Analysis for E-Commerce --

wanderooswarrenAI and Robotics

Nov 21, 2013 (3 years and 10 months ago)

87 views




Analysis for E
-
Commerce

--

Focusing on Online Purchasing

in
Taiwan








ECE578 Final Project Report

Dr. Cetin Kaya Koc

Wen
-
Chun Yang

Oregon State University



1

Analysis for E
-
Commerce




F
ocusing on
O
nline
P
urchas
ing

in Taiwan



Wen
-
Chun Yang

Oregon St
ate University



Abstract

As
technology improves
, people purchase
more
goods without
leaving the house. How can they do this? They
can do this via
the Internet and can buy
anything from different countries
.

Online purchasing really brings out another shopp
ing market
place
to society. However, how can the consumers feel comfortable
and safe after placing their order
s

online without worrying that
his/her credit cards might be used in other transactions? How
can
users trust
a

third party and be willing to make

the order
online
.
T
his issue

ha
s

become a problem for the
retail
industry.

In this project, I will focus on all the information related
to the
electronic commerce (
e
-
C
ommerce
)
and list all the pros
and cons for different online shopping styles. In additi
on, I
will analyze the difficulties for online purchasing behaviors
in
Taiwan.



Keyword

E
-
Commerce; cryp
tograp
hy
; online purchasing;
the
third party.



I.

I
NTRODUCTION

As technology improves, people purchase more goods without
leaving the
ir

ho
me
. How can
they do this? They can do this via
the Internet and can buy anything from different countries.
Online purchasing really brings out another shopping market
place to society. However, how can the consumers feel comfortable
and safe after placing their orders

online without worrying that

2

his/her credit cards might be used in other transactions[1]?
How
can
users be made to trust a third party and be willing to
make the order online, has become a problem for the
retail
industry [
2].

As cryptographic engineer
s
,
what we need to worry about is
how to provide a suitable and worry
-
free online purchasing
environment for society. There are
many difficulties in this
issue,

f
or example, the security problem could be the biggest
concern.
There are still many concerns in t
his subject, which
motivate the cryptographic engineers to research this topic to
figure out a better way to solve this problem. For instance,
i
s it safe to share personal financial information
with

a third
party? Is the purchased transaction safe while it

is on the way
to the bank?

In this project, I will focus on all the information related
to the e
-
commerce and list all the pros and cons for different
online shopping styles. In addition, I will analyze the
difficulties for online purchasing behaviors
in

Taiwan.


The rest of the paper is organized as follows. Section II

talks about the preliminaries.
Section III defines the
E
-
commerce

and
vulnerabilities
. Section IV presents
the
difficulties for online purchasing behaviors
in

Taiwan
. Section
V concludes t
his paper.



3

II.
PRELIMINARIES

There are many
terminologies used for Cryptography and
network security, which
will

be introduced as follow
s
:

computer
security
,

network security
,

internet security
,

s
ervices
,

mechanisms
,

and the OSI security architecture.

Def
inition

A “
C
omputer Security


is the
generic name for

the collection
of tools designed to protect

data and to thwart hackers

[3
] [
4
]
[
5]
.

A “
N
etwork Security


is the

measurement

for

protect
ing

data
during their transmission

[3
] [
4
] [
5]
.

An


Internet Securi
ty


is the

measure
ment

for

protect
ing

data
during their transmission over a

collection of interconnected
networks

[3
] [
4
] [
5]
.

A “
Service


is something that enhances the security of the
data processing systems and the information transfers of an
organizati
on. It intends to counter the security attacks and
makes use of one or more security mechanisms in order to provide
the service
. Also, it can r
eplicate functions normally
associated with physical documents

[3
] [
4
] [
5]
.

A


M
echanism


is designed to detect,

prevent, or recover from
a security attack
. There is
no single mechanism that will support
all

the required functions. H
owever
,

one particular element
underlies

many of

the security mechanisms in use, which
is
a

4

cryptographic technique

[3
] [
4
] [
5]
.


The “
O
SI security architecture

is useful to organize the
task for providing security.

Due to the fact that, it was defined
as an international standard, the computer and communication
vendors have developed their projects and services related to
this structure.

It focuses on the security services, mechanisms,
and attacks.


MOTIVATION

Reliability

is one of the major problems in e
-
Commerce
.

How
to make people trust the system and start making purchas
es

on
the Internet become the motivation for the Industry and th
e

engineer. In order to realize the solution for solving this issue,
one has to understand the OSI security architecture.

As mention in the previous section, there are three topics
included in the OSI security architecture, which are: security
services, sec
urity mechanisms, and security attacks.

X.800 and
EFC 2828 are the standards, whi
ch define the security
service
[
3] [4]
.
The International Telecommunication Union (ITU)
recommends X.800

should be
used for definin
g the OSI security
architecture, which
defin
es it in five major categories

and would
be discussed in the next
sections [
3] [4]
:



Authentication


the
assurance that the communicating entity
is the one claimed

[3] [4]
.


5



Access Control


the
prevention of the unauthorized use of
a resource

[3] [4]
.



Data C
onfidentiality


the
protection of data from
unauthorized disclosure

[3] [4]
.



Data Integrity


the
assurance that data received is as sent
by an authorized entity

[3] [4]
.



Non
-
Repudiation


the
protection against denial by one of the
parties in a communicatio
n

[3] [4]
.


III.

E
-
COMMERCE AND VULNERABILITY

As technology improves, the Internet and World Wide
Web (
WWW)
have been used for commercial purposes increasingly [6].

People
start their business by putting the goods on the Internet and
creating the website t
o show
people

their products in order to
sell.

In addition
, this market becomes better and widely opens
up
to everyone in the world. However, the biggest issue of this
market is still
secu
ri
ty

and so far there is no good solution
for this. How do people k
now this online purchasing is worry
-
free?
How
much security

is enough for the online business? Those are
the issues that people are still arguing about, which
will

be
discussed in the next sections.

Before using the computer system or installing
new

softw
are,
a prudent organization will check the system in order to ensure
that it provides enough security. An organization can determine

6

the security of a computing system by measuring the cost of
finding and exploiting a security vulnerability in that system
[7] [8].

This measurement is most effective when people also
know how much security the organization requires. In order to
answer how much security is enough, one mus
t

first determine
what types of advantages
are
needed in order to defend against
the hacke
rs
a
nd what choices are
for each adversary type
[7]
.


However, the current rapid development for
both
the new
Information Technology and the
e
-
Commerce has
resulted in a
strong demand for reliable and secure copyright protection
techniques for multimedia da
ta [9].
Two of the recent solution
s

introduced

here would be “the design of buyer
-
seller
watermarking protocol without trusted third party
[9]”, and
“browser spoofing attach, which can break the weakest link from
the server to use[10].”


First,
the techniqu
e introduced in [9] is about how to protect
both seller and buyer’s rights and buyer’s anonymity.

[11]
proposed “ an anonymous buyer
-
seller watermarking protocol”
,
which does not take the buyer’s right into consideration since
the seller might be able to c
hange or recreate the buyer’s
transaction

if he/she
includes

the watermark
certification
authority and extra required information for the credit card
companies

[10].

It needs a
trusted
third party for its securi
ty.
However, the authors in [10] propose a se
cure buyer
-
seller

7

watermarking protocol without a trusted third party. It applies
the secure commutative cryptosystems to the watermarking
protocol[10], but this causes higher computational complexity
and communication pass number in the watermark generati
on step
compared with [11].


Another technique introduced in [10]


is an effective attack
,

“browser spoofing” that make
s

the browser un
-
trustable. It is
developed
to show the trust path from user side to the web browser
is still weak, even though some of t
he security protocols like
SSL are secure enough for end
-
to
-
end security

[10]
.

It
also
shows
that this weakness still exists between the user and its browser
and it is still dangerous to
make online activities although
all the programming languages(i.e. Ja
va, JavaScript) and dynamic
properties(i.e. form functions, frames) do provide rich
effects
[10]
.

However,
the author from [10] has made some
suggestions about how to make the online activities more secure
by
integrating the systematical defense technologie
s in order
to trust on the web browser.

The more complicated the strategies,
the more user involvement
. The less possible the attackers’
following u
p, the more
trustworthy

the
content [
10].

Then, the
challenge is how to balance the tradeoff between trust a
nd ease
of use.


The
future directions for this study are introduced in [9]

[10], which give us another different opinions about how to


8

Figure out the solutions or vulnerabilities for e
-
Commerce.


IV.

ONLINE PURCHASING BEHABIOR IN TAIWAN

The online purcha
sing behavior discussed in this section
would be based on the
traditional

Internet access(i.e.
broadband connection, dial up connection, etc.) and the
mobile Internet, which is using personal mobile to access
the Internet.
According to a survey conducted b
y FIND of
ECRC
-
III in August 2002
[
12
] [
13
]
, more than seven
out of
ten
households in Taiwan possessed computers and over five had
access to the Internet. Among those connected to the Internet,
nearly
73
% subscribed to broadband connection
[12][13]
.


Departm
ent of Industrial Technology (DOIT, Ministry of
Economic Affairs) commissioned ECRC
-
FIND to conduct a survey
measuring ICT

( Information Communication Technology)

access and use by the households in Taiwan. This survey was
conducted on the phone from July
24

to August
seventh in year

200
3
;
18
,
113

interviewees of the age of 15 and above were
interviewed
[12][13][14]
.

This survey intended to grasp the complete picture of
how households in Taiwan used the Internet, including such
areas as online shopping from h
ome and the households'
users’

behavior, needs and problems. Major findings of the survey
are as follows
[12][13][14]
:


9

1)
5
7
% of households were connected to the Internet

With ISPs' promotion of broadband connection and free
dial
-
up accounts, an increasing
number of households in
Taiwan had access to the Internet. To the point of survey,
5
7
% of households were connected the Internet, compared with
53
%
in year 2002
. 7
1
% of households in Taiwan

had computers

and 22% of them have online purchasing experiences i
n year
2003
[12][13][14]
.


2
)

PCs are the major devices accessing to the Internet

The majority

of the households accessed the Internet by
desktop PCs (96%, Macintoshes included). A few used
notebooks (16%) and wireless devices (14%)
[12][13][14].

3
)

73
% of h
ouseholds subscribed to broadband connection;
ADSL became the mainstream

According to the survey, nearly
73
%of the
households in
Taiwan accessed the Internet by broadband (ADSL and cable
modem), four

percent

by narrowband, and less than one
percent
by wire
less means

(see table 1)

[12][13][14]
.

In 200
3
, ADSL was the primary method of household Internet
access (
66
%). The market shar
ing

was different from the same
period in 200
2 and 2001

when most households accessed the
Internet by dial
-
up (
43 to 63
%) and AD
SL accounted for only
30

to 51
%. Apparently, broadband connection, ADSL in
particular, has become the dominant method for households

10

to access the Internet
(see table 1)

[12][13]
[14]
.

Connection

2003
(%)

2002
(%)

2001
(%)

Broadband

73

58

40

ADSL

66

51

30

C
able Modem

7

8

10

Fiber
-
Optic Broadband

0.8

-

-

ISDN

0.2

-

-

Dial Up

26

43

63

Free Dialup

4

10

-

Paid Dialup

22

35

-

Wireless

0.4

1

1

Mobile Internet

38

-

-

Table 1: Ways to access Internet in Taiwan.

Information is from FIND.


4)
Problems bother
ing Internet users at home

More households with narrowband access have complaint
than households with broadband access. The most common
complaint made by Internet surfers at home was the slow
connection speed, followed by uneasy and unstable connection

[12
][13][14]
.

5
)
Online shopping at home still not popular

Although many
Internet surfers at home visit

the
e
-
commerce websites, only a few of them actually did online
shopping.
O
ut o
f ten interviewees, six had collected
product/service information on the Int
ernet, only two really
made online
purchases
. Price and convenience were the two
major incentives that stimulated Internet users to shop
online; so was the heterogeneity of products offered online.
The idea of online shopping is not yet popular in Taiwan

11

p
robably because many physical shops are already in place
in the highly populated country
[12][13][14]
.

However, the
Internet
survey data from [1
5
]
shows
different

results

compared with [12]
(Note that the survey
questions in[1
5
] are contained with multi
-
choi
ces.
Therefore, the percentages shown here would be equivalent
to 100
.
)

This survey was conducted on the
Internet

from
December

fourth

to
December
31st

in year

200
3
. S
ince year
2002, 90% of
the

interviewers choose to use broadband
connection since the spee
d is faster than other kinds of
connections. Also, 64% of
those interviewed

had made online
shopping
experiences

already comparing with 57% in year 2002.

33% of them have purchased more than seven times in six months
comparing with the 13% in year 2002.

In

addition, the survey
also shows that the amount of money spent from the online
purchasing has increased more than 10,000 NTD
from 18% in
2002 to 26% in 2003 [1
5
].

89% of
those interviewed

are
satisfied about their online shopping experience and 70% of
the
m will purchase online again in the next six months.

Those online shoppers do
enjoy the convenient of online
purchasing

about making purchasing online;
however
, they
also worry about the information security while making the
transactions
.

A
ccording to
the

data shown
in [1
5
], 15% of
the interviewers worry about their privacy would be
invaded


12

by others.
37% of
them do not shop online due to the security
considerations.
For instance, 82% of them would consider
about
the

security of personal information before
purchasing
online, and 70% of them would only purchase goods from the
website that provide the SSL shopping environment.

Those
results show that information security is really a big issue
for the online shoppers. In addition, how to build a
worry
-
free shop
ping environment and earn the shoppers


trust
are the clues for having a success online business in Taiwan

[1
5
]
.

From [1
5
], another interesting result shows
that

73% of
the

online shoppers knows that the transactions need to be
done with the SSL environmen
t. Also, 92% of them would pay
attention to
what website would provide the SSL shopping
environment.

Nevertheless, only 68% of
those interviewed

would care about
the

information security while making
the

online purchasing.


V.
CONCLUSION

From the previo
us
section, authors in [12][13][14][15] show
online purchasing become more accepted by the society in Taiwan.
However, the latest research [1
6
] shows that
the percentage of
using mobile to access Internet in Taiwan (33%) is still lower
than Japan(65%), South
Korea(52%), and Hong Kong(44%)[15].

In

13

order to predict the future
work
of

the worldwide mobile Internet
access
, Taiwan, Japan, South Korea, Hong Kong,
Greece, and
Finland have
come together

into the Worldwide Mobile Internet
Survey (WMIS) activity.

U
sing
online
questionnaire
s to get the
information about accessing Inte
rnet through the mobile devices
from
October

to
November

in 2003[15].

F
rom the results, the process for using mobile device to
access Internet in Taiwan is still too small comparing with Jap
an,
south
Korea
, and Hong Kong.

The low connection fee is the main
reason why the scale in Taiwan is worst than other countries[15].

However,
this activity shows the trend of using mobile device
to access Internet worldwide. Most people use mobile to acces
s
Internet while taking the
transportation
s or waiting for
sometimes from time to time.

In
addition
, this also gives the
retail industry another good chance to create its business. How
to make the website more
a
ccessible through
different

kinds of
connecti
on

devices. In th
is

way, the e
-
Commerce market in Taiwan
would be better and
it would be more
beneficial

to the Internet
users in Taiwan.


14

B
IBLIOGRAPHY

[1]
E
-
Taiwan Project Office,
“Cyber
-
at
tacks Batter Web
Heavyweights.”
http://www.etaiwan.nat.gov.tw/content/application/etaiwa
n/general/guest
-
cnt
-
browse.php?grpid=5&vroot=&cntgrp_ord
inal=00070001&cnt_id=843
.

December 2003.


[2]
National Information and Communications Initiative
Committee.
“Report

for different Internet Usage.”
http://www.nici.nat.gov.tw/content/application/nici/gene
ral/guest
-
cnt
-
browse.php?grpid=5&vroot=&cntgrp_ordinal=0
0060004&cnt_id=229&listtype
=
. June 2003.


[3]

Stallings, William. “Cryptography and Network
Security:

principles and pra
ctices.”
3
rd

ed. Prentice Hall. 2003.


[4]
Stajano, Frank. “Security for Ubiquitous Computing.” Wiley.
2002.


[5] Deloitte and Touche. “E
-
commerce
Security: Security

the

Network Perimeter.”

Information Systems Audit and
Control

Foundation.

2002.


[6] Ibrah
im, M.
T., Hamdolah, M., and O’Brien,P.T.R.. “Analysis
and Design of e
-
Commerce Applications
on the

Web: A Case study
of OO Techniques and Notations.” Pro
ceeding of
fourth
International Conference. pp.315
-
327. September 2003.


[7]

Schechter, S.
E.,

and Smith
, M.
D.. “How Much Security Is
Enough to Stop a Thief?: T
he Economics of Outsider Theft
v
ia
Computer Systems and Networks.”
Proceeding of
seventh

international Conference. pp. 122
-
137. January 2003.


[8]

Schechter,

S.E.. “Quantitatively Differentiating Syst
em
Security.” The First Workshop on Economics and Information
Security. 2002.


[9] Choi, J.
-
G., Sakurai, K., and Park, J.
-
H.. “Does It Need
Trusted Third Party? Design of Buyer
-
Seller Watermarking
Protocol without Trusted Third Party.”
Proceeding of first
International conference of ACNS. pp.26
5
-
279. October 2003.


[10]Li,T.
-
Y., and Wu, Y.. “Trust on Web Browser: Attack vs.
Defense.” Proceeding of first International conference of
ACNS. pp.241
-
253. October 2003.



15

[11]Ju, H.
-
S., Kim, H.
-
J., Lee, D.H., and Li
m, J.I.. “An
Anonymous Buyer
-
Seller Watermarking Protocol with Anonymity
Control”. Proceeding of ICISC2002. pp. 421
-
432. 2003.


[12]
ACI
-
FIND.


survey measuring ICT

( Information
Communication Technology)

access and use by the
households in Taiwan.


http://www.etaiwan.nat.gov.tw/content/application/etaiwa
n/general/guest
-
cnt
-
browse.php?grpid=5&vroot=&cntgrp_o
rd
inal=00070001&cnt_id=843
. December 25
th
,2003.


[13]
ACI
-
FIND.

survey
for WMIS activity
.


http://www.find.org.tw/0105/howmany/howmany_disp.asp?id=
69
.
March 1
st
, 2004.


[1
4
]
ACI
-
FI
ND.

Households Online in Taiwan 2002
.


http://www.find.org.tw/eng/news.asp?msgid=17&subjectid=4
&pos=0
.
January sixth, 2003.


[1
5
]
Yam.com.

survey measuring
online user behavio
r in
Taiwan.


http://survey.yam.com/survey2003/chart/
. 2004.


[1
6
]
ACI
-
FIND.

survey
for WMIS activity
.


http://www.find.org.
tw/0105/howmany/howmany_disp.asp?id=
66
.
December 30
th
, 2003.