function of e commerce

Content type

User Generated

Type

Study Guide

Uploaded By

Znhyvx

Pages

Rating

Issues of Security and Privacy in Electronic Commerce

Part I ---- Introduction & Motivation

Peixian LI

pl9a@cs.virginia.edu

Introduction

Since the invention of the World Wide Web (WWW) in 1989, Internet-based electronic

commerce has been transformed from a mere idea into reality. Consumers browse

through catalogues, searching for best offers, order goods, and pay them electronically.

Information services can be subscribed online, and many newspapers and scientific

journals are even readable via the Internet. Most financial institutions have some sort of

online presence, allowing their customers to access and manage their accounts, make

financial transactions, trade stocks, and so forth. Electronic mails are exchanged within

and between enterprises, and often already replace fax copies. Soon there is arguably no

enterprise left that has no Internet presence, if only for advertisement reasons. In early

1998 more than 2 million web servers were connected to the Internet, and more than 300

million host computers. And even if actual Internet business is still marginal: the

expectations are high. For instance, Anderson consulting predicts Internet business to

grow from $10 billion in 1998 to $500 billion in 2002.

Thus, doing some electronic business on the Internet is already an easy task. As is

cheating and snooping. Several reasons contribute to this insecurity: The Internet does

not offer much security per-se. Eavesdropping and acting under false identity is simple.

Stealing data is undetectable in most cases. Popular PC operating systems offer little or

no security against virus or other malicious software, which means that users cannot even

trust the information displayed on their own screens. At the same time, user awareness

for security risks is threateningly low.

A report from Goldman, Sachs & Conotes that while commercial properties such as

Yahoo! and eBay receive a lot of attention from investors, business to business

ECommerce is on the verge of exponential growth. The report predicts that ECommerce

will be worth USD1.5 trillion by 2004. However, according to a survey by Net Effect

Systems, while 94 percent of online consumers use the Internet to shop, just 10 percent

say they prefer to buy things online. 74 percent of consumers cited security and privacy

concerns.

Therefore, if the security and privacy problems are addressed e-shoppers will be

converted into e-buyers, and the ECommerce will be pushed a big step forward.

Non-technical Issues

1. Security Awareness

Most opinion surveys list "insecurity of financial transactions" and "loss of privacy"

among the major impediments to electronic commerce, but in fact most users have only

ague ideas about the threats and risks, and a very limited understanding of the technical

and legal options for minimizing their risk. As a result all kinds of misperceptions exist.

For instance, the cardholder's risk in sending his or her credit card number over the

Internet is typically overestimated. At least as of this writing payments over the Internet

are treated like mail-order/telephone-order transactions, which means that the cardholder

is not liable at all. All risk is with the merchant.

On the other hand, the risks in sending sensitive data in an electronic mail are typically

underestimated. Probably most users of email know the mere facts: neither confidentiality

nor integrity nor availability is guaranteed. But nevertheless many users do not hesitate to

send all kind of very personal and sensitive data to their friends or colleagues,

unprotected.

Unfortunately, developers of electronic commerce solutions are often as security

unaware and ignorant as their prospective users. For instance, still many developers

demand that security must be provided by "lower layers" in a "transparent" way. But, for

instance, Secure Socket Layer (SSL) in an "opaque socket integration" does not make any

sense in most case. Security has to be an integral part of the architecture, design, and

implementation.

2. Crypto Regulations

Several countries regulate the deployment of strong encryption technology by law. For

instance, France controls the domestic use of encryption technology, in order to maintain

the capability to eavesdrop on the communication of criminals. The USA prohibits the

export of strong encryption products for the mass market, for the same reasons as it

controls the export of munitions.

Such regulations do not discriminate between “good” and “bad” applications, and limit

the security of honest citizens and companies to at least the same extent as they limit the

security of terrorists and organized crime. Therefore several governments, in particular

the US administration, are willing to relax their crypto regulations, provided access to the

encrypted information would still be possible on demand. The idea is to introduce new

“Trusted Third Parties” where secret keys must either be escrowed in advance, or can be

recovered afterwards.

End of Preview - Want to read all 24 pages?

Access Now

Unformatted Attachment Preview

Issues of Security and Privacy in Electronic Commerce Part I ---- Introduction & Motivation Peixian LI pl9a@cs.virginia.edu Introduction Since the invention of the World Wide Web (WWW) in 1989, Internet-based electronic commerce has been transformed from a mere idea into reality. Consumers browse through catalogues, searching for best offers, order goods, and pay them electronically. Information services can be subscribed online, and many newspapers and scientific journals are even readable via the Internet. Most financial institutions have some sort of online presence, allowing their customers to access and manage their accounts, make financial transactions, trade stocks, and so forth. Electronic mails are exchanged within and between enterprises, and often already replace fax copies. Soon there is arguably no enterprise left that has no Internet presence, if only for advertisement reasons. In early 1998 more than 2 million web servers were connected to the Internet, and more than 300 million host computers. And even if actual Internet business is still marginal: the expectations are high. For instance, Anderson consulting predicts Internet business to grow from $10 billion in 1998 to $500 billion in 2002. Thus, doing some electronic business on the Internet is already an easy task. As is cheating and snooping. Several reasons contribute to this insecurity: The Internet does not offer much security per-se. Eavesdropping and acting under false identity is simp ...
Purchase document to see full attachment