Abstract. Electronic commerce and electronic business are the inevitable mediums of exchange in an increasingly wired world. To better understand the problems and perspectives of electronic payment systems, it is wise to look at not only the current systems in place, but to also examine what the future may hold. This paper describes the characteristics of current systems in place and provides a brief analysis of how each works. Finally, it predicts the future of these systems and the possible changes to the current structure of economic transactions.

1 Introduction

For more than decade there have been predictions of the elimination of physical cash as a transaction medium and the substitution of one form or another of an electronic payments system. Some forecasters view the prospect with delight, looking on it as increasing the efficiency of the economy. Others fear its rise, anticipating it to be another way in which the security and privacy of our lives become subject to monitoring and scrutiny. But no matter which side one may fall on, it is clear that we're abolishing the physical need for money, one step at a time. We're committing our futures, our families, our societies, to cyberspace (Gleick). Because of this explosive development of electronic commerce in recent years, the issue of paying over open networks has become very important. Electronic payment systems are required to bring the necessary infrastructure to facilitate payments. They are an essential part of the further development of commerce and business (Gleick).

Before taking a closer look at the different types of payment systems, it is important to classify or categorize them in order to get a better understanding of the characteristics and properties of the systems. The first level in the categorization is based on the way in which money transfer is organized. Existing payment mechanisms can be divided into two groups: electronic cash and credit-debit systems. Another approach, based on the type of information that is exchanged, distinguishes between account-based and token based systems, in which the former corresponds to credit-debit systems and the latter to electronic cash (Abrazhevich).To be specific, electronic currency or cash is similar to conventional cash where parties exchange electronic tokens that represent value, just like paper money with respect to banks. The credit-debit approach, in contrast, means that money is represented by numbers in bank accounts and these numbers are transferred between parties over computer networks. Going one step further in the classification of account-based systems, we can distinguish between debit and credit cards systems and specialized ones, for example, those systems that use e-mail for money transfer or notification. Electronic currency can be divided on systems that support smart cards, and those that exist only in online environment. They can be called ‘online cash’ or ‘Web cash’. Prepaid cards and electronic purse systems can be also included in this category (Abrazhevich).

Now that we have classified the payment systems, we can take a more in-depth look at each of the categories. By choosing a specific example from each, we can analyze the specific functionality of each system and why its security allows it to be either a promising new technology or an already existing one. Under the scope of account based systems, we will first see how credit cards work, then continue on to email-based transaction systems, and finally a generic system such as PayPal. Moreover, under the category of electronic currency, we will take a look at both smart cards and E-Cash. Finally, we will anticipate how new innovations and technologies such as RF identifications will continue to morph the changing landscape of electronic payment systems in the future.

2 Account-Based Systems: The Credit Card

A first step in the evolution of physical to electronic payment systems, the credit card is a common piece of innovation used by almost everyone in today’s society. In order to understand future technology such as the viability of the smart card, it is indeed beneficial to see how a credit card actually works. In general, a credit card is a thin plastic card, usually 3-1/8 inches by 2-1/8 inches in size that contains identification information such as a signature or picture, and authorizes the person named on it to charge purchases or services to his account. These will be billed periodically. Today, the information on the card is read by automated teller machines, store readers, and bank and Internet computers (how stuff works).

In order to authenticate these credit card transactions, there are three basic methods of determining whether your credit card will pay for what you are charging. Merchants with only a few transactions each month can do voice authentication using a touch-tone phone. Additionally, terminals allow users to swipe their credit cards, easing the need for an additional human being to be involved in the transaction (how stuff works). For example, people often swipe their own card at the checkout of stores these days. And finally, there are virtual terminals for internet transactions. More specifically, the protocol for credit card use starts with a cashier swiping the card through a reader. This dials a stored telephone number to call an acquirer. An acquirer is an organization that collects credit authentication requests and provides the merchants with a payment guarantee. When the acquirer company gets the credit card requests, it checks the transaction for validity and the record on the stripe for merchant ID, valid card number, expiration date, credit card limit, and card usage. Single dial-up transactions are processed at 1,200 to 2,400 bits per second (bps), while direct Internet attachment uses much higher speeds via this protocol. In this system, the cardholder enters a personal identification number (PIN) using a keypad (how stuff works).

The PIN is not on the card, it is rather encrypted in a database. For example, before you get cash from an ATM, the ATM encrypts the PIN and sends it to the database to see if there is a match. The PIN can be either in the bank's computers in an encrypted form or encrypted on the card itself. The transformation used in this type of cryptography is called one-way. This means that it's easy to compute a cipher given the bank's key and the customer's PIN, but not really feasible to obtain the plain-text PIN from the cipher, even if the key is known. This feature was designed to protect the cardholder from being impersonated by someone who has access to the bank's computer files. Likewise, the communications between the ATM and the bank's central computer are encrypted to prevent hackers from tapping into the phone lines, recording the signals sent to the ATM to authorize the dispensing of cash and then feeding the same signals to the ATM to trick it into unauthorized dispensing of cash (how stuff works).

Now that we’ve seen how a credit card works, the advantages are quite apparent. This system of electronic payment provides ease of use and scalability. As long as it can use the existing networks and terminals, there is no need for creating new hardware or infrastructure. All that needs to be tracked is what new accounts have been created.

2.1 Account-Based Systems: E-mail Based Systems

E-mail is an inherently insecure medium. Whereas traditional bank paper and other payment systems have levels of security built in, e-mail does not. E-mail payment systems use e-mail for notification and traditional banking systems to transfer funds. However, the actual security of payments remains relevant and can be divided into two main concerns: transaction-level security and user authentication. The first is more straightforward and concerns the guarding of sensitive payment details while in transit. This can be addressed by 128-bit data encryption in a secured socket layer (SSL), which is widely accepted and is generally believed to be adequate protection even for large-value transactions (Finance Asia). This communication protocol, which also is used for web-based credit card payments, works in a series of steps:

Client enters a merchant site which uses SSL;
Web browser and merchant server contact themselves (handshake process):

Web browser and Merchant server establish the cipher suite;
Web browser authenticates the server thanks to its digital certificate (and optional client authentication);
Web browser chooses a symmetric key, encrypts it with server’s public key which he has obtained with server’s certificate and finally sends it back;
Merchant’s server decrypts it and the handshake is completed.

The server performs the following steps:

Computes the hash value (digest) of requested data;
Encrypts data and hash value with a symmetric key which was chosen during handshake process;
Sends it to the client.

The client’s browser proceeds as follows:

It decrypts message with the chosen key;
It crates message digest from the original message;
It compares both digests;
If they are equals it presents the data.

The client fills in a form (e.g. the credit card number and order information)
The client’s browser sends the form to the merchant’s server after proceeding following operations:

Computing the digest of the data;
Encrypting the data and the digest with the symmetric key

The merchant’s server:

Decrypts the message;
Calculates the digest of the original data;
Compares both digests;
If they are equals it continues process… (Stabla).

Authentication is trickier and is a justified reason why large-value payments will probably not be conducted using e-mail for some time. It is technically feasible to build a public key infrastructure and an e-mail payment system to authenticate parties to a transaction. This would in turn provide strong authentication. But this is not necessarily a good user experience and is certainly not an established practice.

So in the end, electronic transmission of funds using e-mail can provide significant benefits. Convenience is of course first and foremost in this category. It could also provide viable security and possible cost savings. As it happens, it is not something that is truly necessary in the short term. It is possible however in the future that it may become more commonplace.

2.2 Account-Based Systems: PayPal

One of the more generic account based systems is PayPal. It is a widely used online payment solution that works solely off of the existing financial infrastructure. Once a user has a PayPal account and has entered information about the bank accounts they wish to draw from, they can send money to anyone with an e-mail account. The money is then taken from the sender and placed in a PayPal account for the recipient. Basically, PayPal can be thought of as a middle man for credit card transactions. All transactions between consumers take place indirectly through PayPal. Currently the payment method of choice for auction such as eBay, PayPal has shown itself to be a viable payment solution for individuals. Similar to other web based transactions, PayPal automatically encrypts confidential information in transit from the consumer’s computer to the merchant’s using the Secure Sockets Layer protocol (SSL) with an encryption key length of 128-bit. However it does not have the security features that are needed for larger business transactions. Once again though, similar to the credit card itself, the advantages of PayPal are both primarily ease of use and scalability since it does not need to create a new infrastructure in order to go through with transactions.

2.3 Account-Based Systems: General

As stated earlier, account based systems use the SSL protocol in order to create a secure transaction between the consumer and merchant. But as the internet marketplace continues to expand, there is no safe standards-based payment system. With this protocol, the card number is safely passed on to the merchant and protected from stealing or changing information during transmission. But, neither non-repudiation nor fraudulent use of card numbers are fully protected against, since merchants stock all confidential account information about his clients on his server. In the case of an SSL transaction the purchaser has no certainty that merchant will guard properly payment card information. Moreover he or she has no assurance that merchant is authorized to accept credit card payments. On the other hand, the merchant has no assurance that client is legible to use the payment card.

Secure Electronic Transaction (SET) is a payment protocol developed by VISA and MasterCard based on the RSA algorithm. It helps to ensure security of data during financial transactions over the Internet. Very similar to SSL, SET mainly depends on cryptology and digital signature technologies. With SET, the cardholder uses software called an “electronic wallet”, in which the credit card numbers and digital certificate are stored. The merchant will acquire a digital certificate from a financial institution. Both the cardholder and the merchant will present their digital certificates to each other in order to verify their identities when conducting transactions over the Internet. During an SET transaction, the cardholder’s credit card number is not be seen by the merchant, as an encrypted code of the credit card number is sent to the credit card issuer, which approves the transaction for the merchant (Secure Electronic Transaction). In this way, unauthorized viewing and data corruptions will be prevented during transmission. SET is simply a better version of SSL.

Now that we’ve examined the functionality of account based systems we can turn our attention to electronic cash or currencies.

3 Electronic Currencies: Smart Cards

You can think of the smart card as a "credit card" with a "brain" on it, the brain being a small embedded computer chip. This card-computer can be programmed to perform tasks and store information. Smart cards currently are used in telephone, transportation, banking, healthcare transactions, and the Internet. Smart cards are already being used extensively in Japan and Europe and are gaining popularity in the U.S. (DiGiorgio).

The reason we classify them as an electronic currency is because systems that employ smart cards like Chipknip, Chipper, Belgium Proton, Mondex, and Visa Cash represent money as a number on the card. With this in mind, they act like an electronic purse. The value is stored on a card and if the card is lost the money is gone, in a fashion similar to cash (Abrazhevich).

The advantages of smart cards are numerous. First, they are more reliable than a magnetic stripe card. They can also store a hundred times more information than a magnetic stripe card. In terms of security, they are more difficult to tamper with than magnet stripes. Furthermore they can be disposable or reusable. And finally they can perform multiple functions in a wide range of industries because of their compatibility with portable electronic devices such as phones, PDAs, and PCs (DiGiorgio).

3.1 Electronic Currencies: E-Cash

”Electronic money is broadly defined as an electronic store of monetary value on a technical device that may be widely used for making payments to undertakings other than the issuer without necessarily involving bank accounts in the transaction, but acting as a prepaid bearer instrument” (European Central Bank).
“Electronic money products are defined […] as stored value or prepaid products in which a record of the funds or value available to the consumer is stored on a device in the consumer’s possession. This definition includes both prepaid cards (sometimes called electronic purses) and prepaid software products that use computer networks such as the internet (sometimes called digital cash)” (Bank for International Settlement ).

Summing these up, one can state that e-money is not like anything that has been attempted before. It creates new sub-category of money. It constitutes, at the same time, payment instrument, monetary value and account units, making it operate just like cash would (Stabla).

There are two types of e-money: identified and anonymous. Identifiable e-money operates similar to bank products because the identity of the user and the way of spending is well known to financial institutions and the latter can easily track the circulation of e-money in the economy. Anonymous e-money is totally untraceable and to create it a blind signature is needed. The process of the blind signing is a modification of the traditional digital signing process (Stabla). To understand the process we must first keep in mind that special software by the issuer creates an e-banknote upon a user’s request and after verification. In essence, the prepared message or e-banknote is multiplied by a random factor and thereby the receiver (issuer) knows nothing about the content except that it carries the user’s digital signature (to identify user’s account for deduction). After the issuer signs the e-banknote to confirm its validity, it returns to the user who divides the e-banknote by the same factor. Now he can use it keeping whole anonymity while the issuer does not know anything about the blind factor (Stabla). The following diagram provides some structure about how the E-Cash system in general works.

3.2 Electronic Currencies: General

Smart Cards and E-Cash provide distinct advantages and disadvantages when compared to account based systems. Smart Cards could be seen as a large advancement over the system of credit cards. In terms of E-Cash, similar to physical cash, there is an ability to create anonymity during financial transactions. In effect, it could be untraceable if done with a blind signature. A significant disadvantage, however, is that a large database of past transactions need to be kept to prevent double spending when it comes to E-Cash. Because E-Banknotes would be quite easy to duplicate, systems need to be in place to keep track of all notes that have been issued, but not yet deposited. This obviously reduces the scalability and ease of use for the system. Furthermore, there may be a necessity to purchase and install extra hardware and software adding burden to both the merchant and consumer. These are probably the reasons that such promising companies like DigiCash fell flat to the ground.

After looking at the present, both the account based systems and electronic currencies, we can now examine what the future holds in the world of electronic payment systems.

4 Future of Electronic Payment Systems: RF-Ids

Radio barcodes embedded into billions of different things which have value sending out radio signals about what they are and where they are. They cannot communicate with each other directly, but can exchange information through base stations that send and receive information. These devices are tiny micro-computer systems which already cost as little as a quarter and are used in such companies as Wal-Mart. They already allow retail outlets to know what goods are going in out of their doors. They provide absolute precision about what remains in stock. The future of electronic payment systems could be walking through a terminal with products and services ranging from bottles of wine to travel tickets using a card that never leaves your pocket. All the terminal needs to do is get the pulses emitted from the radio barcodes on each item and send a signal to the card in your pocket. The transaction will automatically occur without the need of a clerk or a register. In theory, RFIDs could enable a person to read all the numbers and expiration information on the credit cards in your pocket as you walk by, as well as where you do most of your clothes shopping, and the model of the portable computer you are carrying in your briefcase, simply by hacking into the ID communication system (Dixon). Obviously there are a lot of security details that need to be taken care of, but this is just a glimpse of what could possibly be the next step in the evolution of electronic payment systems, from paper bills to credit cards to digital cash to RF-ids? The answer lies within the ability of RFID creators to create a system that is highly scalable and easy-to-use for the consumer so it doesn’t have the same roadblocks that E-Cash finds itself having.

5 Conclusion

After highlighting both account based systems and electronic currencies we have seen both advantages and disadvantages. Account systems provide both ease of use and scalability but don’t allow the same freedom of anonymity that physical cash allows. In contrast, electronic currencies can provide this freedom but fall short when it comes to an implementation of their systems without a lot of overhead and change in infrastructure. The system that enjoys the most success are clearly those that don’t force the consumer to make drastic changes leaving credit card based transactions as the most viable alternative to physical cash at the moment. But with technology continuing to evolve one thing is for sure, it is clear that there will be a continued movement towards the elimination of physical cash. Ongoing work needs to be done to figure out the most feasible solution in this 21^st century effort. Though much more research needs to be done, perhaps RF-Ids are that killer innovation that people will come to accept.

Lab for Cryptography: Symmetric & Asymmetric Encryption[1]

In this practical you will learn how encryption works, and how symmetric and asymmetric (public key) encryption operate so that a body of sensitive information may be transmitted securely across a network.

The traditional use of cryptography was to make messages unreadable to the enemy during wartime. However the introduction of the computing age changed this perspective dramatically. Through the use of computers, a whole new use for information hiding was evolved. Around the early 1970s the private sector began to feel the need for cryptographic methods to protect their data. This could include 'sensitive information' (corporate secrets), password files or personal records.

Computer encryption is based on the science of cryptography, which has been used throughout history. Most forms of cryptography these days rely on computers, simply because a human-based code is too easy for a computer to crack. An encryption algorithm, or cipher, is used to encrypt normal text, or plaintext. This encrypted text is then known as ciphertext. Trying to regenerate the original plaintext from the ciphertext is known as decryption.

Most computer encryption systems belong in one of two categories:

· Symmetric encryption (often referred to as secret-key, private or single-key encryption)

· Asymmetric encryption (also known as public-key or two-key encryption)

The encryption key and the decryption key may or may not be the same. When they are the cryptosystem is called a "symmetric key" system; when they are not it is called an "asymmetric key" system. The most widely known instance of a symmetric cryptosystem is DES (Data Encryption Standard). One of the most widely known implementations of an asymmetric key cryptosystem is RSA.

Note: Practical Report Required!

For this lab, you are expected to write up a concise report on what you did. The main thing is to convey your understanding of each of the steps taken. Any questions asked during the procedure text should be answered and you should provide a summary at the end.

Report format: Flexible (MS Word doc or HTML are ok)

Length: Max 2 pages

Delivery: Printout

Deadline: 1 week after lab date

1 Secret Key (Symmetric) Encryption

1.1 Background to DES

IBM initially developed the Data Encryption Algorithm in the 1960s. They used concepts that had been described by Claude Shannon in the 1940s and called their technique Lucifer. Lucifer was refined, renamed the DEA (Data Encryption Algorithm) and adopted as the standard in 1976.

1.2 Implementing DES

The DEA performs a transformation on a block of 64 bits using a 56-bit key. i.e. it takes 64 bits of the plaintext (data to be encrypted) and changes it into a different array of 64 bits (the ciphertext), using a key (known only by the person 'sending' the message and the person 'receiving' it). It does this in several steps, using several kinds of transformations. Crucial to the DEA is the concept of a permutation. This just means that the bits are put in a different order, i.e. jumbled up.

Firstly the Initial Permutation (the IP takes the 64 bits, and changes their order around according to a fixed permutation, so the 58th bit becomes the first bit, the 50th bit becomes the 2nd bit, etc) is applied to the 64-bit plaintext. The result is then divided into two 32-bit halves, named L0 and R0. Then, the following happens 16 times:

For Iteration Number i (see diagram left):

· Key transformation number i (a permutation, but dropping 8 bits off - defined in the specification) is applied to the key to produce 48 bits.

· Let A be L_i and J be the transformed key. Apply the function f(A,J) (explained below) to produce a 32 bit output.

· Exclusive Or R_i and f(A,J), and call this R_i+1.

· Make L_i+1 = R_i

Next (see diagram left), 16 iterations of a function f are applied. f takes 32 bits of the plaintext (A) and 48 bits of the key (J). An expansion function is applied to A, which swaps some of the bits around, and adds an extra 16 of them, which expands it out to 48 bits. The expanded A and J are then combined, using Exclusive Or. This 48 bit block is then put through some S boxes (explained soon) to produce an output of 32 bits. Finally another permutation called P is applied

DES is a fairly weak encryption technique that uses 56-bit keys. It uses the same key to encrypt as to decrypt. There is only the private key, which both sender and receiver must know. A personal computer could crack DES-encoded message within a year; a group of them could do it proportionately faster. This is one reason why DES is considered less secure than other encryption methods, and why it has evolved into the Advanced Encryption Standard (AES). The advantage DES has over public key encryption is that it is much faster to compute.

1.3 Lab Procedure:

First of all:

1. Organise yourselves into groups of two or three. You will exchange files and keys with the other person(s).

2. Change the settings on Windows to make file extensions viewable.
Launch Windows Explorer, Tools menu, select Folder Options and then the View tab. Then uncheck Hide extensions for known file types.
This is not essential, but makes it easier to see what’s going on.

Encrypting:

3. Create a new folder and save the DES.zip file to it. Extract all files to the folder.

4. Create a new text file with some plaintext as its body e.g “My name is Mary”. Save this file in the folder you created.

5. When saving this file select All Types as the “Save as file type” and give your file name the extension “.open” e.g. jbloggsfile.open.

6. At the command prompt simply type java des to run the GUI (N.B. you must first navigate into the folder you extracted the DES.zip file to).

7. When the GUI opens, generate a random key. Take a note of this key so that it can be used to decrypt the ciphertext

8. Browse and select the jbloggsfile.open file that is to be encrypted, and press Encrypt

9. An jbloggsfile.close file will automatically be generated in the default folder you are working from. View its contents to see what the ciphertext looks like! You may need to terminate the program with ctrl-c to be able to view the contents of the file.

Sharing key & encrypted file:

10. Give your encrypted file (jbloggsfile.close) to the other member(s) of your group, either by email or on a disk

11. Write down your (hexadecimal) key and share it with them.

Decrypting:

12. Receive a key and file from each other member(s) of your group. This should have a .close extension

13. Try to open their file with Notepad to see if it makes any sense (it shouldn’t!)

14. Enter their key

15. Browse and select the their file, and press Decrypt (this is so that the ciphertext generated from the Encryption part above is put through the same algorithm)

16. A new file with a .open extension is created in the folder which should have the original plaintext he/she first entered in as its content body in step 4 above

Exercise Question:

17. Create a new file, this time with a lot of text (say 1MB in total). Call it bigfile.open. Encrypt it to give bigfile.close. Use WinZip to compress both of them. Which resulting zip file is bigger? Why is this the case?

2 Public Key (Asymmetric) Encryption

2.1 Background to RSA

The acronym stands for Rivest, Shamir, and Adleman, the inventors of the technique. RSA is a very powerful encryption algorithm that is based on the public key encryption method. Public key encryption means that you have two pairs of keys, public and private. You give the public key to everyone and keep the private key to yourself. Then, people can encrypt data using the public key and send it to you. Only you can decrypt the message as only you have the private key; the message cannot be decrypted using the public key.

2.2 Implementing RSA

Two really big prime numbers are needed on order to implement RSA. Prime numbers are numbers that do not divide into anything else other themselves or 1 e.g. 7, 13, 29, 101. Next, we find the product of the two big prime numbers, so let N = First prime number * Second Prime number. This is one part of the public key. To find the second number we must understand what relatively prime numbers are. Relatively prime numbers are numbers that share no factors at all e.g. 7 and 13 are relatively prime, 15 and 5 are not. Now we have to check whether N and p*q are relatively prime i.e. p = the first prime number – 1 and q = the second prime number – 1. To do this, we have to find a number E in which gcd[2](E, p-1*q-1) = 1.

ð N and E together are the public key pair.

Next, we have to find the private key pair. The private key is such: D = E^-1 mod ((p-1)(q -1))

Mod (modulus) is the remainder after division. So, D is the remainder left after E^-1 is divided by the product of the first prime number and the second prime number.

ð D and E are our private key pair

This means that:

ð (N and E) is the public key pair and (D and E) is our private key pair.

So, to encrypt a letter A, having S as the ciphertext, it would be done like this –

S = A^E mod N

To decrypt the alphabet and obtain the original text –

A = S^D mod N

2.3 Lab Procedure

1. Extract all files to a new folder from the RSA.zip file

2. A quick way to see how this works is to open the QuickStartRSA.html file that also has helpful guides to the code that is being implemented by the program. However, running the program from the command line is more useful to see what is happening with the calculations!

3. At the command prompt go to the required directory

4. Run the program by using java RSA. You also need to include here, at the end of the command, some value that represents the size in bits of each generated prime number used in the calculations e.g. 8, 16, 32, 64…512 (java RSA 8)

5. The prime numbers p and q are then generated (and displayed) as well as the public key pair (N and E) and private key pair (D and E)

6. You are then prompted for some plaintext. Enter something!

7. The ciphertext is displayed.

8. Experiment with changing the size of the prime number to see the variation in the ciphertext and the difference in the degree of difficulty that would occur when trying to decipher the two

3 Performance Testing

As you will have seen, encryption and decryption take time, especially on slow computers. In this section, you will benchmark the performance of the applications chosen.

3.1 Lab Procedure

DES Performance

1. Create 4 or 5 test files of varying sizes, from a few bytes to about 500KB.

2. For each file, record how much time it takes to (a) encrypt and (b) decrypt using DES

3. Tabulate and graph your results in your report

4. On average, how many bits per second can this encryptor process on your machine? Comment.

RSA Performance

5. Run 4 or 5 times, varying the size of the prime numbers used (number of bits) and record how much time it takes

6. Tabulate and graph your results in your report

7. Comment

Chapter 9

Intranets, Extranets, and Enterprise Collaboration

4 LECTURE NOTES

SECTION I: The Intranets and Extranets in Business

9-1 The Intranet Revolution: [Figure 9.2]

Many businesses realize that intranets enable them to use Internet and World Wide Web technologies to support communication, collaboration, and business processes throughout the internetworked enterprise.

Analysing U.S. West Communications

We can learn a lot how companies are using intranets as a key technology platform to support their business processes, as well as enterprise communications and collaboration

from the Real World Case of U.S. West Communications.

Take a few minutes to read it, and we will discuss it (See U.S. West Communications in section XI)

Intranet characteristics include:

1. An intranet is a network inside an organization that uses Internet technologies (such as web browsers and servers, TCP/IP network protocols, HTML hypermedia document publishing and databases, and so on) to provide an Internet-like environment within the enterprise for information sharing, communications, collaboration, and the support of business processes.

2. An intranet is protected by security measures such as passwords, encryption, and fire walls, and thus can be accessed by authorized users throughout the Internet.

3. A company’s intranet can also be accessed through the intranets of customers, suppliers, and other business partners via extranet links.

9-2 Applications of Intranets:

Organizations are implementing a broad range of intranet uses. Several common functional intranet business applications include:

1. Marketing

2. Finance

3. Human Resources

4. Sales

5. Manufacturing

6. Training

7. Customer Information

Intranet applications support communications and collaboration, web publishing, business operations and management, and intranet management. These applications can be integrated with existing IS resources and applications, and extended to customers, suppliers, and business partners.

$ Communications and Collaboration

Intranets can significantly improve communications and collaboration within an enterprise. Examples include:

1. Using an intranet browser and PC or NC workstation to send and receive E-mail, voicemail, paging, and faxes to communicate with others within your organization, and externally through the Internet and extranets.

2. Use intranet groupware features to improve team and project collaboration with services such as discussion groups, chat rooms, and audio and videoconferencing.

$ Web Publishing:

The advantages of developing and publishing hyperlinked multimedia documents to hypermedia databases accessible on World Wide Web servers has moved to corporate intranets. The comparative ease, attractiveness, and lower cost of publishing and accessing multimedia business information internally via intranet web sites has been one of the primary reasons for the explosive growth in the use of intranets in business. Examples include:

1. Company newsletters, technical drawings, and product catalogues can be published in a variety of ways including hypermedia and web pages, E-mail, net broadcasting, and as part of in-house business applications.

2. Intranet software browsers, servers, and search engines can help you easily navigate and locate the business information you need.

Business Operations and Management:

Intranets are being used as the platform for developing and deploying critical business applications to support business operations and managerial decision making across the internetworked enterprise. Employees within the company, or external business partners can access and run such applications using web browsers from anywhere on the network whenever needed. Examples include:

1. Many companies are developing customer applications like order processing, inventory control, sales management, and executive information systems that can be implemented on intranets, extranets, and the Internet.

2. Many applications are designed to interface with, and access, existing company databases and legacy systems. The software for such businesses uses (sometimes called applets or crossware) is then installed on intranet web servers.

3. Employees within a company, or external business partners, can access and run applications using web browsers from anywhere on the network whenever needed.

9-3 Intranet Technology Resources

Since intranets are Internet-like networks within organizations, they depend on all of the information technologies that make the Internet possible. These include:

1. TCP/IP client/server networks

2. Hardware and software such as web browsers and server suites

3. HTML web publishing software

4. Network management and security programs

5. Hypermedia databases

9-4 The Business Value of Intranets

Studies have shown that early adopters of intranets has provided them with impressive returns and high paybacks at low costs. Many corporate intranet users and consultants to the

global business community has been that companies should get going fast on pilot intranet projects, or quickly expand any current intranet initiatives.

Examples of Business Value:

The text outlines several examples of how top-rated companies have been able to derive cost savings or revenue benefits from their intranet applications. These include:

1. Provide better access to financial reports and improve productivity, speed, and control. Employees select from preformatted reports and create their own subscription lists.

2. Access to engineering documents and information. Reduces paper costs and increases speed of information transfer.

3. Global staffing tool for project teams. Able to find skilled staff and reduces time and effort to complete projects.

4. Group intranet supports manufacturing, engineering, and marketing. Allows for each document exchange and reduces paper costs.

5. Internal web site for sales and customer service. Reduces call volume and increases sales with greater salesforce involvement.

6. DataDoc Online. Reflects daily changes on video rentals, books, music, and software across 115 retail locations. Saves IS time and improves data accessibility and accuracy.

7. KeyCorp’s knowledge bank distributes job postings, information on best practices and training, marketing, and newsletters.

8. Knowledge management and corporate communications system facilitates collaboration on projects. Productivity increased via information exchange and streamlining workflow.

9. Marketing, planning, and operations. Shares business information for improved decision making, efficiency, and competitiveness.

10.Each area on the manufacturing has its own home page updated every 60 seconds. Improves process and quality.

Publication Cost Savings

Many companies are replacing the publication of paper documents, company newsletters, and employee manuals with electronic multimedia versions published on intranet web servers. Elimination of printing, mailing, and distribution costs is a major source of cost savings. Companies are also publishing:

1. Telephone directories

2. Human resource materials

3. Company policies

4. Job openings

5. Many other former paper-based communications

Training and Development Cost Savings:

Developing information access and web publishing for an intranet is a lot easier than many traditional methods. Learning how to use a web browser for the company intranet is fast

and easy. Training and development costs for many intranet applications are low, especially for communication, collaboration, and information sharing. Electronic versions of training materials on intranet web sites can reduce the amount of costly classroom training in business.

Measuring Costs and Benefits:

Justifying the initial cost of investing in an intranet does not seem to be a problem for many organizations. In many instances, payback time is achieved within a relatively short period of time. The effectiveness of the intranet can often justify the cost of the project.

9-5 The Role of Extranets

Extranets are network links that use Internet technologies to interconnect the intranet of a business with the intranets of its customers, suppliers, or other business partners. Companies can:

1. Establish direct private network links between themselves, or create private secure Internet links between them called virtual private networks.

2. Use the unsecured Internet as the extranet link between its intranet and consumers and others, but rely on encryption of sensitive data and its own fire wall systems to provide adequate security.

The business value of extranets is derived from several factors:

$ The web browser technology of extranets makes customer and supplier access of intranet resources a lot easier and faster than previous business methods

$ Extranets enable a company to offer new kinds of interactive Web-enabled services to their business partners. Thus, extranets are another way that a business can build and strengthen strategic relationships with its customers and suppliers.

$ Extranets enable and improve collaboration by a business with its customers and other business partners.

$ Extranets facilitate an online, interactive product development, marketing, and customer- focussed process that can bring better designed products to market faster.

9-6 The Future of Intranets and Extranets

Intranets and extranets will become even more pervasive in the business future. One recurring theme for the future of intranets and extranets is the need to move beyond information publishing applications. Companies are planning more inquiry processing and transaction processing applications that tie the Internet, intranets, and extranets to mainframe and other legacy systems and databases. Though such applications are more costly and difficult to develop, many companies are forging ahead. These Internet-using companies are in the process of Web-enabling operational and managerial support applications, including online transaction processing, database integration, and executive information and decision support.

SECTION II: Enterprise Collaboration Systems

9-7 Enterprise Collaboration: [Figure 9.21]

Enterprise collaboration systems provide tools to help us collaborate - to communicate ideas, share resources, and coordinate our cooperative work efforts as members of the many formal and information process and project teams and workgroups that make up many of today’s organizations.

The goal of enterprise collaboration systems is to enable us to work together more easily and effectively by helping us to:

· Communicate - sharing information with each other

· Coordinate - coordinating our individual work efforts and use of resources with each other

· Collaborate - working together cooperatively on joint projects and assignments

Teams, Workgroups, and Collaboration

There are many types of teams and workgroups, each with its own work styles, agendas, and computing needs.

Workgroup - can be defined as two or more people working together on the same task or assignment.

Team - can be defined as a collaborative workgroup, whose members are committed to collaboration, that is, working with each other in a cooperative way that transcends the coordination of individual work activities found in a typical workgroup.

Characteristics of teams and workgroups:

1. Teams and workgroups can be as formal and structured as a traditional business office or department. Or they can be less formal and structured like the members of process teams in a manufacturing environment.

2. Teams and workgroups can be as informal, unstructured, and temporary as an ad hoc task force or a project team whose members work for different organizations in different parts of the world.

3. Members of a team or workgroup don’t have to work in the same physical location. They can be members of a virtual team, that is, one whose members are united by the tasks on which they are collaborating, not by geography or membership in a larger organization.

Enterprise Collaboration System Components

The enterprise collaboration system is an information system. Therefore, it uses

hardware, software, data, and network resources to support communication, coordination, and collaboration among the members of business teams and workgroups.

9-8 Groupware for Enterprise Collaboration

Groupware can be defined as collaboration software that helps teams and workgroups work together in a variety of ways to accomplish joint projects and group assignments.

Groupware is designed to make communication and coordination of workgroup activities and cooperation among end users significantly easier, no matter where the members of a team are located. Groupware helps the members of a team collaborate on group projects, at the same or different times, and at the same place, or at different locations.

Many industry analysts believe that the capabilities and potential of the Internet, as well as intranets and extranets, are driving the demand for enterprise collaboration tools in business. On the other hand, it is Internet technologies like web browsers and servers, hypermedia documents and databases, and intranets and extranets, that are providing the hardware, software, data, and network platform for many of the groupware tools for enterprise collaboration that business users want.

Groupware provides software tools for:

$ Electronic communication

$ Electronic conferencing

$ Collaborative work management

9-9 Electronic Communication Tools [Figure 9.36]

Electronic communication tools include electronic mail, voice mail, bulletin board systems, and faxing. They enable you to electronically send documents and files in data, text, voice, or multimedia form over computer networks. This helps you share everything form short voice and text messages to copies of project documents and data files with your team members.

Electronic Mail

E-mail has become a vital, fast, and convenient way to communicate and build strategic relationships with each other in business. E-mail has also become an important medium for transporting electronic copies of documents, data files, and multimedia content.

The downsize of the E-mail phenomenon is:

$ The information overload

$ The torrent of unsolicited junk E-mail (called spamming)

Internet Phone and Fax

You can use the Internet for telephone, voice mail, faxing, and paging services. All you need is a suitably equipped PC and software such as Internet Phone by VocalTech, or Netscape Conference or Microsoft NetMeeting. The minimum PC requirements are a 75 MHZ Pentium microprocessor, 28.8 KBPS modem, 16 megabytes of memory, a sound card, speaker and microphone, and Windows 95 or Windows NT.

Web Publishing

Web publishing can be viewed as an important electronic communications tool for enterprise collaboration. Application software suites and other programs now enable you to publish hyperlinked documents in HTML directly to Internet or intranet web sites. Intranet web publishing has become a much more efficient and effective way of communicating among teams and workgroups than previous paper or electronic methods.

9-10 Electronic Conferencing Tools [Figure 9.36]

Electronic conferencing tools helps people communicate and collaborate while working together. A variety of conferencing methods enable the members of teams and workgroups at different locations to exchange ideas interactively at the same time, or at different times at their convenience. Electronic conferencing options also include electronic meeting systems, where team members can meet at the same time and place in a decision room setting. Electronic conferencing tools include:

$ Data and voice conferencing

$ Videoconferencing

$ Chat systems

$ Discussion forums

$ Electronic meeting systems

Data and Voice Conferencing

Voice conferencing can be accomplished with Internet telephone software and groupware that supports telephone conversations over the Internet or intranets on PCS.

Data conferencing is also popularly called whiteboarding. In this method, a groupware package connects two or more PCS over the Internet or intranets so a team can share, mark up, and review a whiteboard of drawings, documents, and other material displayed on their screens.

Videoconferencing:

Videoconferencing is an enterprise collaboration tool that enables realtime video/audio conferences among:

1. Networked PCS, known as desktop videoconferencing

2. Networked conference rooms or auditoriums in different locations, called teleconferencing.

Characteristics of videoconferencing:

1. Team and enterprise collaboration can be enhanced with a full range of interactive video, audio, document, and whiteboard communications among the online participants.

2. Desktop videoconferencing can now take place over the Internet, intranets, extranets, as well as public telephone and other networks.

3. Videoconferencing over the Internet, intranets, and extranets is proving to be an efficient, economical, and effective way of supporting communications and collaboration among physically displaced teams and workgroups.

4. Reduces travel time and money to attend meetings results in increased team productivity as well as cost and time savings.

Limitations of desktop videoconferencing:

1. Jerky motions of video images and the lack of nonverbal communications from “talking heads” displays of videoconference participants

Teleconferencing is an important form of enterprise collaboration.

Characteristics of teleconferencing:

1. Team and enterprise collaboration can be enhanced with a full range of interactive video, audio, document, and whiteboard communications among the online participants.

2. Sessions are held in real time, with major participants being televised while participants at remote sites may only take part with voice input of questions and responses.

3. Teleconferencing can also consist of using closed-circuit television to reach multiple small groups, instead of using television broadcasting to reach large groups at multiple sites.

4. Several major communications carriers offer teleconferencing services for such events as sales meetings, new product announcements, and employee education and training.

Limitations of teleconferencing:

1. Some organizations have found that teleconferencing may not be as effective as face-to-face meetings, especially when important participants are not trained in how to communicate using their systems.

2. Cost of providing teleconferencing services and facilities can be substantial and make teleconferencing not as cost effective as expected.

Discussion Forums

This category of collaboration tools includes Internet and intranet newsgroups, discussion groups, and discussion databases.

Characteristics of discussion forums:

1. Are an extension of the earlier concept of online bulletin board systems (BBS)m which allowed users to post messages and download data and program files form the online services, businesses, and individual BBS operators.

2. Are an outgrowth of the long time and widespread use of newsgroups to provide a forum for online text discussions by the members of special interest user groups on the Internet and the major online services.

3. Can be used by companies to create or encourage communities of interest or virtual communities.

4. Discussion forum groupware can keep track of the discussion contributions of each participant, organize them by a variety of key word discussion topics, and store them in a discussion database (threaded discussions, virtual discussion groups, discussion tracking, and discussion databases). This creates threads of discussion contributions on each topic over a period of time that can be tracked and retrieved from the discussion database for analysis.

5. Discussion forum groupware can be used to create a virtual discussion group where discussion forum groupware can create a virtual discussion group by weaving together the threads of contributions on the same topic by people, who had been participants in other online discussion groups.

Chat Systems

Chat enables two or more people to carry on online realtime text conversations. Characteristics of chat systems:

1. You can converse and share ideas interactively by typing in your comments and seeing the responses on your display screen.

2. Chat is an important tool for enterprise collaboration on corporate intranets, especially where voice and videoconferencing have not been implemented. One advantage of chat is that it records and stores the dialogues of all participants, so that other team members can review them later.

3. Chat rooms are also being added to Internet and intranet web sites as another way to encourage participation and collaboration by customers or employees.

Electronic Meeting Systems [Figure 9.36]

Organizations frequently schedule meetings as decision-making situations that require interaction among groups of people. The success of group decision making during meetings depends on such factors:

1. The characteristics of the group itself

2. The characteristics of the task on which the group is working

3. The organizational context in which the group decision-making process takes place

4. The use of information technology such as electronic meeting systems

5. The communication and decision-making processes the group utilizes

Information technology can provide a variety of tools to increase the effectiveness of group decision making. Known generally as group support systems (GSS), these technologies include a category of groupware known as electronic meeting systems (EMS).

Research studies indicate that electronic meeting systems produce several important benefits.

Computer support makes:

$ Group communications easier

$ Protects the anonymity of participants

$ Provides a public recording of group communications (group memory).

This significantly improves the efficiency, creativity, and quality of communication, collaboration, and group decision making in business meetings.

9-11 Collaborative Work Management Tools: [Figure 9.36]

Collaborative work management tools help people accomplish or manage group work activities. This category of groupware includes:

$ Calendaring and scheduling tools

$ Task and project management

$ Workflow systems

$ Knowledge repositories

Calendaring and Scheduling

Calendaring and scheduling tools are a groupware extension of many of the capabilities provided by desktop accessory packages and personal information managers, and mainframe office automation systems. These packages enable you to use electronic versions of a variety of office tools such as calendar, appointment book, address book, contact list, and task to-do list.

Task and Project Management

Project management and personal information packages can be used to do task and project management on your PC.

Characteristics of task and project management groupware:

1. Project management groupware helps project teams work together and helps team members keep track of the many tasks and timelines involved. These tools produce project schedules, program reports, and automatic reminders of due dates for project tasks.

2. Task and project management groupware also produces charts to help plan and track projects. These charts include:

Gantt Chart

Critical Path Method (CPM)

Program Evaluation and Review Technique (PERT)

Workflow Systems

Workflow systems are related to task and project management, as well as a type of electronic document processing called document image management.

Characteristics of workflow systems:

1. Workflow systems involve helping knowledge workers collaborate to accomplish and manage structured work tasks within a knowledge-based business process.

2. Workflow systems are typically based on rules that govern the flow of tasks and task information contained in business forms and other documents.

Knowledge Management

Knowledge management is a tool of enterprise collaboration that groupware packages use to organize, manage, and share the diverse forms of business information created by individuals and teams in an organization. Groupware application software stores this information in document libraries, discussion databases, knowledge repositories, and web site hypermedia databases. These forms of stored information help create a knowledge base or organizational memory of strategic business information to be shared within the organization. Knowledge bases are part of the knowledge management systems being developed and used by many companies.

5 6 Issues of Security and Privacy in Electronic Commerce

6.1.1 Part I ---- Introduction & Motivation

6.2 6.3 Peixian LI

pl9a@cs.virginia.edu

6.3.1 6.3.2 Introduction

Since the invention of the World Wide Web (WWW) in 1989, Internet-based electronic commerce has been transformed from a mere idea into reality. Consumers browse through catalogues, searching for best offers, order goods, and pay them electronically. Information services can be subscribed online, and many newspapers and scientific journals are even readable via the Internet. Most financial institutions have some sort of online presence, allowing their customers to access and manage their accounts, make financial transactions, trade stocks, and so forth. Electronic mails are exchanged within and between enterprises, and often already replace fax copies. Soon there is arguably no enterprise left that has no Internet presence, if only for advertisement reasons. In early 1998 more than 2 million web servers were connected to the Internet, and more than 300 million host computers. And even if actual Internet business is still marginal: the expectations are high. For instance, Anderson consulting predicts Internet business to grow from $10 billion in 1998 to $500 billion in 2002.

Thus, doing some electronic business on the Internet is already an easy task. As is cheating and snooping. Several reasons contribute to this insecurity: The Internet does not offer much security per-se. Eavesdropping and acting under false identity is simple. Stealing data is undetectable in most cases. Popular PC operating systems offer little or no security against virus or other malicious software, which means that users cannot even trust the information displayed on their own screens. At the same time, user awareness for security risks is threateningly low.

A report from Goldman, Sachs & Conotes that while commercial properties such as Yahoo! and eBay receive a lot of attention from investors, business to business ECommerce is on the verge of exponential growth. The report predicts that ECommerce will be worth USD1.5 trillion by 2004. However, according to a survey by Net Effect Systems, while 94 percent of online consumers use the Internet to shop, just 10 percent say they prefer to buy things online. 74 percent of consumers cited security and privacy concerns.

Therefore, if the security and privacy problems are addressed e-shoppers will be converted into e-buyers, and the ECommerce will be pushed a big step forward.

6.3.3 Non-technical Issues

1. Security Awareness

Most opinion surveys list "insecurity of financial transactions" and "loss of privacy" among the major impediments to electronic commerce, but in fact most users have only ague ideas about the threats and risks, and a very limited understanding of the technical and legal options for minimizing their risk. As a result all kinds of misperceptions exist.

For instance, the cardholder's risk in sending his or her credit card number over the Internet is typically overestimated. At least as of this writing payments over the Internet are treated like mail-order/telephone-order transactions, which means that the cardholder is not liable at all. All risk is with the merchant.

On the other hand, the risks in sending sensitive data in an electronic mail are typically underestimated. Probably most users of email know the mere facts: neither confidentiality nor integrity nor availability is guaranteed. But nevertheless many users do not hesitate to send all kind of very personal and sensitive data to their friends or colleagues, unprotected.

Unfortunately, developers of electronic commerce solutions are often as security unaware and ignorant as their prospective users. For instance, still many developers demand that security must be provided by "lower layers" in a "transparent" way. But, for instance, Secure Socket Layer (SSL) in an "opaque socket integration" does not make any sense in most case. Security has to be an integral part of the architecture, design, and implementation.

1. Crypto Regulations

Several countries regulate the deployment of strong encryption technology by law. For instance, France controls the domestic use of encryption technology, in order to maintain the capability to eavesdrop on the communication of criminals. The USA prohibits the export of strong encryption products for the mass market, for the same reasons as it controls the export of munitions.

Such regulations do not discriminate between “good” and “bad” applications, and limit the security of honest citizens and companies to at least the same extent as they limit the security of terrorists and organized crime. Therefore several governments, in particular the US administration, are willing to relax their crypto regulations, provided access to the encrypted information would still be possible on demand. The idea is to introduce new “Trusted Third Parties” where secret keys must either be escrowed in advance, or can be recovered afterwards.

All these proposals are still heavily contested, for various technical and political reasons: The Trusted Third Parties would be “single points of failure” for everybody’s, i.e., new and extremely attractive targets for attacks. It is questionable whether any regulation of encryption technology can be effective in fighting organized crime: tools for strong encryption are publicly available, and steganographic techniques can perfectly conceal the fact that cryptographic techniques are applied.

Many types of commercial transactions require strong confidentiality, which cannot be satisfied in some countries, or across some borders. For instance, consider two large companies that prepare a merger. Clearly their negotiations require top confidentiality. Even the fact that they are preparing the merger, i.e., that they acre communicating intensively, will be extremely sensitive. This requires actually services for anonymous communication. Nevertheless using the appropriate cryptographic tools would be illegal in many countries.

Political regulations are not subject to scientific research. But we clearly see the need for an international agreement on a more liberal and consistent regulation of cryptography. Electronic commerce demands strong confidentiality, which can be implemented only by strong encryption schemes.

2. Legal Issues

Surveying the open legal problems in electronic commerce is beyond the scope of this article. The two most important security-related problems are the following:

· Liability: The financial risk of a user in a specific transaction depends on his or her liability. In principle, if a user bears no liability, there is no risk.

The main issue here is fairness: The liability of a user should correspond to the security of his or her technical equipment. For instance, if it is technically trivial to forge the digital signature of a user then this party should not be held liable for his or her signatures, in general.

· Harmonization: The national laws that regulate electronic commerce over the Internet (like evidential value of digital signatures, consumer protection, copyright protection) are not harmonized, and are partially contradictory. One side result is that there is no mutual recognition between national PKIs, even where comparable laws exist.

1.1.1 Technical Components of eCommerce Security

There are four components involved in ECommerce Security: client software, server software, the server operating system, and the network transport. Each component has its own set of issues and challenges associated with securing them:

Client software is becoming increasingly more security-focused, however single-user desktop operating systems historically have had no security features implemented. ECommerce software that relies on the security of the desktop operating system is easily compromised without the enforcement of strict physical controls.

Server software is constantly under test and attack by the user community. Although there have been cases of insecurities, a system administrator keeping up with the latest patches and vendor information can provide a high degree of confidence in the security of the server itself.

Operating systems used for hosting ECommerce servers are securable, but rarely shipped from the vendor in a default configuration that are secure. ECommerce servers must protect the database of customer information accumulating on the server as well as provide security while the server is handling a transaction. If it is easier for a thief to compromise the server to obtain credit card numbers, why bother sniffing the network for individual credit card numbers?

Session transport between the client and server uses network protocols that may have little or no built-in security. In addition, networking protocols such as TCP/IP were not designed to have confidentiality or authentication capabilities.

1.1.2 Why No Unified Standard Method

The methods and models of securing ECommerce transactions are as diverse as the transactions themselves. ECommerce transactions are performed with varying levels of security, from sending requests in the clear, to encrypted password protection, to using digital certificates.

So why not simplify things by implementing one standard method for securing ECommerce transactions? The problem with creating one standard solution is that there are different and sometimes conflicting goals in securing a transaction. The objectives of the merchant may not be the same as those of the user or bank. The merchant, for example, requires a valid transaction, liability coverage, and payment for goods and services. The user would like to purchase a product, protect privacy (name, address, and payment information), and pay for only the products they have agreed to purchase. The institutions providing payment would like to detect and prevent fraud. Many security solutions address one or more of these security goals—but where one solution may focus on providing privacy, another may focus only on transaction validation.

In addition to the differences in security goals, vendors and governments introduce complications into selecting security standards for ECommerce. Vendors disagree on implementations and try to push their own products into standards. National governments try to limit and control use of encryption to secure ECommerce transactions. One of the benefits of ECommerce is that it allows a small company to distribute and sell products globally. But national laws and regulations can dilute the standards to the lowest common denominator.

2

3

4 5 Issues of Security and Privacy in Electronic Commerce

5.1.1 Part II ---- State-of-the-art Report

5.2 Peixian LI

pl9a@cs.virginia.edu

5.2.1 Cryptography & Pretty Good Privacy (PGP)

1. The need for cryptography in electronic communications

Cryptography has been around for centuries; as long as there has been communication, there has been the need for privacy and safe, secure methods of transmission. Although many types of difficult problems can be classified as cryptography problems, what we are mostly concerned with today is the ability to keep transmissions private through the use of data encryption techniques. This has become an even greater issue due to the changing nature of communications since the information revolution. More and more people rely on electronic communications for the transmission of sensitive or personal data; e-mail, e-commerce, FTP, and HTML are all examples of technology that have already filtered into the social consciousness as primary ways for disseminating and gathering information and for exchanging goods and services. While this technological shift has made communication faster, easier, and better in many ways, it has also brought along with it a whole host of difficult problems and social policy issues.

The main problem that comes with electronic communications is the ease with which transmissions can be eavesdropped or impersonated. Paper communications obviously have security problems as well: documents can be stolen, steamed open, have forged signatures or changed contents. However, if someone is trying to catch a specific transmission (or type of communication), it is much easier when dealing with an electronic medium. It is a trivial matter for people to set up programs that systematically scan e-mail for keywords, or that sniff packets in a Telnet session for passwords, whereas randomly steaming open mass quantities of paper mail looking for a certain document is clearly infeasible. Also, since there can be (and often are) multiple copies of any given electronic transmission, it is difficult to know if someone has stolen a copy or somehow altered the original.

Secondly, there is an access control problem. Many electronic transmissions are made in a broadcast manner, as seen with cable or satellite television and wireless phones. People can install devices to intercept these transmissions, and senders usually have no way to either monitor or stop this. In order to prevent unwanted people from making free use of their services, senders must encrypt their outgoing transmissions. To their paying customers, they can give special devices to decrypt the information.

Finally, there is the problem of authentication: electronic communications are impersonal, and can be easily forged by impersonating IP addresses, changing "sender fields" in e-mail, "cloning" cellular phone numbers, and so forth. In order for people to want to - and, indeed, be able to - use electronic communication in the coming years, it is essential that these problems be resolved. Right now, advances in cryptography are the best way to address these issues. Data encryption not only provides privacy and access control by rendering communications illegible to unauthorized parties; it can provide effective authentication as well through the use of digital signatures and timestamps.

2. The primary forms of cryptography

There are two main forms of cryptography: secret-key (or symmetric) and public-key (or asymmetric).

Secret-key cryptography

Secret-key cryptography is the more traditional form, and has been used for all kinds of communications throughout the ages. In this method, one "key" is used to both encrypt and decrypt the data. A key can be anything from a secret-decoder ring found in a cereal box to a highly complex mathematical algorithm; keys really only differ in the ease with which they can be broken by third parties. In secret-key cryptography, the sender and receiver must have the same key in order for the transmission to work correctly.

Secret-key cryptography suffers from two overwhelming problems. First, any two people that want to communicate with each other must first agree on the key to use. This makes it more difficult to send information to people that you do not already know, and large-scale communication becomes much more difficult. The second, more fundamental, problem is that of "key management", which is the system for transmission and storage of keys. In order to agree on a key, there must first be some sort of communication that occurs, and this communication itself can be eavesdropped. If some third party catches the key that is being used, then all further communications between the two parties are no longer secure and private. Also, the third party could easily impersonate communications because it is believed that no one else knows the key. This problem is exacerbated by the fact that the initial parties might have no way of knowing that the key was stolen. This key management issue causes a "repudiation problem": later on, either of the parties could repudiate messages that had been sent with secret-key encryption, claiming that the key had been stolen and that the messages were compromised or faked. Thus, there is always an inherent lack of security and trust in a purely secret-key environment.

Public-key cryptography

The key management problem inherent to secret-key cryptography needed to be addressed in order for large-scale, secure use of data encryption techniques. In 1976, Whitfield Diffie, a cryptographer and privacy advocate, and Martin Hellman, an electrical engineer, working together discovered the concept of public-key encryption. Instead of having one key shared among both users of an encrypted transmission, each user has his or her own public/private key pair. A user makes the public key open and available to anyone (by publishing it on-line or registering it with a public key server), and keeps the private key hidden away where (hopefully) no one can get at it. The private key is mathematically derived from the public key, and thus the two are linked together. In order to send someone a message, the sender encrypts the transmission with the receiver's public key. This can then only be decrypted by the receiver's private key. Thus, anyone can encrypt a message with someone else's public key, but only that person would ever be able to read it.

This method solves the problems of secret-key cryptography. Because the only key information that needs to be shared is made public, there is no worry about some third party intercepting and possessing the key. This makes the users of the encryption surer that their transmissions are secure and private. It also solves the repudiation problem, because there is no third party that could ever be blamed - each individual is responsible for safeguarding his or her own private key.

The inherent weakness of the public-key method is that the two keys are linked together mathematically. If a third party figures out the exact way that an individual's private key is derived from his or her public key, the whole security of the system will be lost. The only way around this liability (so far) has been to make the derivation so incredibly complex that a brute force attempt to crack it would take a prohibitively long amount of time. As Phil Zimmerman, author of the Pretty Good Policy (PGP) public-key encryption package says of his software: "if they [the NSA] are just having to use methods that are not too much shorter than what we know in published academic literature, then it could be from now until the next ice age before they can break it." It is easy to see that the quality of the method used to create keys is essential to the success of any public-key system.

Digital signatures

Public-key also provides a mechanism for authenticating messages that secret-key techniques do not: digital signatures. The sender of a message completes a calculation (performed by a hash function) involving the actual file structure to be transmitted, and his or her private key, and the result of this (the digital signature itself) is appended to the end of the transmission. The receiver can then perform a calculation involving the received message and the sender's public key, and if everything is valid, the sender's identity will have been verified. A benefit of this signature method is that it not only verifies the sender's identity; it also verifies that the original contents of the transmission have not been altered in anyway. Because the signature is derived from both the key and the data itself, changing the data later on will cause the receiver's verification to fail. This provides authentication that is even better than a signature on a paper document: a signature can be forged, or the contents of the document could somehow be secretly altered, but with public-key authentication, this cannot be done.

Comparison of cryptography methods

Clearly, public-key systems have the advantage in terms of security and privacy, due to a key management strategy that is inherently more secure. They are also more convenient because there is no extra step necessary to decide on a common key, and the sender does not have to communicate with the receiver prior to the actual transmission. This is an advantage when people who do not actually know each other want to communicate, and when an individual wants to disseminate information on a large scale. Furthermore, public-key systems provide an extra layer of authentication, via the digital signatures, that is missing in secret-key systems; this property of non-repudiation is essential, especially when dealing with transmissions of a critical nature.

The primary disadvantage of public-key systems is the fact that they are slower, due to the extra steps involved in the encryption/decryption process. One way around this is to use a "digital envelope", which is a combination of the best features of public- and secret-key systems. A message is encrypted with secret-key cryptography, and the encrypted message and the secret key itself are transmitted via public-key cryptography to the receiver. This allows the actual messages to be sent using the speed of secret-key cryptography, but using the public-key method to prevent the secret-key from being intercepted. The two parties could then continue to use their secret key for as long as they deemed appropriate, because they have already paid the one-time overhead cost of sending the secret key.

Because of the different natures of these two cryptography schemes, there is no one method that is always best for every given situation. Secret-key cryptography can be best taken advantage of when there is already a closed, secure environment (such as a well-protected LAN) or single-user environment (such as a user encrypting files on a non-networked PC). Public-key cryptography is usually preferable when there is an open, unsecured, multi-user environment (such as the Internet), and there is no safe, reliable way to transmit private key information.

3. What is Pretty Good Privacy (PGP) and Why is it popular

Pretty Good Privacy (PGP) was developed by Phil Zimmerman in 1991, as a response to a controversial measure in Senate Bill 266 that would have required all encryption techniques to include a back door for law enforcement. PGP is software that combined several high-quality, existing public-key encryption algorithms and protocols into one package for secure, reliable electronic mail and file transfer. PGP provides not only encryption of data, but digital signatures, data compression, and smooth compatibility with e-mail systems. It is able to run on multiple platforms, and it is freely available for download in the US. Due to the usage of RSA, IDEA, Diffie-Hellman, 3DES, and CAST algorithms, PGP falls under the export restrictions of the ITAR, and may not be legally exported.

For sending digital signatures, PGP uses an efficient algorithm that generates a hash code from the user's name and other information about the data to be transmitted. This hash code is then encrypted with the sender's private key. The receiver uses the sender's public key to decrypt the hash code. If it matches the hash code sent as the digital signature for the message, then the receiver is sure that the message has arrived securely from the stated sender.

PGP is pretty popular now, especially in the email system, because of its advantages:

· The software is available - for personal use - for free worldwide, in versions that run on a variety of platforms, including DOS, Windows, Unix, and Macintosh.

· PGP is based on algorithms that have survived extensive public review and are considered extremely secure (such as RSA, IDEA, MD5, and Diffie-Hellman).

· PGP has a wide range of applicability. It can be used by corporations that want to enforce a standardized scheme for encrypting files and messages, by individuals who wish to communicate securely over the Internet and other networks, by political groups actively resisting the government in totalitarian countries, and so on.

· It was not developed by, nor is it controlled by, any governmental or standards organization. For the many people with an instinctive distrust of "the establishment" or Big Brother, this makes PGP attractive.

1. What is PGP’s limitation

The main weakness in a public system is this: How do I know that the public key really belongs to my correspondent?

The most trivial case is the one where the correspondents have had an opportunity to meet, and they've handed over a copy of their keys on floppy disk. They can each be sure that the keys belong to the other person. Obviously, if it is possible to do this then it is surely a good method of knowing that a key may be trusted, however, it is not always practical - otherwise why use Public Key? What if the correspondents never met? This is where key signatures come in.

If you have personally verified that a given key belongs to a given person, then it is common practice to sign that key. The signature is made with your private key - so only you can make the signature - your signature may be verified by anybody, comparing the signature with your public key.

Now suppose Alice and Bob have a mutual friend, David. David has signed both Alice's key and Bob's key, and both Alice and Bob have a verified copy of David's key.

When Bob examines Alice's key he observes that her key was signed by David, Bob trusts that David is reliable when it comes to signing other people's keys. Therefore Bob can be fairly certain that the key belongs to Alice.

The thing with PGP in particular is that YOU decide who is trustworthy when it comes to key signing. For instance, it could be that David signs any old key without really verifying the key (as described above) - or it could be that David's private key doesn't belong to David at all. In these cases you'd mark David's key as being "untrustworthy" and his signature would carry no weight.

In this way, by verifying and signing keys wherever possible a "web of trust" may be built up. With trusted keys vouching for new keys. Of course, the weak point is now that person who signs a key without justification - this is why PGP is configurable to allow the user to say how much they trust a key's owner to sign other keys, how many valid signatures are required for a valid key, etc.

1.1.1 1.1.2 Protocols for Securing ECommerce Transaction

The security of ECommerce transactions depends both on the network protocols and the payment framework used to perform the transaction.

1.1.2.1 Network Transport Security

Models such as SET, CAFÉ, DigiCash, First Virtual, and Millicent provide a secure payment method. However, the transaction still depends on the privacy and authentication of the data stream. Basic TCP/IP networking protocols do not include encryption and strong authentication. Higher level protocols such as HTTP, FTP, and Telnet do little to provide advanced security measures beyond userid and password authentication. All information sent using these protocols is unencrypted, so the data stream lacks confidentiality.

Traditional networking protocols and applications are unable to enforce strong security measures for performing ECommerce transactions securely. This lack of security led to the design and implementation of many new security protocols that strive to reach different security goals. There are some secure transport protocols that provide confidentiality and authentication between systems and applications by using encryption. The following section describes some of the more popular secure transport protocols.

·

Virtual Private Networking (VPN)

The Internet’s lack of security may leave you leery. What can you do if you just want to give company insiders and a few select business partners and customers easy and relatively secure remote access to company data via the Internet? You can set up a virtual private network.

Virtual Private Networking technology provides the medium to use the public Internet backbone as an appropriate channel for private data communication. With encryption and encapsulation technology, a VPN essentially carves out a private passageway through the Internet. VPNs will allow remote offices, company road warriors, and even business partners or customers to use the Internet, rather than pricey private lines, to reach company networks. So the companies can save a lot of money.

You can also use VPNs to link remote LANs together or give traveling staffers, work-at-home employees, and business partners a simple way to reach past company firewalls and tap into company resources. Virtual private networks are flexible. They are point-to-multipoint connections, rather than point-to-point links. They can be set up or closed down at the network administrator's will, making them ideal for short-term projects.

VPN has many advantages: It is much cheaper for connecting WANs than 800 numbers or dedicated T1 lines. It provides encryption and authentication services for a fairly good measure of privacy. Maintenance of the WAN-to-WAN connection is left to Internet Service Providers. It is highly flexible, and can be set up and taken down very easily.

Virtual private networks may be new, but the tunneling technology they're based on is well established. Tunneling is a way to transfer data between two similar networks over an intermediate network. Also called "encapsulation”, tunneling encloses one type of data packet into the packet of another protocol, in this case TCP/IP. VPN tunneling adds another dimension to the tunneling procedure--before encapsulation takes place, the packets are encrypted so the data is unreadable to outsiders. The encapsulated packets travel through the Internet until they reach their destination, then the packets are separated and returned to their original format. Authentication technology is employed to make sure the client has authorization to contact the server.

http://www.masnet.net/internet/issues/vpn.html

·         IPSec (Ipv6)

PSec is a framework of open standards developed by the Internet Engineering Task Force (IETF). IPSec provides security for transmission of sensitive information over unprotected networks such as the Internet. IPSec acts at the network layer, protecting and

authenticating IP packets between participating IPSec devices ("peers"), such as Cisco routers.

IPSec provides the following network security services. These services are optional. In general, local security policy will dictate the use of one or more of these services:

     Data Confidentiality---The IPSec sender can encrypt packets before transmitting them across a network.

     Data Integrity---The IPSec receiver can authenticate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.

     Data Origin Authentication---The IPSec receiver can authenticate the source of the IPSec packets sent. This service is dependent upon the data integrity service.

     Anti-Replay---The IPSec receiver can detect and reject replayed packets.

With IPSec, data can be transmitted across a public network without fear of observation, modification, or spoofing. This enables applications such as Virtual Private

Networks (VPNs), including intranets, extranets, and remote user access.

IPSec security services are provided at the network layer, so you do not have to configure individual workstations, PCs, or applications. This benefit can provide a great cost saving. Instead of providing the security services you do not need to deploy and coordinate security on a per-application, per-computer basis, you can simply change the network infrastructure to provide the needed security services.

     Because IPSec is standards-based, Cisco devices will be able to interoperate with other IPSec-compliant networking devices to provide the IPSec security services. IPSec-compliant devices could include both Cisco devices and non-Cisco devices such as PCs, servers, and other computing systems.

     Cisco and its partners, including Microsoft, are planning to offer IPSec across a wide range of platforms, including Cisco IOS software, the Cisco PIX Firewall, Windows 95, and Windows NT. Cisco is working closely with the IETF to ensure that IPSec is quickly standardized.

     A mobile user will be able to establish a secure connection back to his office. For example, the user can establish an IPSec "tunnel" with a corporate firewall---requesting authentication services---in order to gain access to the corporate network; all of the traffic between the user and the firewall will then be authenticated. The user can then establish an additional IPSec tunnel---requesting data privacy services---with an internal router or end system.

     IPSec provides support for the Internet Key Exchange (IKE) protocol and for digital certificates. IKE provides negotiation services and key derivation services for IPSec. Digital certificates allow devices to be automatically authenticated to each other without the manual key exchanges required by Cisco Encryption Technology. This support makes IPSec preferable in many cases for use with medium-sized, large-sized, and growing networks, where secure connections between many devices is required.

In simple terms, IPSec provides secure tunnels between two peers, such as two routers. You define which packets are considered sensitive and should be sent through these secure tunnels, and you define the parameters which should be used to protect these sensitive packets, by specifying characteristics of these tunnels. Then, when the IPSec peer sees such a sensitive packet, it sets up the appropriate secure tunnel and sends the packet through the tunnel to the remote peer.

More accurately, these tunnels are sets of security associations that are established between two IPSec peers. The security associations define which protocols and algorithms should be applied to sensitive packets, and also specify the keying material to be used by the two peers. Security associations are unidirectional and are established per security protocol (AH or ESP).

With IPSec you define what traffic should be protected between two IPSec peers by configuring access lists and applying these access lists to interfaces by way of crypto map sets. Therefore, traffic may be selected based on source and destination address, and optionally Layer 4 protocol, and port. (Similar to CET, the access lists used for IPSec are used only to determine which traffic should be protected by IPSec, not which traffic should be blocked or permitted through the interface. Separate access lists define blocking and permitting at the interface.

A crypto map set can contain multiple entries, each with a different access list. The crypto map entries are searched in order---the router attempts to match the

packet to the access list specified in that entry.

When a packet matches a permit entry in a particular access list, and the corresponding crypto map entry is tagged as cisco, then CET is triggered, and connections

are established if necessary.

If the crypto map entry is tagged as ipsec-isakmp, IPSec is triggered. If no security association exists that IPSec can use to protect this traffic to the peer, IPSec uses IKE to negotiate with the remote peer to set up the necessary IPSec security associations on behalf of the data flow. The negotiation uses information specified in the crypto map entry as well as the data flow information from the specific access list entry. (The behavior is different for dynamic crypto map entries. Refer to the section "Creating Dynamic Crypto Maps (Requires IKE).")

If the crypto map entry is tagged as ipsec-manual, IPSec is triggered. If no security association exists that IPSec can use to protect this traffic to the peer, the traffic is dropped. (In this case, the security associations are installed via the configuration, without the intervention of IKE. If the security associations did not exist, IPSec did not have all of the necessary pieces configured.)

Similar to CET, the router will discard packets if no connection or security association exists.

Once established, the set of security associations (outbound, to the peer) is then applied to the triggering packet as well as to subsequent applicable packets as those packets exit the router. "Applicable" packets are packets that match the same access list criteria that the original packet matched. For example, all applicable packets could be encrypted before being forwarded to the remote peer. The corresponding inbound security associations are used when processing the incoming traffic from that peer.

If IKE is used to establish the security associations, the security associations will have lifetimes so that they will periodically expire and require renegotiation. (This provides an additional level of security.)

Multiple IPSec tunnels can exist between two peers to secure different data streams, and each tunnel uses a separate set of security associations. For example, some data streams might be just authenticated while other data streams are both encrypted and authenticated.

Access lists associated with IPSec crypto map entries also represent which traffic the router requires to be protected by IPSec. Inbound traffic is also processed against the crypto map entries---if a packet matches a permit entry in a particular access list associated with an IPSec crypto map entry, that packet is dropped because it was not sent as an IPSec-protected packet.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/ipsec.htm#xtocid25940

·         Secure Socket Layer (SSL)

SSL is the Secure Sockets Layer protocol. Version 2.0 originated by Netscape Development Corporation, and version 3.0 was designed with public review and input from industry. SSL (Secure Sockets Layer) is a communication system that ensures privacy when communicating with other SSL-enabled products. Technically speaking, SSL is a protocol that runs above TCP/IP and below HTTP or other top-level protocols. It is symmetric encryption nested within public-key encryption, authenticated through the use of certificates. An SSL connection can only occur between an SSL-enabled client and an SSL-enabled server. In fact, when a server is running in SSL mode, it can only communicate through SSL. http://developer.netscape.com/docs/manuals/proxy/adminux/encrypt.htm

Essentially, SSL is symmetric encryption nested within public-key encryption, authenticated through the use of certificates. An SSL connection can occur only between an SSL-enabled client and an SSL-enabled server. In fact, when a server is running in SSL mode, it can communicate only through SSL.

TCP/IP is Transmission Control Protocol/ Internet Protocol, the basic language of the Internet, and HTTP is Hypertext Transfer Protocol, the basic language of the graphical World Wide Web, a subset of the Internet.

Technically speaking, SSL is a protocol that runs above TCP/IP and below HTTP, NNTP, or other top-level protocols, as shown in the figure below.

1.1.2.2 How SSL relates to TCP/IP and application protocols.

An SSL connection is initiated by a network browser when it asks a server to send a document through HTTPS, LDAPS, SNEWS, or other secure protocol.

Here are the general steps of SSL-encrypted communication:



   1.The client sends a request to connect to the secure server.



   2.The server sends its presigned certificate to the client. This, and the first step, are collectively known as the handshake.



3.The client checks whether the certificate was issued by a CA it trusts. If so, it proceeds to the next step. Otherwise, the client can cancel the connection or proceed. Netscape Navigator and Netscape Communicator display a warning message saying the certificate isn't trusted and then asks the user if they want to proceed or not.



   4.The client compares the information in the certificate with the information it just received concerning the site: its domain name and its public key. If the information matches, the client accepts the site as authenticated.



   5.The client tells the server what ciphers, or types of encryption keys, it can communicate with.



   6.The server chooses the strongest common cipher and informs the client.



   7.Using that cipher, the client generates a session key (a symmetric encryption key used only for this transaction) and encrypts it using the server's public key.



   8.The client encrypts the session key using the server's public key, then it sends the encrypted session key to the server.



   9.The server receives the encrypted session key and decrypts it using its private key.



10.The client and the server use the session key to encrypt and decrypt the data they send to each other.

Most commercial Web servers and browsers, as well as many free Web servers, support SSL. On the downside, SSL suffers from the government encryption limitations that hamper the use of cryptography in secure ECommerce.

·         Private Communications Technology

SSL, created by Netscape, provides users with authentication of the server they are attaching to, encryption of the data sent and received, and integrity of the data being sent and received. PCT, created by Microsoft, provides protection against eavesdropping on a network or altering a network packet.

The Private Communications Technology (PCT) protocol furnishes the following elements of transmission security for client/server relationships over the Internet:

     Provides symmetric session-encryption keys between servers and clients.

     Accommodates authentication of server to client via Certificate of Authority (CA) trusted public keys; optionally, it also authenticates client to server.

     Verifies message integrity with hash function message digests, as explained earlier for the SET protocol.

Kamis, 20 Oktober 2016

Article Bahasa Inggris Pertemuan 6