Title: Technology Infrastructure for Electronic Commerce
1Technology Infrastructure for Electronic Commerce
- Olga Gelbart
- rosa_at_seas.gwu.edu
- THE GEORGE WASHINGTON UNIVERSITY
- based on Prof. Lance Hoffmans Lecture on Network
Infrastructure for Electronic Commerce
2Snapshots of the Electronic Commerce World
- Yesterday - EDI
- Today - getting our toes wet, what this course is
about - Tomorrow - Metadata, machine understandable
information on the Web. - Catalog information
- Intellectual property information
- Endorsement Information
- Privacy information
- see www.w3c.org/pics and www.w3c.org/p3p
3How Did We Get Here?
- Before the Internet
- History of Commerce and Money
- Elements of payment systems
- The Start of the Internet
- Predecessor Networks
- Timeline of Significant Events
- The Internet Today
- What is the Internet?
- How Does the Internet Work?
- Differences from Original Net
- Differences from Traditional World Out There
- The Internet in the Future
4What is the Internet?
- On October 24, 1995, the FNC unanimously passed a
resolution defining the term Internet. This
definition was developed in consultation with
members of the internet and intellectual property
rights communities. RESOLUTION The Federal
Networking Council (FNC) agrees that the
following language reflects our definition of the
term "Internet". "Internet" refers to the global
information system that -- (i) is logically
linked together by a globally unique address
space based on the Internet Protocol (IP) or its
subsequent extensions/follow-ons (ii) is able to
support communications using the Transmission
Control Protocol/Internet Protocol (TCP/IP) suite
or its subsequent extensions/follow-ons, and/or
other IP-compatible protocols and (iii)
provides, uses or makes accessible, either
publicly or privately, high level services
layered on the communications and related
infrastructure described herein. - http//www.fnc.gov/Internet_res.html
5The Internet - connections
- Computers in the backbone connected by a (T3)
data connection (45 megabits/second) - ISP hosts and other powerful computers
connect using (T1,Broadband) lines - Leased lines (some businesses)
- Modem dial-up connections
- Cable modems
- ADSL - Asymmetric Digital Subscriber Line
6Internet features
- Originally ARPAnet
- MIT, MITRE, SRI, BBN
- Distributed communications even with many failure
points - Dissimilar computers exchange info easily
- Route around nonfunctioning parts
- 4 sites SRI, UCLA, UCSB, Univ of Utah
- Hafner and Lyon, Where Wizards Stay Up Late,
Simon Schuster 1996
7Kahns Internet PrinciplesR. Kahn,
Communications Principles for Operating Systems.
Internal BBN memorandum, Jan. 1972.
- Each network must stand on its own and no
internal changes could be required to connect it
to the Internet - If a transmission failed, try again
- Simple black boxes (later called gateways and
routers would connect the networks - No global control at operations level
8The Internet - development
1962 Licklider, J.C.R., Galactic Network
memos Licklider - MIT to ARPA ARPANET and
successors open architecture networking 1970s
universities and other DoD contractors connect
packets rather than circuits (note many of the
names in the articles were graduate students
then) 1975 100 sites and e-mail is changing how
people collaborate Late 1970s New Packet
Switching Protocol Transfer Control
Protocol/Internet Protocol (TCP/IP) 1980 MILNET
takes over military traffic 1980s NSFNet links
together NSF researcgers, Internet protocols
incorporated into (BSD) Unix, a widespread
operating system Late 1980s NSFNet absorbs
original ARPANET (for a US university to get NSF
funding for an Internet connection, that
connection had to be made available to all
qualified users on campus, regardless of
discipline 1995 Commercial backbones replace
NSFNet backbone Usenet BITNET Commercial
Networks AOL, Compuserve, etc.
9Federal Decisions that Shaped the Internet
- Agencies shared cost of common infrastructure,
e.g., trans-oceanic circuits - CSNET/NSF (Farber) and ARPA (Kahn) shared
infrastructure without metering - Acceptable Use Policy - no commercialization.
Privately funded augmentation for commercial uses
(PSI, UUNET, etc.), thought about as early as
1988 KSG conferences sponsored by NSF - NSF defunded NSF backbone in 1995,
redistributing funds to regional networks to buy
from now-numerous, private, long-haul networks - NSFNet 200M from 1986-1995
10The Internet - Four AspectsLeiner, et al., A
Brief History of the Internet,
http//info.isoc.org/internet/history/brief.html
- Technological Evolution
- Packet Switching
- Scale, Performance, Functionality
- Operations and management of a global and complex
infrastructure - Social Aspect - Internauts
- Commercialization
11Internet Development Timeline
From A Brief History of the Internet by B.
Leiner, et al., http//info.isoc.org/internet/hist
ory/brief.html
12Excerpts from Hobbes Internet Timelineby
Robert H. Zakonhttp//www.info.isoc.org/guest/zak
on/Internet/History/HIT.html
- 1957 Sputnik US forms ARPA
- 1962 P Baran, Rand, On Distributed
Communications Networks, packet switched
networks - 1967 Larry Roberts first design paper on ARPAnet
- 1969 ARPANet commissioned. First RFC.
- 1970 ALOHANet (radio) connected to ARPANet in
1972 - 1971 Ray Tomlinson E-mail, BBN
- 1972 Telnet specification (RFC 318)
- 1973 File transfer specification (RFC 454)
- 1977 Mail specification (RFC 733)
- 1979 USENet newsgroups. First MUD.
- 1981 CSNet
- 1982 DoD standardizes on TCP/IP
- 1983 Name server developed at University of
Wisconsin users no longer need to remember exact
path to other systems - 1983 Berkeley releases 4.2BSD including TCP/IP
- 1984 DNS introduced. Now over 1,000 hosts
- 1984 Moderated newsgroups on USENET
- 1988 Internet worm affects 6,000 of the 60,000
Internet hosts - 1990 EFF founded by Mitch Kapor
- 1991 WWW released by CERN (Tim Berners-Lee,
developer)
13Growth of the Internet
From Hobbes Internet Timeline at
http//info.isoc.org. ...
14How Internet Manages Change?
- RFC process
- W3C process
- Now a proliferation of stakeholders
- Debates over control of name space
- Profits to be made and lost
- Commercial vs. Other interests
15Trends in Internet Applications
- Internet TV (Web TV VIATV Videophone)
- Voice over IP (VoIP)
- Internet telephone
- Internet dashboard (Alpine GPS, Windows CE in
cars) - Wireless (WAP)
16Needed in Electronic Commerce
- Authentication
- Privacy
- Message Integrity
- Non-repudiation
Adapted from Gail Grant
17Authentication
- Proving identity
- Passports
- Drivers licenses
- Credit Cards
- Doctors diplomas
Gail Grant
18Privacy
- Locks
- Doors
- Perimeter security
- Castles
Gail Grant
19M Y T H
20R E A L I T Y
21Message Integrity
- Wax seals
- Tylenol seals
- Custom seals
- US Mail
Gail Grant
22Non-Repudiation
- Handshake
- Notary Public
- Signatures
- Contacts
Gail Grant
23Electronic cash policy issues
- anonymity
- can lead to perfect crime
- traceability (accountability)
- security (no electronic muggings)
24Certification Authority Functions
- Accept applications for certificates
- Verify the identity of the person or organization
applying for the certificate - Issue certificates
- Revoke/Expire certificates
- Provide status information about the certificates
that it has issued - But what do the certificates mean?
Adapted from Gail Grant
25Who Will Be CAs?
- Specialty firms (VeriSign)
- Government agencies
- Corporations (for employees)
- Telecommunication companies
- Banks
- Internet Service Providers
- Value-Added Networks (VANs)
- Whom to trust?
- Hierarchy vs web of trust
Gail Grant
26Who Sells CA Products and Services?
- Atalla Corporation
- BBN Corporation
- CertCo
- Cylink Corporation
- Entrust Technologies Inc.
- GTE Corporation
- IBM
- Netscape Communications
- VeriSign
- Xcert Software Inc.
July 1997
Gail Grant
27Legal Issues
- Legislation
- Responsibilities
- Liability
- International Usage
- Certification Practice Statements
28Business Issues for CAs
- Business Models
- Risks
- Costs
- In-House vs Out-Sourcing
- Operational Considerations
- Liability
29Some Problems
- Untrusted computer systems
- Not all persons are trustable
- Law not clear
- Policy not clear
- Sovereignty challenged
- Cryptography policy
- Anonymity
- Confidentiality
30Untrusted Computer Systems (then)Malware
Example The Internet WormShut down 6,000
machines, Nov 1988
25300
- Tried three techniques in parallel to spread
- Guess passwords
- Exploit a bug in the finger program
- Use a trapdoor in the sendmail program
- Effects
- serious degradation in performance of affected
machines - affected machines had to be shut down or
disconnected from the internet - Criminal justice
- Perpetrator convicted January 1990 under
1986Computer Fraud and Abuse Act sentenced to3
years probation, 10,000 fine, and 400 hours of
community service
31Web-Based Computer Systems SURPRISE DISCLOSURES
OF PERSONAL INFORMATION, AND PROGRAM LAUNCHES
- Cookies
- JAVA (Applet security issues)
- Microsoft
- Word macro viruses
- ACTIVE-X
- QUICKEN surprise bank transfer
- Web-based viruses
- Browser vulnerabilities (recent Netscape 4.x --
have to disable Java!) - A final surprise monitoring tools (e.g.,
- SATAN) also used by the enemy
32Who are trustworthy persons?
- With everyone connected by networks, how do you
know who to trust? - Trusted Third Parties
- Certifying Authorities
- Digital Signatures
- Strong, Trustable Encryption
- Distributed Architecture Smart Cards
33LAW OF THE NET
- Whose Law? Internet is not a monarchy,
democracy, republic, or dictatorship rules and
formalities are nonexistent - Jurisdiction, treaties, harmonization of
definitions - CDA Example, Tennessee
- Enforcement
- Elected officials and their designees?
- Internet Service Providers?
- Vigilantes?
- Anti-spam page http//www.dgl.com/docs/antispam.h
tml - Agents Launched by Any of the Above?
- Cancelbots
- Netiquette?
34Sovereignty Case study Cryptography Policy
18071
- Government stalling, an impediment to
- progress, or cautious reasoning to avoid chaos?
- Constitutional issues- Law Enforcement-
National Security - Privacy issues
- Export policies
- Jurisdictional "turf" issues
35Issues in Cryptography PolicyPrivacy Issues
- When should government have right tomonitor
telecommunications? - What safeguards prevent abuse ofinformation
obtained with taps? - Can a free society toleratehidden data with no
accountability?
36Clipper Chip Solution (Clipper I)
(adapted from White House briefing)
provides successor for DES provides law
enforcement solution
WARRANT
2
Key Escrow Holders
1
Law Enforcement Agency
Court
Commerce Dept., NISTTreasury Dept., Automated
Systems Div
Clipper Chip
Encryption device
37THE FOUR HORSEMEN OF THE APOCALYPSE (CYPHERPUNKS
VERSION)
- nuclear terrorists
- child pornographers
- money launderers
- drug dealers
APPLICATION OF BLIND SIGNATURE TO A REAL CRIMEB.
von Solms and D. Naccache, Computers and Security
11, 6 (1992)reprinted in Hoffman, L. (Ed.),
Building in Big Brother, Springer-Verlag, 1995
38WHAT IF UNBREAKABLE ENCRYPTION LEADS TO THIS?How
many times per year is acceptable?
19111
39NAS/NRC CRYPTO POLICY REPORT HIGHLIGHTS
19892
- Commercial use Should promote
widespreadcommercial use of technologies that
canprevent unauthorized access to electronic
info - Exportation Should allow export of DES
toprovide an acceptable level of security - Escrow Premature (Key recovery current
proposal) - Classified material The debate on cryptopolicy
should be open and does not requireknowledge of
classified material
Total preliminary report at http//www.nap.edu/nap
/online/titleindex.htmlc
Cryptography's Role in Securing the Information
Society, 1996,National Academy Press, 2101
Constitution Ave. NW, Box 285, Washington DC
20055, (800) 624-6242
40CURRENT ENCRYPTION LEGISLATION Highlights Full
Text at http//www.cdt.org/crypto/
19870
- SAFE (HR 695)
- Reps. Goodlatte (R-VA), Eshoo (D-CA)
- Pro-CODE (S 377)
- Sen. Leahy (D-VT), Burns (R-CO), Wyden (D-OR)
- Audio and photo transcript and lots of
information - from 3/19/97 hearing at
- www.democracy.net/archive/03191997
- Commonalities between SAFE and Pro-CODE
- Prohibit government from imposing mandatory key
escrow - No export license required for public domain or
- generally available encryption software
- (Draft Clinton administration legislation no
warrant)
41Building a Home Page to Sell Something
- Just Building a Home Page
- Now Making It Sell Something
- What to Sell?