Upload
shawn-darke
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
1
Three things about e-Business
Chris AvramComputer Science and Software EngineeringMonash University
e-Business tech talk Chris Avram E-Bus 2
Agenda
Security - safe enough at this speed B2C - usability - the three Ss
– speed of transfer– speed of response– more speed
Mobile technologies - futures– wireless LAN, WAP, GPS
e-Business tech talk Chris Avram E-Bus 3
Security is
Confidentiality– only those authorised have access to data
Authentication– the identity claimed can be verified
Availability– access is available as and when required
Integrity– information is modified only as it should be
e-Business tech talk Chris Avram E-Bus 4
Security is needed for Legal and ethical need
– OECD privacy guidelines– Australian privacy act and commission– OECD guidelines for security of information
Technical need– e-Business– public networks– packet switched networks
Customer confidence
e-Business tech talk Chris Avram E-Bus 5
Internet strategy
Local area network Wide area network Internet - global network
– customer/client access– inter-organisation systems
Intranet– Internet technology for WAN
e-Business tech talk Chris Avram E-Bus 6
The networked organisation
LANLAN
Internet
customers LAN
SOHOSOHO
Legend
Anotherorganisation
Secure line
Insecure
e-Business tech talk Chris Avram E-Bus 7
Outdated security measures
Passwords to identify users/clients– access restricted to logged on users– Netware, NT encrypt passwords– eaves dropping on other P/Ws possible
Physical access controls– guarantees server identity– reduces electronic eaves dropping
Typical of EDI service providers services
e-Business tech talk Chris Avram E-Bus 8
Threats
Impersonation– of clients– of servers
Passive electronic eaves dropping Modification of information in transit Traffic analysis Denial of service
e-Business tech talk Chris Avram E-Bus 9
Current security measures
Public key crypto-systems– allow electronic signature and verification– allow confidential exchange of information
Certificates– signed by a certificate authority (CA)– proof of identity
» containing a public key
SSL (for WWW), pgp, s/mime (for Email)
e-Business tech talk Chris Avram E-Bus 10
Public key crypto-systems
Send message
Receivemessage
Secretkey
Publickey
Public key directory Make
Keys
Eavesdropper
#$@!&*^##%
e-Business tech talk Chris Avram E-Bus 11
Public key signature-systems
Signmessage
Checksignature
Secretkey
Publickey
Public key directoryMake
Keys
Fraudster
clear message:$@!*^##%
e-Business tech talk Chris Avram E-Bus 12
Certificates
Certificate Authority
ClientServer
Signed server certificate
#$%^@$%^&#
Signed server certificate
CA public key
Source http://www.x509.com/
Certificate request
e-Business tech talk Chris Avram E-Bus 13
Secure linksClient Server
Info. Request
Certificate
#@$%^$#@
#$%^&*%$@
eg. Visa number
time
eg. fee forservice info.
e-Business tech talk Chris Avram E-Bus 14
Certificate authorities - Public
Public CAs – Australia Post– RSADSI– AT&T
Customers will get browsers with CA certificates included
$US250 per server per annum
e-Business tech talk Chris Avram E-Bus 15
Certificate authorities - Private
Software from » Netscape» Microsoft» public domain
Organisation – chooses level of proof of identity – makes CA certificates available, manages
revocation list No ongoing fees
e-Business tech talk Chris Avram E-Bus 16
Recommendation If a large organisation plans to use the Internet for
more than the distribution of public information– eg. selling, collecting $ or personals, customer
confidential communications
Then it should consider running a private certificate authority:– 1. Create a secure version of your WWW server
– 2. Install CA software
– 3. Begin testing with selected mobile staff...
Small organisations should use a service provider
e-Business tech talk Chris Avram E-Bus 17
Reference RSA DSI http://www.rsa.com/ CA demo http://www.x509.com/ Secure servers
– Netscape http://home.netscape.com/
– Apache http://Bond.edu.au/External/Misc/apache/
– Microsoft http://www.microsoft.com/ SSL capable WWW client Netscape 2.02 or later; IE This file is
http://www.csse.monash.edu.au/~cavram/papers/lawtech/e-bus.ppt
e-Business tech talk Chris Avram E-Bus 18
B2C - usability - the three Ss The Internet delivers data Measured in bits, carried in files
– file format, coding– file compression
http://www.csse.monash.edu.au/~cavram/papers/lawtech/pics
– Netscape; View; Page Info shows details Data transfer time is a function of file size and
transfer speed (in bits per second) Response time?
e-Business tech talk Chris Avram E-Bus 19
Customer premises equipment PC to Modem to phone line 33,000 bits/s PC to Mobile phone 9,600 bps PC to “Broadband” 500,000 bps
– http://www.bigpond.com/broadband/– Cable modem to Cable TV network– ADSL to exchange– Satellite dish to S. & Modem to phone
PC to ISDN TA to exchange 64,000 bps WAP 9,600 bps
e-Business tech talk Chris Avram E-Bus 20
Speed of transfer & ResponseClient Server
Info. Request 1
File 1 sent
time
Server response time
Info. Request 2 Server response time
File 2 sent
Info. Request 3
WWW pagein 3 parts
File 1 transfer time
e-Business tech talk Chris Avram E-Bus 21
Usability - the three Ss
Time to display a page is the sum of the component transfer times (total information to be sent) PLUS one average response time per component
look at some poorly designed pages -– too many files, one image or clickable map
would be better» use Netscape; View; Page Info» http://www.csse.monash.edu.au/~cavram/papers/lawtech/pics
e-Business tech talk Chris Avram E-Bus 22
Internet at home and about
% of users Avail. To% of pop.
Fixed $/m. Var. $/hr. Bits/s.
Modem 97% 90% $20 $5.00 28,000 –56,000
CableADSLSatellite
~2 90% $65 $0 100,000 –500,000
Mobile Ph ~1 97% $20 $35 9,600
ISDN ~1 100% $65 $5 - $10 64,000 –128,000
e-Business tech talk Chris Avram E-Bus 23
Reference Telstra Bigpond Broadband http://www.bigpond.com/broadband/
Tesltra Bigpond Home Internet http://telstra.com/
Usability sources http://www.useit.com/alertbox/
– I like vodo usability http://www.useit.com/alertbox/991212.html
– I like why test 5 http://www.useit.com/alertbox/20000319.html
– I like the need for speed http://www.useit.com/alertbox/9703a.html
This file ishttp://www.csse.monash.edu.au/~cavram/papers/lawtech/e-bus.ppt
e-Business tech talk Chris Avram E-Bus 24
Mobile technologies - futures
Internet anywhere– wireless LAN– WAP– PDA– Mobile phone
Location based services– GPS
e-Business tech talk Chris Avram E-Bus 25
wireless LAN
Range 400 m, office floor Can be linked: “campus” wide mobility Like the move to mobile phones, lower
building operation costs, no fixed wires (well power still needed)
Little effect on e-Business
e-Business tech talk Chris Avram E-Bus 26
WAP Wireless Application Protocol Mobile phone small screen based Internet web
browsing, charged by the minute SMS short messages very popular for person to
person messages; pager function over SMS popular; usability testing shows WAP has a long way to go
Little short term effect on e-Bus, may be 3 years before it has any
e-Business tech talk Chris Avram E-Bus 27
PDA
Speculation is that PDAs will become phones (hands free), screen size still a problem, at least wont have the ear to eye flipping
Notebooks with built in phones, now that’s for me
Need the next generation of network to get the speed up look at phone Internet demo...
e-Business tech talk Chris Avram E-Bus 28
Mobile phone
Mobile phone connected to notebook, see the previous slide
Notebook/PDA/Phone convergence with the new networks over three years away in Australia
This is the state of the art in mobile Internet, plan for it at 9,600 bits/sec
A web page design/usability issue
e-Business tech talk Chris Avram E-Bus 29
GPS
$US 15,000,000,000 per year business Transport applications
– dynamic dispatch Precision Agriculture In 5 years, sub decimetre location in the
open
e-Business tech talk Chris Avram E-Bus 30
Reference GPS http://www.igeb.gov/
This file ishttp://www.csse.monash.edu.au/~cavram/papers/lawtech/e-bus.ppt