Successfully reported this slideshow.

B Hkorba

463 views

Published on

Published in: Education, Technology, Business
  • Be the first to comment

  • Be the first to like this

B Hkorba

  1. 1. E-Commerce: Hype, Hope… Help Needed Larry Korba National Research Council of Canada [email_address] http://www.iit.nrc.ca National Research Council Canada Conseil national de recherches Canada Institute for Institut de technologie Information Technology de l'information C a n a d a
  2. 2. Definition and Caveats <ul><li>Definition: </li></ul><ul><li>Caveats: </li></ul><ul><ul><li>Not an E-Commerce “Course” </li></ul></ul><ul><ul><li>Research Perspective </li></ul></ul><ul><ul><li>Highlights </li></ul></ul>Electronic Commerce - the secure exchange of goods, services and information electronically Forester Research
  3. 3. Outline <ul><li>E-Commerce Today </li></ul><ul><li>Future of E-Commerce </li></ul><ul><ul><li>Now… Near Future </li></ul></ul><ul><li>Selected Challenges </li></ul><ul><ul><li>Only a Few! </li></ul></ul><ul><li>Conclusions </li></ul>SET Business-Business Agent- Based E-Commerce E-Commerce Anywhere IP Protection PKI
  4. 4. E-Commerce Today….. <ul><li>Big Money Assumption, “Hi Tech” </li></ul><ul><li>Other Attractive Internet Words: Java, Agents, Security! </li></ul>
  5. 5. EC Today: Why is it so ? <ul><li>Business-to-Consumer </li></ul><ul><ul><li>Internet Hype </li></ul></ul><ul><ul><li>Lower Costs </li></ul></ul><ul><ul><li>Market Expansion? </li></ul></ul><ul><li>Business-to-Business </li></ul><ul><ul><li>Now and in Future </li></ul></ul><ul><ul><li>Growth </li></ul></ul>
  6. 6. EC Today: Why Hot: Lower Telecommunication Costs <ul><li>Cost of a 3 Minute Phone Call From New York to London </li></ul>
  7. 7. EC Today: Why Hot: Internet Growth <ul><li>Extraordinary Growth in Internet Access </li></ul>
  8. 8. EC Today: Why Hot? B-C, B-B Growth
  9. 9. EC Today: Challenges <ul><li>It Works Quite Well, But…. </li></ul><ul><li>Many “Standards”, Products </li></ul><ul><li>Threats </li></ul><ul><ul><li>Common Threats </li></ul></ul><ul><ul><li>Threats to Buyers </li></ul></ul><ul><ul><li>Threats to Sellers </li></ul></ul><ul><ul><li>Threats to Financial Institutions </li></ul></ul>
  10. 10. EC Today: “Standards”, Products <ul><li>SSL <=> SET </li></ul><ul><li>Many products to chose from </li></ul><ul><li>Credit Card Transaction Providers </li></ul><ul><li>Commerce Servers </li></ul><ul><ul><li>IBM, Microsoft, Inex, Bestware, MANY MORE </li></ul></ul><ul><li>Middleware </li></ul><ul><ul><li>Shareware, Cold Fusion…. </li></ul></ul><ul><li>Databases </li></ul><ul><ul><li>SQL, DB2, Oracle, Access… </li></ul></ul><ul><li>Web Portals </li></ul><ul><li>Consultants </li></ul>
  11. 11. EC Today: Common Threats <ul><li>Insider Fraud </li></ul><ul><li>Software Security Holes </li></ul><ul><ul><li>All O/S & Applications </li></ul></ul><ul><ul><li>Good Security Hard to Build </li></ul></ul><ul><ul><li>Software Complexity </li></ul></ul><ul><ul><li>Security as an Add-On </li></ul></ul><ul><li>Installation/Set Up Errors </li></ul><ul><ul><li>Shopping Cart Exposure </li></ul></ul>
  12. 12. EC Today: Threats to Buyers <ul><li>Hijacking, Spoofing </li></ul><ul><li>Denial of Service </li></ul><ul><li>Loss of Privacy </li></ul><ul><li>Fraudulent Credit Card Use </li></ul>
  13. 13. EC Today: Threats to Sellers <ul><li>Fake Order Flood </li></ul><ul><li>Site Impersonation </li></ul><ul><li>Site Alteration </li></ul><ul><li>Denial of Service </li></ul>
  14. 14. EC Today: Threats to Financial Institutions, Transaction Providers <ul><li>Any Kind of Loss </li></ul><ul><ul><li>$ </li></ul></ul><ul><ul><ul><li>Credit Card Fraud </li></ul></ul></ul><ul><ul><li>Information </li></ul></ul><ul><li>Service Obstruction </li></ul>
  15. 15. Future Challenges of E-Commerce <ul><li>What is happening in Research </li></ul><ul><li>Standardization </li></ul><ul><li>Trust </li></ul><ul><li>Business-to-Business </li></ul><ul><li>Agent-Based E-Commerce </li></ul><ul><ul><li>Automation </li></ul></ul><ul><ul><li>Learning </li></ul></ul><ul><li>Copyright Protection </li></ul><ul><ul><li>Electronic Distribution </li></ul></ul><ul><li>E-Commerce Anywhere </li></ul>
  16. 16. Future Challenges: Research <ul><li>Research Competition </li></ul><ul><li>Words to get Funding (or to get Published): </li></ul><ul><ul><li>Electronic Commerce </li></ul></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Agent </li></ul></ul><ul><ul><li>Java </li></ul></ul><ul><ul><li>Ontology... </li></ul></ul>
  17. 17. Standardization <ul><li>Many Acronyms…. </li></ul><ul><li>Development Times, Costs, Interoperability </li></ul>OMG/ CBO X.509 XML/ EDI OBI OTP OFX CIP PKI RSA PKIX OPS SET SSL IMS ECML ICE
  18. 18. Trust and Electronic Commerce <ul><li>Biometry </li></ul><ul><ul><li>Many Technologies </li></ul></ul><ul><li>Determining trustworthiness of Transaction Participants </li></ul><ul><ul><li>e.g. Auction Sites. </li></ul></ul><ul><li>Research </li></ul><ul><ul><li>Distributed Trust </li></ul></ul><ul><ul><ul><li>Web Browsers, Agents </li></ul></ul></ul><ul><ul><li>Models for Trust, Formalisms </li></ul></ul><ul><ul><li>E-Commerce and Group work applications </li></ul></ul>
  19. 19. Biometry... <ul><li>Technologies </li></ul><ul><ul><li>Iris, Face, Fingerprint, Hand Geometry, Typing, Handwriting, Voice </li></ul></ul><ul><li>Must work well </li></ul><ul><ul><li>No False Positives: I Got IN!!! </li></ul></ul><ul><ul><li>No False Negatives: Let Me IN! </li></ul></ul><ul><li>Must NOT Lose Biometric Data! </li></ul><ul><ul><li>Irreplaceable… </li></ul></ul><ul><ul><li>Once stolen, gives access to the store… </li></ul></ul><ul><ul><li>Single Sign On for Everything... </li></ul></ul>
  20. 20. SET <ul><li>Many different proprietary electronic transaction Third Party Solutions </li></ul><ul><li>SET: The Answer to Strife in the World! </li></ul><ul><ul><li>Open Standard </li></ul></ul><ul><ul><li>Eliminates No Card Present Fraud </li></ul></ul><ul><ul><ul><li>Visa/Master Card Like that! </li></ul></ul></ul><ul><ul><li>Eliminate Non-Repudiation in Transactions </li></ul></ul><ul><ul><li>No Middleman </li></ul></ul>
  21. 21. SET: Challenges <ul><li>Complicated Protocol = Slow Response </li></ul><ul><ul><li>3000 Line ASN.1 </li></ul></ul><ul><ul><li>28 Stage Transaction Process </li></ul></ul><ul><ul><li>6 RSA Encryption Steps (Slow) </li></ul></ul><ul><li>Four Part Model </li></ul><ul><ul><li>Interoperability </li></ul></ul><ul><li>Constant Evolution </li></ul><ul><ul><li>Standard Fragmentation? </li></ul></ul><ul><li>SET <=> Credit Card-Based </li></ul><ul><li>Other Possibilities: XML/EDI, Smart SET </li></ul>
  22. 22. Public Key Infrastructure <ul><li>Cornerstone for Network Security Technology </li></ul><ul><li>Issues/Revokes Certificates </li></ul><ul><li>Cross Certify Organizations </li></ul><ul><li>Generate Certificates for authorized users </li></ul><ul><li>Enable SET for EC and other applications </li></ul>
  23. 23. PKI:Challenges <ul><li>Non-Trivial to set up </li></ul><ul><ul><li>Cross-Certification </li></ul></ul><ul><ul><li>A lot like Beta Testing Software! </li></ul></ul><ul><li>Interoperability Issues </li></ul><ul><ul><li>X.509 v3 Extensions </li></ul></ul><ul><li>Network Overhead </li></ul><ul><li>Costs </li></ul><ul><ul><li>Infrastructure is one thing, you need to buy the applications </li></ul></ul><ul><li>Dealing with Multiple Certificates </li></ul>
  24. 24. Business-to-Business <ul><li>Factors </li></ul><ul><ul><li>Just-In-Time Delivery Requirement </li></ul></ul><ul><ul><ul><li>Reduce Inventory, Cycle Times </li></ul></ul></ul><ul><ul><ul><li>Reduced Costs </li></ul></ul></ul><ul><ul><li>International Trade (Globalization, Deregulation) </li></ul></ul><ul><ul><li>Move to Automated Transactions </li></ul></ul>
  25. 25. Business-to-Business: Challenges <ul><li>Developing Trust </li></ul><ul><ul><li>With New Partners </li></ul></ul><ul><ul><li>Contract Protocols: Formal, Creative </li></ul></ul><ul><li>Low-Cost, Secure Large Transactions </li></ul><ul><li>Sharing Minimum Required Operational Information </li></ul>Company A Company B Company C ?
  26. 26. Agent-Based E-commerce <ul><li>Bargain Finder </li></ul><ul><li>Negotiator </li></ul><ul><li>User Interface </li></ul><ul><li>Mobile Agents? </li></ul>Agent A Agent B
  27. 27. Agent-Based E-commerce: Challenges <ul><li>Trust </li></ul><ul><ul><li>Agent Code </li></ul></ul><ul><ul><li>Agent Environment </li></ul></ul><ul><li>Confidentiality/Integrity </li></ul><ul><ul><li>Customer/vendor Information </li></ul></ul><ul><li>Standards </li></ul><ul><ul><li>Agent Communication </li></ul></ul><ul><ul><li>Agent Environments </li></ul></ul><ul><ul><li>APIs </li></ul></ul>
  28. 28. Intellectual Property Protection <ul><li>Electronically Transferable IP </li></ul><ul><li>Network Distribution: </li></ul><ul><ul><li>Lower Cost </li></ul></ul><ul><ul><li>Potential Risks </li></ul></ul><ul><li>Potential for New Forms of Licensing </li></ul>
  29. 29. IP Protection: Challenges <ul><li>It’s Hard to Protect IP </li></ul><ul><ul><li>Text </li></ul></ul><ul><ul><li>Graphics </li></ul></ul><ul><ul><li>E-Books </li></ul></ul><ul><ul><li>Software </li></ul></ul><ul><ul><li>3D Models </li></ul></ul><ul><li>Different Restrictions </li></ul><ul><ul><li>Trade </li></ul></ul><ul><ul><li>Exclusivity </li></ul></ul><ul><ul><li>Usage </li></ul></ul>
  30. 30. Software Copying
  31. 31. IP Protection: Examples <ul><li>Software Protection </li></ul><ul><ul><li>Software Copying/Cracking is Epidemic </li></ul></ul><ul><ul><li>Hardware (Dongles), Software </li></ul></ul><ul><ul><li>Flexible Electronic Licensing Needed </li></ul></ul><ul><li>Recording Industry </li></ul><ul><ul><li>Analog Copying is Easy </li></ul></ul><ul><ul><li>Audio CD copying </li></ul></ul><ul><ul><li>MP3 Distribution </li></ul></ul>
  32. 32. E-Commerce Anywhere <ul><li>Wireless Access </li></ul><ul><ul><li>Investors </li></ul></ul><ul><ul><li>Business Operators </li></ul></ul><ul><ul><li>Service Centres </li></ul></ul><ul><li>Convenience </li></ul><ul><li>Demand </li></ul>
  33. 33. E-Commerce Anywhere: Challenges <ul><li>V-Commerce </li></ul><ul><ul><li>Tedious </li></ul></ul><ul><ul><li>Secure? False Negatives </li></ul></ul><ul><li>Eavesdropping? </li></ul><ul><ul><li>Electronic </li></ul></ul><ul><ul><li>Human </li></ul></ul><ul><li>Replay? </li></ul><ul><li>SSL/SET over voice/pager? </li></ul><ul><li>Wireless LANs </li></ul><ul><ul><li>Coverage, Implementation </li></ul></ul>
  34. 34. Wireless LAN Implementation <ul><li>IEEE 802.11 Symmetric Key Available For View! </li></ul><ul><ul><li>In Network Dialog Box for Client </li></ul></ul><ul><ul><li>Or Via SNMP from Access Point </li></ul></ul>
  35. 35. Summary <ul><li>E-Commerce is here, and Thriving </li></ul><ul><ul><li>Works quite well </li></ul></ul><ul><li>Big Money going into E-Commerce </li></ul><ul><ul><li>Researchers </li></ul></ul><ul><ul><li>Developers </li></ul></ul><ul><li>Software Implementation Errors </li></ul><ul><ul><li>Prevention </li></ul></ul><ul><ul><li>SW/HW Version Authentication </li></ul></ul><ul><li>Electronic Delivery </li></ul><ul><ul><li>Enforcing Copyright Protection </li></ul></ul>
  36. 36. Summary (Continued) <ul><li>Secure E-Commerce Everywhere </li></ul><ul><ul><li>Portable Electronic Wallet </li></ul></ul><ul><ul><li>Biometry </li></ul></ul><ul><li>E-Commerce Agents </li></ul><ul><ul><li>Trust and Privacy </li></ul></ul><ul><ul><li>Agent Mobility </li></ul></ul><ul><li>Room for Innovation </li></ul>Resource Page: http://132.246.128.180/ecommerce/ecomlinks.html Email Address: [email_address]

×