Everything you want to know about the Internet, secure e-commerce, e-business, and other new digital economy but were afraid to ask

Looking at current situation and future opportunities

Budi Rahardjo

Current affiliations

Bandung High-Tech Valley (BHTV)

Introduction to the Internet

The Internet … means

Information Bahn, the net, … a global system connecting public and private network to share information among universities, governments, business, individuals

Technology based on TCP/IP, web oriented

The Internet

Recognized as foundation of the “New Digital Networked Economy”

Important!Numerous IT / Internet initiatives in

the USA to guarantee their domination

The History of the Internet

ARPANET (1969) MILNET (1980) NSFNET (1986)

National Science Foundation Network (NSFNET) linked researchers across the country with five supercomputer centers

Commercial Internet (1995-Now)

Let the game begins...

Internet Technology

LAN

LAN LAN

LAN

WAN

WAN

Internet

Internet Growth

Exponential Matthew Gray of the Massachusetts Institute of

Technologyhttp://www.mit.edu/people/mkgray/net/

Internet Statistics and Demographicshttp://lcweb.loc.gov/global/internet/inet-stats.html

Connection from home

Internet

ISP

Client

ISP

Client

• Modem• Phone Line• Computer• ISP Connection

Internet Services

World Wide Web (WWW)Electronic Mail (Email)File Transfer Protocol (FTP)Internet Relay Chat (IRC), MUDMultimedia ApplicationsNewsgroupWide Area Information Systemand many more...

Internet Apps

Distance Learning

Electronic Commerce

Voice Over Internet

Video On Demand

WebTV/InternetTV

New Internet Devices

Introduction to e-commerce, e-business

What is e-commerce?

Commerce based on electronics / information technology

e-commerce to commerce is like email to conventional mail Things that were not possible are now

possible How many conventional mails you send

to your friends monthly? You send more emails.

What is e-business

Business utilizes electronics or ITE-business or Out-of-business

Things that make you hmm…

Computers were only used to replace typewriter

Computers can do more (not just an electronic typewriter) Save, recall, easy editing Transfer files without changing the format,

layout, content File sharring Desktop publishing, arts Features that were difficult to

interpolate from typewriter

E-commerce & E-business then…

Uses Internet (media & technology, web)

Internet and computer networks are not just replacement of telephone and fax

The ability to exploit technology (information, computing, communication) will win Save cost, reduce time, reach the whole

world, better supply chain, …

Implications

Advances in computing, communication should increase our quality of life. Is it? Longer working hours. Work even at home No “life” (family) Wider gaps between the have and the

have notsAre you really ready for this?

E-commerce & E-Business in Indonesia

Depends on readiness in Economy: understanding the New Digital

Economy Legal framework: Cyberlaw (eg. Digital

signature law, IPR) Hard infrastructure: telcos, power, human

resources Soft infrastructure: IDNIC (domain), IDCERT

(security) Community: culture, ethics

Indonesia Cybercommunity

Define “Indonesia cybercommunity”!Since the Indonesian digital

population is still small, opportunity to create a better community. No “burden of size”.

Ethics!

Ethics: Do well or do right?

“Business ethics” is oxymoronDo the right thing!Corporate must have values

From “Silicon Valley”, magazine of San Jose Mercury News, 4.16.2000http://www.svmagazine.com/2000/week17/features/Story01.html

Example: Propel.com 13 commandments

Think and act like an owner Have fun Recognize accomplishment Keep a balance in your life Teach and learn from each other Communicate without fear of retribution Require quality beyond customer expectations Improve continuously Go the extra mile to take care of customer Play to win-win Act with sense of urgency Make and meet commitments Give back to the community

Something to ponder

In the end, your integrity is all you’ve got(Jack Welch, GE)

Reading materials

From Business to E-Business in 8 Stepshttp://www.cognitiative.com

Secure E-Commerce

E-commerce & Security

Trust, security and confidence are esential to underpin e-commerce

E-commerce will be accepted if the security is at an acceptable level

Are we there yet? Is it acceptable?Business cannot wait

E-security Statistics

Difficult to get exact numbers due to negative publicity

1996. FBI National Computer Crime Squad, detected computer crime 15%, only 10% of that number is reported.

1996. American Bar Association: survey of 1000 companies, 48% experienced computer fraud in the last 5 years.

1996. Di Inggris, NCC Information Security Breaches Survey: computer crime increased 200% from1995 to 1996.

1997. FBI: computer crime case in court increased 950% from 1996 to 1997, convicted in court increased 88%.

More Statistics

1999 CSI/FBI Computer Crime and Security SurveyDisgruntled employees 86%

Independent hackers 74%US Competitors 53%Foreign corp. 30%Foreign gov. 21%

http://www.gosci.com

The Point …

Security awareness is still low.No budget!

Information Week (survey in USA, 1999), 1271 system or network manager, only 22% think that security is important

Vandalized Indonesian Sites

Polri, Satelindo, BEJ, BCADoS attack to various web sites

Security Services

Privacy / confidentialityIntegrityAuthenticationAvailabilityNon-repudiationAccess controlSome can be achived with cryptography

Privacy / confidentiality

Proteksi data [pribadi] yang sensitif Nama, tempat tanggal lahir, agama,

hobby, penyakit yang pernah diderita, status perkawinan

Data pelanggan Sangat sensitif dalam e-commerce,

healthcareSerangan: sniffer

Integrity

Informasi tidak berubah tanpa ijin (tampered, altered, modified)

Serangan: spoof, virus, trojan horse

Authentication

Meyakinkan keaslian data, sumber data, orang yang mengakses data, server yang digunakan penggunaan digital signature,

biometricsSerangan: password palsu

Availability

Informasi harus dapat tersedia ketika dibutuhkan server dibuat hang, down, crash Serangan terhadap Yahoo!, ebay, CNN

Serangan: Denial of Service (DoS) attack

Non-repudiation

Tidak dapat menyangkal (telah melakukan transaksi) menggunakan digital signature perlu pengaturan masalah hukum

Access Control

Mekanisme untuk mengatur siapa boleh melakukan apa biasanya menggunakan password adanya kelas / klasifikasi

Jenis Serangan (attack)

Menurut W. Stallings Interruption Interception Modification Fabrication

Teknologi Kriptografi

Penggunaan enkripsi untuk meningkatkan keamanan

Private key vs public keyContoh: DES, RSA

Private Key Cryptosystem

Encryption DecryptionPlaintextCiphertext

Shared (secret) key

Y$3*@My phone555-1234

My phone555-1234

Plaintext

Private Key Cryptosystem

Uses one secret key to encrypt and decrypt

Problem in key distribution and management Key distribution requires separate channel The number of keys grows exponentially

Advantage: fast operationExamples: DES, IDEA

Public Key Cryptosystem

Encryption DecryptionPlaintextCiphertext

Y$3*@My phone555-1234

My phone555-1234

Plaintext

Public key

Private key

Public key repositoryCertificate Authority (CA)

Public Key Cryptosystem

Uses different keys to encrypt and decrypt

Less number of keysRequires extensive computing power to

calculateRequires key repositoryKey management may be complicatedExamples: RSA, ECC

Public Key Cryptosystem

Public Key Infrastructure (PKI)Infrastruktur Kunci Publik (IKP)

Now the foundation of secure e-commerce. Standard.

Certification Authority Verisign Indosign (recently launced)

Studying Hackers

Who are they?What are their motives?How do they get in?What do they do after they got in?

Other Security Issues

USA export restriction for strong cryptography

Cyberlaw: Legal to use cryptography? Digital signature law? Privacy issues Intellectual Proverty Rights

National Critical Infrastructure Protection

ID-CERT

Indonesia’s first computer emergency response coordination

VolunteersNeed more supporthttp://www.cert.or.idBudi@cert.or.id