywhere at any time. Accessibility is probably the major advantage by comparison with E-commerce applications involving a wired end user device. Ubiquity the end user device is mobile, that is, the user can access M-commerce applications in real time at any place. Security depending on the specific end user device, the device offers a certain level of inherent security. For example, the SIM card commonly employed in mobile phones is a smart card that stores confidential user information, such as the users secret authentication key. As such, the mobile phone can be regarded as a smart card reader with smart card. Localisation a network operator can localise registered users by using a positioning systems, such as GPS, or via GSM or UMTS network technology, and offer location- dependent services. Those services include local information services about hotels, restaurants, and amenities, travel information, emergency calls, and mobile office facilities. Personalisation mobile devices are usually not shared between users. This makes it possible to adjust a mobile device to the users needs and wishes (starting with the mobile phone housing and ringtones). On the other hand, a mobile operator can offer personalised services to its users, depending on specified user characteristics (e.g. a user may prefer Italian food) and the users location (see above). Convenience the size and weight of mobile devices and their ubiquity and accessibility makes them an ideal tool for performing personal tasks. Along with these advantages, we also have disadvantages, the following list summarises, the facts: Mobile devices offer limited capabilities between mobile devices these capabilities vary so much that end user services will need to be customised accordingly. The heterogeneity of devices, operating systems, and network technologies is a challenge for a uniform end user platform. For this reason, standardisation bodies consisting of telecommunication companies, device manufacturers, and value-added service providers integrate their work (see Section 4.5). For example, many current mobile devices implement an IP stack to provide standard network connectivity. At the application level, the Java 2 Micro Edition (J2ME) offers a standardized application platform for heterogeneous devices. Mobile devices are more prone to theft and destruction. According to a government report, more than 700000 mobile phones are stolen in the UK each year [12]. Since mobile phones are highly personalised and contain confidential user information, they need to be protected according to the highest security standards. The communication over the air interface between mobile device and network introduces additional security threats (e.g. eavesdropping, winds etc †¦). Security Concept and Challenges The concept of security in M-commerce is the most important aspect of a business that a mobile-system should respond to. There is no need to implement, such system without securing its environment, especially where transactions involve monetary value. Different views from participants in an M-commerce scenario, percept, security and privacy as major factors for markets breakthrough of the according system. Moving from participants point of views, I have defined five security objectives / standards that a system should respond to: Confidentiality: ensure privacy, the content of the transaction cannot be viewed by unauthorised persons and enables encryption. Authentication: ensure that the content of the transaction originates from the presumed sender/partner. Integrity: ensure that the content of transaction is not modified during the delivery and cannot be altered at any time. The technique used is called digital signatures. Authorisation: ensure that anyone involved in the transaction must be recognize and verified in order to authorize/allow the transaction to take place. It is more like digital certificates. Non-repudiation: no-one should be able to claim that any transaction on his/her behalf was made without their knowledge. The concept of digital signatures is applied. This standards dont just apply to end user devices, but to the whole systems involving device users, network (e.g. WAP, WEP), financial and administrative institutions (e.g. banks, governments etc.). I have identified, few security challenges related to the system: The mobile device confidential user data on the mobile device as well as the device itself should be protected from unauthorised use. The security mechanisms employed here include user authentication (e.g. PIN or password authentication), secure storage of confidential data (e.g. SIM card in mobile phones) and security of the operating system. The radio interface access to a telecommunication network requires the protection of transmitted data in terms of confidentiality, integrity, and authenticity. In particular, the users personal data should be protected from eavesdropping. Different security mechanisms for different mobile network technologies (i.e. in 2G, 3G, and other systems) were explained in part 2.2 The network operator infrastructure security mechanisms for the end user often terminate in the access network. This raises questions regarding the security of the users data within and beyond the access network. Moreover, the user receives certain services for which he/she has to pay. This often involves the network operator and he/she will want to be assured about correct charging and billing. The kind of M-commerce application m-commerce applications, especially those involving payment, need to be secured to assure customers, merchants, and network operators. For example, in a payment scenario both sides will want to authenticate each other before committing to a payment. Also, the customer will want assurance about the delivery of goods or services. In addition to the authenticity, confidentiality and integrity of sent payment information, non-repudiation is important. Threats scenarios In this part, I am going to present major threats to security based on the M-commerce security standards and address ideal scenarios, observed during each methods. The following list shows the threats: Money thefts: as long as, m-commerce involves transaction, driven by monetary values. The system will always attract hackers, crackers and anyone with the knowledge of exploiting and abusing the system. They often set fake websites, in order to extract customers personal data, credit card details etc. Threats to the system: mobile devices are not spared from those deceptive methods of stealing information. Viruses, Trojans, Worms are often planted by individuals for reasons known best to them alone, in order to compromise the credibility of all m-commerce system. Threats observed during authentication: Observation: An adversary can download the client on a laptop/desktop and use its insecurities for malicious purposes. An adversary can obtain the user credentials stored on the mobile phone by transferring the contents to pc/laptop from the phone or memory card. An adversary can register with valid details of a valid bank account holder and access his/her account details or make transactions. An adversary can access user credentials directly from the phones folders or from phones memory card. An adversary can obtain the new PIN for transacting using the weak forgot password feature or an adversary can change the password/PIN of a valid user without authentication/authorization. An adversary can use the auto-complete feature to access a valid users account. An adversary can guess weak passwords/PIN to retrieve customer information. Ideal scenario: An adversary can download the client on laptop/desktop and use its insecurities for malicious purposes. An adversary can use the auto-complete feature to access a valid users account. The customer has to first register with the bank. Customer details like full name, postal address, e-mail address, bank account details and mobile phone number should be provided. The bank would inform the vendor to push the mobile client application to the mobile number provided by the customer. This can be done through a system which communicates between the server at vendor end and bank end. The vendor enters the mobile number of the customer and the client application is pushed to it. This ensures that the client is not downloaded to a pc or laptop and misused. In case the push is not possible, the customer has to be informed and the client application installed by the vendor. The application has to ensure that during installation a few checks are done Transfer the banks and vendors public key for encryption purposes. There can be two keys generated for the vendor; one for storage and one for data transmission. The client files/folders are installed on the phone and not in the memory card. The files and folders should be restricted from being transferred to a memory card or pc/laptop. The access to these files should only be through the executable and not directly. The installer should be removed after installation. Application should not allow auto-complete feature. Threats observed during transactions Observation: Based on the services provided to the customer the following threats can be observed: An adversary can sniff the contents of transaction and obtain confidential information. An adversary can bypass authentication controls. An adversary can make bogus shopping or purchase transactions for another valid customer. An adversary can view the account details of another user. An adversary can modify the from account and amount field during a fund transfer process. An adversary can predict the session id and perform transactions as a valid user. An adversary can access a valid account using an active session which has not been terminated after a long time of inactivity. An adversary can login using his credentials and view/modify the details of another valid customer. Illegal/Invalid transactions can be performed without continuous authentication process for each transaction. Ideal scenario An adversary can sniff the contents of transaction and obtain confidential information. All transactions should be through a secured connection. Data transmitted between the client application and the vendor server should be through HTTPS or another secured channel and also encrypted through the vendors transport public key. The data flowing back from vendor sever to the client should be through HTTPS or a secured channel. The data flowing between the vendor server and bank server should be through HTTPS. Also the customer details, which are not required by the vendor, should be encrypted using the banks public key. The return should be through HTTPS. Any data flowing between bank/vendor to other third parties or merchants like for mobile shopping should be through a secured payment gateway. An adversary can bypass authentication controls, Illegal/Invalid transactions can be performed without continuous authentication process for each transaction and view the account details of another user. Each transaction or operation should be authenticated either using a single layer or a dual layer. The vendor side application should authenticate the customer using the PIN for non-critical operations. Validation checks should be in place to ensure that this authentication control is not bypassed. For critical transactions, there can be dual authentication mechanism, one using the PIN at the vendor and other using the Internet banking ID at the bank side. Validation checks should be in place to ensure that this authentication control is not bypassed. An adversary can make bogus shopping or purchase transactions for another valid customer. An adversary can modify the from account and amount field during a fund transfer process. For example, in a fund transfer operation the bank should ask for the Internet banking credentials from the customer for authentication and verification. Also checks need to be in place to ensure that the from account field cannot be modified or the amount field is not negative. An adversary can predict the session id and perform transactions as a valid user. For example, an adversary can access a valid account using an active session which has not been terminated after a long time of inactivity and login using his credentials and view/modify the details of another valid customer.In mobile shopping operation, the payment should be through a secured payment gateway. Ideally, the vendor should not store the details of the shopping done by the customer. In case the vendor performs the payment for the customer for his/her purchases, then only the details need to be stored at the vendor. Then the customer authorizes the bank to transfer the amount to the vendors account for making the payment to the merchant for his/her item. Having a good session management mechanism ensures that attackers dont use a valid session id for login purposes. Also the application should ensure that users are not able to change the data and view another customers details. Other possible threats: An adversary can upload malicious files to the server/application. Ideally, a mobile banking scenario would not require a customer to upload files to the server. Hence the same can be disabled for customers. An adversary can obtain the confidential customer data and source code from the server. All customer data and application source code at the vendor server should be protected not only from the outside attackers, but from internal users/developers also. Malicious activities are undetected. Audit trails and logging need to be maintained for the application which mentions the customer name, bank details and transaction performed with time and date for future reference. An adversary can obtain the details of the server or error messages provide information for the adversary to perform specific attacks. The application should ensure no messages are provided to the outside world which would reveal information about the system. An adversary can obtain the vendor private key from the server to perform man-in-the-middle attacks. The private keys should be stored securely and access should only be given to the application to use the keys during any kind of operations. Security Technology This part of my report focuses on the network technologies, which are relevant to a secure M-commerce system. The security itself focuses on three aspects, studied in the IST SHAMAN project: M-commerce network security, Transport layer security and Service security. The IST SHAMAN has studied the security architecture of current and potential future mobile systems. Here, they are discussed: M-commerce Network Security GSM (General System for Mobile Communication): established in the early 1990s, the GSM is the first generation mobile phones and major device for M-commerce. The devices presented strong limitations with respect to their capabilities other than telephony. In term of data service, the dial-in data sessions over circuit switched connections were possible but relatively slow, at 9, 6 Kbits/s and required a separate device such a computer, which reduced its mobility. As the GSM core network extended, a number of data services where established such as: The Short Message Service (SMS) The Wireless Application Protocol (WAP) allowing internet access The High Speed Circuit Switched Data (HSCSD) providing higher data rates The General Packet Radio Service (GPRS) extends GSM with packet oriented services The figure, below shows an architecture of GSM, including GPRS, IN (Intelligent Network) and SMS. Figure 2: GSM Architecture What is the scenario in this architecture and what does the GSM provides as security features? The mobile station communicates over the wireless interface with a base transceiver station (BTS) which is part of a base station subsystem (BSS). The base station controller (BSC) is connected with a MSC (Mobile Switching Centre) and a SGSN (Serving GPRS Support Node). The latter two are the central switching components for circuit and packet switched data. When a customer subscribes, the GSM home network assigns the mobile station a unique identifier, the international mobile subscriber identity (IMSI), and an authentication key Ki. The IMSI and the secret authentication key Ki of the mobile station (MS) are stored in the SIM (subscriber identity module), which is assumed to be tamper proof. On the network side, the IMSI, Ki and other information are stored in the HLR (Home Location Register) and AuC (Authentication Centre). GSM provides the following security features for the link between the mobile station and the network: †¢ IMSI confidentiality †¢ IMSI authentication †¢ User data confidentiality on physical connections †¢ Connectionless user data confidentiality †¢ Signaling information element confidentiality In general, the security architecture of GSM, presents basic security mechanisms for M-commerce systems. The authentication towards the network, from a mobile customer is based on a secret ki that will derive to a symmetric key, used to encrypt the link between the mobile station and the BTS. The secret key ki is never sent over the network. From there, we can say that GSM presents two weaknesses, Authentication and Encryption as it is optional. UMTS (Universal Mobile Telecommunication System): the security architecture of UMTS is designed to fix the security weaknesses of GMS. In UMTS, authentication is mutual, and encryption is mandatory unless the mobile station and the network agree on an unciphered connection. In addition, integrity protection is always mandatory and protects against replay or modification of signaling messages. UMTS introduces new cipher algorithms and longer encryption keys. Thus, UMTS doesnt seem to have any security weaknesses. The architecture of this technology is depicted below: Figure 3  : UTRAN system WLAN (Wireless Local Area Network): The IEEE standard 802.11 specifies families of WLANs which operate in the unlicensed 2.4 GHz and 5 GHz band. The standards specify the physical layer (PHY) and the medium access control layer (MAC). When operated in the infrastructure mode, the mobile station attaches to an AP which provides connectivity to fixed net IP networks (e.g. the internet) or to other mobile stations. While, in the default mode, WLAN is not secured, this means: there is a possibility of an eavesdrop attack. In order to provide a measure of security, the IEEE and IETF, have defined the WEP (Wireless Equivalent Privacy) and the VPN (Virtual Privacy Network). WEP was designed to provide: Authentication to protect the association to an AP Integrity protection on MAC frames Confidentiality on MAC frames In comparison to other network technologies, the WEP is insecure. Based on its secret key, that serves as input for the RC4 stream cipher, the authentication and integrity protection is completely insecure and encryption at least partly insecure. There is a possibility for an attacker to intercept a single successful authentication transaction between a mobile station and the AP and be able to authenticate without knowing the secret keys. Furthermore, since a CRC checksum is used for integrity protection, an attacker can modify the data and adapt the checksum accordingly. For example, if the position of commercially sensitive information (e.g. an amount) within a datagram is known, the corresponding bits can be ex-ored with any value. With a large number of intercepted frames, the WEP keys can even be recovered, breaking the encryption. Furthermore, since the WEP keys are network keys, preserving their secrecy is difficult for private networks and impossible for public WLAN hotspots. In recent work of the IEEE Task group on security (TgI), the new security standard IEEE 802.1X has been adopted. 802.1X is a framework for authentication and key management which employs the Extensible Authentication Protocol for a variety of authentication mechanisms, e.g. certificate based TLS. But the weaknesses of WEP cannot be remedied by the new authentication and key management schemes in 802.1X. The IEEE is currently working towards a new standard (WEP2), and a number of proposals are in circulation. VPN: the technology is employ to particular IPsec, in order to establish network layer security. The IPsec protocol (or more specifically the ESP Tunnel protocol) is an internet s