DOC-20240723-WA0024..ppt

Full Transcript

Electronic Commerce Security

Chapter1
Introduction

Dr. Farah Zawaideh
 Course Description:

· This course focuses on electronic commerce applications, technologies,
and tools which are used to conduct business on the World Wide Web.

· It reviews foundations of e-commerce, its infrastructure, current
business models in business-to-consumer (B2C), consumer-to-business
(C2B), business-to-business (B2B), consumer-to-consumer (C2C)
transactions.

· It also introduces current threats facing organizations that conduct
business online and how to mitigate these challenges. It will cover
secure credential services and role-based authorization, security of
agent-based systems, secure electronic transactions, electronic payment
systems.
 Traditional commerce
Commerce: is a negotiated exchange of valuable objects or services
between at least two parties and includes all activities that each of
the parties undertakes to complete the transaction.
Commerce can be viewed from at least two different perspectives:
1. The buyer’s viewpoint
2. The seller’s viewpoint

Both perspectives will illustrate that commerce involves a number
of distinct activities, called business processes.
 E-commerce

We will define e-commerce as the use of electronic data
transmission to implement or enhance any business activity.

Example: A buyer sends an electronic purchase order to a seller.
The seller then sends an electronic invoice back to the buyer.

When used appropriately, electronic transmission can save both time
and money.
Some business processes can be handled well using a combination
of electronic and traditional methods.
 Key Properties of the Internet
· The Internet is interoperable
– A computer is connected to the Internet if it can communicate
with any other computer connected to the Internet.
· The Internet is global
– The Internet structure is based on standardized and universal
connectivity.
· The Web makes it easy
– The WWW has made high functional multimedia content easily
available to users worldwide.
· The costs of the network are shared across multiple applications
and borne by the end users.
– Businesses and consumers pay for their own connections and
then are free to use the network for their purposes.
 What do we mean by “Internet
Commerce”?

· By “Internet commerce”, we mean the use of the
global Internet for purchase and sale of goods
and services, including service and support after
the sale.
· Internet commerce is one type of the more
general electronic commerce.
– In this course, we use the terms “e-commerce”
and “Internet commerce” interchangeably.
 Why Internet Commerce?

· The ability to reach new customers and create
more intimate relationships with all customers
· Dramatic cost reduction for distribution and
customer service
 Access to a Global Market

· Every business on the Internet has a global
presence.
· The Internet makes it possible to work effectively
and efficiently with customers, partners, and
suppliers around the world
– Worldwide, high-bandwidth communications
– Essentially the same cost of communications (whether the
parties are down the street or halfway around the world)
– Technologies allow businesses to know more about their
customers
 Great Cost Reduction in
Distribution and Customer Service

· The ability to deliver information to customers in a
low cost manner becomes an important part of
making the sale.
· Sending a printed brochure through postal service
costs several dollars for each recipient. Sending the
equivalent in e-mail costs nearly zero per recipient.
· The Internet makes it possible to provide even more
information at lower cost, and to have that
information be always accurate, up-to-date, and
searchable.
· The same ideas hold for selling information
products online.
 The Internet Is Different from
Other Media

· One of the most important properties of the Internet
is that everyone can be a publisher, reaching the
same worldwide audiences.
· This property defines how the Internet is different
from other media.
– The telephone allows one to call one person at a time, limiting
in time the number of people one can reach, and requiring
both people to be available at the same time.
– Traditional mass media (newspapers, television etc.) can reach
large audiences, but is limited by resources and by the
investment required to create and distribute the medium.
 The Internet Is Different from
Other Media (cont.)

· These limitations do not apply to the Internet.
– Using tools such as e-mail or the Web, the sender can reach
large number of receivers. Senders and receivers do not need
to be available at the same time.
· Implications:
– Small merchants can reach customers on the Internet very
effectively.
– Communication technology combined with databases of
customer information makes it possible to reach customers as
individuals.
 Business Issues in Internet
Commerce

· Internet commerce is about
business: using the network
effectively to achieve business goals.
– Current technology provides tools for reaching
business goals.
– If we do not have a clear idea of our business
goals in using the network, then technology
cannot help us to achieve them.
– Without the network, such a goal might have
been too expensive or difficult to achieve.
 Basic Concepts

· Universal Addressing
– Is needed in which each host can be identified uniquely
underling physical network (IP address)
– TCP/IP
Stands for Transmission Control Protocol/Internet
Protocol.
A set of standardized rules that allow computers to
communicate on a network such as the internet
– DNS
Stand for Domain Name Server
Standard protocol that helps Internet users discover
websites using human addresses
 Basic Concepts…Cont.
· Universal Processing Protocols
– URL: Uniform Resource Locator
– HTTP: Hypertext Transfer Protocol
– HTTPS: Hypertext Transfer Protocol Secure
– HTML: Hypertext Markup Language
– FTP: File Transfer Protocol
· Hypertext  Hypermedia via HTML
– Support for text, images, sound, …
· Client/Server Model
– distributed application structure that partitions tasks
between the providers of a resource or service, called server,
and service requesters, called clients.
 Internet Technologies
WWW Architecture

Client Client Browser

Request:
http://www.msn.com/default.asp

Network TCP/IP

Response:
…

Server Web Server
URL
 Computer Networks

· Computer Network: an interconnected collection of independent
computers
· Why do we need networks?
– File sharing
Share data between different users, or access it remotely if you keep
it on other connected devices
– Resource sharing
A computer resource made available from one host to other hosts on
a computer network
Some examples of shareable resources are storage devices, and
printers
– Sharing a single internet connection
it is cost-efficient and can help protect your systems if you properly
secure the network
 Computer Networks

– Cost savings
reduce the historical or expected cost of a given transaction
– Increasing storage capacity
you can access files and multimedia, such as images and music,
which you store remotely on other machines or network-attached
storage devices
· Web technologies add:
– New business models: e-commerce, advertising
– Applications without a client-side install
Network Protocol Stack

Client Server

HTTP HTTP

TCP TCP

IP IP

Ethernet Ethernet
 Network Protocols
· Simple Mail Transfer Protocol (SMTP)
– is the standard protocol for email services on a TCP/IP
network.
– SMTP provides the ability to send and receive email messages.

· Domain Name System (DNS)
– is a hierarchical and decentralized naming system for
computers, services, or other resources connected to the
Internet or a private network
– convert human address to machine IP
· Routing Information Protocol (RIP)
– is a dynamic routing protocol which uses hop count as a
routing metric to find the best path between the source and the
destination network.
 Network Protocols…..Cont.

· Simple Network Management Protocol (SNMP)
– is an Internet Standard protocol for collecting and
organizing information about managed devices on IP
networks and for modifying that information to change
device behavior.
· Address Resolution Protocol (ARP)
– is a communication protocol used for discovering the
link layer address
· Internet Group Management Protocol (IGMP)
– is a communications protocol used by hosts and adjacent
routers to establish multicast group memberships.