Technical Aspects of E-Commerce Part 2

Technical Aspects ofTechnical Aspects ofE-Commerce Part 2 of 2E-Commerce Part 2 of 2

Mort AnvariMort Anvari

2

IntroductionIntroduction

- Review

- Hardware

- Firewalls

- Networking

- Cryptography

3

ReviewReview

PC Internet

WebServer

FWR PC

PC

PC

PC

PC

MailServer

SQLServer

FileServer

4

ReviewReview

Operating

System

I/O Layer

HTMLPagesData

UserSpace

SystemSpace

Physical World

NetworkCard

VideoCard

HD Controller

Hard Drive

Motherboard

Presentation

Session

Transport

Network

Datalink

Physical

Application: Programs that directly access the presentation layer belong at least in part to the application layer.Web Server

CGI Script

Software

Hardware

5

HardwareHardware

What is it?- The physical components of a computing

system

- If it can be held in your hand it’s hardware

- If it can’t it’s software

6

HardwareHardware

Operating

System

I/O Layer

HTMLPagesData

UserSpace

SystemSpace

Physical World

NetworkCard

VideoCard

HD Controller

Hard Drive

Motherboard

Presentation

Session

Transport

Network

Datalink

Physical

Application: Programs that directly access the presentation layer belong at least in part to the application layer.Web Server

CGI Script

Software

Hardware

Current Topic

7

HardwareHardware

- Architecture

- Hard Drives

- Backup Systems

- Network Interfaces

- RAM

8

ArchitectureArchitecture

- CISC (Complex Instruction Set Comp.)Can do complex operations

Can do many functions

i.e. 486, Pentium, PowerPC

- RISC (Reduced Instruction Set Comp.)Can do a few simple operations

Faster than CISC

i.e. SPARC, HP9000

9

Hard DrivesHard Drives

- SingleA regular hard drive

- MirroredFault-Tolerant

Expensive

- Drive ArrayFault-Tolerant

Slower but cheaper than Mirror

10

Hard DrivesHard Drives

- Highly Redundant Drive EnclosureExternal to server

Can lose multiple drives

Very fast

Very expensive

11

Backup SystemsBackup Systems

- DAT (Digital Audio Tape)Fast, efficient and reliable

Tape sizes from 2-24GB

Backwards compatible

- DLT (Digital Linear Tape)Very fast, reliability problems

Tapes can hold up to 70GB

New technology

12

Backup SystemsBackup Systems

- Tape LibraryUses multiple DLTs or DATs

Uses many tapes

Robotic arm changes tapes

13

Network InterfacesNetwork Interfaces

- LAN (Local Area Network)Small in geographic size

Fast and cheap

Owned

- WAN (Wide Area Network)Connects distant LANs

Slow and expensive

Rented

14

Random Access MemoryRandom Access Memory

- RegularGarden variety memory

- ParityChecks for memory errors

Stops machine on error

- ECC (Error Checking and Correcting)Checks for memory errors

Corrects errors

15

FirewallFirewall

What is it?- A special computer system designed to isolate

one area of the network

- All network traffic going into or out of the isolated area must pass through the firewall

- Only allows traffic to pass that meets a set of criteria based on company policy

- Like the gate house in a jail

- It’s software

16

FirewallFirewall

PC Internet

WebServer

FWR PC

PC

PC

PC

PC

MailServer

SQLServer

FileServer

17

FirewallFirewall

Operating

System

I/O Layer

LogsData

UserSpace

SystemSpace

Physical World

NetworkCard

VideoCard

HD Controller

Hard Drive

Motherboard

Presentation

Session

Transport

Network

Datalink

Physical

Application: Programs that directly access the presentation layer belong at least in part to the application layer.

Software

Hardware

Current Topic

Firewall Software

18

NetworkingNetworking

What is it?- A series of devices called nodes

interconnected by communication pathways

- Nodes can be computers or devices that help the network function

- Networks can be connected or contain sub networks

- It’s made up of hardware and software

19


PC Internet

WebServer

FWR PC

PC

PC

PC

PC

MailServer

SQLServer

FileServer

20


Operating

System

I/O Layer

HTMLPagesData

UserSpace

SystemSpace

Physical World

NetworkCard

VideoCard

HD Controller

Hard Drive

Motherboard

Presentation

Session

Transport

Network

Datalink

Physical

Application: Programs that directly access the presentation layer belong at least in part to the application layer.

Software

Hardware

Current Topic

Power Point

Web Client

Mail Client

21


- The OSI Model

- An Example Transmission

22

The OSI ModelThe OSI Model

- Framework describing network

protocols

- 7 Layers

- 1 Layer = 1 Aspect of Networking

- Layers only aware of neighbors

- Layers provide flexibility and

functionality

23

The OSI ModelThe OSI Model

The OS and the Network Card work together to make a complete stack.

The OS is responsiblefor these functions

The Network Card is responsible for these

functions

ApplicationApplication

PresentationPresentation

SessionSession

TransportTransport

NetworkNetwork

DatalinkDatalink

PhysicalPhysical

24

Application LayerApplication Layer

- Where actual services reside

- HTTP, FTP, Gopher, DNS etc.

- Not related to Applications you

use like Word or Excel

AA

PP

SS

TT

NN

DD

PP

25

Presentation LayerPresentation Layer

- Data “pre-processed”

- Compression

- SSL

- ASCII Translations

AA

PP

SS

TT

NN

DD

PP

26

Session LayerSession Layer

- Manages connections

- Initiates

- Maintains

- Disconnects

AA

PP

SS

TT

NN

DD

PP

27

Transport LayerTransport Layer

- Breaks data down into more

manageable pieces (sending)

- Reforms original data from small

pieces (receiving)

- Checks for errors

AA

PP

SS

TT

NN

DD

PP

28

Network LayerNetwork Layer

- Sends data between networks

- 192.168.0.1 a network address

- 192.168.0 = network part

- .1 = host part

- Router works at this level

- If destination is on same network

host sends data directly

AA

PP

SS

TT

NN

DD

PP

29

Network LayerNetwork Layer

- If destination is on another network

host sends data to right router

- If right router is unknown, data is

sent to the Default Router or

Default Gateway

AA

PP

SS

TT

NN

DD

PP

30

Data Link LayerData Link Layer

- How data should actually be

transmitted

- How the bits should be arranged

- Detects errors

- Has a unique “MAC” address

ex. 00:60:08:8D:F0:96

AA

PP

SS

TT

NN

DD

PP

31

Data Link LayerData Link Layer

- A bridge splits network into 2

segments

- Makes decisions based on MAC

address in each packet

- Improves performance

- A switch is a bridge that works

with more than 2 segments

AA

PP

SS

TT

NN

DD

PP

32

The Physical LayerThe Physical Layer

- Defines the electrical, mechanical

and physical aspects of a network - Cables

- Hubs

- Connectors

- Topologies

AA

PP

SS

TT

NN

DD

PP

33

Star TopologyVery Manageable and Reasonably Priced

Examples: 10BaseT, 100BaseT, 100BaseVG

Physical Layer: TopologiesPhysical Layer: Topologies

Hub

Computers

Network Cable

AA

PP

SS

TT

NN

DD

PP

34


Point to Point TopologyUsed Almost Exclusively in WANs

Examples: Modems, ISDN, Leased Lines, ADSL, T1

WAN Link

Computers/Routers

AA

PP

SS

TT

NN

DD

PP

35


Other Topologies

- Linear Bus

- Ring

- Mesh

- Cell

- Torus

AA

PP

SS

TT

NN

DD

PP

36

An ExampleAn Example



SessionSession

TransportTransport

NetworkNetwork

DatalinkDatalink

PhysicalPhysical

Send picture to clientSend picture to client

Encrypt using SSLEncrypt using SSL

Establish connectionEstablish connection

Divide picture into tiny packetsDivide picture into tiny packets

Send to proper networkSend to proper network

Format packet and identify clientFormat packet and identify client

Transmit packet to clientTransmit packet to client

ServerDisplay picture in

browserDisplay picture in

browser

Decrypt using SSLDecrypt using SSL

Authenticate and receive connection

Authenticate and receive connection

Reassemble packets into picture

Reassemble packets into picture

Determine if it’s our packet and networkDetermine if it’s our packet and network

Check for errors and if it’s ours

Check for errors and if it’s ours

Receive packets from server

Receive packets from server



SessionSession

TransportTransport

NetworkNetwork

DatalinkDatalink

PhysicalPhysical

Client

37


When the packet is transmitted each layer has added it’s own “Header”. The

Datalink layer often adds a “Tail” as well to provide error checking.

A Packet in TransitDD NN TT SS PP Data FragmentData Fragment DD

38


HubWeb

ServerSwitch PC

PC

PC

PC

PC

Client

PC

PC

Router

PC

PCPCPC

Hub

Hub

Network A - Segment 1 (10BaseT)

Network A - Segment 2 (10BaseT)

Network A - Segment 3 (FDDI)

PC

Network B - Not Segmented (100BaseFX)

PC

39

EncryptionEncryption

What is it?- The conversion of data into a form that cannot

be easily understood by unauthorized people

- The opposite is decryption, that is, changing the difficult to read form back into the original

- It’s usually software, but can be hardware

40

CryptographyCryptography

- What does it do for me?

- Symmetric Encryption

- Asymmetric Encryption

- One Way Hash

- Example: An Encrypted E-Mail

41

What does it do for me?What does it do for me?

Confidentiality: The data can only be read by the intended recipients

Non-Repudiation: The data cannot be forged. If data is “signed” by a person, the data could only have come from them. No more “I didn’t send that!”

Data Integrity: The data cannot be modified without detection

42

Symmetric EncryptionSymmetric Encryption

- Data is encrypted and decrypted

with the same key

- Fast

- Key must be kept secret

- Key must be sent Out of Band

- DES and IDEA are symmetric

43

Asymmetric EncryptionAsymmetric Encryption

- Uses 2 keys

- Data encrypted with one key can

only be decrypted with the other

- Public key is shared with all

- Public key can be sent In Band

- Private key must be kept secret

- RSA is asymmetric

44

One Way HashOne Way Hash

- A “fingerprint” of data

- Any size data = same size hash

- Tiny changes in data produce

a very different hash

45

Example: Encrypted E-MailExample: Encrypted E-Mail

Anne wants to send e-mail to Bob. The plaintext message compressed to make it smaller and the ciphertext stronger.

Plaintext CompressionSmall

Plaintext

46


The plaintext message is run through a hash algorithm to generate a “fingerprint”.

Small

PlaintextHash Function Fingerprint

47


The fingerprint is encrypted using Anne’s private key. This makes it into a digital signature. It is then appended to the plaintext.

Anne’s PrivateKey

Small

Plaintext

Signature

Fingerprint

48


A Random key is generated and the e-mail is symmetrically encrypted using that.

Small

Plaintext Random Key

CiphertextEncrypted

withRandom

KeySignature

49


The Random Key is Encrypted using Bob’s public key. The result is called a “Strong Box”. Remember that only Bob can read the contents of the Box.

Bob’s PublicKey

Random KeyRandom Key

A Box for Bob

50

Random Key

A Box for Bob


The Box is attached to the ciphertext and they are sent over e-mail to Bob.

CiphertextEncrypted

withRandom

Key

To Bob Internet

51


Bob decrypts his Strong Box to get the Random Key. Only Bob’s private key can open the Box which was encrypted with his public key.

Bob’s PrivateKey

Random KeyRandom Key

A Box for Bob

52


Bob decrypts the ciphertext using the random key which he got from his Strong Box.

Random Key

CiphertextEncrypted

withRandom

Key

Small

Plaintext

Signature

53


Bob decrypts Anne’s signature using her public key. Since only Anne could have encrypted it with her private key, Bob knows the message had to come from her.

Anne’s PublicKeySignature Fingerprint

54


Bob runs the unencrypted message through the hash function. If this fingerprint is the same as the one from the signature, the message was not changed in transit.

Small

PlaintextHash Function

CalculatedFingerprint

ReceivedFingerprint

or

55


Finally, the message is uncompressed. Bob can read the message knowing for certain that it’s from Anne, it’s what Anne wrote and only the two of them could have read it.

Plaintext CompressionSmall

Plaintext

Technical Aspects of E-Commerce Part 2

Documents

Transcript of Technical Aspects of E-Commerce Part 2