cs155b: e-commerce lecture 2: jan. 11, 2001 course overview
Post on 21-Dec-2015
215 views
TRANSCRIPT
![Page 1: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/1.jpg)
CS155b: E-Commerce
Lecture 2: Jan. 11, 2001
Course Overview
![Page 2: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/2.jpg)
Telephone Network
• Connection-based• Admission control• Intelligence is “in
the network”• Traffic carried by
relatively few, “well-known”, communications companies
Internet• Packet-based• Best effort• Intelligence is
“at the endpoints”
• Traffic carried by many routers, operated by a changing set of “unknown” parties
![Page 3: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/3.jpg)
Business Question: How to price Internet Service?
Technical and Business Question(s): How to provide different QoS levels and how to charge for them?
Technical, Business, and “Policy” Question: Does “intelligence at the endpoints” make sense for a mass-market public infrastructure?
![Page 4: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/4.jpg)
Shift to Internet Causes
• Changes in existing businesses(e.g., telepresense)
• New ways to do old kinds of business (e.g., WWW-based retail)
• New kinds of businesses(e.g., Internet “infrastructure”
providers)
![Page 5: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/5.jpg)
As an infrastructure for communication, business, and almost all forms of human interaction, the Internet is new, rapidly changing, and inherently less manageable and controllable that older infrastructures.
Leads to problems with:• Privacy• Authenticity• Accountability
![Page 6: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/6.jpg)
Security Technologies
• Encryption– Symmetric Key– Public Key
• Signature• PKI• Rights Management• Time stamping• Secure Containers
![Page 7: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/7.jpg)
References• D. Stinson, Cryptography: Theory and
Practice, CRC Press, Boca Ration, 1995• G. Simmons (ed.), Contemporary Cryptology:
The Science of Information Integrity, IEEE Press, NY, 1992.
• A, Menezes et al., Handbook of Applied Cryptography, CRC Press, Boca Ration, 1997.
• IACR Publications: J. Cryptology, Crypto Proceedings, Eurocrypt Proceedingshttp://www.iacr. org
![Page 8: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/8.jpg)
Symmetric Key Crypto
D(E(x, k), k) = x (decryption, encryption, plaintext,
key)• Alice and Bob choose kAB
• Alice: y <-- E(x, kAB) (ciphertext)
• Alice --> Bob: y• Bob: x <-- D(y, kAB)
(Eve does not know kAB)
![Page 9: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/9.jpg)
Well Studied and Commercially Available– DES– IDEA– FEAL-n– RC5– AES
• Users must deal with– Government (especially export)– Key management
![Page 10: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/10.jpg)
Public Key Crypto
D(E(x, PKu), SKu) = x (user’s Secret Key, user’s public key)Bob generates SKbob, PKbob
Bob publishes PKbob
Alice: Lookup PKbob
y <-- E (x, PKbob)Alice -->Bob: yBob: x <-- D(y, SKbob)
(Eve does not know SKbob)
![Page 11: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/11.jpg)
Digital Signatures
...
Trickier than the paper “analogue”
Doc1
-JF
Doc2
-JF
Docn
-JF
![Page 12: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/12.jpg)
3-part Scheme
Key Generation Procedure
c c
PKjfSKjf
directory JF’s machine
...
![Page 13: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/13.jpg)
Signature Procedure
Doc SKjf
SIG
![Page 14: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/14.jpg)
Verification Procedure
Doc PKjf SIG
Accept / Reject
![Page 15: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/15.jpg)
Examples
• RSA• El Gamal• DSA• McEliece
![Page 16: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/16.jpg)
http://www.bob-soft.com
P( ){ . . .} SP
SP = signature(P, SKbob)
![Page 17: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/17.jpg)
Bob-soft: PKbob
Sue-soft: PKsue
.
.
.
Bob-soft PKbob
Alice: Verify (P, PKbob, SP)
![Page 18: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/18.jpg)
New Potential Problem
• Is PKbob the “Right Key”?
• What does “Right” mean?
![Page 19: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/19.jpg)
Traditional MeaningBob-soft PK bob
Accurate?
Traditional Solution
Alice’s Computer
PK CA
![Page 20: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/20.jpg)
Bootstrapping Trust
(Bob-soft, PKbob) SKCA
Signature Algorithm
CERTbob
Name1, PK1, CERT1
Name2, PK2, CERT2 . . . . . . . . .
![Page 21: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/21.jpg)
• Technical Question: Is this the right PK?
• Business Question: Can you make money selling public-key certificates?
• Political Question: Crypto export
• Legal Question: Do we have a right to use encryption? To some form of “electronic privacy”?
![Page 22: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/22.jpg)
Changes in the Technology and the
Economics of Publishing
• Computers and Digital Documents• WWW-based Publication• Internet Distribution
![Page 23: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/23.jpg)
Technical Question: Is copying, modification, and redistribution of copyrighted material now uncontrollable?
Business Question: Is it possible to make money distributing copyrighted material (e.g., popular music) over the Internet?
![Page 24: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/24.jpg)
Technical and Business Questions
• To what extent do encryption, digital signature, and other well understood security technologies make Internet content distribution manageable and profitable?– What other technology is needed?– What is the role of “circumvention” in
effective development and deployment of relevant technology?
![Page 25: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/25.jpg)
Technical, Business, and Legal Questions
• Is current copyright law technically feasible to implement and deploy on the Internet? (“copy-centric,” “fair use is a defense, not a right”)
• To what extent is copyright compliance monitorable? To what extent should it be monitored?
![Page 26: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/26.jpg)
Global Network vs. Local Expectations
• Intellectual Property Law• Censorship• Banking Law
![Page 27: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/27.jpg)
WWW Searching
• Technical Question: How to do it?(short answer: Linear Algebra)
• Business Question: How to make a business out of it? What is the role of advertising?
• Legal and Ethical Question: What conclusions should be drawn about people (by, e.g., gov’t, employers, insurance companies…) based on what they search for and what they find?
![Page 28: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/28.jpg)
WWW-Based, B2C Retail
Business Question: What to sell?
Business Question: How to capture and use customer information?– Massive scale– Variable Quality– Numerous Formats and
Intermediaries
![Page 29: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/29.jpg)
Business, Legal, and Ethical Question: Who owns transaction data? To whom can it legally be sold? What can legally done with it?
Technical and Business Question:Is there an inherent tradeoff between personalization/efficiency and privacy? (the “cookie” question)
![Page 30: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/30.jpg)
WWW-Based, C2C Retail
Economics and CS challenge: Auction Design
Technical Challenge: C2C payment systems, e.g., “Electronic Cash”?
![Page 31: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/31.jpg)
WWW-Based, B2B “exchanges”
Economics and CS Challenge: Market Design
Technical, Business, and Legal Question: Do “industry-sponsored” electronic market places promote monopoly and monopsony?
![Page 32: CS155b: E-Commerce Lecture 2: Jan. 11, 2001 Course Overview](https://reader031.vdocuments.net/reader031/viewer/2022032521/56649d5f5503460f94a3fd5b/html5/thumbnails/32.jpg)
Reading Assignment for Jan. 16, 2001
• Appendix C of The Digital Dilemma (http://books.nas.edu/html/digital_dilemma/)
• “Rethinking the Design of the Internet: The end-to-end arguments vs. the brave new world” (Clark & Blumenthal)
(http://itel.mit.edu:/itel/docs/jun00/TPRC-Clark-Blumenthal.pdf)
• Optional: Some of the other articles on http://www.sobco.com/e.132/reading/arch.html