1 / 48

Budi Rahardjo

Everything you want to know about the Internet, secure e-commerce, e-business, and other new digital economy but were afraid to ask Looking at current situation and future opportunities. Budi Rahardjo. Current affiliations. Bandung High-Tech Valley (BHTV). Introduction to the Internet.

Télécharger la présentation

Budi Rahardjo

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Everything you want to know about the Internet, secure e-commerce, e-business, and other new digital economy but were afraid to askLooking at current situation and future opportunities Budi Rahardjo

  2. Current affiliations Bandung High-Tech Valley (BHTV)

  3. Introduction to the Internet

  4. The Internet … means • Information Bahn, the net, … a global system connecting public and private network to share information among universities, governments, business, individuals • Technology based on TCP/IP, web oriented

  5. The Internet • Recognized as foundation of the “New Digital Networked Economy” • Important! • Numerous IT / Internet initiatives in the USA to guarantee their domination

  6. The History of the Internet • ARPANET (1969) • MILNET (1980) • NSFNET (1986)National Science Foundation Network (NSFNET) linked researchers across the country with five supercomputer centers • Commercial Internet (1995-Now) Let the game begins...

  7. LAN LAN LAN LAN Internet Technology WAN Internet WAN

  8. Internet Growth • Exponential • Matthew Gray of the Massachusetts Institute of Technologyhttp://www.mit.edu/people/mkgray/net/ • Internet Statistics and Demographicshttp://lcweb.loc.gov/global/internet/inet-stats.html

  9. Connection from home Internet ISP ISP • Modem • Phone Line • Computer • ISP Connection Client Client

  10. Internet Services • World Wide Web (WWW) • Electronic Mail (Email) • File Transfer Protocol (FTP) • Internet Relay Chat (IRC), MUD • Multimedia Applications • Newsgroup • Wide Area Information System • and many more...

  11. Internet Apps • Distance Learning • Electronic Commerce • Voice Over Internet • Video On Demand • WebTV/InternetTV

  12. New Internet Devices

  13. Introduction to e-commerce, e-business

  14. What is e-commerce? • Commerce based on electronics / information technology • e-commerce to commerce is like email to conventional mail • Things that were not possible are now possible • How many conventional mails you send to your friends monthly? You send more emails.

  15. What is e-business • Business utilizes electronics or IT • E-business or Out-of-business

  16. Things that make you hmm… • Computers were only used to replace typewriter • Computers can do more (not just an electronic typewriter) • Save, recall, easy editing • Transfer files without changing the format, layout, content • File sharring • Desktop publishing, arts • Features that were difficult tointerpolate from typewriter

  17. E-commerce & E-business then… • Uses Internet (media & technology, web) • Internet and computer networks are not just replacement of telephone and fax • The ability to exploit technology (information, computing, communication) will win • Save cost, reduce time, reach the whole world, better supply chain, …

  18. Implications • Advances in computing, communication should increase our quality of life. Is it? • Longer working hours. Work even at home • No “life” (family) • Wider gaps between the have and the have nots • Are you really ready for this?

  19. E-commerce & E-Business in Indonesia • Depends on readiness in • Economy: understanding the New Digital Economy • Legal framework: Cyberlaw (eg. Digital signature law, IPR) • Hard infrastructure: telcos, power, human resources • Soft infrastructure: IDNIC (domain), IDCERT (security) • Community: culture, ethics

  20. Indonesia Cybercommunity • Define “Indonesia cybercommunity”! • Since the Indonesian digital population is still small, opportunity to create a better community. No “burden of size”. • Ethics!

  21. Ethics: Do well or do right? • “Business ethics” is oxymoron • Do the right thing! • Corporate must have values • From “Silicon Valley”, magazine of San Jose Mercury News, 4.16.2000http://www.svmagazine.com/2000/week17/features/Story01.html

  22. Example: Propel.com 13 commandments • Think and act like an owner • Have fun • Recognize accomplishment • Keep a balance in your life • Teach and learn from each other • Communicate without fear of retribution • Require quality beyond customer expectations • Improve continuously • Go the extra mile to take care of customer • Play to win-win • Act with sense of urgency • Make and meet commitments • Give back to the community

  23. Something to ponder • In the end, your integrity is all you’ve got(Jack Welch, GE)

  24. Reading materials • From Business to E-Business in 8 Stepshttp://www.cognitiative.com

  25. Secure E-Commerce

  26. E-commerce & Security • Trust, security and confidence are esential to underpin e-commerce • E-commerce will be accepted if the security is at an acceptable level • Are we there yet? Is it acceptable? • Business cannot wait

  27. E-security Statistics • Difficult to get exact numbers due to negative publicity • 1996. FBI National Computer Crime Squad, detected computer crime 15%, only 10% of that number is reported. • 1996. American Bar Association: survey of 1000 companies, 48% experienced computer fraud in the last 5 years. • 1996. Di Inggris, NCC Information Security Breaches Survey: computer crime increased 200% from1995 to 1996. • 1997. FBI: computer crime case in court increased 950% from 1996 to 1997, convicted in court increased 88%.

  28. More Statistics • 1999 CSI/FBI Computer Crime and Security Survey Disgruntled employees 86% Independent hackers 74% US Competitors 53% Foreign corp. 30% Foreign gov. 21% http://www.gosci.com

  29. The Point … • Security awareness is still low.No budget! • Information Week (survey in USA, 1999), 1271 system or network manager, only 22% think that security is important

  30. Vandalized Indonesian Sites • Polri, Satelindo, BEJ, BCA • DoS attack to various web sites

  31. Security Services • Privacy / confidentiality • Integrity • Authentication • Availability • Non-repudiation • Access control Some can be achived with cryptography

  32. Privacy / confidentiality • Proteksi data [pribadi] yang sensitif • Nama, tempat tanggal lahir, agama, hobby, penyakit yang pernah diderita, status perkawinan • Data pelanggan • Sangat sensitif dalam e-commerce, healthcare • Serangan: sniffer

  33. Integrity • Informasi tidak berubah tanpa ijin (tampered, altered, modified) • Serangan: spoof, virus, trojan horse

  34. Authentication • Meyakinkan keaslian data, sumber data, orang yang mengakses data, server yang digunakan • penggunaan digital signature, biometrics • Serangan: password palsu

  35. Availability • Informasi harus dapat tersedia ketika dibutuhkan • server dibuat hang, down, crash • Serangan terhadap Yahoo!, ebay, CNN • Serangan: Denial of Service (DoS) attack

  36. Non-repudiation • Tidak dapat menyangkal (telah melakukan transaksi) • menggunakan digital signature • perlu pengaturan masalah hukum

  37. Access Control • Mekanisme untuk mengatur siapa boleh melakukan apa • biasanya menggunakan password • adanya kelas / klasifikasi

  38. Jenis Serangan (attack) • Menurut W. Stallings • Interruption • Interception • Modification • Fabrication

  39. Teknologi Kriptografi • Penggunaan enkripsi untuk meningkatkan keamanan • Private key vs public key • Contoh: DES, RSA

  40. Encryption Private Key Cryptosystem Shared (secret) key Decryption Plaintext Plaintext Ciphertext My phone555-1234 My phone555-1234 Y$3*@

  41. Private Key Cryptosystem • Uses one secret key to encrypt and decrypt • Problem in key distribution and management • Key distribution requires separate channel • The number of keys grows exponentially • Advantage: fast operation • Examples: DES, IDEA

  42. Encryption Public Key Cryptosystem Public key repositoryCertificate Authority (CA) Public key Private key Decryption Plaintext Plaintext Ciphertext My phone555-1234 My phone555-1234 Y$3*@

  43. Public Key Cryptosystem • Uses different keys to encrypt and decrypt • Less number of keys • Requires extensive computing power to calculate • Requires key repository • Key management may be complicated • Examples: RSA, ECC

  44. Public Key Cryptosystem • Public Key Infrastructure (PKI)Infrastruktur Kunci Publik (IKP) • Now the foundation of secure e-commerce. Standard. • Certification Authority • Verisign • Indosign (recently launced)

  45. Studying Hackers • Who are they? • What are their motives? • How do they get in? • What do they do after they got in?

  46. Other Security Issues • USA export restriction for strong cryptography • Cyberlaw: • Legal to use cryptography? • Digital signature law? • Privacy issues • Intellectual Proverty Rights • National Critical Infrastructure Protection

  47. ID-CERT • Indonesia’s first computer emergency response coordination • Volunteers • Need more support • http://www.cert.or.id • Budi@cert.or.id

More Related