Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Few Slides on TIP (Transaction Internet Protocol)

Published byDeclan Hinds Modified over 9 years ago

Similar presentations

Presentation on theme: "A Few Slides on TIP (Transaction Internet Protocol)"— Presentation transcript:

1 A Few Slides on TIP (Transaction Internet Protocol)

2 Slides by Peter Thanisch & Jyrki Nummenmaa ‘

3 Internet Commerce - Distributed Application Example Area To exemplify the potential risks in safety and credibility of distributed systems, we will discuss an example application area. Internet commerce is a good example area, because it deals with money and there is a lot of interest in application development.

4 Internet Commerce defined The use of the global Internet for purchase and sale of goods and services, including service and support after the sale.

5 Internet Commerce: our focus Internet Commerce: our focus n Advertising n Browsing n Purchasing n Billing n Payments

6 Electronic Commerce: the old way Electronic Commerce: the old way Customer Financial Adviser MortgageLenders LifeInsurers

7 RentalCompanies’ Web Sites Exhibition Hall’s Web site stands Brokerageservice Exhibitor PC Web browser Internet Commerce Example: Exhibition Hall computerscommunicationsfurniture

8 So what is changing? n Electronic commerce Fixed set of participating companiesFixed set of participating companies Proprietary, special- purpose protocols.Proprietary, special- purpose protocols. Specialist agent drives the dialogue, with special-purpose softwareSpecialist agent drives the dialogue, with special-purpose software n Internet commerce Transient sets of companies, maybe with brokers. Protocols are Internet standards The customer drives the dialogue from a general-purpose Web browser.

9 The state of the market n Projections about the growth of Internet commerce have been wildly optimistic. n Not many retailers have been making big bucks. n Market for Internet commerce software is not hugely profitable either.

10 Internet Commerce n A person, running a web browser on a desktop computer, electronically purchases a set of goods or services from several vendors at different web sites. This person wants either the complete set of purchases to go through, or none of them.This person wants either the complete set of purchases to go through, or none of them.

11 Technical Problems with Internet Commerce Technical Problems with Internet Commerce n Security n Failure n Multiple sites n Protocol problems n Server product limitations n Response time

12 Security: some solutions n Confidentiality: Encryption. n AuthenticationCertification. n Authentication: Certification. n Integrity: Digitally signed message digest codes. n Non-repudiation: Receipts containing a digital signature. n You can do these through SSL/TLS or using the Java APIs.

13 Failure

14 Failures: single computer n Hardware failure n Software crash n User switched off the PC n Active attack

15 Failure: Additional Problems for Multiple Sites n Network failure Or is it just congestion?Or is it just congestion? Or has the remote computer crashed?Or has the remote computer crashed? Or is it just running slowly?Or is it just running slowly? n Message loss? n Denial-of-service attack? n Typically, these failures are partial.

16 Subtle Difference: transaction n Traditional data processing transaction: set of read and update operations collectively transform the database from one consistent state to another. n Internet Commerce transaction: set of read and update operations collectively provide the user with his/her required package

17 Protocol Problems

18 TIP: Transaction Internet Protocol n Proposed as an Internet Standard. Backed by Microsoft and Tandem.Backed by Microsoft and Tandem. n Heterogeneous Transaction Managers can implement TIP to communicate with each other.

19 ‘Conventional’ vs. Internet Transaction Processing Conventional: OSI TP, LU6.2 One-pipe: n the application may only use the communications services supported by the transaction protocol. Internet: ‘Open’: TIP? Two-pipe?: n inter-application communication via some other protocol.

20 TIP Design

21 TIP: Two-pipe model Site A ApplicationProgram TIP API TIP txn manager Site B ApplicationProgram TIP API TIP txn manager Pipe 1 Pipe 2 TIP commit protocol

22 A Browsing Transaction User’s Web Browser Server A Server B Server C (1) Initiate txn (2) txn URL (3) PUSH txn (4) txn URL (5) PULL txn

23 A C PUSH ‘txn1a’ PUSH ‘txn1c’ D PUSH ‘txn1b’ B PUSH ‘txn1a’ Multiple inclusions of a site

24 TIP vulnerability n Communication is pairwise point-to- point. n Vulnerable to single link failures.

25 The Commit Protocol: Ensuring Atomicity n Once the pushing and pulling is over, a coordinator must ensure that all sites can complete their work, writing their results into their databases. n The method used to achieve this is called a Commit Protocol. n The Commit Protocol must behave sensibly even when there are failures.

26 TIP Security n Requires Secure-HTTP/SSL/TLS with encryption andencryption and end-to-end authentication.end-to-end authentication. n Operator intervention is needed when the commit protocol fouls up. How will this work on the Internet?How will this work on the Internet?

27 Internet Transaction Security n Big value transactions will not be conducted in this way. n Thus any scams will take the form of having a small effect on a large number of transactions. (Salami scams.)

28 SSL/TLS does NOT solve all of the problems n TIP with TLS does not ensure non- repudiation. n Various Denial-of-Service attacks are possible. n A rogue participant could block progress by refusing to commit.

29 Denial-of-Service n PULL-based: A rogue company that knows the transaction ID sends a PULL to a site then closes the connection.A rogue company that knows the transaction ID sends a PULL to a site then closes the connection. n PUSH-based Flood a sites with PUSHes so that it cannot service legitimate requests.Flood a sites with PUSHes so that it cannot service legitimate requests.

30 Broken connection n If a site loses its connection to its superior, the rogue sites sends it a RECONNECT command and tells it the wrong result of the commit.

31 Repudiation n General point about how to repudiate: n The site that wants to repudiate a transaction can always cause itself to crash and then recover, meanwhile losing all information that was in vulnerable storage.

32 Repudiation n n Interaction of 2PC and authenticated protocol messages The semantics of the authenticated messages only apply if the txn is committed.

33 Repudiation n n If a message from A to B is part of a 2PC protocol, then B’s possession of the digital signature proves nothing. A can claim: Yes, that was sent, but the action was rolled back. B must prove that the action was committed. B must also prove that the message was part of that txn.

34 Implications for Internet Commerce n Existing protocols are inappropriate for the way people expect to be able to do business on the Internet. n The TIP approach looked promising, but was not really accepted. n For particular business sectors, a detailed analysis of likely transaction behavior will be needed. n Market opportunities for brokerage companies.

Download ppt "A Few Slides on TIP (Transaction Internet Protocol)"

Similar presentations

Cryptography and Network Security

Cryptography and Network Security
Nummenmaa & Thanish: Practical Distributed Commit in Modern Environments PDCS’01 PRACTICAL DISTRIBUTED COMMIT IN MODERN ENVIRONMENTS by Jyrki Nummenmaa.

Nummenmaa & Thanish: Practical Distributed Commit in Modern Environments PDCS’01 PRACTICAL DISTRIBUTED COMMIT IN MODERN ENVIRONMENTS by Jyrki Nummenmaa.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
Integration of Applications MIS3502: Application Integration and Evaluation Paul Weinberg Adapted from material by Arnold Kurtz, David.

Integration of Applications MIS3502: Application Integration and Evaluation Paul Weinberg Adapted from material by Arnold Kurtz, David.
The Architecture of Transaction Processing Systems

The Architecture of Transaction Processing Systems
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Chapter 8 Web Security.

Chapter 8 Web Security.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Technology Overview. Confidential & Proprietary Information System Unit Server Two-way Satellite network System includes units and server Units have built.

Technology Overview. Confidential & Proprietary Information System Unit Server Two-way Satellite network System includes units and server Units have built.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Automatic Generation of B2C E-Commerce Payment Process By Jinglei Mei Thursday, November 09, 2000.

Automatic Generation of B2C E-Commerce Payment Process By Jinglei Mei Thursday, November 09, 2000.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Invitation to Computer Science 5th Edition

Invitation to Computer Science 5th Edition
E-Commerce. 2 What is E-commerce?  Electronic commerce (e-commerce) –A business transaction that occurs over a computer network. –Sometimes called e-business.

E-Commerce. 2 What is E-commerce?  Electronic commerce (e-commerce) –A business transaction that occurs over a computer network. –Sometimes called e-business.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Similar presentations

Ads by Google