Technology infrastructure for electronic commerce
Sponsored Links
This presentation is the property of its rightful owner.
1 / 41

Technology Infrastructure for Electronic Commerce PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on
  • Presentation posted in: General

Technology Infrastructure for Electronic Commerce. Olga Gelbart [email protected] THE GEORGE WASHINGTON UNIVERSITY based on Prof. Lance Hoffman’s Lecture on Network Infrastructure for Electronic Commerce. Snapshots of the Electronic Commerce World. Yesterday - EDI

Download Presentation

Technology Infrastructure for Electronic Commerce

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Technology Infrastructure for Electronic Commerce

Olga Gelbart

[email protected]

THE GEORGE WASHINGTON UNIVERSITY

based on Prof. Lance Hoffman’s Lecture on Network Infrastructure for Electronic Commerce


Snapshots of the Electronic Commerce World

  • Yesterday - EDI

  • Today - getting our toes wet, what this course is about

  • Tomorrow - Metadata, machine understandable information on the Web.

    • Catalog information

    • Intellectual property information

    • Endorsement Information

    • Privacy information

    • see www.w3c.org/pics and www.w3c.org/p3p


How Did We Get Here?

  • Before the Internet

    • History of Commerce and Money

    • Elements of payment systems

  • The Start of the Internet

    • Predecessor Networks

    • Timeline of Significant Events

  • The Internet Today

    • What is the Internet?

    • How Does the Internet Work?

    • Differences from Original Net

    • Differences from Traditional World Out There

  • The Internet in the Future


What is the Internet?

  • On October 24, 1995, the FNC unanimously passed a resolution defining the term Internet. This definition was developed in consultation with members of the internet and intellectual property rights communities. RESOLUTION:The Federal Networking Council (FNC) agrees that the following language reflects our definition of the term "Internet". "Internet" refers to the global information system that -- (i) is logically linked together by a globally unique address space based on the Internet Protocol (IP) or its subsequent extensions/follow-ons;(ii) is able to support communications using the Transmission Control Protocol/Internet Protocol (TCP/IP) suite or its subsequent extensions/follow-ons, and/or other IP-compatible protocols; and(iii) provides, uses or makes accessible, either publicly or privately, high level services layered on the communications and related infrastructure described herein.

  • http://www.fnc.gov/Internet_res.html


The Internet - connections

  • Computers in the backbone connected by a (T3) data connection (45 megabits/second)

  • ISP hosts and other powerful computers connectusing (T1,Broadband) lines

  • Leased lines (some businesses)

  • Modem dial-up connections

  • Cable modems

  • ADSL - Asymmetric Digital Subscriber Line


Internet features

  • Originally ARPAnet

    • MIT, MITRE, SRI, BBN

    • Distributed communications even with many failure points

    • Dissimilar computers exchange info easily

    • Route around nonfunctioning parts

    • 4 sites: SRI, UCLA, UCSB, Univ of Utah

  • Hafner and Lyon, Where Wizards Stay Up Late, Simon & Schuster 1996


Kahn’s Internet PrinciplesR. Kahn, Communications Principles for Operating Systems. Internal BBN memorandum, Jan. 1972.

  • Each network must stand on its own and no internal changes could be required to connect it to the Internet

  • If a transmission failed, try again

  • Simple black boxes (later called “gateways” and “routers” would connect the networks

  • No global control at operations level


The Internet - development

1962 Licklider, J.C.R., Galactic Network memos

Licklider - MIT to ARPA

ARPANET and successors: open architecture networking

1970s: universities and other DoD contractors connect

packets rather than circuits (note many of the names in

the articles were graduate students then)

1975: 100 sites and e-mail is changing how people collaborate

Late 1970s: New Packet Switching Protocol:

Transfer Control Protocol/Internet Protocol(TCP/IP)

1980: MILNET takes over military traffic

1980s: NSFNet links together NSF researcgers,

Internet protocols incorporated into (BSD) Unix, a widespread operating system

Late 1980s: NSFNet absorbs original ARPANET (for a US university to get NSF

funding for an Internet connection, that connection had to be made available to

all qualified users on campus, regardless of discipline

1995: Commercial backbones replace NSFNet backbone

Usenet

BITNET

Commercial Networks: AOL, Compuserve, etc.


Federal Decisions that Shaped the Internet

  • Agencies shared cost of common infrastructure, e.g., trans-oceanic circuits

  • CSNET/NSF (Farber) and ARPA (Kahn) shared infrastructure without metering

  • Acceptable Use Policy - no commercialization. Privately funded augmentation for commercial uses (PSI, UUNET, etc.), thought about as early as 1988 KSG conferences sponsored by NSF

  • NSF defunded NSF backbone in 1995, redistributing funds to regional networks to buy from now-numerous, private, long-haul networks

  • NSFNet $200M from 1986-1995


The Internet - Four AspectsLeiner, et al., “A Brief History of the Internet”, http://info.isoc.org/internet/history/brief.html

  • Technological Evolution

    • Packet Switching

    • Scale, Performance, Functionality

  • Operations and management of a global and complex infrastructure

  • Social Aspect - Internauts

  • Commercialization


Internet Development Timeline

From “A Brief History of the Internet” by B. Leiner, et al.,

http://info.isoc.org/internet/history/brief.html


Excerpts fromHobbes’ Internet Timelineby Robert H. Zakonhttp://www.info.isoc.org/guest/zakon/Internet/History/HIT.html

  • 1957 Sputnik; US forms ARPA

  • 1962 P Baran, Rand, “On Distributed Communications Networks”, packet switched networks

  • 1967 Larry Roberts first design paper on ARPAnet

  • 1969 ARPANet commissioned. First RFC.

  • 1970 ALOHANet (radio) connected to ARPANet in 1972

  • 1971 Ray Tomlinson E-mail, BBN

  • 1972 Telnet specification (RFC 318)

  • 1973 File transfer specification (RFC 454)

  • 1977 Mail specification (RFC 733)

  • 1979 USENet newsgroups. First MUD.

  • 1981 CSNet

  • 1982 DoD standardizes on TCP/IP

  • 1983 Name server developed at University of Wisconsin; users no longer need to remember exact path to other systems

  • 1983 Berkeley releases 4.2BSD including TCP/IP

  • 1984 DNS introduced. Now over 1,000 hosts

  • 1984 Moderated newsgroups on USENET

  • 1988 Internet worm affects 6,000 of the 60,000 Internet hosts

  • 1990 EFF founded by Mitch Kapor

  • 1991 WWW released by CERN (Tim Berners-Lee, developer)

  • 1991 PGP released by Phil Zimmerman

  • 1992 ISOC chartered

  • 1992 “Surfing the Internet” coined by Jean Armour Polly

  • 1993 US White House goes online

  • 1993 Internet Talk Radio

  • 1994 Can now order pizza from Pizza Hut online

  • 1994 First Virtual bank open for business

  • 1995 RealAudio

  • 1995 Netscape third largest ever NASDAQ IPO share value

  • 1995 Registration of domain names no longer free

  • 1996 Communications Decency Act passed, challenged in US

  • 1997 CDA overturned by Supreme Court


Growth of the Internet

From Hobbes’ Internet Timeline at http://info.isoc.org. ...


How Internet Manages Change?

  • RFC process

  • W3C process

  • Now a proliferation of stakeholders

  • Debates over control of name space

  • Profits to be made and lost

  • Commercial vs. Other interests


Trends in Internet Applications

  • Internet TV (Web TV + VIATV Videophone)

  • Voice over IP (VoIP)

  • Internet telephone

  • Internet dashboard (Alpine GPS, Windows CE in cars)

  • Wireless (WAP)


Needed in Electronic Commerce

  • Authentication

  • Privacy

  • Message Integrity

  • Non-repudiation

Adapted from Gail Grant


Authentication

  • Proving identity

    • Passports

    • Driver’s licenses

    • Credit Cards

    • Doctors’ diplomas

Gail Grant


Privacy

  • Locks

  • Doors

  • Perimeter security

  • Castles

Gail Grant


M

Y

T

H


R

E

A

L

I

T

Y


Message Integrity

  • Wax seals

  • Tylenol seals

  • Custom seals

  • US Mail

Gail Grant


Non-Repudiation

  • Handshake

  • Notary Public

  • Signatures

  • Contacts

Gail Grant


Electronic cash policy issues

  • anonymity

    • can lead to “perfect” crime

  • traceability (accountability)

  • security (no electronic muggings)


Certification Authority Functions

  • Accept applications for certificates

  • Verify the identity of the person or organization applying for the certificate

  • Issue certificates

  • Revoke/Expire certificates

  • Provide status information about the certificates that it has issued

  • But what do the certificates mean?

Adapted from Gail Grant


Who Will Be CA’s?

  • Specialty firms (VeriSign)

  • Government agencies

  • Corporations (for employees)

  • Telecommunication companies

  • Banks

  • Internet Service Providers

  • Value-Added Networks (VAN’s)

  • Whom to trust?

    • Hierarchy vs web of trust

Gail Grant


Who Sells CA Products and Services?

  • Atalla Corporation

  • BBN Corporation

  • CertCo

  • Cylink Corporation

  • Entrust Technologies Inc.

  • GTE Corporation

  • IBM

  • Netscape Communications

  • VeriSign

  • Xcert Software Inc.

July 1997

Gail Grant


Legal Issues

  • Legislation

  • Responsibilities

  • Liability

  • International Usage

  • Certification Practice Statements


Business Issues for CAs

  • Business Models

  • Risks

  • Costs

  • In-House vs Out-Sourcing

  • Operational Considerations

  • Liability


Some Problems

  • Untrusted computer systems

  • Not all persons are trustable

  • Law not clear

  • Policy not clear

  • Sovereignty challenged:

    • Cryptography policy

      • Anonymity

      • Confidentiality


25300

Untrusted Computer Systems (then)Malware Example: The Internet WormShut down 6,000 machines, Nov 1988

  • Tried three techniques in parallel to spread

    • Guess passwords

    • Exploit a bug in the finger program

    • Use a trapdoor in the sendmail program

  • Effects

    • serious degradation in performance of affected machines

    • affected machines had to be shut down or disconnected from the internet

  • Criminal justice

    • Perpetrator convicted January 1990 under 1986Computer Fraud and Abuse Act; sentenced to3 years probation, $10,000 fine, and 400 hours of community service


Web-Based Computer Systems SURPRISE DISCLOSURES OF PERSONAL INFORMATION, AND PROGRAM LAUNCHES

  • Cookies

  • JAVA (Applet security issues)

  • Microsoft

    • Word macro viruses

    • ACTIVE-X

      • QUICKEN surprise bank transfer

    • Web-based viruses

  • Browser vulnerabilities (recent Netscape 4.x -- have to disable Java!)

  • A final surprise: monitoring tools (e.g.,

    SATAN) also used by the enemy


Who are “trustworthy” persons?

  • With “everyone” connected by networks, how do you know who to trust?

  • Trusted Third Parties

  • Certifying Authorities

  • Digital Signatures

    • Strong, Trustable Encryption

  • Distributed Architecture: Smart Cards


LAW OF THE NET

  • Whose Law? Internet is not a monarchy, democracy, republic, or dictatorship; rules and formalities are nonexistent

  • Jurisdiction, treaties, harmonization of definitions

    • CDA Example, Tennessee

  • Enforcement

    • Elected officials and their designees?

    • Internet Service Providers?

    • Vigilantes?

      • Anti-spam page: http://www.dgl.com/docs/antispam.html

    • Agents Launched by Any of the Above?

      • Cancelbots

    • Netiquette?


18071

Sovereignty Case study: Cryptography Policy

Government stalling, an impediment to

progress, or cautious reasoning to avoid chaos?

  • Constitutional issues- Law Enforcement- National Security

  • Privacy issues

  • Export policies

  • Jurisdictional "turf" issues


Issues in Cryptography PolicyPrivacy Issues

When should government have right tomonitor telecommunications?

What safeguards prevent abuse ofinformation obtained with taps?

Can a free society toleratehidden data with no accountability?


Clipper Chip Solution (Clipper I)

(adapted from White House briefing)

* provides successor for DES* provides law enforcement solution

WARRANT

2

Key Escrow Holders

1

Law Enforcement Agency

Court

Commerce Dept., NISTTreasury Dept., Automated Systems Div

Clipper Chip

Encryption device


THE FOUR HORSEMEN OF THE APOCALYPSE (CYPHERPUNKS VERSION)

  • nuclear terrorists

  • child pornographers

  • money launderers

  • drug dealers

APPLICATION OF BLIND SIGNATURE TO A REAL CRIMEB. von Solms and D. Naccache, Computers and Security 11, 6 (1992)reprinted in Hoffman, L. (Ed.), Building in Big Brother,

Springer-Verlag, 1995


19111

WHAT IF UNBREAKABLE ENCRYPTION LEADS TO THIS?How many times per year is acceptable?


19892

NAS/NRC CRYPTO POLICY REPORT HIGHLIGHTS

Commercial use: Should promote widespreadcommercial use of technologies that canprevent unauthorized access to electronic info

Exportation: Should allow export of DES toprovide an acceptable level of security

Escrow: Premature (Key recovery = current proposal)

Classified material: The debate on cryptopolicy should be open and does not requireknowledge of classified material

Total preliminary report at http://www.nap.edu/nap/online/titleindex.html#c

Cryptography's Role in Securing the Information Society, 1996,National Academy Press, 2101 Constitution Ave. NW, Box 285, Washington DC 20055, (800) 624-6242


19870

CURRENT ENCRYPTION LEGISLATIONHighlights: Full Text at http://www.cdt.org/crypto/

  • SAFE (HR 695)

    Reps. Goodlatte (R-VA), Eshoo (D-CA)

  • Pro-CODE (S 377)

    • Sen. Leahy (D-VT), Burns (R-CO), Wyden (D-OR)

    • Audio and photo transcript and lots of information

      from 3/19/97 hearing at

      www.democracy.net/archive/03191997

  • Commonalities between SAFE and Pro-CODE

    • Prohibit government from imposing mandatory key escrow

    • No export license required for public domain or

    • generally available encryption software

  • (Draft Clinton administration legislation [no warrant])


Building a Home Page to Sell Something

  • Just Building a Home Page

  • Now Making It Sell Something

  • What to Sell?


  • Login