480 likes | 648 Vues
Everything you want to know about the Internet, secure e-commerce, e-business, and other new digital economy but were afraid to ask Looking at current situation and future opportunities. Budi Rahardjo. Current affiliations. Bandung High-Tech Valley (BHTV). Introduction to the Internet.
E N D
Everything you want to know about the Internet, secure e-commerce, e-business, and other new digital economy but were afraid to askLooking at current situation and future opportunities Budi Rahardjo
Current affiliations Bandung High-Tech Valley (BHTV)
The Internet … means • Information Bahn, the net, … a global system connecting public and private network to share information among universities, governments, business, individuals • Technology based on TCP/IP, web oriented
The Internet • Recognized as foundation of the “New Digital Networked Economy” • Important! • Numerous IT / Internet initiatives in the USA to guarantee their domination
The History of the Internet • ARPANET (1969) • MILNET (1980) • NSFNET (1986)National Science Foundation Network (NSFNET) linked researchers across the country with five supercomputer centers • Commercial Internet (1995-Now) Let the game begins...
LAN LAN LAN LAN Internet Technology WAN Internet WAN
Internet Growth • Exponential • Matthew Gray of the Massachusetts Institute of Technologyhttp://www.mit.edu/people/mkgray/net/ • Internet Statistics and Demographicshttp://lcweb.loc.gov/global/internet/inet-stats.html
Connection from home Internet ISP ISP • Modem • Phone Line • Computer • ISP Connection Client Client
Internet Services • World Wide Web (WWW) • Electronic Mail (Email) • File Transfer Protocol (FTP) • Internet Relay Chat (IRC), MUD • Multimedia Applications • Newsgroup • Wide Area Information System • and many more...
Internet Apps • Distance Learning • Electronic Commerce • Voice Over Internet • Video On Demand • WebTV/InternetTV
What is e-commerce? • Commerce based on electronics / information technology • e-commerce to commerce is like email to conventional mail • Things that were not possible are now possible • How many conventional mails you send to your friends monthly? You send more emails.
What is e-business • Business utilizes electronics or IT • E-business or Out-of-business
Things that make you hmm… • Computers were only used to replace typewriter • Computers can do more (not just an electronic typewriter) • Save, recall, easy editing • Transfer files without changing the format, layout, content • File sharring • Desktop publishing, arts • Features that were difficult tointerpolate from typewriter
E-commerce & E-business then… • Uses Internet (media & technology, web) • Internet and computer networks are not just replacement of telephone and fax • The ability to exploit technology (information, computing, communication) will win • Save cost, reduce time, reach the whole world, better supply chain, …
Implications • Advances in computing, communication should increase our quality of life. Is it? • Longer working hours. Work even at home • No “life” (family) • Wider gaps between the have and the have nots • Are you really ready for this?
E-commerce & E-Business in Indonesia • Depends on readiness in • Economy: understanding the New Digital Economy • Legal framework: Cyberlaw (eg. Digital signature law, IPR) • Hard infrastructure: telcos, power, human resources • Soft infrastructure: IDNIC (domain), IDCERT (security) • Community: culture, ethics
Indonesia Cybercommunity • Define “Indonesia cybercommunity”! • Since the Indonesian digital population is still small, opportunity to create a better community. No “burden of size”. • Ethics!
Ethics: Do well or do right? • “Business ethics” is oxymoron • Do the right thing! • Corporate must have values • From “Silicon Valley”, magazine of San Jose Mercury News, 4.16.2000http://www.svmagazine.com/2000/week17/features/Story01.html
Example: Propel.com 13 commandments • Think and act like an owner • Have fun • Recognize accomplishment • Keep a balance in your life • Teach and learn from each other • Communicate without fear of retribution • Require quality beyond customer expectations • Improve continuously • Go the extra mile to take care of customer • Play to win-win • Act with sense of urgency • Make and meet commitments • Give back to the community
Something to ponder • In the end, your integrity is all you’ve got(Jack Welch, GE)
Reading materials • From Business to E-Business in 8 Stepshttp://www.cognitiative.com
E-commerce & Security • Trust, security and confidence are esential to underpin e-commerce • E-commerce will be accepted if the security is at an acceptable level • Are we there yet? Is it acceptable? • Business cannot wait
E-security Statistics • Difficult to get exact numbers due to negative publicity • 1996. FBI National Computer Crime Squad, detected computer crime 15%, only 10% of that number is reported. • 1996. American Bar Association: survey of 1000 companies, 48% experienced computer fraud in the last 5 years. • 1996. Di Inggris, NCC Information Security Breaches Survey: computer crime increased 200% from1995 to 1996. • 1997. FBI: computer crime case in court increased 950% from 1996 to 1997, convicted in court increased 88%.
More Statistics • 1999 CSI/FBI Computer Crime and Security Survey Disgruntled employees 86% Independent hackers 74% US Competitors 53% Foreign corp. 30% Foreign gov. 21% http://www.gosci.com
The Point … • Security awareness is still low.No budget! • Information Week (survey in USA, 1999), 1271 system or network manager, only 22% think that security is important
Vandalized Indonesian Sites • Polri, Satelindo, BEJ, BCA • DoS attack to various web sites
Security Services • Privacy / confidentiality • Integrity • Authentication • Availability • Non-repudiation • Access control Some can be achived with cryptography
Privacy / confidentiality • Proteksi data [pribadi] yang sensitif • Nama, tempat tanggal lahir, agama, hobby, penyakit yang pernah diderita, status perkawinan • Data pelanggan • Sangat sensitif dalam e-commerce, healthcare • Serangan: sniffer
Integrity • Informasi tidak berubah tanpa ijin (tampered, altered, modified) • Serangan: spoof, virus, trojan horse
Authentication • Meyakinkan keaslian data, sumber data, orang yang mengakses data, server yang digunakan • penggunaan digital signature, biometrics • Serangan: password palsu
Availability • Informasi harus dapat tersedia ketika dibutuhkan • server dibuat hang, down, crash • Serangan terhadap Yahoo!, ebay, CNN • Serangan: Denial of Service (DoS) attack
Non-repudiation • Tidak dapat menyangkal (telah melakukan transaksi) • menggunakan digital signature • perlu pengaturan masalah hukum
Access Control • Mekanisme untuk mengatur siapa boleh melakukan apa • biasanya menggunakan password • adanya kelas / klasifikasi
Jenis Serangan (attack) • Menurut W. Stallings • Interruption • Interception • Modification • Fabrication
Teknologi Kriptografi • Penggunaan enkripsi untuk meningkatkan keamanan • Private key vs public key • Contoh: DES, RSA
Encryption Private Key Cryptosystem Shared (secret) key Decryption Plaintext Plaintext Ciphertext My phone555-1234 My phone555-1234 Y$3*@
Private Key Cryptosystem • Uses one secret key to encrypt and decrypt • Problem in key distribution and management • Key distribution requires separate channel • The number of keys grows exponentially • Advantage: fast operation • Examples: DES, IDEA
Encryption Public Key Cryptosystem Public key repositoryCertificate Authority (CA) Public key Private key Decryption Plaintext Plaintext Ciphertext My phone555-1234 My phone555-1234 Y$3*@
Public Key Cryptosystem • Uses different keys to encrypt and decrypt • Less number of keys • Requires extensive computing power to calculate • Requires key repository • Key management may be complicated • Examples: RSA, ECC
Public Key Cryptosystem • Public Key Infrastructure (PKI)Infrastruktur Kunci Publik (IKP) • Now the foundation of secure e-commerce. Standard. • Certification Authority • Verisign • Indosign (recently launced)
Studying Hackers • Who are they? • What are their motives? • How do they get in? • What do they do after they got in?
Other Security Issues • USA export restriction for strong cryptography • Cyberlaw: • Legal to use cryptography? • Digital signature law? • Privacy issues • Intellectual Proverty Rights • National Critical Infrastructure Protection
ID-CERT • Indonesia’s first computer emergency response coordination • Volunteers • Need more support • http://www.cert.or.id • Budi@cert.or.id