session tracking and secure communications: ebay case study
DESCRIPTION
TRANSCRIPT
IELM 231: IT for Logistics and Manufacturing
Course Agenda
Introduction
IT applications design: Human-Computer Interface
Fundamental IT tools: sorting, searching
The Client-Server architecture, Interacting applications
IT in logistics, Case study 2: web-based auctions
IT in logistics, Case study 1: web-search
How auctions workWeb issues: session trackingWeb issues: secure communicationsWeb issues: cash transactions
Search robotsData processing, Data storage/retrieval (DB, indexes)Data presentation: page ranking techniques
Web auctions: basics
Basic operations of a popular web-auction site: EBay
For each item: One seller – many bidders – one bid winner
Sellers actions:- Login / Create an account login- Upload the details of item for sale- Set up auction parameters closing date, seller’s reserve, tick, buy-it-now-price
Bidders actions:- Login / Create an account login- Evaluate personal value of item: Independent Private Value- Bid some amount for the item (same as IPV ??)[possibly repeatedly update bid until auction closes]
Web auctions: basics..
Technical issues
Design issues
When a user registers, how to send their data securely to server?
After login, how to keep track of the user after they click on links?
How to upload product data/bid data from client to EBay server?
What data is required to be stored for each user?
How to display the > 100 million items for sale?
How to manage the auction ? - what bid to display, tick, commission, …
Web auctions basics: technical issues
How to upload product data/bid data from client to EBay server?
How to display the > 100 million items for sale?
Directory-structure search interface (hierarchy of categories) [cf. Yahoo]
Site search engine
Using HTML forms
How to upload images?
Using HTML forms, but need special CGI functions to handle data
Web auctions basics: technical issues
After login, how to keep track of the user after they click on links?
Session tracking requires using cookies (you will learn this in lab)
HTTP servers are ‘stateless’ after sending a requested page, the server does not check its ‘past’ actions before responding to the next request
client
serverwww.abc.com
GET /index.html HTTP/1.1Host: www.abc.com
HTTP/1.1 OKContent-type: text/htmlSet-Cookie: name=value; expires=Date;<html> … </html>
Store cookie: name=value
GET /afile.html HTTP/1.1Host: www.abc.comCookie: name=valueAccept: */*
Example: (optional)Mon, 24-12-2007 12:00:00 GMT;
Example:SID=189234&user=joneja&p1=racket1234
1
2
3
HTTP/1.1 OKContent-type: text/html[..possibly reset cookie..]<html> … </html>
4
Web auctions basics: technical issues
When a user registers, how to send their data securely to server?
Data encryption transmit encrypted data decrypt data on server
How to encrypt/decrypt ?
Shared secret password: Symmetric keys (you will learn this in lab)
Asymmetric keys (uses Secure Sockets Layer protocol), or SSL
Web security background
1. Passive attacks:Attacker monitors data traffic on the web, and collects someinformation not sent to him (using ‘packet sniffers’)
2. Active attacks:(a) Attacker gains access to some computer using security loopholes (typically using virus, worms, trojan horse, etc.)(b) Spoofing: attacker pretends to be a trusted system, to make the user believe it is safe to send them some secure data.(c) Cryptographic attack: attacker captures encrypted data an decrypts it (e.g., repeatedly trying many possible passwords)
3. Denial of service attacks:Attacker overloads your server with too many requests, blockingother users from accessing it.
4. Social engineering:Attacker uses personal communication/phone call to cheat you intotelling them some secret information (e.g. password, credit card pin)
Data encryption: symmetric-key encryption
sender, receiver share a secret keyvia email/phone/letter
1
data
encryptionalgorithm
@#r%
@#r%
decryptionalgorithm
data
2 sender encrypts data, sends receiver decrypts data, reads
Usually, the encryption and decryption uses same key (password)
Common examples: DES algorithm (chops data into 64 bit ‘blocks’, encrypting each with a 56 bit key.) Feistel cipher
Data encryption: asymmetric-key (private key, public key)
Each party wishing to communicate has two keys:- Public key: a password that is released to everyone- Private key: a secret password that is not told to anyone
Properties of Public, Private keys:- must be different from each other- mathematically related- impossible to determine one from the other
Two common uses of Asymmetric keys:Secure communications: sending encrypted dataIdentity verification: digital signatures
Data encryption: asymmetric-key (private key, public key)
data
encryptionalgorithm
@#r%
@#r%
decryptionalgorithm
data
Sender encrypts data withreceiver’s public key
Receiver decrypts data withreceiver’s private key
r_pub r_pri
sends reads
Secure communications
data
encryptionalgorithm
@#r%
@#r%
decryptionalgorithm
data
Sender encrypts data withsender’s private key
Receivers decrypt data withsender’s public key
s_pri
s_pub
sends
readsDigital signatures
@#r%
decryptionalgorithm
data
s_pub
Asymmetric keys: user verification
Problem: how will the a user know whether the public key they ‘fetch’over the internet is really from the party they are communicating, orit’s been altered by some malicious party?
Solution: use of a “trusted” intermediary (third party), who is in charge of
(a) providing keys to all interacting parties (b) physically checking that the each party is who they claim to be
Implementation
- Use of a Public Key Infrastructure (PKI), which usually involves a
- 3rd party Certificate Authority (CA) who issues and manages key’s to
the applications that are communicating.
Some common CA’s - VeriSign, CoModo, GoDaddy, DigiCert, …
Two common technologies for secure web communication
Using TLS (Transport Layer Security)
Using SHTTP
- A set of functions written in the transport layer- URL is of the form: https://host/path/file- Connection on server is typically on port 443- When a secure page is requested, TSL protocol will
- verify identity of both parties- use symmetric-key encryption in the rest of the session
- Implemented as a set of functions in application layer- URL is of the form: shttp://host/path/file- Used by very few systems
TLS connections (simplified)
c_pub c_pris_pri
client server
client generates a random number: rc
s_pub
*rcencrypts rc: rc
client requests secure page: https://host/pageincludes: (a) list of cipher funcs, (b) *rc
s_pub
server generates a random number: rs
*rsencrypts rs: rs
server sends requested page, +
c_pub
encrypts server certificate: scs_pri
*sc
*rs *sc
rc
*rc
rs
*rs
client contacts CA to verify server identity
*sc
c_pri
s_pub
scsc
next page…
rc
rs
s_pri
TLS connections (simplified)
c_pub c_pris_pri
client server
s_pub
rc
rs
client contacts CA to verify server identity
sc
sc
sends encrypted certificate
encrypts client certificate: cc *ccc_pri
*cc
server contacts CA to verify client identity
*cc
cc
c_pub
cc
client generates a random number (pre-password): pms
pms
pmss_pub
encrypts pre-password: *pms *pmss_pri
pms
rcrs
rsrc
client, server independently calculate passwordpass
pass pmsrsrc
passSecure, symmetric-key session with password: pass
Web auctions basics: EBay design
What we have learnt up to now: - How to set up an E-commerce site - Where to store data (DB) - How to set up navigation for users (directories, search) - How to manage sessions - How to allow client and server to communicate securely
Next we consider: - How to design a ‘good’ auction web-site (using E-bay as a case)
Design (and simple analysis) of auctions
Types of auctions
1. First price, sealed bid
All bidders put their ‘bid’ in a sealed envelop and submit to
auctioneer
At the ‘closing time’, auctioneer opens all envelops
Highest bidder wins, and must pay the amount on the bid
Properties:
- No “open” (i.e. face-to-face) competition
- Each buyer must evaluate the value of the item to make their bid
Properties: - This type of auction can also be used as a mail-bid auction
Independent Private Value (IPV)
2. Open, Increasing bid auctions (English auction)
- Auctioneer starts at lowest acceptable price (reserve), and
- Increases bid amount in small steps (tick)
- Price rises until only one bidder remains (winner), who pays the current price
Types of auctions..
3. Second price, sealed bid (Vickrey auction)
- All bidders put their bid in a sealed envelop and submit to auctioneer
- At the ‘closing time’, auctioneer opens all envelops
- Highest bidder wins; and pays the amount on the 2nd highest bid (plus $1)
Properties: - No “open” (i.e. face-to-face) competition - Each buyer must evaluate the value of the item to make their bid
Properties: - This type of auction can also used as a mail-bid auction
Types of auctions…
A buyer checks tuna fish during an auction in Tokyo’s Tsukiji’s fish wholesale market
Open, Simultaneous bid auctions (Japanese fish market auction)
- Auctioneer starts the auction (rings a bell)
- Bidders simultaneously signal the highest price they wish to bid
- Highest bidder wins
Types of auctions (Japanese variation of English auction)
Five rooms with auction clocks form the heart of the auction.Each lot's price is determined by the Dutch auction system.The clock winds down from a high price, and the first buyer to press the button buys the lot.55,000 transactions take place every morning.By the afternoon, the flowers are off to destinations around the world.
Source: http://stevefazzio.com/Holland_Amsterdam_1.html
4. Open, Descending bid auctions (Dutch auction)
- Auctioneer starts the auction at very high price
- Price is lowered in small amounts (tick) in every time interval
- First person to make a bid wins
Types of auctions
First price auctions Dutch auction
Types of auctions: logical equivalences
Bidder only knows their own value (IPV) for the item
Bidder does not know the IPV of other bidders
In either case, the ‘winner’ only knows what they must pay, butdon’t know what the IPV of the second highest bidder is (theyonly know that the others are willing to pay less than him).
Second price auctions (English) Vickrey auction
In each case, the winner pays more than the 2nd highest bidder
Types of auctions: logical equivalences
In each case, winner bids = IPV Why ?
Bid less than IPV, and lose regret losing item
Bid more than IPV, and win loss of surplus
What is the bidder’s expected surplus if he bids = IPV in First Price auction?
Online auction: which model to use, how to implement?
Buyers’ concerns
Maximize their benefit = (Independent Private Value – price paid)
Sellers’ concerns
Maximize the sale price of the item
Practical/usage issues:Ease of finding item they want, timely end of bidding,secure and easy payment, safe delivery of items, tax/customs, …
Practical issues:Minimum opening bidSellers’ reserve (price below which item will not be sold)Commission to auction house (typically, 5%)Minimum increment (tick)Time limits, …
Online auction: which model to use?
What price should the highest bidder be required to pay?
What information should be posted on the website regarding the current bidding level?
Easiest choice: - display the highest bid so far - require the highest bidder to pay what he bid
First price auction
Problems: - What if not all bidders are logged in simultaneously ? - Auction ends when no more higher bid is received: when to end?
Best mode for internet auctionis to operate non-real time
Online auction: which model to use..
Copy the mail-bid format: - display only the closing time of the auction - require the highest bidder to pay what he bid
First price, mail bid
Question: - Will the bidder bid = their ‘value’ ?
Preferred mode of operation: - bidders should be given some time (e.g. 1 week) to make their bid.
Value: the price above which the bidder will prefer not to buy, and below which the bidder will buy the indifference point
First-price mail bid the bidder has no incentive to buy bidder will bid below their ‘value’ bid is “not sincere”
Online auction: which model to use..
Internet Vickrey model (eBay):
What happens if we display the current highest bid ?
Attempt #3: Non-real time, Second-price auction
Consider an Apple iPhone, worth approximately HK$ 3000Current bid = $50Next bidder bids $100,000No other bidder will be willing to bid (otherwise they have to pay 100,000!) Seller is doomed (since he must now sell for $50)
We should display the 2nd highest bid so far!
What information should be posted on the website regarding the current bidding level?
Question: in this case, the current displayed price = $50; - Is there any disincentive for a buyer to put a bid for, say, $2000 ?
Online auction: The EBay model
- Sealed bid (since only 2nd price is displayed)
- Dynamically posted 2nd price
- Second price (highest bidder only needs to pay second highest bid)
- Continuous bidding
- Each auction has a deadline
Question: Assuming honest bidders, is each bid ‘sincere’ ? i.e. Is there any reason the bidder will bid below their ‘value’ ?
- If they bid above their value may have to pay more than their value loss- If they bid below their value, they may lose the auction loss
Yes:
Some other design features of EBay
- Bidders may bid many times
- The highest bid at any time is hidden from the seller (only EBay knows it!)
- There is minimum starting bid (open reserve)
- There is a possible secret reserve winning bid must be greater to win
- It is possible for bidders, sellers to communicate (email)
- It is possible to rate each seller
- Seller can reject a bid
References and Further reading:
www.security, R. S. MacGregor, A. Aresi, A. Siegert, IBM and Prentice Hall
Snipers, Shills and Sharks: EBay and Human Behavior, Ken Steiglitz, Princeton University Press
Internet resources:
Ebay policies page
Web connections and transport layer security: wikipedia
Next topic: Mathematical foundations of auctions