b hkorba
TRANSCRIPT
National ResearchCouncil Canada
Conseil nationalde recherches Canada
Institute for Institut de technologieInformation Technology de l'information
Canada
E-Commerce:Hype, Hope… Help Needed
Larry KorbaNational Research Council of Canada
[email protected]://www.iit.nrc.ca
Definition and Caveats
Definition:
Caveats:• Not an E-Commerce “Course”• Research Perspective• Highlights
Electronic Commerce - the secure exchange of goods, services and information electronicallyForester Research
Electronic Commerce - the secure exchange of goods, services and information electronicallyForester Research
Outline
E-Commerce Today
Future of E-Commerce• Now… Near Future
Selected Challenges• Only a Few!
Conclusions
SETSET Business-BusinessBusiness-Business Agent- Based E-CommerceAgent- Based E-Commerce
E-Commerce AnywhereE-Commerce AnywhereIP ProtectionIP Protection PKIPKI
E-Commerce Today…..
Big Money Assumption, “Hi Tech”
Other Attractive Internet Words: Java, Agents, Security!
EC Today: Why is it so ?Business-to-Consumer
• Internet Hype• Lower Costs• Market Expansion?
Business-to-Business• Now and in Future• Growth
EC Today: Why Hot: Lower Telecommunication Costs
0
50
100
150
200
250
300
1930 1940 1950 1960 1970 1980 1990 2000
Cost of a 3 Minute Phone Call From New York to London
EC Today: Why Hot: Internet Growth
Extraordinary Growth in Internet Access
0
20
40
60
80
100
120
1950 2000
RadioTVPCWeb
EC Today: Why Hot? B-C, B-B Growth
0
20
40
60
80
100
120
140
160
180
1997 2000
Business toBusiness
Business toConsumer
EC Today: Challenges
It Works Quite Well, But….
Many “Standards”, Products
Threats• Common Threats• Threats to Buyers• Threats to Sellers• Threats to Financial Institutions
EC Today: “Standards”, Products
SSL <=> SET
Many products to chose from
Credit Card Transaction Providers
Commerce Servers• IBM, Microsoft, Inex, Bestware, MANY MORE
Middleware• Shareware, Cold Fusion….
Databases• SQL, DB2, Oracle, Access…
Web Portals
Consultants
EC Today: Common Threats
• Insider Fraud• Software Security Holes
• All O/S & Applications • Good Security Hard to Build• Software Complexity• Security as an Add-On
• Installation/Set Up Errors• Shopping Cart Exposure
EC Today: Threats to Buyers
• Hijacking, Spoofing• Denial of Service• Loss of Privacy• Fraudulent Credit Card Use
EC Today: Threats to Sellers
• Fake Order Flood• Site Impersonation• Site Alteration• Denial of Service
EC Today: Threats to Financial Institutions, Transaction Providers• Any Kind of Loss
• $– Credit Card Fraud
• Information• Service Obstruction
Future Challenges of E-CommerceWhat is happening in Research
Standardization
Trust
Business-to-Business
Agent-Based E-Commerce• Automation• Learning
Copyright Protection• Electronic Distribution
E-Commerce Anywhere
Future Challenges: Research
Research Competition
Words to get Funding (or to get Published):• Electronic Commerce• Security• Agent• Java• Ontology...
Standardization
Many Acronyms….
Development Times, Costs, Interoperability
OM
G/ C
BO
X.509
XML/ EDI
OBI
OTP
OFX
CIP
PK
I
RSA
PKIX
OPS
SET
SSL
IMS
ECM
L
ICE
Trust and Electronic Commerce
Biometry
• Many Technologies
Determining trustworthiness of Transaction Participants
• e.g. Auction Sites.
Research
• Distributed Trust
– Web Browsers, Agents
• Models for Trust, Formalisms
• E-Commerce and Group work applications
Biometry...
Technologies
• Iris, Face, Fingerprint, Hand Geometry, Typing, Handwriting, Voice
Must work well
• No False Positives: I Got IN!!!
• No False Negatives: Let Me IN!
Must NOT Lose Biometric Data!
• Irreplaceable…
• Once stolen, gives access to the store…
• Single Sign On for Everything...
SET
Many different proprietary electronic transaction Third Party Solutions
SET: The Answer to Strife in the World!• Open Standard• Eliminates No Card Present Fraud
– Visa/Master Card Like that!• Eliminate Non-Repudiation in Transactions• No Middleman
SET: Challenges
Complicated Protocol = Slow Response
• 3000 Line ASN.1
• 28 Stage Transaction Process
• 6 RSA Encryption Steps (Slow)
Four Part Model
• Interoperability
Constant Evolution
• Standard Fragmentation?
SET <=> Credit Card-Based
Other Possibilities: XML/EDI, Smart SET
Public Key Infrastructure
Cornerstone for Network Security Technology
Issues/Revokes Certificates
Cross Certify Organizations
Generate Certificates for authorized users
Enable SET for EC and other applications
D ire cto ryS y s te m
D ire cto ryS y s te m
D ire cto ryS y s te m
C a rd I s s u in gS y s te m
D ire cto ryS y s te m
C e rt if ica teA u th o rity
D ire cto ryS y s te m
K e y R e co v e ryA u th o rity
D ire cto ryS y s te m
Tim e s ta m pin gA u th o rity
D ire cto ryS y s te m
R e g is t ra t io nA u th o rity
D ire cto ryS y s te m
PK I Us e rA g e n t
L o ca lR e g is t ra t io n
A u th o rity
L o ca lR e g is t ra t io n
A u th o rity
D ire cto ryS y s te m
No ta riza t io nA u th o rity
S e rve r C o m po ne nts
A dm inis tra tio n C o m po ne nts
C lie nt
PKI:Challenges
Non-Trivial to set up
• Cross-Certification
• A lot like Beta Testing Software!
Interoperability Issues
• X.509 v3 Extensions
Network Overhead
Costs
• Infrastructure is one thing, you need to buy the applications
Dealing with Multiple Certificates
Business-to-Business
Factors• Just-In-Time Delivery Requirement
– Reduce Inventory, Cycle Times– Reduced Costs
• International Trade (Globalization, Deregulation)
• Move to Automated Transactions
Business-to-Business: ChallengesDeveloping Trust
• With New Partners• Contract Protocols: Formal, Creative
Low-Cost, Secure Large Transactions
Sharing Minimum Required Operational Information
Company ACompany ACompany BCompany B
Company CCompany C?
Agent-Based E-commerce
Bargain Finder
Negotiator
User Interface
Mobile Agents? Agent A
Agent B
Agent-Based E-commerce: ChallengesTrust
• Agent Code• Agent Environment
Confidentiality/Integrity• Customer/vendor Information
Standards• Agent Communication• Agent Environments• APIs
Intellectual Property Protection
Electronically Transferable IP
Network Distribution:• Lower Cost• Potential Risks
Potential for New Forms of Licensing
IP Protection:Challenges
It’s Hard to Protect IP
• Text
• Graphics
• E-Books
• Software
• 3D Models
Different Restrictions
• Trade
• Exclusivity
• Usage
IP Protection: Examples
Software Protection• Software Copying/Cracking is Epidemic• Hardware (Dongles), Software• Flexible Electronic Licensing Needed
Recording Industry• Analog Copying is Easy• Audio CD copying• MP3 Distribution
E-Commerce Anywhere
Wireless Access • Investors• Business Operators• Service Centres
Convenience
Demand
E-Commerce Anywhere: ChallengesV-Commerce
• Tedious
• Secure? False Negatives
Eavesdropping?
• Electronic
• Human
Replay?
SSL/SET over voice/pager?
Wireless LANs
• Coverage, Implementation0 5 0 100 m
Wireless LAN Implementation
IEEE 802.11 Symmetric Key Available For View!• In Network Dialog Box for
Client• Or Via SNMP from Access
Point
Summary
E-Commerce is here, and Thriving
• Works quite well
Big Money going into E-Commerce
• Researchers
• Developers
Software Implementation Errors
• Prevention
• SW/HW Version Authentication
Electronic Delivery
• Enforcing Copyright Protection
Summary (Continued)
Secure E-Commerce Everywhere• Portable Electronic Wallet• Biometry
E-Commerce Agents• Trust and Privacy• Agent Mobility
Room for Innovation
Resource Page:http://132.246.128.180/ecommerce/ecomlinks.html
Email Address: [email protected]
Resource Page:http://132.246.128.180/ecommerce/ecomlinks.html
Email Address: [email protected]