Secure Electronic Communication Between Businesses: XML Based Transaction Systems

1
Secure Electronic Communication Between
Businesses XML Based Transaction Systems

• Johan Boije af Gennäs
• Department of Accounting
• 25.7.2001

2
Structure of the Study

• Chapter 1 Introduction to the problem area of
  the study
• Chapter 2 Background study, standards and
  implementations
• Chapter 3 Research methods, development of the
  research model
• Chapter 4 Research findings
• Chapter 5 Conclusions and discussions about the
  findings

3
Research Objective

• To explore and establish the current state of
  XML based transactions systems with a focus on
  the secure electronic communication between
  businesses over the Internet.

4
Problem Area of the Study

• Businesses conduct transactions with several
  partners using Value Added Networks.
• VANs
• Expensive inefficient techniques
• -packet switching data networks
• -dedicated communications lines
• -dial-up links
• -mainframe terminal emulation
• -security, auditing, and lost packets
  recovery
• Internet
• Advantagesmore efficient, faster,less costly
• Disadvantagescreates security issues such as
  confidentiality, integrity, authentication and
  non-repudiation.

5
Background Information for the Study

• Electronic Data Interchange (EDI)
• Information Security
• Local Area Networks (LAN)
• Wide Area Networks (WAN)
• Public Key Infrastructure (PKI)
• Standard Generalized Mark-up Language (SGML)
• Extensible Mark-up Language (XML)
• Value Added Network (VAN).

6
Background Information for the Study

• Components of information security
• Access security
• Communication security
• Content security
• Security management
• Open Systems Interconnection (OSI)
• Hyper Text Transfer Protocol (HTTP)
• File Transfer Protocol (FTP)
• Simple Mail Transfer Protocol (SMTP)
• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP).

7
Background Information for the Study

• Cryptography
• Symmetric asymmetric algorithms
• Public key infrastructure (PKI).
• Digital signature
• Public Key Infrastructure with X.509
  certificates (PKIX)
• Simple Public Key Infrastructure (SPKI)
• Message formats for electronic transaction
  systems
• UN/EDIFACT
• ANSI/ASC X.12.

8
What is XML?

• XML documents are composed of mark-up and
  content.
• Five kinds of mark-up in an XML document
• 1- Elements
• 2- Entity References
• 3- Comments
• 4- Processing instructions
• 5- Marked sections
• Current standards for business-to-business
  messaging
• Electronic Business XML (ebXML)
• RosettaNet by RosettaNet
• BizTalk.

9
The research method

• Research strategy explorative study
• Database
• - uses purposive sampling
• - separated in 2 categories industry and
  users
• Interviewees for industry group
• represent 2 of the world's biggest IT companies
  a smaller local one
• short exploratory interviews (30 min) using
  e-mail
• Interviewees for the users group
• represent industries from financial services to
  steel industry.
• four respondents interviewed in person, using
  semi-structured interviews, conducted in 1.5
  hours.
• Answers
• - graded as low-medium-high, showing the level
  of emphasis on the specific subject.

10
Framework of the research

• Table with separate columns for users and
  industry, sections for the interviewees' opinions
  on the main areas (and sub-areas) of the
  discussion - Electronic processes and security
• - cryptography, PKI
• - Existing message formats and their security
  issues
• - XML
• - general view on XML and its usage
• - messaging standards
• - security, signatures, encryption algorithms
• - experience with tools available. -
  Applications
• - discussion around the uses of XML, present
  and for the future system-system, backend,
  application layer, front end
• - what type of applications
• - advantages of XML
• - how security is achieved.

11
Research findings

• Industry group homogeneous opinions
• Users group very mixed opinions
• The two groups agree on most important issues
• - The needs of the users and the focus of the
  industry are in conjunction
• - Security enabler and integrated part of the
  solutions.
• - XML brings benefits.
• - XML together with public key encryption are
  emerging technologies, enabling end-to-end
  security and fulfilling the requirements for
  security.
•  

12
Validity of the Study

• The study just explores the direction of
  development does not use any statistical
  methods
• The results cannot be generalized.

13
Contribution of the Thesis

• The study has contributed to the knowledge of the
  state of XML based transaction systems, focusing
  on the security issues in electronic
  communication between businesses over the
  Internet.

14
Viable ideas for new research projects

• PKI
• Business drivers for the technologies discussed
  in the paper
• Data interchange standards (e-Speak, ebXML)
• Statistical study that tests the benefits of XML
  in e-business communication.