Technical Aspects of E-Commerce Part 2
-
Upload
tejasvi-sharma -
Category
Documents
-
view
104 -
download
0
Transcript of Technical Aspects of E-Commerce Part 2
Technical Aspects ofTechnical Aspects ofE-Commerce Part 2 of 2E-Commerce Part 2 of 2
Mort AnvariMort Anvari
2
IntroductionIntroduction
- Review
- Hardware
- Firewalls
- Networking
- Cryptography
3
ReviewReview
PC Internet
WebServer
FWR PC
PC
PC
PC
PC
MailServer
SQLServer
FileServer
4
ReviewReview
Operating
System
I/O Layer
HTMLPagesData
UserSpace
SystemSpace
Physical World
NetworkCard
VideoCard
HD Controller
Hard Drive
Motherboard
Presentation
Session
Transport
Network
Datalink
Physical
Application: Programs that directly access the presentation layer belong at least in part to the application layer.Web Server
CGI Script
Software
Hardware
5
HardwareHardware
What is it?- The physical components of a computing
system
- If it can be held in your hand it’s hardware
- If it can’t it’s software
6
HardwareHardware
Operating
System
I/O Layer
HTMLPagesData
UserSpace
SystemSpace
Physical World
NetworkCard
VideoCard
HD Controller
Hard Drive
Motherboard
Presentation
Session
Transport
Network
Datalink
Physical
Application: Programs that directly access the presentation layer belong at least in part to the application layer.Web Server
CGI Script
Software
Hardware
Current Topic
7
HardwareHardware
- Architecture
- Hard Drives
- Backup Systems
- Network Interfaces
- RAM
8
ArchitectureArchitecture
- CISC (Complex Instruction Set Comp.)Can do complex operations
Can do many functions
i.e. 486, Pentium, PowerPC
- RISC (Reduced Instruction Set Comp.)Can do a few simple operations
Faster than CISC
i.e. SPARC, HP9000
9
Hard DrivesHard Drives
- SingleA regular hard drive
- MirroredFault-Tolerant
Expensive
- Drive ArrayFault-Tolerant
Slower but cheaper than Mirror
10
Hard DrivesHard Drives
- Highly Redundant Drive EnclosureExternal to server
Can lose multiple drives
Very fast
Very expensive
11
Backup SystemsBackup Systems
- DAT (Digital Audio Tape)Fast, efficient and reliable
Tape sizes from 2-24GB
Backwards compatible
- DLT (Digital Linear Tape)Very fast, reliability problems
Tapes can hold up to 70GB
New technology
12
Backup SystemsBackup Systems
- Tape LibraryUses multiple DLTs or DATs
Uses many tapes
Robotic arm changes tapes
13
Network InterfacesNetwork Interfaces
- LAN (Local Area Network)Small in geographic size
Fast and cheap
Owned
- WAN (Wide Area Network)Connects distant LANs
Slow and expensive
Rented
14
Random Access MemoryRandom Access Memory
- RegularGarden variety memory
- ParityChecks for memory errors
Stops machine on error
- ECC (Error Checking and Correcting)Checks for memory errors
Corrects errors
15
FirewallFirewall
What is it?- A special computer system designed to isolate
one area of the network
- All network traffic going into or out of the isolated area must pass through the firewall
- Only allows traffic to pass that meets a set of criteria based on company policy
- Like the gate house in a jail
- It’s software
16
FirewallFirewall
PC Internet
WebServer
FWR PC
PC
PC
PC
PC
MailServer
SQLServer
FileServer
17
FirewallFirewall
Operating
System
I/O Layer
LogsData
UserSpace
SystemSpace
Physical World
NetworkCard
VideoCard
HD Controller
Hard Drive
Motherboard
Presentation
Session
Transport
Network
Datalink
Physical
Application: Programs that directly access the presentation layer belong at least in part to the application layer.
Software
Hardware
Current Topic
Firewall Software
18
NetworkingNetworking
What is it?- A series of devices called nodes
interconnected by communication pathways
- Nodes can be computers or devices that help the network function
- Networks can be connected or contain sub networks
- It’s made up of hardware and software
19
NetworkingNetworking
PC Internet
WebServer
FWR PC
PC
PC
PC
PC
MailServer
SQLServer
FileServer
20
NetworkingNetworking
Operating
System
I/O Layer
HTMLPagesData
UserSpace
SystemSpace
Physical World
NetworkCard
VideoCard
HD Controller
Hard Drive
Motherboard
Presentation
Session
Transport
Network
Datalink
Physical
Application: Programs that directly access the presentation layer belong at least in part to the application layer.
Software
Hardware
Current Topic
Power Point
Web Client
Mail Client
21
NetworkingNetworking
- The OSI Model
- An Example Transmission
22
The OSI ModelThe OSI Model
- Framework describing network
protocols
- 7 Layers
- 1 Layer = 1 Aspect of Networking
- Layers only aware of neighbors
- Layers provide flexibility and
functionality
23
The OSI ModelThe OSI Model
The OS and the Network Card work together to make a complete stack.
The OS is responsiblefor these functions
The Network Card is responsible for these
functions
ApplicationApplication
PresentationPresentation
SessionSession
TransportTransport
NetworkNetwork
DatalinkDatalink
PhysicalPhysical
24
Application LayerApplication Layer
- Where actual services reside
- HTTP, FTP, Gopher, DNS etc.
- Not related to Applications you
use like Word or Excel
AA
PP
SS
TT
NN
DD
PP
25
Presentation LayerPresentation Layer
- Data “pre-processed”
- Compression
- SSL
- ASCII Translations
AA
PP
SS
TT
NN
DD
PP
26
Session LayerSession Layer
- Manages connections
- Initiates
- Maintains
- Disconnects
AA
PP
SS
TT
NN
DD
PP
27
Transport LayerTransport Layer
- Breaks data down into more
manageable pieces (sending)
- Reforms original data from small
pieces (receiving)
- Checks for errors
AA
PP
SS
TT
NN
DD
PP
28
Network LayerNetwork Layer
- Sends data between networks
- 192.168.0.1 a network address
- 192.168.0 = network part
- .1 = host part
- Router works at this level
- If destination is on same network
host sends data directly
AA
PP
SS
TT
NN
DD
PP
29
Network LayerNetwork Layer
- If destination is on another network
host sends data to right router
- If right router is unknown, data is
sent to the Default Router or
Default Gateway
AA
PP
SS
TT
NN
DD
PP
30
Data Link LayerData Link Layer
- How data should actually be
transmitted
- How the bits should be arranged
- Detects errors
- Has a unique “MAC” address
ex. 00:60:08:8D:F0:96
AA
PP
SS
TT
NN
DD
PP
31
Data Link LayerData Link Layer
- A bridge splits network into 2
segments
- Makes decisions based on MAC
address in each packet
- Improves performance
- A switch is a bridge that works
with more than 2 segments
AA
PP
SS
TT
NN
DD
PP
32
The Physical LayerThe Physical Layer
- Defines the electrical, mechanical
and physical aspects of a network - Cables
- Hubs
- Connectors
- Topologies
AA
PP
SS
TT
NN
DD
PP
33
Star TopologyVery Manageable and Reasonably Priced
Examples: 10BaseT, 100BaseT, 100BaseVG
Physical Layer: TopologiesPhysical Layer: Topologies
Hub
Computers
Network Cable
AA
PP
SS
TT
NN
DD
PP
34
Physical Layer: TopologiesPhysical Layer: Topologies
Point to Point TopologyUsed Almost Exclusively in WANs
Examples: Modems, ISDN, Leased Lines, ADSL, T1
WAN Link
Computers/Routers
AA
PP
SS
TT
NN
DD
PP
35
Physical Layer: TopologiesPhysical Layer: Topologies
Other Topologies
- Linear Bus
- Ring
- Mesh
- Cell
- Torus
AA
PP
SS
TT
NN
DD
PP
36
An ExampleAn Example
ApplicationApplication
PresentationPresentation
SessionSession
TransportTransport
NetworkNetwork
DatalinkDatalink
PhysicalPhysical
Send picture to clientSend picture to client
Encrypt using SSLEncrypt using SSL
Establish connectionEstablish connection
Divide picture into tiny packetsDivide picture into tiny packets
Send to proper networkSend to proper network
Format packet and identify clientFormat packet and identify client
Transmit packet to clientTransmit packet to client
ServerDisplay picture in
browserDisplay picture in
browser
Decrypt using SSLDecrypt using SSL
Authenticate and receive connection
Authenticate and receive connection
Reassemble packets into picture
Reassemble packets into picture
Determine if it’s our packet and networkDetermine if it’s our packet and network
Check for errors and if it’s ours
Check for errors and if it’s ours
Receive packets from server
Receive packets from server
ApplicationApplication
PresentationPresentation
SessionSession
TransportTransport
NetworkNetwork
DatalinkDatalink
PhysicalPhysical
Client
37
An ExampleAn Example
When the packet is transmitted each layer has added it’s own “Header”. The
Datalink layer often adds a “Tail” as well to provide error checking.
A Packet in TransitDD NN TT SS PP Data FragmentData Fragment DD
38
An ExampleAn Example
HubWeb
ServerSwitch PC
PC
PC
PC
PC
Client
PC
PC
Router
PC
PCPCPC
Hub
Hub
Network A - Segment 1 (10BaseT)
Network A - Segment 2 (10BaseT)
Network A - Segment 3 (FDDI)
PC
Network B - Not Segmented (100BaseFX)
PC
39
EncryptionEncryption
What is it?- The conversion of data into a form that cannot
be easily understood by unauthorized people
- The opposite is decryption, that is, changing the difficult to read form back into the original
- It’s usually software, but can be hardware
40
CryptographyCryptography
- What does it do for me?
- Symmetric Encryption
- Asymmetric Encryption
- One Way Hash
- Example: An Encrypted E-Mail
41
What does it do for me?What does it do for me?
Confidentiality: The data can only be read by the intended recipients
Non-Repudiation: The data cannot be forged. If data is “signed” by a person, the data could only have come from them. No more “I didn’t send that!”
Data Integrity: The data cannot be modified without detection
42
Symmetric EncryptionSymmetric Encryption
- Data is encrypted and decrypted
with the same key
- Fast
- Key must be kept secret
- Key must be sent Out of Band
- DES and IDEA are symmetric
43
Asymmetric EncryptionAsymmetric Encryption
- Uses 2 keys
- Data encrypted with one key can
only be decrypted with the other
- Public key is shared with all
- Public key can be sent In Band
- Private key must be kept secret
- RSA is asymmetric
44
One Way HashOne Way Hash
- A “fingerprint” of data
- Any size data = same size hash
- Tiny changes in data produce
a very different hash
45
Example: Encrypted E-MailExample: Encrypted E-Mail
Anne wants to send e-mail to Bob. The plaintext message compressed to make it smaller and the ciphertext stronger.
Plaintext CompressionSmall
Plaintext
46
Example: Encrypted E-MailExample: Encrypted E-Mail
The plaintext message is run through a hash algorithm to generate a “fingerprint”.
Small
PlaintextHash Function Fingerprint
47
Example: Encrypted E-MailExample: Encrypted E-Mail
The fingerprint is encrypted using Anne’s private key. This makes it into a digital signature. It is then appended to the plaintext.
Anne’s PrivateKey
Small
Plaintext
Signature
Fingerprint
48
Example: Encrypted E-MailExample: Encrypted E-Mail
A Random key is generated and the e-mail is symmetrically encrypted using that.
Small
Plaintext Random Key
CiphertextEncrypted
withRandom
KeySignature
49
Example: Encrypted E-MailExample: Encrypted E-Mail
The Random Key is Encrypted using Bob’s public key. The result is called a “Strong Box”. Remember that only Bob can read the contents of the Box.
Bob’s PublicKey
Random KeyRandom Key
A Box for Bob
50
Random Key
A Box for Bob
Example: Encrypted E-MailExample: Encrypted E-Mail
The Box is attached to the ciphertext and they are sent over e-mail to Bob.
CiphertextEncrypted
withRandom
Key
To Bob Internet
51
Example: Encrypted E-MailExample: Encrypted E-Mail
Bob decrypts his Strong Box to get the Random Key. Only Bob’s private key can open the Box which was encrypted with his public key.
Bob’s PrivateKey
Random KeyRandom Key
A Box for Bob
52
Example: Encrypted E-MailExample: Encrypted E-Mail
Bob decrypts the ciphertext using the random key which he got from his Strong Box.
Random Key
CiphertextEncrypted
withRandom
Key
Small
Plaintext
Signature
53
Example: Encrypted E-MailExample: Encrypted E-Mail
Bob decrypts Anne’s signature using her public key. Since only Anne could have encrypted it with her private key, Bob knows the message had to come from her.
Anne’s PublicKeySignature Fingerprint
54
Example: Encrypted E-MailExample: Encrypted E-Mail
Bob runs the unencrypted message through the hash function. If this fingerprint is the same as the one from the signature, the message was not changed in transit.
Small
PlaintextHash Function
CalculatedFingerprint
ReceivedFingerprint
or
55
Example: Encrypted E-MailExample: Encrypted E-Mail
Finally, the message is uncompressed. Bob can read the message knowing for certain that it’s from Anne, it’s what Anne wrote and only the two of them could have read it.
Plaintext CompressionSmall
Plaintext