1 A SECURITY TUNNEL FOR CONDUCTING MOBILE BUSINESS OVER THE TCP PROTOCOL C. Leonidou, A. S. Andreou, A. Sofokleous, C. Chrysostomou, S. Mavromoustakos, A. Pitsillides, G. Samaras, C. Schizas Department of Computer Science, University of Cyprus, 75 Kallipoleos Street, P.O. Box 20537, 1678 Nicosia, Cyprus, Phone: +357 22 892700, Fax: +357 22 892701, e-mail: {leonidou, aandreou, cchrys, , cspgms1, andreas.pitsillides , cssamara, schizas}@ucy.ac.cy ABSTRACT This paper discusses security issues in the Mobile Business area with emphasis on the significance of mobile commerce and provides a framework to address and analyse common security problems of m- Business services and applications. We propose a new model to address efficiently some security problems in mobile environments, which rescinds Gateway/Proxy intermediates and establishes a secure end-to-end communication between mobile users and service providers over the TCP protocol. In this context, an application prototype is developed in J2ME, which implements and demonstrates the proposed model. 1. INTRODUCTION If we attempt to define what is Mobile Business (m-Business) it is likely to conclude that m-Business is any business operation that is conducted via a mobile telecommunications network. This definition can be expanded both in the business-to-customer and business-to-business area of application. Thus, m-business is the framework that allows us to conduct business by using Mobile Telecommunication Networks and Wireless LANS, as well as appropriate Information Technology Infrastructure. What is the reason, though, we need this new framework in our life for doing business? The fact that the penetration of mobile devices (telephones, PDAs, etc) increases dramatically, shows that mobile devices have become essential to our way of living (Gemplus, 2002). This also reveals the human need for mobile communication and computation. Mobility and nomadic behaviour are human characteristics that were suppressed by the limitations of the traditional “wired dependant” communications and computation models. These models, due to technological limitations, ignored the need to be able to communicate and perform computation activities in a mobile environment without the communication and computation devices restrictions in terms of mobile communication networks, power and size. The new technological achievements came up with solutions to the human need for mobile communications and computation. Mobile and wireless networks become faster and faster in terms of transfer rates. Moreover, today’s mobile devices use less electric power, while batteries become smaller, lighter and their endurance increases. If we also consider the fact that new applications and services are released everyday, then it should not be surprising that the number of mobile users is constantly increasing.