University of Toronto School of Continuing Studies A ... · How do we encrypt messages? (continue)...
Transcript of University of Toronto School of Continuing Studies A ... · How do we encrypt messages? (continue)...
University of Toronto School of Continuing Studies
A Conceptual Overview of E-Business Technologies
Day 4 - Conceptual Overview of E-Business Technologies
n Authentication, Encryption, and Digital Payments
n Overview of Computing Platforms
n E-Commerce Platform Components
n Mid-Term Exam Review
Authentication, Encryption, and Digital Payment
n Understand the importance of authentication.
n Understand the various encryption alternatives.
n Differentiate between symmetric and asymmetric encryption.
n Determine how and why encryption is important for e-commerce.
n Understand how security applies to e-mail, the Web, the intranet, and the extranet.
n Understand the core technologies that build a virtual private network work
n Plan for strategies to fend-off security threats.
What make up a secure network?
n Access privileges are exercised by the right personnel
n Messages are sent and delivered without being viewed by a third party
n Message contents are not tampered during the transmission process
n Confidential information is truly sent to the right parties for processing
What do we need to protect?
n Confidentiality
n Authentication
n Integrity
n Auditing
n Nonrepudiation
Encryption and Decryption
n Encryption
l “Encryption is the conversion of plain text or data into a unintelligible form by means of a reversible translation.”
n Decryption
l “The inverse operation to encryption”
How do we encrypt messages?
n Method One: Translation Tablel Simplest methodl Easy to programl Easy to breakl Refinements
Table rotation
Using several tables
HFEBAGDZIC
IHGFEDCBA0
How do we encrypt messages? (continue)
n Method Two: Word/byte rotation – XOR bit masking
l Only computers can do it
l Cyclic redundancy check (CRC) is used to detect problems during encryption or decryption
l Better method than translation table but still weak
e.g. “A” – 1000001 to 0111110 – “>”
How do we encrypt messages? (continue)
n Method Three: Symmetric Key Encryption
l Sender and receiver share the same key.
l Fast encryption and decryption (comparing to PKI)
l Only the key decrypts the message, this assures authentication.
l Security is compromised if the key is divulgated.
How do we encrypt messages? (continue)
n Common Symmetric Key Encryption Algorithms
l Data Encryption Standard (DES)
l Triple DES
l Advanced Encryption Standard (AES)
l International Data Encryption Algorithm (IDEA)
l Blowfish
l RC4
How do we encrypt messages? (continue)
n Key Length
Over 200 septillion years, longer than the life of the universe
128
Almost 12,000 years 64
255 days 40
6 hours 30
21 seconds 20
< 1 second10
Time to decrypt (@ 100,000 keys per second)Key length (in bits)
How do we encrypt messages? (continue)
n Method Four: Asymmetric Key Encryptionl Also called Public Key Encryption, usually
implemented with RSA Data Security Algorithm.l The key set are composed by two keys:
- public and private key.l The public key is published while the private is a
secret to the owner of the keyl Public key encrypts the information. Private key
decrypts the information. Only the key owner can see.
How do we encrypt messages? (continue)
n Common Asymmetric Key Encryption Algorithms
l RSA (most common)Named after its inventors, Ron Rivest, Adi Shamir and Leonard AdlemanThe patent for RSA has expired therefore the RSA algorithm is free to use.
l Diffie-Helman
l Elliptic curve cryptography
How do we encrypt messages? (continue)
n Hashing Algorithms
l Message Digest 4 (MD4)
l Message Digest 5 (MD5)
l Secure Hash Algorithm (SHA-1)
PKI – Public Key Infrastructure
n PKI Components
l Digital certificate
l Certification authority (CA)
l Certificate revocation list (CRL)
l Certificate publication points and CRL distribution points
l Certificate and CA management tools
l Applications and services that are enabled by public keys
Application of Asymmetric Key Encryption
n Digital Signature
What technologies are using?
n Confidentialityl SSL/ HTTPS, SET, S/MIME, PGP
n Authenticationl SSL/ HTTPS, Digital Signature, Kerberos
n Integrityl CRC, SHA-1, MD5
n Auditingl Relational Database
n Non-repudiationl X.509 Digital Certificates, S/MINE
Applications of Encryption Technologies
n Security Socket Layer (SSL)
n Online Credit Card Transactions
n Virtual Private Network (VPN)
Security Socket Layer (SSL)
Online Credit Card Transactions
Page 316, E-commerce – Business. Technology. Society. By Kenneth C. Laudon and Carol Guercio Traver
Virtual Private Network (VPN)
n IP Security Protocol (IPSec)
n Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP)
Day 4 - Conceptual Overview of E-Business Technologies
n Authentication, Encryption, and Digital Payments
n Overview of Computing Platforms
n E-Commerce Platform Components
n Mid-Term Exam Review
What is Computing Platforms?
n Computing Platform =
l Hardware + Software required to run your computing environment
Computing Architecture
n Shift from a centralized mainframe environment to a distributed computing environment
n Tier functions under a distributed computing environment:
l User Interface / Presentation Layer
l Business Application Layer
l Database Layer
n Clients vs. Servers
Typical Evolution of an E-Commerce Site
Aligning all business processes and supply chains with the E-Commerce technologies
Stage 3:
Receiving orders, managing inventory and collecting invoices
Stage 2:
Placing company information and product list only
Stage 1:
An Integrated System View of a Mature E-Business
StoreFront System
Product CatalogueComponent
Customers
Overview of E-Commerce System Architecture
MerchandisingComponent
Product ConfigurationComponent
Shopping BasketComponent
Tax CalculatorComponent
Shipping ChargesCalculator Component
Payment SystemComponent
BackOffice Systems
Order Processing /Fulfillment Management
Inventory ControlManagement
Warehouse/ LogisticsManagement
Customer RelationManagement
Accounting System
Database Services
Decision Support System
Data Feeds fromVendors
Credit CardCompanies
Internet CreditCard Broker
Inte
rnet
- a
s a
med
ium
Evolution of Computing Platforms
n Host-Based Platform
n Client Server Platform
n Inter-Net Platform
Evolution of Computing Platforms (cont.)
Page 42, E-commerce – Business. Technology. Society.By Kenneth C. Laudon and Carol Guercio Traver
Host-Based Platform
n Centralized computer provide:
l Data Processing in batches
l Network Control
l Database Storage
Client Server Platform
Inter-Net Platform
E-Commerce Inter-Net Platform Components
n Internet
n Routing and Firewall Devices
n Internet Browser Software
n Web Servers
n Application Servers
n Back-End Transactional Software
l (includes TP monitors, database management system and data warehouse).
Internet Browser Software
n Microsoft Internet Explorer
n Other Browsers such as Gecko, KHTML, Opera and PDA
Source: http://www.upsdell.com/BrowserNews/stat.htm
1.1unidentified
.35.15.3.45.25.25other
1.0.3.1Mobile
2.1.7.11.11.2Opera
.05.1.2.15.1NN8
39159.87.71523Gecko based
4.23.12.42.24.61.6KHTML based
.1.2.05IE5 (Mac)
1.2.75
15.65.4
2.0IE5 (windows)
335952584548IE6
192120313324IE7
source6
source5
source4
source3
source2
source1
Usage Stats (%) – August 3, 2007
Browser
Microsoft Internet Explorer
n Come with Windows Server and Client OSes
l Also available in Windows 2000, XP, Vista
n Graphic Enhancement (e.g. auto image resize)
n Integrated with Windows Media Player
n NetMeeting for collaboration
n Outlook Express for fully functional e-mail.
n Supports FTP, Gopher, NNTP (News Group), JavaScript, ActiveX controls etc.
n Java applets (extra installation required)
Microsoft Internet Explorer (continue)
n Enhanced Privacy Support
l Provide Privacy Report
l Block and delete cookies
Mozilla – Firefox
n An open source project from Mozilla.org
l Mozilla was the original code name for Netscape Navigator
n A modular web browser, designed for standards compliance, performance and portability
n Platform-independent (can run on Mac, UNIX, OS/2)
n Author of Mozilla Suite and ThunderBird
Netscape Communicator
n Based on FireFox 2.0 – Gecko engine (an open-source code) supports XML
n Netscape Navigator (Web Browser)
l Tabbed Browsing
l Site Controls
l Multi-Bar
l Form Fill/Passcard
l Live Content from RSS XML feed
n Add-ins compatibility
n Java applets can be executed
Opera Software
n Optimizes space and speed
n Strict adherence to HTML standards
n Sophisticated and speedy web-browsing with news and e-mail
n Secure 128-bit SSL encryption
n Ideal for older machines and mobile computing with less available memory or disk space
n OS/2, Linux, Solaris, Mac, Mobile, Cable TV versions are available
n Freely available for download (in advertising mode with an advertising base)
Other Browsers – Micro-Browser
n Wireless devices are constrained computing device with limited CPU, memory, battery life, and simple user interface
n Wireless networks are restricted with low bandwith, high latency, and unpredictable availability and stability
n Wireless subscribers have different needs and desires than desktop, or even laptop Internet users
n WAP (Wireless Application Protocol) specification was developed to address the technical requirements and market issues unique to the wireless environment
For more information
n For more up-to-date statistics about Internet Browser
l http://www.upsdell.com/BrowserNews/overview.htm
E-Commerce Platform Components
n InterNet - the network itself
n Routing and Firewall Devices
n Internet Browser Software
n Web Servers
n Application Servers
n Back-End Transactional Software
Web Server Selection
n Performance, Development, Security
n Scalability, Stability, Platform
Page 209, E-commerce – Business. Technology. Society.By Kenneth C. Laudon and Carol Guercio Traver
Web Server Selection (continue)
n Technical aspect:
l HTTP engine performance
l Interfaces support for backend integrations
l Publishing capability
l Management and administration
l High-availability options
l Ability of the web server to add functionality and to control the website’s content.
l Security technologies supported
Web Server Selection (continue)
n Management aspect:
l Product evolution path
l Security
l Database connectivity
l Implementability
l Supportability
l Cost
Comparing Web Servers
n Market Share for Top Servers Across All Domains August 1995 – August 2007 (source: www.netcraft.com)
Comparing Web Servers (continue)
n Totals for Active Servers Across All Domains June 2000 – July 2007 (source: www.netcraft.com)
Comparing Web Servers (continue)
n Apache (SUN, IBM, RedHat, Borland, Apple)
n Microsoft Internet Information Server
Web Server - Apache
n Can be downloaded FREE from http://www.apache.org
n Available for many platforms
n Highly reliable and stable
n Very good in performance
n Bug-fixes are rapid and timely
n Poor administration interface
n SUN, IBM, RedHat, Borland, SAP is bundling its blend of Apache Web Server
Web Server - Microsoft Internet Information Server
n Come with any Microsoft Windows Operating Systems
l Microsoft Windows NT 4.0, 2000, 2003 Servers
l Personal Web Server in Vista, XP, 2000, ME, 98, 95
n Only runs on Intel and Windows (Wintel) platform
n Winning numerous awards including Editors’ Choice from PC Magazine
n Support JScript, VBScript, ActiveX, COM, ADO, .NET, Web Services
n Come with comprehensive administration tools
l Include both Web-based and Windows-based tools
Monitoring Web Server Performance
n Load Testing Tool
l Ziff Davis WebBench
l Microsoft Web Capacity Analysis Tool (WCAT) and InetLoad
n Web Traffic Reporting and Analyzing Tool
l Pilot HitList
l WebTrends Analytics
E-Commerce Platform Components
n InterNet - the network itself
n Routing and Firewall Devices
n Internet Browser Software
n Web Servers
n Application Servers
n Back-End Transactional Software
Application Servers
n Database Server
n Mail Server
n Mainframe Gateway Server
n Multimedia Server
n Certificates Server
n Business Component Server
l Run Business Components in an Application Frameworke.g. Microsoft .NET Framework or SUN Java Enterprise Edition 2
Business Component Server
n Microsoft .NET Platform – IIS with .NET Framework
n SUN Java Enterprise Application Server
n Oracle Application Server
n IBM WebSphere Application Server
n Sybase Enterprise Application Server
n BEA WebLogic Application Server
n Borland Application Server
Business Component Server (cont.)
Page 214, E-commerce – Business. Technology. Society. By Kenneth C. Laudon and Carol Guercio Traver
Choosing a Business Component Server
n Which bleed of platform the software supports?
n Who makes the server or the technologies behind?
n What programming language interface does the application server support?
n What portion of existing applications portfolio will have to be re-written to accommodate the new environment?
n What interfaces to the existing database management system are feasible?
n What are the total cost of implementation and support?
E-Commerce Platform Components
n InterNet - the network itself
n Routing and Firewall Devices
n Internet Browser Software
n Web Servers
n Application Servers
n Back-End Transactional Software
E-Commerce Enablers
Infrastructure Major Players Hardware: Web Server IBM, HP/Compaq, Dell, Sun Software: Operation Systems and Web Server
Microsoft, IBM, Red Hat Linux, Sun, Apache
Networking: Routers Cisco, JDS Uniphase, Lucent, Nortel Security: Encryption Software VeriSign, Check Point, Entrust, RSA E-Commerce Software Systems Microsoft, IBM, Ariba, BEA Systems Streaming and Rich Media Systems
Microsoft, Real Networks, Apple
Customer Relationship Management Software
Microsoft, PeopleSoft, Siebel, SAP
Payment Systems VeriSign, PayPal, VISA, Your bankers Performance Enhancement Akamai, Speedera Networks, Kontiki Relational Databases Management Systems
Oracle, Microsoft, IBM, Sybase
Hosting Services Q9, Bell, Rogers, Hydro, Canadian ISPs
Back-end Transactional Applications
n ERP – Enterprise Resource Planning
n SCM – Supply Chain Management
n CRM – Customer Relationship Management
List of E-Commerce Technology Terms
n COM / COM + / ActiveX
n ADO
n MTS
n ASP
n XML
n SOAP
n Web Services
n .NET
n CGI
n PERL
n CORBA
n Java Applets
n Java Servlets
n JSP
n Java Bean
n JDBC
More tech terms: http://www.matisse.net/files/glossary.html
E-Business System Architecture – Physical
Internet
Web Serverwith Business
LogicComponents
A Typical E-Commerce System Architecture
SQL Databaseon a high-
performanceRAID system
SecondaryNode
DatabaseServer
ProcessInter-
connect
Router/ LoadBalancer
Firewall
Web Serverwith Business
LogicComponents
Web Serverwith Business
LogicComponents
A number of Web serv ersf orming a Web Farm
Only databasetraffic (between Webservers and Database
servers) canpenetrate the firewall
Only HTTP trafficcan penetrate
this router
Primary Node
Secured Network
Unsecured Networkor De-militarized Zone (DMZ)
Database Cluster
Typical N-Tier Application Architecture for Internet Applications
CorporateClient Presentation
Services
Data Services
Application /Web Services
Database Server
Data
Application Server
Web BrowserBased
ApplicationsUser Interface
Middleware /ApplicationServices
BusinessRules / Logic
DatabaseManagement
SystemData Storage
Mid-Term Exam
n 30 multiple choice questions
l Read the questions carefully
l Some of them may have more than one answer
n Complete in 40 minutes
Home Readings
n E-Commerce - Business, Technology, Society:
l Chapter 4, 5 and 6.1-6.2
l Read Case: Enerline Restorations Inc.: Stay with an ASP
l Preview for Next Class: Chapter 4
“Thinking Beyond the Box” Case Study Series:
n Enerline Restorations Inc.: Stay with an ASP
l If you are Mr. Hozjan, would you go with FutureLink as your application service provider?
l What are the reasons behind your decision?