1 Three things about e-Business Chris Avram Computer Science and Software Engineering Monash University
e-Business tech talk Chris AvramE-Bus 2 Agenda u Security - safe enough at this speed u B2C - usability - the three Ss –speed of transfer –speed of response –more speed u Mobile technologies - futures –wireless LAN, WAP, GPS
e-Business tech talk Chris AvramE-Bus 3 Security is u Confidentiality –only those authorised have access to data u Authentication – the identity claimed can be verified u Availability –access is available as and when required u Integrity –information is modified only as it should be
e-Business tech talk Chris AvramE-Bus 4 Security is needed for u Legal and ethical need –OECD privacy guidelines –Australian privacy act and commission –OECD guidelines for security of information u Technical need –e-Business –public networks –packet switched networks u Customer confidence
e-Business tech talk Chris AvramE-Bus 5 Internet strategy u Local area network u Wide area network u Internet - global network –customer/client access –inter-organisation systems u Intranet –Internet technology for WAN
e-Business tech talk Chris AvramE-Bus 6 The networked organisation LAN Internet customers LAN SOHO Legend Another organisation Secure line Insecure
e-Business tech talk Chris AvramE-Bus 7 Outdated security measures u Passwords to identify users/clients –access restricted to logged on users –Netware, NT encrypt passwords –eaves dropping on other P/Ws possible u Physical access controls –guarantees server identity –reduces electronic eaves dropping u Typical of EDI service providers services
e-Business tech talk Chris AvramE-Bus 8 Threats u Impersonation –of clients –of servers u Passive electronic eaves dropping u Modification of information in transit u Traffic analysis u Denial of service
e-Business tech talk Chris AvramE-Bus 9 Current security measures u Public key crypto-systems –allow electronic signature and verification –allow confidential exchange of information u Certificates –signed by a certificate authority (CA) –proof of identity »containing a public key u SSL (for WWW), pgp, s/mime (for )
e-Business tech talk Chris AvramE-Bus 10 Public key crypto-systems Send message Receive message Secret key Public key Public key directory Make Keys Eavesdropper
e-Business tech talk Chris AvramE-Bus 11 Public key signature-systems Sign message Check signature Secret key Public key Public key directory Make Keys Fraudster clear
e-Business tech talk Chris AvramE-Bus 12 Certificates Certificate Authority Client Server Signed server certificate Signed server certificate CA public key Source Certificate request
e-Business tech talk Chris AvramE-Bus 13 Secure links ClientServer Info. Request Certificate eg. Visa number time eg. fee for service info.
e-Business tech talk Chris AvramE-Bus 14 Certificate authorities - Public u Public CAs –Australia Post –RSADSI –AT&T Customers will get browsers with CA certificates included $US250 per server per annum
e-Business tech talk Chris AvramE-Bus 15 Certificate authorities - Private u Software from »Netscape »Microsoft »public domain u Organisation –chooses level of proof of identity –makes CA certificates available, manages revocation list No ongoing fees
e-Business tech talk Chris AvramE-Bus 16 Recommendation u If a large organisation plans to use the Internet for more than the distribution of public information –eg. selling, collecting $ or personals, customer confidential communications u Then it should consider running a private certificate authority: –1. Create a secure version of your WWW server –2. Install CA software –3. Begin testing with selected mobile staff... u Small organisations should use a service provider
e-Business tech talk Chris AvramE-Bus 17 Reference u RSA DSI u CA demo u Secure servers –Netscape –Apache –Microsoft u SSL capable WWW client Netscape 2.02 or later; IE u This file is
e-Business tech talk Chris AvramE-Bus 18 B2C - usability - the three Ss u The Internet delivers data u Measured in bits, carried in files –file format, coding –file compression –Netscape; View; Page Info shows details u Data transfer time is a function of file size and transfer speed (in bits per second) u Response time?
e-Business tech talk Chris AvramE-Bus 19 Customer premises equipment u PC to Modem to phone line33,000 bits/s u PC to Mobile phone 9,600 bps u PC to “Broadband” 500,000 bps – –Cable modem to Cable TV network –ADSL to exchange –Satellite dish to S. & Modem to phone u PC to ISDN TA to exchange64,000 bps u WAP 9,600 bps
e-Business tech talk Chris AvramE-Bus 20 Speed of transfer & Response ClientServer Info. Request 1 File 1 sent time Server response time Info. Request 2 Server response time File 2 sent Info. Request 3 WWW page in 3 parts File 1 transfer time
e-Business tech talk Chris AvramE-Bus 21 Usability - the three Ss u Time to display a page is the sum of the component transfer times (total information to be sent) PLUS one average response time per component u look at some poorly designed pages - –too many files, one image or clickable map would be better »use Netscape; View; Page Info »
e-Business tech talk Chris AvramE-Bus 22 Internet at home and about
e-Business tech talk Chris AvramE-Bus 23 Reference u Telstra Bigpond Broadband u Tesltra Bigpond Home Internet u Usability sources –I like vodo usability –I like why test 5 –I like the need for speed u This file is
e-Business tech talk Chris AvramE-Bus 24 Mobile technologies - futures u Internet anywhere –wireless LAN –WAP –PDA –Mobile phone u Location based services –GPS
e-Business tech talk Chris AvramE-Bus 25 wireless LAN u Range 400 m, office floor u Can be linked: “campus” wide mobility u Like the move to mobile phones, lower building operation costs, no fixed wires (well power still needed) u Little effect on e-Business
e-Business tech talk Chris AvramE-Bus 26 WAP u Wireless Application Protocol u Mobile phone small screen based Internet web browsing, charged by the minute u SMS short messages very popular for person to person messages; pager function over SMS popular; usability testing shows WAP has a long way to go u Little short term effect on e-Bus, may be 3 years before it has any
e-Business tech talk Chris AvramE-Bus 27 PDA u Speculation is that PDAs will become phones (hands free), screen size still a problem, at least wont have the ear to eye flipping u Notebooks with built in phones, now that’s for me u Need the next generation of network to get the speed up look at phone Internet demo...
e-Business tech talk Chris AvramE-Bus 28 Mobile phone u Mobile phone connected to notebook, see the previous slide u Notebook/PDA/Phone convergence with the new networks over three years away in Australia u This is the state of the art in mobile Internet, plan for it at 9,600 bits/sec u A web page design/usability issue
e-Business tech talk Chris AvramE-Bus 29 GPS u $US 15,000,000,000 per year business u Transport applications –dynamic dispatch u Precision Agriculture u In 5 years, sub decimetre location in the open
e-Business tech talk Chris AvramE-Bus 30 Reference u GPS u This file is