Technology Infrastructure for
Electronic Commerce
Olga Gelbart
rosa@seas.gwu.edu
THE GEORGE WASHINGTON UNIVERSITY
based on Prof. Lance Hoffman’s Lecture on Network Infrastructure for Electronic Commerce
Snapshots of the Electronic
Commerce World



Yesterday - EDI
Today - getting our toes wet, what this course is
about
Tomorrow - Metadata, machine understandable
information on the Web.
–
–
–
–
–
Catalog information
Intellectual property information
Endorsement Information
Privacy information
see www.w3c.org/pics and www.w3c.org/p3p
How Did We Get Here?




Before the Internet
– History of Commerce and Money
– Elements of payment systems
The Start of the Internet
– Predecessor Networks
– Timeline of Significant Events
The Internet Today
– What is the Internet?
– How Does the Internet Work?
– Differences from Original Net
– Differences from Traditional World Out There
The Internet in the Future
What is the Internet?

On October 24, 1995, the FNC unanimously passed a resolution
defining the term Internet. This definition was developed in
consultation with members of the internet and intellectual
property rights communities. RESOLUTION: The Federal
Networking Council (FNC) agrees that the following language
reflects our definition of the term "Internet". "Internet" refers to
the global information system that -- (i) is logically linked
together by a globally unique address space based on the
Internet Protocol (IP) or its subsequent extensions/follow-ons;
(ii) is able to support communications using the Transmission
Control Protocol/Internet Protocol (TCP/IP) suite or its
subsequent extensions/follow-ons, and/or other IP-compatible
protocols; and (iii) provides, uses or makes accessible, either
publicly or privately, high level services layered on the
communications and related infrastructure described herein.

http://www.fnc.gov/Internet_res.html
The Internet - connections
•Computers in the backbone connected by a (T3)
data connection (45 megabits/second)
•ISP hosts and other powerful computers connect
using (T1,Broadband) lines
•Leased lines (some businesses)
•Modem dial-up connections
•Cable modems
•ADSL - Asymmetric Digital Subscriber Line
Internet features

Originally ARPAnet
– MIT, MITRE, SRI, BBN
– Distributed communications even with
many failure points
– Dissimilar computers exchange info easily
– Route around nonfunctioning parts
– 4 sites: SRI, UCLA, UCSB, Univ of Utah

Hafner and Lyon, Where Wizards Stay
Up Late, Simon & Schuster 1996
Kahn’s Internet Principles
R. Kahn, Communications Principles for Operating Systems. Internal BBN
memorandum, Jan. 1972.




Each network must stand on its own
and no internal changes could be
required to connect it to the Internet
If a transmission failed, try again
Simple black boxes (later called
“gateways” and “routers” would connect
the networks
No global control at operations level
The Internet - development
1962 Licklider, J.C.R., Galactic Network memos
Licklider - MIT to ARPA
ARPANET and successors: open architecture networking
1970s: universities and other DoD contractors connect
packets rather than circuits (note many of the names in
the articles were graduate students then)
1975: 100 sites and e-mail is changing how people collaborate
Late 1970s: New Packet Switching Protocol:
Transfer Control Protocol/Internet Protocol (TCP/IP)
1980: MILNET takes over military traffic
1980s: NSFNet links together NSF researcgers,
Internet protocols incorporated into (BSD) Unix, a widespread operating system
Late 1980s: NSFNet absorbs original ARPANET (for a US university to get NSF
funding for an Internet connection, that connection had to be made available to
all qualified users on campus, regardless of discipline
1995: Commercial backbones replace NSFNet backbone
Usenet
BITNET
Commercial Networks: AOL, Compuserve, etc.
Federal Decisions that Shaped the Internet





Agencies shared cost of common infrastructure, e.g., transoceanic circuits
CSNET/NSF (Farber) and ARPA (Kahn) shared infrastructure
without metering
Acceptable Use Policy - no commercialization. Privately funded
augmentation for commercial uses (PSI, UUNET, etc.), thought
about as early as 1988 KSG conferences sponsored by NSF
NSF defunded NSF backbone in 1995, redistributing funds to
regional networks to buy from now-numerous, private, long-haul
networks
NSFNet $200M from 1986-1995
The Internet - Four Aspects
Leiner, et al., “A Brief History of the Internet”,
http://info.isoc.org/internet/history/brief.html

Technological Evolution
– Packet Switching
– Scale, Performance, Functionality



Operations and management of a global
and complex infrastructure
Social Aspect - Internauts
Commercialization
Internet Development Timeline
From “A Brief History of the Internet” by B. Leiner, et al.,
http://info.isoc.org/internet/history/brief.html
Excerpts from
Hobbes’ Internet Timeline
by Robert H. Zakon
http://www.info.isoc.org/guest/zakon/Internet/History/HIT.html































1957 Sputnik; US forms ARPA
1962 P Baran, Rand, “On Distributed Communications Networks”, packet switched networks
1967 Larry Roberts first design paper on ARPAnet
1969 ARPANet commissioned. First RFC.
1970 ALOHANet (radio) connected to ARPANet in 1972
1971 Ray Tomlinson E-mail, BBN
1972 Telnet specification (RFC 318)
1973 File transfer specification (RFC 454)
1977 Mail specification (RFC 733)
1979 USENet newsgroups. First MUD.
1981 CSNet
1982 DoD standardizes on TCP/IP
1983 Name server developed at University of Wisconsin; users no longer need to remember exact path to other systems
1983 Berkeley releases 4.2BSD including TCP/IP
1984 DNS introduced. Now over 1,000 hosts
1984 Moderated newsgroups on USENET
1988 Internet worm affects 6,000 of the 60,000 Internet hosts
1990 EFF founded by Mitch Kapor
1991 WWW released by CERN (Tim Berners-Lee, developer)
1991 PGP released by Phil Zimmerman
1992 ISOC chartered
1992 “Surfing the Internet” coined by Jean Armour Polly
1993 US White House goes online
1993 Internet Talk Radio
1994 Can now order pizza from Pizza Hut online
1994 First Virtual bank open for business
1995 RealAudio
1995 Netscape third largest ever NASDAQ IPO share value
1995 Registration of domain names no longer free
1996 Communications Decency Act passed, challenged in US
1997 CDA overturned by Supreme Court
Growth
of
the
Internet
From Hobbes’ Internet Timeline at http://info.isoc.org. ...
How Internet Manages Change?






RFC process
W3C process
Now a proliferation of stakeholders
Debates over control of name space
Profits to be made and lost
Commercial vs. Other interests
Trends in Internet Applications





Internet TV (Web TV + VIATV
Videophone)
Voice over IP (VoIP)
Internet telephone
Internet dashboard (Alpine GPS,
Windows CE in cars)
Wireless (WAP)
Needed in Electronic Commerce




Authentication
Privacy
Message Integrity
Non-repudiation
Adapted from Gail Grant
Authentication

Proving identity
– Passports
– Driver’s licenses
– Credit Cards
– Doctors’ diplomas
Gail Grant
Privacy




Locks
Doors
Perimeter security
Castles
Gail Grant
M
Y
T
H
R
E
A
L
I
T
Y
Message Integrity





Wax seals
Tylenol seals
Custom seals
US Mail
Gail Grant
Non-Repudiation




Handshake
Notary Public
Signatures
Contacts
Gail Grant
Electronic cash policy issues

anonymity
– can lead to “perfect” crime


traceability (accountability)
security (no electronic muggings)
Certification Authority Functions

Accept applications for certificates

Verify the identity of the person or
organization applying for the certificate

Issue certificates

Revoke/Expire certificates

Provide status information about the
certificates that it has issued

But what do the certificates mean?
Adapted from Gail Grant
Who Will Be CA’s?








Specialty firms (VeriSign)
Government agencies
Corporations (for employees)
Telecommunication companies
Banks
Internet Service Providers
Value-Added Networks (VAN’s)
Whom to trust?
– Hierarchy vs web of trust
Gail Grant
Who Sells CA Products
and Services?

Atalla Corporation

BBN Corporation

CertCo

Cylink Corporation

Entrust Technologies Inc.

GTE Corporation

IBM

Netscape Communications

VeriSign

Xcert Software Inc.
July 1997
Legal Issues





Legislation
Responsibilities
Liability
International Usage
Certification Practice Statements
Business Issues for CAs






Business Models
Risks
Costs
In-House vs Out-Sourcing
Operational Considerations
Liability
Some Problems





Untrusted computer systems
Not all persons are trustable
Law not clear
Policy not clear
Sovereignty challenged:
– Cryptography policy
• Anonymity
• Confidentiality
25300
Untrusted Computer Systems (then)
Malware Example: The Internet Worm
Shut down 6,000 machines, Nov 1988
– Tried three techniques in parallel to spread
• Guess passwords
• Exploit a bug in the finger program
• Use a trapdoor in the sendmail program
– Effects
• serious degradation in performance of affected machines
• affected machines had to be shut down or disconnected
from the internet
– Criminal justice
• Perpetrator convicted January 1990 under 1986
Computer Fraud and Abuse Act; sentenced to
3 years probation, $10,000 fine, and 400 hours of
community service
Web-Based Computer Systems
SURPRISE DISCLOSURES OF PERSONAL
INFORMATION, AND PROGRAM LAUNCHES



Cookies
JAVA (Applet security issues)
Microsoft
– Word macro viruses
– ACTIVE-X
• QUICKEN surprise bank transfer
– Web-based viruses


Browser vulnerabilities (recent
Netscape 4.x -- have to disable Java!)
A final surprise: monitoring tools (e.g.,
SATAN) also used by the enemy
Who are “trustworthy” persons?





With “everyone” connected by networks, how do you
know who to trust?
Trusted Third Parties
Certifying Authorities
Digital Signatures
– Strong, Trustable Encryption
Distributed Architecture: Smart Cards
LAW OF THE NET


Whose Law? Internet is not a monarchy, democracy, republic,
or dictatorship; rules and formalities are nonexistent
Jurisdiction, treaties, harmonization of definitions
– CDA Example, Tennessee

Enforcement
– Elected officials and their designees?
– Internet Service Providers?
– Vigilantes?
• Anti-spam page: http://www.dgl.com/docs/antispam.html
– Agents Launched by Any of the Above?
• Cancelbots
– Netiquette?
18071
Sovereignty Case study: Cryptography Policy
Government stalling, an impediment to
progress, or cautious reasoning to avoid chaos?
– Constitutional issues
- Law Enforcement
- National Security
– Privacy issues
– Export policies
– Jurisdictional "turf" issues
Issues in Cryptography Policy
Privacy Issues
When should government have right to
monitor telecommunications?
What safeguards prevent abuse of
information obtained with taps?
Can a free society tolerate
hidden data with no accountability?
Clipper Chip Solution (Clipper I)
* provides successor for DES
(adapted from White House briefing)
WARRANT
* provides law enforcement solution
2
Key Escrow Holders
1
Law Enforcement
Agency
Commerce Dept., NIST
Treasury Dept., Automated Systems Div
Clipper Chip
Court
Encryption device
THE FOUR HORSEMEN OF THE
APOCALYPSE
(CYPHERPUNKS VERSION)




nuclear terrorists
child pornographers
money launderers
drug dealers
APPLICATION OF BLIND SIGNATURE TO A REAL CRIME
B. von Solms and D. Naccache, Computers and Security 11, 6 (1992)
reprinted in Hoffman, L. (Ed.), Building in Big Brother,
Springer-Verlag, 1995
19111
WHAT IF UNBREAKABLE ENCRYPTION LEADS TO THIS?
How many times per year is acceptable?
19892
NAS/NRC CRYPTO POLICY REPORT
HIGHLIGHTS
Commercial use: Should promote widespread
commercial use of technologies that can
prevent unauthorized access to electronic info
Exportation: Should allow export of DES to
provide an acceptable level of security
Escrow: Premature (Key recovery = current proposal)
Classified material: The debate on crypto
policy should be open and does not require
knowledge of classified material
Total preliminary report at http://www.nap.edu/nap/online/titleindex.html#c
Cryptography's Role in Securing the Information Society, 1996,
National Academy Press, 2101 Constitution Ave. NW, Box 285, Washington DC 20055, (800) 624-6242
19870
CURRENT ENCRYPTION LEGISLATION
Highlights: Full Text at http://www.cdt.org/crypto/




SAFE (HR 695)
Reps. Goodlatte (R-VA), Eshoo (D-CA)
Pro-CODE (S 377)
– Sen. Leahy (D-VT), Burns (R-CO), Wyden (D-OR)
– Audio and photo transcript and lots of information
from 3/19/97 hearing at
www.democracy.net/archive/03191997
Commonalities between SAFE and Pro-CODE
– Prohibit government from imposing mandatory key escrow
– No export license required for public domain or
– generally available encryption software
(Draft Clinton administration legislation [no warrant])
Building a Home Page to Sell
Something



Just Building a Home Page
Now Making It Sell Something
What to Sell?