The Future of The Internet World

1
The Future of The Internet World
Dr. Carter Tseng Chairman and CEO Little Dragon
Foundation April. 2001
2
Contents
1. Internet Characterists,Application
Impact 2. E-Commerce E- business 3. Impact of
E-Commerce 4. Security Threats 5. Examples 6.
Cyber Crime Challenges 7. Issues in Chinese EC
Environment Problem Possible
Solutions 8. Conclusion
1
3
What is the Internet?
Host A

• A global network of computers that
• allows many millions of computer
• users to share and exchange
• information
• The systems of interconnected
• networks
• Use TCP/IP Internet Protocol
• Suite

18 M Hosts
1M Nets
net 3
net 1
Main Internet Activities
Internet
E-mail Transfer Files Join Discussion
Groups World Wide Web Communicate Live
net 2
net 4
300 M Users
150 Countries
router
Host B
2
4
What is the World Wide Web (WWW or W3)?

• The Web is a universe of linked pages
• Early Web pages were static, like a magazine
  page, consisted of laid-out text and images
  links to other pages
• Today, many Web pages are multimedia creations,
  full of sound, video, animation, and
  interactivity
• To access the Web, you need a standard Internet
  connection and some browser software
• Todays leading Web browsers have evolved from
  Web navigation tools to all-in-one Internet
  launchpads
• With the birth of JAVA and ActiveX to the
  browser, you can enjoy animation, tickertape
  text, live audio video, and interactive games
• Using helper applications or plug-ins, you
  can run many of the latest Web applications
  (e.g., view animation)

3
5
What is e-Commerce or e-Business?

• Definition the application of electronic network
  technology (e.g., Internet and EDI) to improve
  and change business process
• e-Commerce covers outward-facing processes that
  touch customers, suppliers and external partners
  (including sales, marketing, order taking,
  delivery, customer services)
• e-Business includes e-commerce but also covers
  internal process (e.g., production, inventory
  management, product development, risk management,
  finance, knowledge management and human resources
• (Source COMPUTERWORLD Oct 30, 2000)

4
6
InterNet Characteristics
1. No time Space Limitation 2. Cost of
re-production Distribution 0 3. Real - time ,
Interactive 4. No Inventory 5. Knowledge - base
5
7
InterNet Application
1. DataE-Mail Instant Messaging 2. VoiceIP -
Phone 3. Multi Media 4. E-CommerceReal time
Interactive 5. Mega - MediaText,Image,Voice,Graph
ics
6
8
Metcalfes Law
User base 1. ExpenseLinear 2.
ValueExponential Very Cost
- Effective
7
9
Internet Users in China

• Continue to grow strongly in the next several
  years
• Driven by1. Deregulation
• 2. Rapid fall of Internet
  Access charges
• 3. High PC shipments
• 4. Potential Access through
  Cable
• Modems and Mobile phones

8
10
Internet Infrastructure in China

• 1.Convergence of Telecom/Internet/TV
• 2.Limited competition at the last mile
• ?expensive and slow Internet Access
• 3.Internet AccessCable Modem
• ?Boost on-line usage
• 4.last Mile AccessMobile Devices

9
11
E-Commerce Infrastructure

• 1.Logistics/fulfillment
• 2.Payment Systems
• 3.On-line Security
• 4.Last-mile deliveryHigh Cost

10
12
Portal in China

• Key Attributes1.Content
• 2.Community
• 3.Commerce
• (B) Important Areas1.E-Mail
• 2.Search
• 3.Auction
• (C)Top 3 Chinese Portals1.SINA
• 
  2.SOHU
• 
  3.Netease
• (Three Kingdoms)

11
13
Internet/Web Security Threats

• Wiretapping to intercept communications
• Passive Wiretapping just listening
• Active Wiretapping injecting something into the
  communication
• Impersonation pretending to be another person or
  process
• Message Confidentiality Violations
• Misdelivery
• Exposure
• Traffic Flow Analysis
• Integrity Violations
• Download a maliciously modified copy of Web
  browser
• Modification of Web pages
• Falsification of Messages
• Hacking

12
14
The Spoofing Scenario

• One problem with TCP/IP is that any unauthorized
  machine can gain access to the network by posing
  itself off as a trusted host. For instance, host
  A trusts host B and allows unrestricted access.
  But host C can spoof host Bs IP address and TCP
  ports and thus gain access.

Host B IP address192.168.1.1 TCP Port 1536
Host A IP address192.168.1.2 TCP Port 514
Authorized access
External Network
Spoofed attack
Host C Fake IP address 192.168.1.1 TCP Port 1536
Internet
Firewall
Internal Network
13
15
Top 10 Internet Security Problems

• Lack of awareness of Internet threats and risks
• Lack of management support in handling security
• Weak site security safeguards
• Weak site security administration/management
• Many Internet sites allow wide-open Internet
  access
• Vast majority of Internet traffic is unencrypted
• Poor vendor supports on security
• Lack of security in TCP/IP protocol suite
• Exploitation of software (e.g., protocol
  implementation) bugs
• Cracker skills keep improving

14
16
E-Commerce Security Issues

• Revenue, information and data integrity loss
• Theft of trade secrets or data
• Infection with a computer virus
• Manipulation of their systems or software
  application

Source InfomrationWeek
15
17
Security Management

• IS Policy
• Standards
• Emergency Plans
• Auditing
• User Policy Analysis

16
18
Privacy Concern Example Social Insecurity?

• Security Issue Database must be
  access-controlled to prevent unauthorized
  insiders or outsiders from accessing sensitive
  data
• Background
• U.S. Social Security Administrator (SSA) placed
  U.S. citizens Personal Earnings and Benefits
  Estimate Statements (PEBES) database online and
  available to Web requests
• PEBES provide complete earnings history and
  detailed financial information
• One only needs the persons name, Social Security
  Number, mothers maiden name, and date and place
  of birth (i.e., basic information about a person)
  to gain access to individuals record
• The above password information is publicly
  available and easy to find
• SSA posted a penalty for abuse warning and kept
  track of who is making request

17
19
Privacy Concern Example Social Insecurity?
(Continued)

• Scenario
• An intruder or stalker can find the individual
  password information easily to defeat the
  access control mechanism
• Privacy advocates criticized the potential abuses
  of privacy
• SSA shut down the server to reevaluate the access
  control policy
• Challenge
• Need to find a new way for securing access to the
  PEBES database Web site and maintaining user
  privacy

18
20
Internet Security Protocols

• Secure Sockets Layer (SSL)
• Application-independent session-layer
  confidentiality, data integrity, and
  authentication
• Developed by Netscape in late 94, now V.3,
  widely deployed
• Secure Hypertext Transfer Protocol (S-HTTP)
• Add new cryptographic mechanisms to HTTP to
  provide message confidentiality,
  authenticity/integrity and non-repudiation of
  origin
• Developed by EIT in 94, version 1.2 to IETF,
  rarely used
• Secure Electronic Transaction (SET)
• Securing payment card transactions over open
  networks
• Developed by Visa and MasterCard plus several IT
  companies
• Others Kerberos, IPSEC, PEM, PGP, S/MIME

19
21
What is Secure Electronic Transaction (SET)?

• SET is an open specification for protecting
  payment card purchases on open network
• SET incorporates the use of RSA public key
  cryptography to protect the privacy of personal
  and finance information over any open network
• SET specification requires the cardholder and the
  merchant incorporating SET software into the
  cardholders personal computer browser and the
  merchants network servers
• SET also requires a technology residing at the
  acquirers location (the merchants bank) to
  decrypt the financial information, as well as at
  the certificate authorities location to issue
  digital certificates

20
22
SET and Electronic Payment System

• SET defines the electronic payment protocol to
  support payment aspect of E-commerce
• SET also defines the certificate management
  process

21
23
- cardholder registration
0
Certificate Authority
- purchase request
1
How SET with Credit Card Works
- merchant passes signed, encrypted
authorization to the acquirer for check
2
Card Holder
Merchant Server
0
1
- card validation with issuer
3
6
- issuer authorizes and signs transaction
4
- acquirer authorizes merchant and signs the
transaction
5
2
8
- cardholder receives the goods and a receipt
6
7
5
- merchant deposit the transaction to his
account
7
3
4
Card Issuer Bank
- merchant gets paid
8
Acquiring Bank
- cardholder receives bill from card issuer
9
9
22