Presentation is loading. Please wait.

Presentation is loading. Please wait.

IELM 231: IT for Logistics and Manufacturing Course Agenda Introduction IT applications design: Human-Computer Interface Fundamental IT tools: sorting,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "IELM 231: IT for Logistics and Manufacturing Course Agenda Introduction IT applications design: Human-Computer Interface Fundamental IT tools: sorting,"— Presentation transcript:

1 IELM 231: IT for Logistics and Manufacturing Course Agenda Introduction IT applications design: Human-Computer Interface Fundamental IT tools: sorting, searching The Client-Server architecture, Interacting applications IT in logistics, Case study 2: web-based auctions IT in logistics, Case study 1: web-search How auctions work Web issues: session tracking Web issues: secure communications Web issues: cash transactions Search robots Data processing, Data storage/retrieval (DB, indexes) Data presentation: page ranking techniques

2 Web auctions: basics Basic operations of a popular web-auction site: EBay For each item: One seller – many bidders – one bid winner Sellers actions: - Login / Create an account  login - Upload the details of item for sale - Set up auction parameters closing date, seller’s reserve, tick, buy-it-now-price Bidders actions: - Login / Create an account  login - Evaluate personal value of item: Independent Private Value - Bid some amount for the item (same as IPV ??) [possibly repeatedly update bid until auction closes]

3 Web auctions: basics.. Technical issues Design issues When a user registers, how to send their data securely to server? After login, how to keep track of the user after they click on links? How to upload product data/bid data from client to EBay server? What data is required to be stored for each user? How to display the > 100 million items for sale? How to manage the auction ? - what bid to display, tick, commission, …

4 Web auctions basics: technical issues How to upload product data/bid data from client to EBay server? How to display the > 100 million items for sale? Directory-structure search interface (hierarchy of categories) [cf. Yahoo] Site search engine Using HTML forms How to upload images? Using HTML forms, but need special CGI functions to handle data

5 Web auctions basics: technical issues After login, how to keep track of the user after they click on links?  Session tracking requires using cookies (you will learn this in lab) HTTP servers are ‘stateless’  after sending a requested page, the server does not check its ‘past’ actions before responding to the next request client server www.abc.com GET /index.html HTTP/1.1 Host: www.abc.com HTTP/1.1 OK Content-type: text/html Set-Cookie: name=value; expires=Date; … Store cookie: name=value GET /afile.html HTTP/1.1 Host: www.abc.com Cookie: name=value Accept: */* Example: (optional) Mon, 24-12-2007 12:00:00 GMT; Example: SID=189234&user=joneja&p1=racket1234 1 2 3 HTTP/1.1 OK Content-type: text/html [..possibly reset cookie..] … 4

6 Web auctions basics: technical issues When a user registers, how to send their data securely to server? Data encryption  transmit encrypted data  decrypt data on server How to encrypt/decrypt ? Shared secret password: Symmetric keys (you will learn this in lab) Asymmetric keys (uses Secure Sockets Layer protocol), or SSL

7 Web security background 1. Passive attacks: Attacker monitors data traffic on the web, and collects some information not sent to him (using ‘packet sniffers’) 2. Active attacks: (a) Attacker gains access to some computer using security loopholes (typically using virus, worms, trojan horse, etc.) (b) Spoofing: attacker pretends to be a trusted system, to make the user believe it is safe to send them some secure data. (c) Cryptographic attack: attacker captures encrypted data an decrypts it (e.g., repeatedly trying many possible passwords) 3. Denial of service attacks: Attacker overloads your server with too many requests, blocking other users from accessing it. 4. Social engineering: Attacker uses personal communication/phone call to cheat you into telling them some secret information (e.g. password, credit card pin)

8 Data encryption: symmetric-key encryption sender, receiver share a secret key via email/phone/letter 1 data encryption algorithm @#r% decryption algorithm data 2 sender encrypts data, sends receiver decrypts data, reads Usually, the encryption and decryption uses same key (password) Common examples: DES algorithm (chops data into 64 bit ‘blocks’, encrypting each with a 56 bit key.) Feistel cipher

9 Data encryption: asymmetric-key (private key, public key) Each party wishing to communicate has two keys: - Public key: a password that is released to everyone - Private key: a secret password that is not told to anyone Properties of Public, Private keys: - must be different from each other - mathematically related - impossible to determine one from the other Two common uses of Asymmetric keys: Secure communications: sending encrypted data Identity verification: digital signatures

10 Data encryption: asymmetric-key (private key, public key) data encryption algorithm @#r% decryption algorithm data Sender encrypts data with receiver’s public key Receiver decrypts data with receiver’s private key r_pubr_pri sends reads Secure communications data encryption algorithm @#r% decryption algorithm data Sender encrypts data with sender’s private key Receivers decrypt data with sender’s public key s_pris_pub sends reads Digital signatures @#r% decryption algorithm data s_pub

11 Asymmetric keys: user verification Problem: how will the a user know whether the public key they ‘fetch’ over the internet is really from the party they are communicating, or it’s been altered by some malicious party? Solution: use of a “trusted” intermediary (third party), who is in charge of (a) providing keys to all interacting parties (b) physically checking that the each party is who they claim to be Implementation - Use of a Public Key Infrastructure (PKI), which usually involves a - 3 rd party Certificate Authority (CA) who issues and manages key’s to the applications that are communicating. Some common CA’s - VeriSign, CoModo, GoDaddy, DigiCert, …

12 Two common technologies for secure web communication Using TLS (Transport Layer Security) Using SHTTP - A set of functions written in the transport layer - URL is of the form: https://host/path/file - Connection on server is typically on port 443 - When a secure page is requested, TSL protocol will - verify identity of both parties - use symmetric-key encryption in the rest of the session - Implemented as a set of functions in application layer - URL is of the form: shttp://host/path/file - Used by very few systems

13 TLS connections (simplified) c_pub c_pri s_pri client server client generates a random number: rc s_pub *rc encrypts rc: rc client requests secure page: https://host/page includes: (a) list of cipher funcs, (b) *rc s_pub server generates a random number: rs *rs encrypts rs: rs server sends requested page, + c_pub encrypts server certificate: sc s_pri *sc *rs *sc rc *rc rs *rs client contacts CA to verify server identity *sc c_pri s_pub sc next page… rc rs s_pri

14 TLS connections (simplified) c_pub c_pri s_pri client server s_pub rc rs client contacts CA to verify server identity sc sends encrypted certificate encrypts client certificate: cc *cc c_pri *cc server contacts CA to verify client identity *cc cc c_pub cc client generates a random number (pre-password): pms s_pub encrypts pre-password: *pms s_pri pms rc rs rc client, server independently calculate password pass pms rsrc pass Secure, symmetric-key session with password: pass

15 Web auctions basics: EBay design What we have learnt up to now: - How to set up an E-commerce site - Where to store data (DB) - How to set up navigation for users (directories, search) - How to manage sessions - How to allow client and server to communicate securely Next we consider: - How to design a ‘good’ auction web-site (using E-bay as a case)  Design (and simple analysis) of auctions

16 Types of auctions 1. First price, sealed bid All bidders put their ‘bid’ in a sealed envelop and submit to auctioneer At the ‘closing time’, auctioneer opens all envelops Highest bidder wins, and must pay the amount on the bid Properties: - No “open” (i.e. face-to-face) competition - Each buyer must evaluate the value of the item to make their bid Properties: - This type of auction can also be used as a mail-bid auction Independent Private Value (IPV)

17 2. Open, Increasing bid auctions (English auction) - Auctioneer starts at lowest acceptable price (reserve), and - Increases bid amount in small steps (tick) - Price rises until only one bidder remains (winner), who pays the current price Types of auctions..

18 3. Second price, sealed bid (Vickrey auction) - All bidders put their bid in a sealed envelop and submit to auctioneer - At the ‘closing time’, auctioneer opens all envelops - Highest bidder wins; and pays the amount on the 2 nd highest bid (plus $1) Properties: - No “open” (i.e. face-to-face) competition - Each buyer must evaluate the value of the item to make their bid Properties: - This type of auction can also used as a mail-bid auction Types of auctions…

19 A buyer checks tuna fish during an auction in Tokyo’s Tsukiji’s fish wholesale market Open, Simultaneous bid auctions (Japanese fish market auction) - Auctioneer starts the auction (rings a bell) - Bidders simultaneously signal the highest price they wish to bid - Highest bidder wins Types of auctions (Japanese variation of English auction)

20 Five rooms with auction clocks form the heart of the auction. Each lot's price is determined by the Dutch auction system. The clock winds down from a high price, and the first buyer to press the button buys the lot. 55,000 transactions take place every morning. By the afternoon, the flowers are off to destinations around the world. Source: http://stevefazzio.com/Holland_Amsterdam_1.html 4. Open, Descending bid auctions (Dutch auction) - Auctioneer starts the auction at very high price - Price is lowered in small amounts (tick) in every time interval - First person to make a bid wins Types of auctions

21 First price auctions   Dutch auction Types of auctions: logical equivalences Bidder only knows their own value (IPV) for the item Bidder does not know the IPV of other bidders In either case, the ‘winner’ only knows what they must pay, but don’t know what the IPV of the second highest bidder is (they only know that the others are willing to pay less than him).

22 Second price auctions (English)   Vickrey auction In each case, the winner pays  more than the 2 nd highest bidder Types of auctions: logical equivalences In each case, winner bids = IPV Why ? Bid less than IPV, and lose  regret losing item Bid more than IPV, and win  loss of surplus What is the bidder’s expected surplus if he bids = IPV in First Price auction?

23 Online auction: which model to use, how to implement? Buyers’ concerns Maximize their benefit = (Independent Private Value – price paid) Sellers’ concerns Maximize the sale price of the item Practical/usage issues: Ease of finding item they want, timely end of bidding, secure and easy payment, safe delivery of items, tax/customs, … Practical issues: Minimum opening bid Sellers’ reserve (price below which item will not be sold) Commission to auction house (typically, 5%) Minimum increment (tick) Time limits, …

24 Online auction: which model to use? What price should the highest bidder be required to pay? What information should be posted on the website regarding the current bidding level? Easiest choice: - display the highest bid so far - require the highest bidder to pay what he bid First price auction Problems: - What if not all bidders are logged in simultaneously ? - Auction ends when no more higher bid is received: when to end? Best mode for internet auction is to operate non-real time

25 Online auction: which model to use.. Copy the mail-bid format: - display only the closing time of the auction - require the highest bidder to pay what he bid First price, mail bid Question: - Will the bidder bid = their ‘value’ ? Preferred mode of operation: - bidders should be given some time (e.g. 1 week) to make their bid. Value: the price above which the bidder will prefer not to buy, and below which the bidder will buy  the indifference point First-price mail bid  the bidder has no incentive to buy  bidder will bid below their ‘value’  bid is “not sincere”

26 Online auction: which model to use.. Internet Vickrey model (eBay): What happens if we display the current highest bid ? Attempt #3: Non-real time, Second-price auction Consider an Apple iPhone, worth approximately HK$ 3000 Current bid = $50 Next bidder bids $100,000  No other bidder will be willing to bid (otherwise they have to pay 100,000!)  Seller is doomed (since he must now sell for $50)  We should display the 2 nd highest bid so far! What information should be posted on the website regarding the current bidding level? Question: in this case, the current displayed price = $50; - Is there any disincentive for a buyer to put a bid for, say, $2000 ?

27 Online auction: The EBay model - Sealed bid (since only 2 nd price is displayed) - Dynamically posted 2 nd price - Second price (highest bidder only needs to pay second highest bid) - Continuous bidding - Each auction has a deadline Question: Assuming honest bidders, is each bid ‘sincere’ ? i.e. Is there any reason the bidder will bid below their ‘value’ ? - If they bid above their value  may have to pay more than their value  loss - If they bid below their value, they may lose the auction  loss Yes:

28 Some other design features of EBay - Bidders may bid many times - The highest bid at any time is hidden from the seller (only EBay knows it!) - There is minimum starting bid (open reserve) - There is a possible secret reserve  winning bid must be greater to win - It is possible for bidders, sellers to communicate (email) - It is possible to rate each seller - Seller can reject a bid

29 References and Further reading: www.security, R. S. MacGregor, A. Aresi, A. Siegert, IBM and Prentice Hall Snipers, Shills and Sharks: EBay and Human Behavior, Ken Steiglitz, Princeton University Press Internet resources: Ebay policiesEbay policies page Web connections and transport layer security: wikipediawikipedia Next topic: Mathematical foundations of auctions

Download ppt "IELM 231: IT for Logistics and Manufacturing Course Agenda Introduction IT applications design: Human-Computer Interface Fundamental IT tools: sorting,"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
1 Chapter 6: Auctions SCIT1003 Chapter 6: Auctions Prof. Tsang.

1 Chapter 6: Auctions SCIT1003 Chapter 6: Auctions Prof. Tsang.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Week 21 COS 444 Internet Auctions: Theory and Practice Spring 2009 Ken Steiglitz

Week 21 COS 444 Internet Auctions: Theory and Practice Spring 2009 Ken Steiglitz
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Chapter Seventeen Auctions. Who Uses Auctions? u Owners of art, cars, stamps, machines, mineral rights etc. u Q: Why auction? u A: Because many markets.

Chapter Seventeen Auctions. Who Uses Auctions? u Owners of art, cars, stamps, machines, mineral rights etc. u Q: Why auction? u A: Because many markets.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.

1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
IELM 511: Information System design Introduction Part 1. ISD for well structured data – relational and other DBMS Part 2. ISD for systems with non-uniformly.

IELM 511: Information System design Introduction Part 1. ISD for well structured data – relational and other DBMS Part 2. ISD for systems with non-uniformly.

Similar presentations

Ads by Google