IIT Template 8bit

Download Report

Transcript IIT Template 8bit 

National Research
Council Canada
Conseil national
de recherches Canada
Institute for
Information Technology
Institut de technologie
de l'information
E-Commerce:
Hype, Hope… Help Needed
Larry Korba
National Research Council of Canada
[email protected]
http://www.iit.nrc.ca
Canada
Definition and Caveats
Definition:
Electronic Commerce - the secure exchange
of goods, services and information electronically
Forester Research
Caveats:
• Not an E-Commerce “Course”
• Research Perspective
• Highlights
Outline
E-Commerce Today
Future of E-Commerce
• Now… Near Future
Selected Challenges
• Only a Few!
Conclusions
SET
Business-Business
IP Protection
PKI
Agent- Based E-Commerce
E-Commerce Anywhere
E-Commerce Today…..
Big Money Assumption, “Hi Tech”
Other Attractive Internet Words: Java, Agents,
Security!
EC Today: Why is it so
Business-to-Consumer
• Internet Hype
• Lower Costs
• Market Expansion?
Business-to-Business
• Now and in Future
• Growth
?
EC Today: Why Hot:
Lower Telecommunication Costs
Cost of a 3 Minute Phone Call From New York to
London
300
250
200
150
100
50
0
1930
1940
1950
1960
1970
1980
1990
2000
EC Today: Why Hot:
Internet Growth
Extraordinary Growth in Internet Access
120
100
80
Radio
TV
PC
Web
60
40
20
0
1950
2000
EC Today: Why Hot?
B-C, B-B Growth
180
160
140
120
Business to
Business
Business to
Consumer
100
80
60
40
20
0
1997
2000
EC Today: Challenges
It Works Quite Well, But….
Many “Standards”, Products
Threats
• Common Threats
• Threats to Buyers
• Threats to Sellers
• Threats to Financial Institutions
EC Today: “Standards”, Products
SSL <=> SET
Many products to chose from
Credit Card Transaction Providers
Commerce Servers
• IBM, Microsoft, Inex, Bestware, MANY MORE
Middleware
• Shareware, Cold Fusion….
Databases
• SQL, DB2, Oracle, Access…
Web Portals
Consultants
EC Today: Common Threats
•
•
Insider Fraud
Software Security Holes
• All O/S & Applications
• Good Security Hard to Build
• Software Complexity
• Security as an Add-On
• Installation/Set Up Errors
• Shopping Cart Exposure
EC Today: Threats to Buyers
•
•
•
•
Hijacking, Spoofing
Denial of Service
Loss of Privacy
Fraudulent Credit Card Use
EC Today: Threats to Sellers
•
•
•
•
Fake Order Flood
Site Impersonation
Site Alteration
Denial of Service
EC Today: Threats to Financial
Institutions, Transaction Providers
• Any Kind of Loss
• $
– Credit Card Fraud
• Information
• Service Obstruction
Future Challenges of E-Commerce
What is happening in Research
Standardization
Trust
Business-to-Business
Agent-Based E-Commerce
• Automation
• Learning
Copyright Protection
• Electronic Distribution
E-Commerce Anywhere
Future Challenges: Research
Research Competition
Words to get Funding (or to get Published):
• Electronic Commerce
• Security
• Agent
• Java
• Ontology...
Standardization
Many Acronyms….
OMG/ CBO
Development Times, Costs, Interoperability
Trust and Electronic Commerce
Biometry
• Many Technologies
Determining trustworthiness of Transaction
Participants
• e.g. Auction Sites.
Research
• Distributed Trust
– Web Browsers, Agents
• Models for Trust, Formalisms
• E-Commerce and Group work applications
Biometry...
Technologies
• Iris, Face, Fingerprint, Hand Geometry, Typing,
Handwriting, Voice
Must work well
• No False Positives: I Got IN!!!
• No False Negatives: Let Me IN!
Must NOT Lose Biometric Data!
• Irreplaceable…
• Once stolen, gives access to the store…
• Single Sign On for Everything...
SET
Many different proprietary electronic transaction
Third Party Solutions
SET: The Answer to Strife in the World!
• Open Standard
• Eliminates No Card Present Fraud
– Visa/Master Card Like that!
• Eliminate Non-Repudiation in Transactions
• No Middleman
SET: Challenges
Complicated Protocol = Slow Response
• 3000 Line ASN.1
• 28 Stage Transaction Process
• 6 RSA Encryption Steps (Slow)
Four Part Model
• Interoperability
Constant Evolution
• Standard Fragmentation?
SET <=> Credit Card-Based
Other Possibilities: XML/EDI, Smart SET
Public Key Infrastructure
Cornerstone for Network Security Technology
Issues/Revokes Certificates
Cross Certify Organizations
Generate Certificates for authorized users
Enable SET for EC and other applications
Server Components
Directory
Directory
System
System
Certificate
Directory
Authority
System
Timestamping
Directory
Authority
System
Card
Issuing
Directory
System
System
Administration Components
Notarization
Directory
Authority
System
Local
Local
Registration
Registration
Authority
Authority
Client
PKI
User
Directory
Agent
System
Registration
Directory
Authority
System
Key
Recovery
Directory
Authority
System
PKI:Challenges
Non-Trivial to set up
• Cross-Certification
• A lot like Beta Testing Software!
Interoperability Issues
• X.509 v3 Extensions
Network Overhead
Costs
• Infrastructure is one thing, you need to buy the
applications
Dealing with Multiple Certificates
Business-to-Business
Factors
• Just-In-Time Delivery Requirement
– Reduce Inventory, Cycle Times
– Reduced Costs
• International Trade (Globalization,
Deregulation)
• Move to Automated Transactions
Business-to-Business: Challenges
Developing Trust
• With New Partners
• Contract Protocols: Formal, Creative
Low-Cost, Secure Large Transactions
Sharing Minimum Required Operational Information
Company A
Company C
Company B
?
Agent-Based E-commerce
Bargain Finder
Negotiator
User Interface
Mobile Agents?
Agent A
Agent B
Agent-Based E-commerce:
Challenges
Trust
• Agent Code
• Agent Environment
Confidentiality/Integrity
• Customer/vendor Information
Standards
• Agent Communication
• Agent Environments
• APIs
Intellectual Property Protection
Electronically Transferable IP
Network Distribution:
• Lower Cost
• Potential Risks
Potential for New Forms of Licensing
IP Protection:
Challenges
It’s Hard to Protect IP
• Text
• Graphics
• E-Books
• Software
• 3D Models
Different Restrictions
• Trade
• Exclusivity
• Usage
IP Protection: Examples
Software Protection
• Software Copying/Cracking is Epidemic
• Hardware (Dongles), Software
• Flexible Electronic Licensing Needed
Recording Industry
• Analog Copying is Easy
• Audio CD copying
• MP3 Distribution
E-Commerce Anywhere
Wireless Access
• Investors
• Business Operators
• Service Centres
Convenience
Demand
E-Commerce Anywhere: Challenges
V-Commerce
• Tedious
• Secure? False Negatives
Eavesdropping?
• Electronic
• Human
Replay?
SSL/SET over voice/pager?
Wireless LANs
• Coverage, Implementation
0
50
100 m
Wireless LAN Implementation
IEEE 802.11 Symmetric Key
Available For View!
• In Network Dialog Box for
Client
• Or Via SNMP from Access
Point
Summary
E-Commerce is here, and Thriving
• Works quite well
Big Money going into E-Commerce
• Researchers
• Developers
Software Implementation Errors
• Prevention
• SW/HW Version Authentication
Electronic Delivery
• Enforcing Copyright Protection
Summary (Continued)
Secure E-Commerce Everywhere
• Portable Electronic Wallet
• Biometry
E-Commerce Agents
• Trust and Privacy
• Agent Mobility
Room for Innovation
Resource Page:
http://132.246.128.180/ecommerce/ecomlinks.html
Email Address: [email protected]