Transcript Technologies of Internet-Based Contemporary

Technologies of Internet-Based
Contemporary Applications
MTI
Department of Electrical Engineering
Gadjah Mada University
Web Browsers
Daniel Amor. The E-Business (R)evolution.
Hewlett Packard Professional Books, 2000.
Web browsers are the most preferred software to
access the Internet
Use of HTML as standard language
HTML 4.0 released in 1997
HTML 5.0 [Still in Development, 2011]
Features of browsers
Frames, forms, tables, fonts, CSS, JavaScript, Java, Plug-ins,
News reader, E-mail client, HTML editor
However, some features may not be implemented by a
particular browser
It is important to aim for “best viewed by ANY browser”, i.e.,
to stick to standards
Web Browsers
On-line browsers
“Live” browsing from the source site
GUI-based: Firefox, Chrome, Safari, IE, Konqueror,
Opera, …
Text-based: Lynx
Off-line browsers
Download, and read the content off-line
Implementing “push technology”
• InfoNout downloads movie listings automatically
Off-line Explorer, WebZIP
Web Browsers
Features of next generation browsers
Integrated Internet services
Real-time communication, e.g., live chat
Smaller in size to support portable devices
Fast
Standard compliance
HTML 5
<check slide about html 5>
Dynamic Web
Dynamic web allows organization of dynamic pages
For working with databases (add, edit, modify, delete
processes)
To efficiently organize the presentation of a large number of
data
Technologies
CSS – a template to design web page layout/presentation
DOM – model on how to manipulate objects in a web
document
Dynamic HTML through scripting (e.g., JavaScript)
Adding Computation to Web Pages
Common Gateway Interface (CGI)
Allowing interaction between a web server and a
browser using HTTP protocol
A CGI program takes input from a user’s browser,
executes on the server side, and return results
embedded in appropriate documents to the user’s
browser
In the form of scripts written in a programming
language
• Shell script (in Unix/Linux)
• C
• Perl
Adding Computation to Web Pages
Java Server Pages (JSP)
Java-backed web pages
Tight integration with Java
• Java is used to enrich a page with computation element
• Taking advantage of Java’s cross-platform capability
Web Application Servers
To consolidate functionality of different
applications into Web interface
To create a three-tiered architecture for web
applications
• Servers – Business logic – Clients
• Isolating business logic for easier management
To access data that resides on legacy systems
without direct connection to the Internet
• Through a unified messaging system, e.g., CORBA
Web Application Servers
Components
GUI-based integrated development environment
• Use of Internet-oriented languages and protocols: HTML,
XML, Java, ActiveX, CORBA
Database drivers
Internal support for running web applications
• Cache
• Server replication
• Security mechanism
Examples: Cold Fusion, Lotus Domino, Bea
Weblogic, Inprise Application Server, …
eXtensible Markup Language (XML)
Problems of the Web
Needs a native mechanism for information processing
• HTML is not capable of processing information
• Tools such as Java applet and CGI programs adds an additional
layer
Needs a flexible way of defining semantics of a Web
document
• Example: how do we define a “student” ?
• Everyone can create his or her own definition
• A definition should be part of a Web document, not part of the
browser
Needs a mechanism for information exchange between
Internet applications
• To have Web applications that work with HTTP and TCP/IP, but
require no browser
eXtensible Markup Language (XML)
Document Type Definition (DTD)
To define the semantics and structure of a
document
DTD is a “grammar”
HTML has a fixed DTD embedded in a browser –
this makes a browser “understand” HTML
XML separates a DTD from its document
DTD is user-defined
An XML document should be accompanied by its
DTD for a program/browser to understand
eXtensible Markup Language (XML)
Layout is not defined in
a DTD
Flexible presentation
(e.g., for different
languages)
Can use XSL (eXtensible
Style Language)
Structure is preserved
Information can be
processed easily, e.g.,
using JavaScript
<?xml
<address>
<name>
<first>Lukito</first>
<last>Nugroho</last>
</name>
<street>Sawitsari F-11</street>
<city>Yogyakarta</city>
<zip>55283</zip>
</address>
</xml>
eXtensible Markup Language (XML)
An example of XML and XSL
XML Processing
Server-side processing
Exchaning data between applications running on a
server
• Exchaning applications must share a common DTD
Wrapping database data to create custom content
Client-side processing
Sending “raw” XML document to the client and let
the client decide what to do and how to display it
XML Applications
eXtensible Style Language (XSL)
Written in XML, XSL is designed for the presentation of an
XML document
Separates the content of a document from its representation
Provides style information to XML tags
Resource Description Framework
Adds metadata to Internet objects/resources  makes it
easy to find object/resources in Internet
Use of metadata
• Sign an object/resource
• Associate an object with another object
Example: the “What’s related” feature in Netscape
Communicator
Security Issues
Layer 5
Auditing, monitoring, and investigating
Layer 6
Validation
Layer 4
Information security technologies and products
Layer 3
Information security awareness and training
Layer 2
Information security architecture and processes
Layer 1
Information security policies and standards
Security Tools
Onno Purbo and Aang Wahyudi. Mengenal eCommerce. Elex Media Komputindo, 2001.
Cryptography
Area of study on data encryption and decryption based on
mathematical concepts
To enhance security by camouflaging original data in an
“unreadable” format
Cryptographic components
Encryption function
Digital signature
Protocol for key generation
How good is a cryptographic system?
The strength of the algorithm for function encryption
Keeping keys secret
Symmetric Cryptography
Use of the same key in encryption and
decryption
Examples: DES, IDEA, RC5, …
Problems
How to distribute a key secretly?
For n users, n(n-1)/2 keys are needed
Public Key Cryptography
Asymmetric
Public keys for encryption – distributed publicly
Private keys for decryption – owned by a person
who is authorized to read the message
PKC allows message exchange among
persons who do not know each other
Examples: Elgamal, RSA, Diffie-Hellman, DSA
Hybrid Cryptography – PGP
Featuring data compression and session key
A session key is generated per session
The session key is used to conventionally encrypt
the message
Achieving the best of both worlds
Secure distribution of keys (by public keys)
Quick encryption (by conventional methods)
Public Key Infrastructure
Issues in public key security system
Information security
User heterogenity
Complex communication network
Important components
Certificate authority (CA)
• Legal issues – to ensure the authenticity of documents
• Institutional approach
Digital signature
• To ensure the originality of documents: authentication and
data integrity
• Non-repudiation service
Certification Authority and Digital
Certificate
Trusted third-party companies who provide
digital certificates as proofs of rights of certain
electronic transaction services
A digital certificate is comparable to a driving
license, a national identity, etc.
A digital certificate enables someone to
determine the originality of a service
Public key
Subject, issuer, issued-to, validity period, …
One or more digital signature
Certificate Authority and Digital
Certificate
Certificate Authority and Digital
Certificate
Services of a CA
Verifying request of a digital certificate
Proofing a request and issuing a digital certificate
Managing the issued digital certificate
• Validity
• Renewal
• Maintenance of Certificate Revocation List (CRL)
Model of trust
Direct trust
Hierarchical trust
Web of trust (by PGP)
Security Protocol
Daniel Amor. The E-Business (R)evolu-
tion. HP Professional Books, 2000.
Secure Socket Layer (SSL)
Developed by Netscape, to improve the security of
transport protocol (i.e., TCP protocol)
Used to secure Web communication, i.e., between
a browser and a web server
• https (http over ssl) communication
• Implemented by installing SSL modules on applications
Secure HTTP (S-HTTP)
Specifically designed for http
Other protocols: ssh, S/MIME, …
Putty (for ssh)
Payment Systems
Credit card payments
Most popular due to its flexibility and wide
acceptance
Payment Systems
Electronic cash
Software solution to save an equivalent of cash onto disks
In the form of electronically signed files
Should not reveal the identity of the bearer
Should be exchanged directly between two parties, without
the bank in between
Examples: eCash by DigiCash
Establishing a network that accepts eCash
Customers open eCash account at banks which issue eCash
Electronic money is stored in the form of tokens
Only for once and one way transaction, merchant cannot use it
for other transactions
• Merchant can cash it at participating banks
•
•
•
•
Payment Systems
Secure Electronic Transactions (SET)
A secure transaction environment developed by
Visa and MasterCard in 1996
Components
• Public key infrastructure: public key encryption system,
digital certificates, digital signatures
• Credit card holders
• Merchants
SET protocol is independent of transport security
protocols such as SSL
Development Tools
Java technology
Features
• Cross-platform, portable
• Simplicity of language (compared to C++)
• A wealth collection of class library, which is also easily
extensible through OO mechanism
• Three targets aiming at different usage: standard, enterprise,
and micro
Technological support for specific development aspects
•
•
•
•
•
Component reusability – JavaBeans (EJB)
Client-side processing – Applets
Database connectivity – JDBC
High-level network service integration – JINI
Hooks to current technology – XML, CORBA, …
Development Tools
Script languages
ASP, PHP, JavaScript, …
Focusing on server-side processing (CGI etc)
Good support for Web-based processing
• Static and dynamic web behaviour, i.e., extensive HTML
features
• Database connectivity through proprietary drivers
Tightly coupled to the workings of web browsers,
web servers, and (even) operating systems 
difficult to impose portability