Title: An Analysis for E-Commerce, focusing onto online purchase

Analysis for E-Commerce -- Focusing on Online Purchasing in TaiwanECE578 Final Project ReportDr. Cetin Kaya KocWen-Chun YangOregon State University

Analysis for E-Commerce Focusing on Online Purchasing in TaiwanWen-Chun Yang

Oregon State University

AbstractAs technology improves, people purchase more goods without leaving the house. How can they do this? They can do this via the Internet and can buy anything from different countries. Online purchasing really brings out another shopping market place to society. However, how can the consumers feel comfortable and safe after placing their orders online without worrying that his/her credit cards might be used in other transactions? How can users trust a third party and be willing to make the order online. This issue has become a problem for the retail industry.

In this project, I will focus on all the information related to the electronic commerce (e-Commerce) and list all the pros and cons for different online shopping styles. In addition, I will analyze the difficulties for online purchasing behaviors in Taiwan.

Keyword

E-Commerce; cryptography; online purchasing; the third party.I. INTRODUCTIONAs technology improves, people purchase more goods without leaving their home. How can they do this? They can do this via the Internet and can buy anything from different countries. Online purchasing really brings out another shopping market place to society. However, how can the consumers feel comfortable and safe after placing their orders online without worrying that his/her credit cards might be used in other transactions[1]? How can users be made to trust a third party and be willing to make the order online, has become a problem for the retail industry [2].

As cryptographic engineers, what we need to worry about is how to provide a suitable and worry-free online purchasing environment for society. There are many difficulties in this issue, for example, the security problem could be the biggest concern. There are still many concerns in this subject, which motivate the cryptographic engineers to research this topic to figure out a better way to solve this problem. For instance, is it safe to share personal financial information with a third party? Is the purchased transaction safe while it is on the way to the bank? In this project, I will focus on all the information related to the e-commerce and list all the pros and cons for different online shopping styles. In addition, I will analyze the difficulties for online purchasing behaviors in Taiwan. The rest of the paper is organized as follows. Section II talks about the preliminaries. Section III defines the E-commerce and vulnerabilities. Section IV presents the difficulties for online purchasing behaviors in Taiwan. Section V concludes this paper.II. PRELIMINARIESThere are many terminologies used for Cryptography and network security, which will be introduced as follows: computer security, network security, internet security, services, mechanisms, and the OSI security architecture.Definition

A Computer Security is the generic name for the collection of tools designed to protect data and to thwart hackers [3] [4] [5].

A Network Security is the measurement for protecting data during their transmission [3] [4] [5].An Internet Security is the measurement for protecting data during their transmission over a collection of interconnected networks [3] [4] [5].A Service is something that enhances the security of the data processing systems and the information transfers of an organization. It intends to counter the security attacks and makes use of one or more security mechanisms in order to provide the service. Also, it can replicate functions normally associated with physical documents [3] [4] [5].

A Mechanism is designed to detect, prevent, or recover from a security attack. There is no single mechanism that will support all the required functions. However, one particular element underlies many of the security mechanisms in use, which is a cryptographic technique [3] [4] [5].

The OSI security architecture is useful to organize the task for providing security. Due to the fact that, it was defined as an international standard, the computer and communication vendors have developed their projects and services related to this structure. It focuses on the security services, mechanisms, and attacks.MOTIVATIONReliability is one of the major problems in e-Commerce. How to make people trust the system and start making purchases on the Internet become the motivation for the Industry and the engineer. In order to realize the solution for solving this issue, one has to understand the OSI security architecture.As mention in the previous section, there are three topics included in the OSI security architecture, which are: security services, security mechanisms, and security attacks. X.800 and EFC 2828 are the standards, which define the security service [3] [4]. The International Telecommunication Union (ITU) recommends X.800 should be used for defining the OSI security architecture, which defines it in five major categories and would be discussed in the next sections [3] [4]: Authentication the assurance that the communicating entity is the one claimed [3] [4]. Access Control the prevention of the unauthorized use of a resource [3] [4]. Data Confidentiality the protection of data from unauthorized disclosure [3] [4]. Data Integrity the assurance that data received is as sent by an authorized entity [3] [4]. Non-Repudiation the protection against denial by one of the parties in a communication [3] [4].

III. E-COMMERCE AND VULNERABILITYAs technology improves, the Internet and World Wide Web (WWW) have been used for commercial purposes increasingly [6]. People start their business by putting the goods on the Internet and creating the website to show people their products in order to sell. In addition, this market becomes better and widely opens up to everyone in the world. However, the biggest issue of this market is still security and so far there is no good solution for this. How do people know this online purchasing is worry-free? How much security is enough for the online business? Those are the issues that people are still arguing about, which will be discussed in the next sections. Before using the computer system or installing new software, a prudent organization will check the system in order to ensure that it provides enough security. An organization can determine the security of a computing system by measuring the cost of finding and exploiting a security vulnerability in that system [7] [8]. This measurement is most effective when people also know how much security the organization requires. In order to answer how much security is enough, one must first determine what types of advantages are needed in order to defend against the hackers and what choices are for each adversary type[7].

However, the current rapid development for both the new Information Technology and the e-Commerce has resulted in a strong demand for reliable and secure copyright protection techniques for multimedia data [9]. Two of the recent solutions introduced here would be the design of buyer-seller watermarking protocol without trusted third party[9], and browser spoofing attach, which can break the weakest link from the server to use[10].

First, the technique introduced in [9] is about how to protect both seller and buyers rights and buyers anonymity. [11] proposed an anonymous buyer-seller watermarking protocol, which does not take the buyers right into consideration since the seller might be able to change or recreate the buyers transaction if he/she includes the watermark certification authority and extra required information for the credit card companies [10]. It needs a trusted third party for its security. However, the authors in [10] propose a secure buyer-seller watermarking protocol without a trusted third party. It applies the secure commutative cryptosystems to the watermarking protocol[10], but this causes higher computational complexity and communication pass number in the watermark generation step compared with [11].

Another technique introduced in [10] is an effective attack, browser spoofing that makes the browser un-trustable. It is developed to show the trust path from user side to the web browser is still weak, even though some of the security protocols like SSL are secure enough for end-to-end security [10]. It also shows that this weakness still exists between the user and its browser and it is still dangerous to make online activities although all the programming languages(i.e. Java, JavaScript) and dynamic properties(i.e. form functions, frames) do provide rich effects[10]. However, the author from [10] has made some suggestions about how to make the online activities more secure by integrating the systematical defense technologies in order to trust on the web browser. The more complicated the strategies, the more user involvement. The less possible the attackers following up, the more trustworthy the content [10]. Then, the challenge is how to balance the tradeoff between trust and ease of use.

The future directions for this study are introduced in [9] [10], which give us another different opinions about how to Figure out the solutions or vulnerabilities for e-Commerce.IV. ONLINE PURCHASING BEHABIOR IN TAIWANThe online purchasing behavior discussed in this section would be based on the traditional Internet access(i.e. broadband connection, dial up connection, etc.) and the mobile Internet, which is using personal mobile to access the Internet. According to a survey conducted by FIND of ECRC-III in August 2002[12] [13], more than seven out of ten households in Taiwan possessed computers and over five had access to the Internet. Among those connected to the Internet, nearly 73% subscribed to broadband connection[12][13].

Department of Industrial Technology (DOIT, Ministry of Economic Affairs) commissioned ECRC-FIND to conduct a survey measuring ICT ( Information Communication Technology) access and use by the households in Taiwan. This survey was conducted on the phone from July 24 to August seventh in year 2003; 18,113 interviewees of the age of 15 and above were interviewed[12][13][14].

This survey intended to grasp the complete picture of how households in Taiwan used the Internet, including such areas as online shopping from home and the households' users behavior, needs and problems. Major findings of the survey are as follows[12][13][14]:

1) 57% of households were connected to the InternetWith ISPs' promotion of broadband connection and free dial-up accounts, an increasing number of households in Taiwan had access to the Internet. To the point of survey, 57% of households were connected the Internet, compared with 53% in year 2002. 71% of households in Taiwan had computers and 22% of them have online purchasing experiences in year 2003[12][13][14].

2) PCs are the major devices accessing to the Internet

The majority of the households accessed the Internet by desktop PCs (96%, Macintoshes included). A few used notebooks (16%) and wireless devices (14%)[12][13][14].3) 73% of households subscribed to broadband connection; ADSL became the mainstream

According to the survey, nearly 73%of the households in Taiwan accessed the Internet by broadband (ADSL and cable modem), four percent by narrowband, and less than one percent by wireless means (see table 1) [12][13][14]. In 2003, ADSL was the primary method of household Internet access (66%). The market sharing was different from the same period in 2002 and 2001 when most households accessed the Internet by dial-up (43 to 63%) and ADSL accounted for only 30 to 51%. Apparently, broadband connection, ADSL in particular, has become the dominant method for households to access the Internet(see table 1) [12][13][14].Connection2003(%)2002(%)2001(%)

Broadband 735840

ADSL665130

Cable Modem7810

Fiber-Optic Broadband0.8--

ISDN0.2--

Dial Up264363

Free Dialup410-

Paid Dialup2235-

Wireless0.411

Mobile Internet38--

Table 1: Ways to access Internet in Taiwan.

Information is from FIND. 4) Problems bothering Internet users at home

More households with narrowband access have complaint than households with broadband access. The most common complaint made by Internet surfers at home was the slow connection speed, followed by uneasy and unstable connection [12][13][14].5) Online shopping at home still not popularAlthough many Internet surfers at home visit the e-commerce websites, only a few of them actually did online shopping. Out of ten interviewees, six had collected product/service information on the Internet, only two really made online purchases. Price and convenience were the two major incentives that stimulated Internet users to shop online; so was the heterogeneity of products offered online. The idea of online shopping is not yet popular in Taiwan probably because many physical shops are already in place in the highly populated country[12][13][14].However, the Internet survey data from [15] shows different results compared with [12](Note that the survey questions in[15] are contained with multi-choices. Therefore, the percentages shown here would be equivalent to 100.) This survey was conducted on the Internet from December fourth to December 31st in year 2003. Since year 2002, 90% of the interviewers choose to use broadband connection since the speed is faster than other kinds of connections. Also, 64% of those interviewed had made online shopping experiences already comparing with 57% in year 2002. 33% of them have purchased more than seven times in six months comparing with the 13% in year 2002. In addition, the survey also shows that the amount of money spent from the online purchasing has increased more than 10,000 NTD from 18% in 2002 to 26% in 2003 [15]. 89% of those interviewed are satisfied about their online shopping experience and 70% of them will purchase online again in the next six months.Those online shoppers do enjoy the convenient of online purchasing about making purchasing online; however, they also worry about the information security while making the transactions. According to the data shown in [15], 15% of the interviewers worry about their privacy would be invaded by others. 37% of them do not shop online due to the security considerations. For instance, 82% of them would consider about the security of personal information before purchasing online, and 70% of them would only purchase goods from the website that provide the SSL shopping environment. Those results show that information security is really a big issue for the online shoppers. In addition, how to build a worry-free shopping environment and earn the shoppers trust are the clues for having a success online business in Taiwan [15].From [15], another interesting result shows that 73% of the online shoppers knows that the transactions need to be done with the SSL environment. Also, 92% of them would pay attention to what website would provide the SSL shopping environment. Nevertheless, only 68% of those interviewed would care about the information security while making the online purchasing.V. CONCLUSIONFrom the previous section, authors in [12][13][14][15] show online purchasing become more accepted by the society in Taiwan. However, the latest research [16] shows that the percentage of using mobile to access Internet in Taiwan (33%) is still lower than Japan(65%), South Korea(52%), and Hong Kong(44%)[15]. In order to predict the future work of the worldwide mobile Internet access, Taiwan, Japan, South Korea, Hong Kong, Greece, and Finland have come together into the Worldwide Mobile Internet Survey (WMIS) activity. Using online questionnaires to get the information about accessing Internet through the mobile devices from October to November in 2003[15]. From the results, the process for using mobile device to access Internet in Taiwan is still too small comparing with Japan, south Korea, and Hong Kong. The low connection fee is the main reason why the scale in Taiwan is worst than other countries[15]. However, this activity shows the trend of using mobile device to access Internet worldwide. Most people use mobile to access Internet while taking the transportations or waiting for sometimes from time to time. In addition, this also gives the retail industry another good chance to create its business. How to make the website more accessible through different kinds of connection devices. In this way, the e-Commerce market in Taiwan would be better and it would be more beneficial to the Internet users in Taiwan.BIBLIOGRAPHY[1] E-Taiwan Project Office, Cyber-attacks Batter Web Heavyweights. http://www.etaiwan.nat.gov.tw/content/application/etaiwan/general/guest-cnt-browse.php?grpid=5&vroot=&cntgrp_ordinal=00070001&cnt_id=843. December 2003.[2] National Information and Communications Initiative Committee. Report for different Internet Usage. http://www.nici.nat.gov.tw/content/application/nici/general/guest-cnt-browse.php?grpid=5&vroot=&cntgrp_ordinal=00060004&cnt_id=229&listtype=. June 2003.[3] Stallings, William. Cryptography and Network Security: principles and practices. 3rd ed. Prentice Hall. 2003.[4] Stajano, Frank. Security for Ubiquitous Computing. Wiley. 2002.[5] Deloitte and Touche. E-commerce Security: Security the Network Perimeter. Information Systems Audit and Control Foundation. 2002.[6] Ibrahim, M.T., Hamdolah, M., and OBrien,P.T.R.. Analysis and Design of e-Commerce Applications on the Web: A Case study of OO Techniques and Notations. Proceeding of fourth International Conference. pp.315-327. September 2003.[7]Schechter, S.E., and Smith, M.D.. How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks. Proceeding of seventh international Conference. pp. 122-137. January 2003.

[8]Schechter, S.E.. Quantitatively Differentiating System Security. The First Workshop on Economics and Information Security. 2002.[9] Choi, J.-G., Sakurai, K., and Park, J.-H.. Does It Need Trusted Third Party? Design of Buyer-Seller Watermarking Protocol without Trusted Third Party. Proceeding of first International conference of ACNS. pp.265-279. October 2003.[10]Li,T.-Y., and Wu, Y.. Trust on Web Browser: Attack vs. Defense. Proceeding of first International conference of ACNS. pp.241-253. October 2003.[11]Ju, H.-S., Kim, H.-J., Lee, D.H., and Lim, J.I.. An Anonymous Buyer-Seller Watermarking Protocol with Anonymity Control. Proceeding of ICISC2002. pp. 421-432. 2003.[12]ACI-FIND. survey measuring ICT ( Information Communication Technology) access and use by the households in Taiwan. http://www.etaiwan.nat.gov.tw/content/application/etaiwan/general/guest-cnt-browse.php?grpid=5&vroot=&cntgrp_ordinal=00070001&cnt_id=843. December 25th,2003.

[13]ACI-FIND. survey for WMIS activity. http://www.find.org.tw/0105/howmany/howmany_disp.asp?id=69. March 1st, 2004.[14]ACI-FIND. Households Online in Taiwan 2002. http://www.find.org.tw/eng/news.asp?msgid=17&subjectid=4&pos=0. January sixth, 2003.

[15]Yam.com. survey measuring online user behavior in Taiwan. http://survey.yam.com/survey2003/chart/. 2004.[16]ACI-FIND. survey for WMIS activity. http://www.find.org.tw/0105/howmany/howmany_disp.asp?id=66. December 30th, 2003.

PAGE 5