1 / 35

Introduction

Introduction . Doing your taxes……. April….a “TAX”ing time……. Most people (businesses, companies) find it stressful ! !. Allowing an online professional tax consultant to file your taxes. How much do you trust him/her with all your information?

thibault
Download Presentation

Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction Doing your taxes…….. April….a “TAX”ing time…….. Most people (businesses, companies) find it stressful ! ! Allowing an online professional tax consultant to file your taxes. How much do you trusthim/her with all your information? How much do youtrust your Chartered Account? Your Lawyer? Your Doctor ?

  2. Introduction Trust • Our day to day dealings or transactions involve trusting somebody. • Depending on the severity of the transaction, trust is placed • implicitly in various parties or • “enforced” by various means.

  3. Introduction Electronic Commerce • The utility and benefits of Electronic Commerce are well known. • However it is acknowledged that E-Commerce has fallen short of its expected potential in terms of applications. • This can be attributed among many factors to the Lack of Trust that participants have in e-commerce transactions. • This presentation examines this issue of TRUST in E-Commerce…….

  4. Trust in Electronic Commerce • Vijayanand Bharadwaj • CS691P Computing Security • Spring 2002 • March 20th, 2002

  5. Presentation Overview Two Parts 1. Trust in Electronic Commerce : An overview 2. Trust in Unenforced Transactions

  6. Trust in E-Commerce Definition & Features • Definition of Trust [1]:The confidence that participants in commerce have that their activities (transactions and other exchanges of information, goods, and services) will be protected and conducted as intended. • Let us examine the Features of Trust in E-commerce. Namely, • Where and when is Trust required • What are its constituents • What factors create and enhance Trust • How does Technology contribute to Trust

  7. Negotiating and Contracting Time Step 2 A B Delivery and Payment Step 3 A B Trust in E-Commerce Steps in a Generic Transaction Initial search for goods and services (using search engines, responding to advertisement banners etc.) Step 1 A B

  8. Trust in E-Commerce Where & When is Trust needed • From the previous figure, entities A and B need to trust each other at all points during the entire process • Specifically: • Trust that the other entity is really who it claims to be • Trust the process and mechanisms by which they exchange information • Trust the actual information exchanged • Trust the negotiation process and final contract • Trust that the other party will complete its contract and not defect

  9. Trust in E-Commerce Constituents of Trust Identification & Authentication Traceability & Accountability Trust It is possible to trust if assured that the process and participants conform to the following characteristics Message Confidentiality Transparent Process Message Integrity Non-repudiation

  10. Trust in E-Commerce Creating & Enhancing Trust Social Factors (Familiarity, reputation, Social Organization) Legal System (Law Enforcement agencies and Judicial system) Trust Can be Enhanced by Trust Trust Trust Technology (Encryption,Protocols, Standards, Tools) Organizational & Procedural Factors (banks, credit card companies and their rules)

  11. Trust in E-Commerce Creating & Enhancing Trust • Trust is enhanced by these factors, specifically each contributes to enhancing Trust as follows: • Social factors (Invoke and Establish Trust) • Familiarity • Reputation • social organization (circle of known people) • Organizations and Procedures (Enable Trust) • Banks, Credit Card Companies • Transparent Rules and Procedures e.g. Transfer of funds • Technology (Enable and Enforce Trust) • Encryption, Protocols, Standards etc • Legal System (Enforce Trust) • Law Enforcement and Judicial system

  12. Trust in E-Commerce Technology for Trust • Technological innovations in Computing Security have contributed to Trust in the following manner • Mechanisms such as • Encryption • Hashing Algorithms • Digital Signatures • Certificates • Biometrics • Infrastructures for the above such as • Public Key Infrastructure (PKI) • Pretty Good Privacy (PGP) etc • Protocols • Secure Sockets Layer (SSL) • SET • Procedures • Verified by Visa

  13. Trust in E-Commerce Fundamental basis of Trust • However it is important to note the following (for most cases): • Over and above all the technology involved in present day transactions, human intervention is always possible at all stages. • Every step can be scrutinized by humans prior to initiating the first step and if not found to be trustworthy then the entity involved in the transaction can refrain from beginning the transaction process. • We are safe in the knowledge that violation of the contract and breach of trust by the any party will affect it adversely than do any good. • Even if the transaction does fail due to any violations in the contract the parties involved can resort to litigation. Thus a “safety -net”

  14. Trust in E-Commerce Fundamental basis of Trust • In other words all these transaction are based on 1. Transparent process which is trustworthy 2. Knowledge that any violation will adversely affect the guilty party. 3. Traceability and Accountability

  15. Trust in E-Commerce Types of Transactions E-CommerceTransactions With Human Supervision or Intervention. With minimal Human Supervision or intervention. Mostly conducted by Processes or Agents Unenforced Enforced by Law

  16. Trust Possible !! Trust ??? Trust in Unenforced E-Commerce Transactions E-CommerceTransactions With Human Supervision or Intervention. With minimal Human Supervision or intervention. Mostly conducted by Processes or Agents Unenforced Enforced by Law

  17. Trust in Unenforced E-Commerce Transactions UnenforcedTransactions • What are Unenforced Transactions?[2] • Transactions whose participating entities and the procedures they follow are not be accountable to some mutually acceptable agency. • They are not in common use and currently valuable in a theoretical context . • Interesting from the point of view of agents conducting transactions without human intervention: agents at auctions etc. • Why is it difficult to Trust in Unenforced Transactions? • Lack of Traceability and Accountability being the primary reason

  18. Trust in Unenforced E-Commerce Transactions UnenforcedTransactions • Why are they not Accountable ? • Adequate laws may be lacking for certain kinds of transactions.(e.g laws to enforce reliable delivery of pay-per-view multimedia) • The transactional entities (humans and/or software agents) may be governed by different laws --being in different countries. • Enforcement of existing laws maybe be impractical expensive and thus not strictly enforced. • An entity may vanish at any time leaving no trace and hence not easy to connect the electronic presence to the real-world party that it represents.

  19. Trust in Unenforced E-Commerce Transactions Differences • How do we create Trust? Enforced transactions work because • Human Intervention and scrutiny at all stages (“seeing is believing”) • Trustworthy process i.e. trust is built into the process by ensuring that a party that violates the contract will be doing so to its own disadvantage • All parties are traceable and accountable. • In the case of Unenforced transactions, • Neither the first nor the third properties hold so it is important to ensure that the second holds always. • Violating the contract at any stage of the transaction is of less benefit than conforming to it till the end.

  20. Trust in Unenforced E-Commerce Transactions Algorithm • We look at algorithm [2][3]which provides a solution to this problem. (This is one part of the author’s doctoral dissertation) • Principle: Given two agents, a supplier S and demander D who wish to exchange goods/services for payment. The algorithm manages the exchange process so that gains from completing the exchange (cooperating according to the contract)at any point are larger for both agents than the gains from terminating it (defecting the exchange prematurely by vanishing) For example : defection might benefit D if S has delivered much more than what D has paid for.

  21. Trust in Unenforced E-Commerce Transactions Algorithm • To prevent defection goods and payment are exchanged in the form of installments or chunks. • These chunks are delivered in a sequence which is said to be “safe”, if at any point in the exchange neither agent is motivated to exchange.

  22. Trust in Unenforced E-Commerce Transactions Algorithm Implementation: • The exchange proceeds on two axes: The portion of goods delivered by exchange step n is called xn [0, 1], and the cumulative payment so far is pn [0,pcontr], where pcontr is the total payment specified in the contract. • S and D value the goods x according to non-decreasing functions that are in equivalent units of paymentp. The supplier's value function vs(x) describes how much cost the supplier incurs by generating and delivering x. The demander's value function vd(x) describes what the goods x are worth to the demander.

  23. Trust in Unenforced E-Commerce Transactions Algorithm • A self-interested supplier agent will cooperate through the rest of the exchange from an arbitrary point (x, p) if its future compensation is at least as great as its future cost that is, if pcontr - p>=vs(1) - vs(x). • This assumes that the demander will finally increase cumulative payment to pcontr. • We definepmax(x) intuitively as the maximum cumulative payment that the demander can pay for a given cumulative deliveryx without inducing the supplier to defect pmax(x) = pcontr - vs(1) + vs(x).

  24. Trust in Unenforced E-Commerce Transactions Algorithm • Similarly, a self-interested demander agent will cooperate through the rest of the exchange from an arbitrary point (x, p) if the compensation it has to pay is smaller than or equal to its added value that is, if pcontr - p < = vd(1) - vd(x). • This assumes that the supplier will finally increase total delivery to 1. • pmin(x) is defined as the minimum cumulative payment that has to be made for a given cumulative delivery x so that the demander is not induced to defect: pmin(x)=pcontr - vd(1) + vd(x)

  25. Trust in E-Commerce Algorithm Figure 2. Examples of Unenforced Exchange (left) Safe exchange with uncountable goods. (middle) Safe exchange of countable goods (right) Safe exchange of countable goods impossible. In each of the three cases, pmin(1) = pmax(1) = pcontr. The agents make simultaneous moves and try to stay inside the safe region at each step (that is, the supplier does not want to deliver too much at once, while the demander does not want to pay too much). Each agent wants to make sure that safety is maintained even if the opponent does not deliver or pay at all on the current move. That is why the exchange on the right cannot be safe.

  26. Trust in Unenforced E-Commerce Transactions Algorithm • Supplier's strategy At any step of the exchange, if the exchange is within the safe region (gray region in Figure1), then supply as much as possible while keeping the exchange in the safe region assuming that the demander does not pay at all on this step. If the exchange is not in the safe region, exit. • Demander's strategy At any step of the exchange, if the exchange is within the safe region, then pay as much as possible while keeping the exchange in the safe region assuming that the supplier does not supply at all on this step. If the exchange is not in the safe region, exit.

  27. Trust in Unenforced E-Commerce Transactions Algorithm Condition for Safe transaction : For every two consecutive amountsx and x' of cumulative delivery, pmax(x) >= pmin(x'). Intuitively:: From the Supplier’s point of view: • Assume S has delivered x’, and even if D delays payment or defects without paying, the value acquired from the current transaction is greater than that will be obtained even if D pays on time. From the Demander’s point of view: • Assume D has already paid (between pmax(x’) and pmin(x’) for x’, even if S delays delivery or defects, the cost that S has incurred already for delivering x is greater than the benefit that S will get by defecting with the payment for x’.

  28. Trust in Unenforced E-Commerce Transactions Algorithm • Rest of this paper • Some constraints involved in Condition of Safe Exchange (apply to the definition of the value functions) • Mathematical Proofs of the Condition based on Game Theory and Nash Equilibrium • Differences if Goods are Countable and Uncountable (coffee, gasoline, information etc) • Case of Non-Isolated Exchanges (introduction of Defection Penalties) • Delivery Sequencing (Chunking Algorithm to find a safe sequence) • Possible Architecture (Figure 2)

  29. Trust in E-Commerce Algorithm Figure 2. The architecture of two self -interested agents with exchange manager modules. The exchange manager module executes the contract.

  30. Trust in E-Commerce Benefits of this Exercise • Though this work seems theoretical at first it has sound practical implications • Value of this algorithm • Demonstrate that other such algorithms can be used in different stages of transactions (negotiation and contracting --author’s primary research interests [3]) • Algorithms can be formally proven correct , in other words we obtain a formal proof of a Trustworthiness of a process ! This helps to weave Trust in the process itself which is a must in situations where enforcement may or may not be possible. • These techniques can be used in any sort of transactions and not only those that are unenforced . Prior to contracting one can check the proposed methods of exchange against such rules and if they fail to satisfy then do not contract at all.

  31. Trust in E-Commerce Issues of concern • Apart from the constraints in the algorithm techniques itself the following need to be addressed • Design and development of Agents which correctly perform to the algorithms specifications --(Classical problem in any software system) • Security issues pertaining to Agents (authentication,message confidentiality, etc) • Protection from Malicious Agents.

  32. Future Work Contents of the Paper In addition to elaborating on this presentation the paper will specifically address the following: • 1. Details of “Technologies For Trust”: brief description of the • principles used by some techniques such as, • a. Drawbacks of the PKI and possible alternatives (PGP) • b. Protocols and Procedures (Verified by Visa) • 2. Algorithm details and implications • 3. Trust Management Infrastructures (Trust Metrics, Trust Models)

  33. Summary • Notion of Trust and its need in E-Commerce transactions • Constituents of Trust • Creation and Enhancement of Trust • Technology for Trust • Fundamental Basis of Trust • Trust Unenforced Transactions • Algorithm • Benefits and Concerns • Future Work

  34. References [1] Steinauer Dennis D. et al. “Trust and Traceability in Electronic Commerce”, Information Technology Laboratory NIST. September 1997. http://nii.nist.gov/pubs/trust-1.html (03/18/2002). [2] Sandholm T.W,“Unenforced transactions in E-Commerce”, IEEE Internet Computing Volume.1, No. 6; November-December1997, pp. 47-54 [3] Sandholm T.W , “Negotiation among Self-Interested Computationally Limited Agents”, doctoral dissertation, University. of Mass., Amherst, 1996; available at http://www-2.cs.cmu.edu/~sandholm/dissertation.ps Other References in the accompanying paper.

  35. Thank You. Vijayanand Bharadwaj Questions, Comments and Criticisms are welcome at vijay@csee.wvu.edu

More Related