Technology Infrastructure for Electronic Commerce - PowerPoint PPT Presentation

About This Presentation

Title:

Technology Infrastructure for Electronic Commerce

Description:

Technology Infrastructure for Electronic Commerce ... Before the Internet History of Commerce and Money Elements of payment systems The Start of the Internet ... – PowerPoint PPT presentation

Number of Views:67

Avg rating:3.0/5.0

Slides: 42

Provided by: seasGwuE8

Learn more at: https://www2.seas.gwu.edu

Category:

more less

Transcript and Presenter's Notes

Title: Technology Infrastructure for Electronic Commerce

1
Technology Infrastructure for Electronic Commerce

Olga Gelbart
rosa_at_seas.gwu.edu
THE GEORGE WASHINGTON UNIVERSITY
based on Prof. Lance Hoffmans Lecture on Network
Infrastructure for Electronic Commerce

2
Snapshots of the Electronic Commerce World

Yesterday - EDI
Today - getting our toes wet, what this course is
about
Tomorrow - Metadata, machine understandable
information on the Web.
Catalog information
Intellectual property information
Endorsement Information
Privacy information
see www.w3c.org/pics and www.w3c.org/p3p

3
How Did We Get Here?

Before the Internet
History of Commerce and Money
Elements of payment systems
The Start of the Internet
Predecessor Networks
Timeline of Significant Events
The Internet Today
What is the Internet?
How Does the Internet Work?
Differences from Original Net
Differences from Traditional World Out There
The Internet in the Future

4
What is the Internet?

On October 24, 1995, the FNC unanimously passed a
resolution defining the term Internet. This
definition was developed in consultation with
members of the internet and intellectual property
rights communities. RESOLUTION The Federal
Networking Council (FNC) agrees that the
following language reflects our definition of the
term "Internet". "Internet" refers to the global
information system that -- (i) is logically
linked together by a globally unique address
space based on the Internet Protocol (IP) or its
subsequent extensions/follow-ons (ii) is able to
support communications using the Transmission
Control Protocol/Internet Protocol (TCP/IP) suite
or its subsequent extensions/follow-ons, and/or
other IP-compatible protocols and (iii)
provides, uses or makes accessible, either
publicly or privately, high level services
layered on the communications and related
infrastructure described herein.
http//www.fnc.gov/Internet_res.html

5
The Internet - connections

Computers in the backbone connected by a (T3)
data connection (45 megabits/second)
ISP hosts and other powerful computers
connect using (T1,Broadband) lines
Leased lines (some businesses)
Modem dial-up connections
Cable modems
ADSL - Asymmetric Digital Subscriber Line

6
Internet features

Originally ARPAnet
MIT, MITRE, SRI, BBN
Distributed communications even with many failure
points
Dissimilar computers exchange info easily
Route around nonfunctioning parts
4 sites SRI, UCLA, UCSB, Univ of Utah
Hafner and Lyon, Where Wizards Stay Up Late,
Simon Schuster 1996

7
Kahns Internet PrinciplesR. Kahn,
Communications Principles for Operating Systems.
Internal BBN memorandum, Jan. 1972.

Each network must stand on its own and no
internal changes could be required to connect it
to the Internet
If a transmission failed, try again
Simple black boxes (later called gateways and
routers would connect the networks
No global control at operations level

8
The Internet - development
1962 Licklider, J.C.R., Galactic Network
memos Licklider - MIT to ARPA ARPANET and
successors open architecture networking 1970s
universities and other DoD contractors connect
packets rather than circuits (note many of the
names in the articles were graduate students
then) 1975 100 sites and e-mail is changing how
people collaborate Late 1970s New Packet
Switching Protocol Transfer Control
Protocol/Internet Protocol (TCP/IP) 1980 MILNET
takes over military traffic 1980s NSFNet links
together NSF researcgers, Internet protocols
incorporated into (BSD) Unix, a widespread
operating system Late 1980s NSFNet absorbs
original ARPANET (for a US university to get NSF
funding for an Internet connection, that
connection had to be made available to all
qualified users on campus, regardless of
discipline 1995 Commercial backbones replace
NSFNet backbone Usenet BITNET Commercial
Networks AOL, Compuserve, etc.
9
Federal Decisions that Shaped the Internet

Agencies shared cost of common infrastructure,
e.g., trans-oceanic circuits
CSNET/NSF (Farber) and ARPA (Kahn) shared
infrastructure without metering
Acceptable Use Policy - no commercialization.
Privately funded augmentation for commercial uses
(PSI, UUNET, etc.), thought about as early as
1988 KSG conferences sponsored by NSF
NSF defunded NSF backbone in 1995,
redistributing funds to regional networks to buy
from now-numerous, private, long-haul networks
NSFNet 200M from 1986-1995

10
The Internet - Four AspectsLeiner, et al., A
Brief History of the Internet,
http//info.isoc.org/internet/history/brief.html

Technological Evolution
Packet Switching
Scale, Performance, Functionality
Operations and management of a global and complex
infrastructure
Social Aspect - Internauts
Commercialization

11
Internet Development Timeline
From A Brief History of the Internet by B.
Leiner, et al., http//info.isoc.org/internet/hist
ory/brief.html
12
Excerpts from Hobbes Internet Timelineby
Robert H. Zakonhttp//www.info.isoc.org/guest/zak
on/Internet/History/HIT.html

1957 Sputnik US forms ARPA
1962 P Baran, Rand, On Distributed
Communications Networks, packet switched
networks
1967 Larry Roberts first design paper on ARPAnet
1969 ARPANet commissioned. First RFC.
1970 ALOHANet (radio) connected to ARPANet in
1972
1971 Ray Tomlinson E-mail, BBN
1972 Telnet specification (RFC 318)
1973 File transfer specification (RFC 454)
1977 Mail specification (RFC 733)
1979 USENet newsgroups. First MUD.
1981 CSNet
1982 DoD standardizes on TCP/IP
1983 Name server developed at University of
Wisconsin users no longer need to remember exact
path to other systems
1983 Berkeley releases 4.2BSD including TCP/IP
1984 DNS introduced. Now over 1,000 hosts
1984 Moderated newsgroups on USENET
1988 Internet worm affects 6,000 of the 60,000
Internet hosts
1990 EFF founded by Mitch Kapor
1991 WWW released by CERN (Tim Berners-Lee,
developer)

13
Growth of the Internet
From Hobbes Internet Timeline at
http//info.isoc.org. ...
14
How Internet Manages Change?

RFC process
W3C process
Now a proliferation of stakeholders
Debates over control of name space
Profits to be made and lost
Commercial vs. Other interests

15
Trends in Internet Applications

Internet TV (Web TV VIATV Videophone)
Voice over IP (VoIP)
Internet telephone
Internet dashboard (Alpine GPS, Windows CE in
cars)
Wireless (WAP)

16
Needed in Electronic Commerce

Authentication
Privacy
Message Integrity
Non-repudiation

Adapted from Gail Grant
17
Authentication

Proving identity
Passports
Drivers licenses
Credit Cards
Doctors diplomas

Gail Grant
18
Privacy

Locks
Doors
Perimeter security
Castles

Gail Grant
19
M Y T H
20
R E A L I T Y
21
Message Integrity

Wax seals
Tylenol seals
Custom seals
US Mail

Gail Grant
22
Non-Repudiation

Handshake
Notary Public
Signatures
Contacts

Gail Grant
23
Electronic cash policy issues

anonymity
can lead to perfect crime
traceability (accountability)
security (no electronic muggings)

24
Certification Authority Functions

Accept applications for certificates
Verify the identity of the person or organization
applying for the certificate
Issue certificates
Revoke/Expire certificates
Provide status information about the certificates
that it has issued
But what do the certificates mean?

Adapted from Gail Grant
25
Who Will Be CAs?

Specialty firms (VeriSign)
Government agencies
Corporations (for employees)
Telecommunication companies
Banks
Internet Service Providers
Value-Added Networks (VANs)
Whom to trust?
Hierarchy vs web of trust

Gail Grant
26
Who Sells CA Products and Services?

Atalla Corporation
BBN Corporation
CertCo
Cylink Corporation
Entrust Technologies Inc.
GTE Corporation
IBM
Netscape Communications
VeriSign
Xcert Software Inc.

July 1997
Gail Grant
27
Legal Issues

Legislation
Responsibilities
Liability
International Usage
Certification Practice Statements

28
Business Issues for CAs

Business Models
Risks
Costs
In-House vs Out-Sourcing
Operational Considerations
Liability

29
Some Problems

Untrusted computer systems
Not all persons are trustable
Law not clear
Policy not clear
Sovereignty challenged
Cryptography policy
Anonymity
Confidentiality

30
Untrusted Computer Systems (then)Malware
Example The Internet WormShut down 6,000
machines, Nov 1988
25300

Tried three techniques in parallel to spread
Guess passwords
Exploit a bug in the finger program
Use a trapdoor in the sendmail program
Effects
serious degradation in performance of affected
machines
affected machines had to be shut down or
disconnected from the internet
Criminal justice
Perpetrator convicted January 1990 under
1986Computer Fraud and Abuse Act sentenced to3
years probation, 10,000 fine, and 400 hours of
community service

31
Web-Based Computer Systems SURPRISE DISCLOSURES
OF PERSONAL INFORMATION, AND PROGRAM LAUNCHES

Cookies
JAVA (Applet security issues)
Microsoft
Word macro viruses
ACTIVE-X
QUICKEN surprise bank transfer
Web-based viruses
Browser vulnerabilities (recent Netscape 4.x --
have to disable Java!)
A final surprise monitoring tools (e.g.,
SATAN) also used by the enemy

32
Who are trustworthy persons?

With everyone connected by networks, how do you
know who to trust?
Trusted Third Parties
Certifying Authorities
Digital Signatures
Strong, Trustable Encryption
Distributed Architecture Smart Cards

33
LAW OF THE NET

Whose Law? Internet is not a monarchy,
democracy, republic, or dictatorship rules and
formalities are nonexistent
Jurisdiction, treaties, harmonization of
definitions
CDA Example, Tennessee
Enforcement
Elected officials and their designees?
Internet Service Providers?
Vigilantes?
Anti-spam page http//www.dgl.com/docs/antispam.h
tml
Agents Launched by Any of the Above?
Cancelbots
Netiquette?

34
Sovereignty Case study Cryptography Policy
18071

Government stalling, an impediment to
progress, or cautious reasoning to avoid chaos?
Constitutional issues- Law Enforcement-
National Security
Privacy issues
Export policies
Jurisdictional "turf" issues

35
Issues in Cryptography PolicyPrivacy Issues

When should government have right tomonitor
telecommunications?
What safeguards prevent abuse ofinformation
obtained with taps?
Can a free society toleratehidden data with no
accountability?

36
Clipper Chip Solution (Clipper I)
(adapted from White House briefing)
provides successor for DES provides law
enforcement solution
WARRANT
2
Key Escrow Holders
1
Law Enforcement Agency
Court
Commerce Dept., NISTTreasury Dept., Automated
Systems Div
Clipper Chip
Encryption device
37
THE FOUR HORSEMEN OF THE APOCALYPSE (CYPHERPUNKS
VERSION)

nuclear terrorists
child pornographers
money launderers
drug dealers

APPLICATION OF BLIND SIGNATURE TO A REAL CRIMEB.
von Solms and D. Naccache, Computers and Security
11, 6 (1992)reprinted in Hoffman, L. (Ed.),
Building in Big Brother, Springer-Verlag, 1995
38
WHAT IF UNBREAKABLE ENCRYPTION LEADS TO THIS?How
many times per year is acceptable?
19111
39
NAS/NRC CRYPTO POLICY REPORT HIGHLIGHTS
19892

Commercial use Should promote
widespreadcommercial use of technologies that
canprevent unauthorized access to electronic
info
Exportation Should allow export of DES
toprovide an acceptable level of security
Escrow Premature (Key recovery current
proposal)
Classified material The debate on cryptopolicy
should be open and does not requireknowledge of
classified material

Total preliminary report at http//www.nap.edu/nap
/online/titleindex.htmlc
Cryptography's Role in Securing the Information
Society, 1996,National Academy Press, 2101
Constitution Ave. NW, Box 285, Washington DC
20055, (800) 624-6242
40
CURRENT ENCRYPTION LEGISLATION Highlights Full
Text at http//www.cdt.org/crypto/
19870