E-Commerce

Lecture 3
Communication Networks for E-Commerce
Observe that in this figure, we have shown five LANs. For two LANs in
two organizations to communicate with one another, there is a need for a
hardware device called a router which connects them.
The router is actually a special purpose computer (with appropriate
software) whose task is to receive data from one LAN and forward it to the
other LAN connected to it.
For example, if a computer C1 connected to LAN1 wants to send data to
C4 in LAN2, LAN1 first finds out whether C4 is connected to LAN2.
If it is then the data from C1 is sent to the router R1 which connects LAN1 and LAN2.
Router R1 forwards the data to C4 in LAN2. Routers can receive data from either
direction and forward them as requested. In other words, R1 can be used to send data
from LAN1 to LAN2 or from LAN2 to LAN1.

In order for a router to forward data from a computer connected to a LAN to another
computer in another LAN it needs to know the identity of the destination computer.
Identity of a computer connected to the Internet is uniquely determined by what is
known as its address.

The address has been standardized as a string of 4 bytes (32 bits). Thus, a total of 2 32 =
4 billion addresses are available and, in theory, it is possible to connect 4 billion
computers to the Internet.

The second important point to remember is that while C1 sends data to C4, another
machine C2 on LAN 1 may like to send data to C6. As there is only one
communication path between LAN1 and LAN2 via R1, it implies that C2 has to wait
for C1 to complete its data transmission. If the data is a large file, say F1, the line will
be busy for a long time.

Even if the data to be sent by C1 is a short item still it has to wait. This is not fair.
Further as F1 is long the probability of an error occurring in transmission is high, and
F1 may have to be retransmitted if an error is detected.
In order to alleviate both these problems application data to be transmitted from one computer to
another in the Internet is broken up by the software running on the machine into a number of smaller
chunks called packets and transmitted. In other words, a file to be transmitted is divided into a number
of fixed size packets. Each packet has the structure shown in Figure 3.2.

Observe that a file which is to be transmitted is divided into fixed size packets (also known as
datagram).

Each packet has, besides a part of the data to be transmitted (called payload), the source address,
that is, the address of the sender and the destination address, that is, the address of the intended
recipient.

These addresses are 4 bytes long. Each packet also has the serial number of the packet (8 bytes) and
some control information (4 bytes) to detect errors, if any, in the received data and some more
information.
The data packet size depends on the application and its maximum size is 1 KB.

Let us see how the data is transmitted using such packets from computer C1 to C9 in the network of
Figure 3.1.

The first thing which is done is to run a software in each machine in the network which will packetize
data to be transmitted. This software breaks up the data to be sent from C1 to C9 into a number of fixed
length packets and sends them out.

 Observe that there are two possible paths from C1 to C9, one via R1, R3 and R4, and the other via R2,
R4. From the destination address of C9, it is found that route via R2 is shorter.

Thus, a packet travels to R2 which forwards it to R4 connected to LAN4. If suppose that the route is
busy or if R2 has a fault, then the packet will take the route R1, R3, R4 and reach C9.

 Individual packets belonging to a long message may arrive out of order at the destination. The serial
numbers of the packets into which a message has been broken up are necessary to reassemble a message
at its destination. The communication protocol described above which is implemented as software on
every computer is called the Internet Protocol. The protocol has the following important features:
Each computer and each router connected to the Internet is given a unique address. The address is 32 bits
long. It is expressed in what is known as dotted decimal format. For example, an address may be:
202.42.128.3.

Each part of this four part address is decimal representation of a byte in the address (communication text
books use the word octet instead of byte). Each country of the world has a clearing house to assign a range of
addresses to Internet Service Providers who in turn give sets of addresses to organizations who are their
subscribers.

 Every computer and all routers connected to the Internet must use the IP protocol software. This software
packetises data to be sent by a computer to another computer, attaches addresses and the serial number of the
packet and facilitates transmission.

 A router receives a packet, examines the destination address and sends it along the shortest route to the
destination. If a route is busy, then it sends it by an alternate route if available.

Traffic will be heavy if several computers attempt to send data simultaneously along a route. In such a case,
a router will try to temporarily store some packets in the router and send them when a path is free.

 As the available storage in a router is limited the store may overflow leading to loss of packets.
The Internet Protocol has no means of recovering lost packets. Thus, the Internet protocol is said to be
"best-effort" packet delivery with no guarantee that all packets will be delivered.

TRANSMISSION CONTROL PROTOCOL

The "best effort" delivery of packets is not acceptable for reliable transmission of data. Thus another
protocol called Transmission Control Protocol, TCP for short, is used along with Internet protocol (IP).
The Transmission Control Protocol does the following:

We saw that packets may arrive out of sequence at a destination due to the fact that all packets do not
take the same route. One of the jobs of TCP software is to examine the serial number of packets at the
destination and reassemble them in the right sequence.

 TCP software sends an acknowledgement to the source of a packet as soon as it is received. As

packets may be lost due to congestion in the network, TCP software has a mechanism for the sender to
retransmit a lost packet.

 TCP does it by estimating the time TE needed for a packet to reach its destination from the source and
get back an acknowledgement. If no acknowledgement is received by the sender within TE, it retransmits
the packet.
The retransmitted packet is used to assemble the entire data. In some cases, a source may receive
an acknowledgement after sending a duplicate packet. In such a case, the duplicate packet is
discarded by the recipient.

The time estimate TE would depend on the distance between the source and the destination and
prevailing traffic in the network. TCP software automatically (adaptively) adjusts TE.

To summarize, TCP and IP work together to ensure reliable, economical transmission of data
between any two computers connected to the Internet.

DOMAIN NAMES

The IP address in dotted decimal format is a string of digits which can be up to 12 digits long. It
is difficult for people to remember such long strings of digits. Thus, a different addressing scheme
using strings of characters is used to specify the identity of computers connected to the Internet. For
example, the address of a server connected to the Internet is:

serc.iisc.ernet.in

In this address serc is the name of a host (computer) situated at the Supercomputer Education &
Research Centre (SERC).
This is called a subdomain of iisc which is the identity of Indian Institute of Science in which
SERC is situated.

 IISc itself is a subdomain of ernet (Educational and Research Network) which is the Internet
service provider's name. The topmost domain name is in indicating India, the country where the
server is situated. Observe that the name is organized as a hierarchy.

All countries except USA use a 2-letter abbreviation for the country name as the top domain.
For example, uk is for United Kingdom, sg for Singapore, jp for Japan.

Every domain name can be translated into an IP address by a computer called a Domain Name
Server.

For example, if a user in USA wants to send a message to rajaram@serc, iisc. ernet. in, his or
her request will be examined by a Domain Name Server in USA which will send a query to the
Domain name server in India (as in is the top domain name).
This machine will send a query to ernet name server which will in turn pass it on to the server at iisc
which will have a table of IP addresses of all its departmental servers.

The IISc mail server will now send the address query to the mail server serc. This server will have a
table of names of persons in SERC and their current IP address. Searching this table gives EP address of
rajaram.

Thus, an Internet user need not know IP address but only the string of characters identifying a user. This
is easy to remember. The secret of success of Internet technology is this decentralization of control.

 This decentralization has worked very well for over 20 years, but the recent explosion of the number of
Internet users and the use of the Internet in e-commerce has led to a large number of disputes on the right
to use a domain name which is easily identifiable by potential clients.

For example, a company such as International Business Machines Corporation (IBM) would expect that
it has the first right to use the domain name ibm.com which is easily recognized by customers as that of
their company.

If another firm Indian Basmati Merchants register a domain name in India ibm.co.in, International
Business Machines will have a -legitimate reason to object.
Domain name disputes are common. In one case dispute on the rights to use a domain name
arose between etoys.com, a toy store in USA and an artist group known as etoy who claimed the
domain address etoy.com.

There is a need to resolve such disputes. Assignment of domain names and IP addresses is
controlled by an international authority known as Internet Corporation for Assigned Names and
Number (ICANN).

This authority normally settles domain name disputes. We will revert to this later in this section.
ICANN uses a hierarchical approach to decentralize assignment of IP addresses.

For example, in (the top domain for India) represented by an authorized group in India is
allocated a range of IP addresses. From this range ernet which is an Internet service provider is
given a range of addresses.

 From this range ernet allocates a subset to iisc which in turn allocates a range of addresses to
various departmental servers. The clients connected to a departmental server will be given unique
IP addresses by the department only when they are connected to the Internet.

This will allow dynamic allocation of a limited set of IP addresses.

This is due to the fact that in the current Internet standard called IPv4, the number of addresses are
limited as the IP address size is 32 bits long. With 32 bits it is possible to address only 4 billion
addresses.

 A new TCP/IP standard called IPv6 is being introduced with 128-bit IP addresses which will provide
an enormous increase in IP addresses.

Domain names are mapped to IP addresses but similar domain names may not have IP addresses close
to one another.

Thus, the domain names which are similar may be selected by groups in different parts of the world.
The dispute between etoy and etoys arose because of this.

There have been cases of individuals or groups registering a domain name similar to a well-known
company and selling it to the legitimate party on payment. This is called cybersquatting.

To resolve this problem ICANN has adopted a uniform domain name dispute resolution policy in
October 1999.
This policy states that an owner of a domain name being disputed by a complainant (who complains
to ICANN) must obey the orders passed by-an international cyberspace tribunal if accused of "bad
faith" registration of a domain name (also known as cybersquatting).

If a bad faith registration is proven, ICANN will remove the domain name of the squatter and assign
it to the legitimate party. As the current system does not have a legal binding, a move is now on to
refer international disputes to the world' intellectual property organization which also resolves
disputes on trademarks, copyrights, etc.

INTRANET AND EXTRANET

Intranet
 All organizations nowadays have an organization wide LAN. Usually organizations are divided
into departments such as Human Resources, Finance, Marketing, Purchase, etc.
Each of these departments has their own LANs. Each individual normally has a desktop PC
connected to the LAN.

The LANs of each of the departments are interconnected with backbone hubs or switches depending
on the number of LANs in the organization. An organization also centralizes and assigns functions
such as institutional database, e-mail and heavy printing to servers.

Institutional networks may have diverse computers and operating systems. In order to ease
communication among these machines it is desirable to use TCP/IP protocol.

Several advantages accrue when this protocol is used. This protocol supports all Internet services,
namely, e-mail, ftp, telnet, bulletin board and web services.

All these application programs are available and no extra effort is needed to develop them. Thus, a
company can have an e-mail service for communication among all employees.

Notices can be posted on a company wide bulletin board. A company can implement a local web
site giving information of relevance to the company's employees.
Databases of different departments may be accessed by anyone provided he/she is authorized.

For example, overtime of employees can be posted on the database of the accounts department
by individual departments for use in computing the pay rolls.

As another example, a book publisher can put in a web page the correct stock of all the books
published and the up to date sales figures of all books region wise. This will help both the
production department and the marketing department. In effect a lot of paper movement can be
eliminated. Operations of the entire organization will be speeded up.

A company wide computer network which uses TCP/IP protocol is called Intranet. Nowadays,
all organizations have intranet as it provides all the Internet services mentioned above.

Extranet
No organization' can work in isolation. It needs to communicate with many business partners.
For example, an automobile manufacturing company requires frequent communications with its
suppliers, distributors, servicing organizations and financial institutions.

Communication with suppliers is essential to schedule production and to reduce inventories.

Supply Chain Management (SCM) in which the manufacturer can track all suppliers to ensure that
the inventory cost is minimized is one of the major applications of e-commerce.

For efficient supply chain management, the suppliers are allowed access to the production
schedule and inventory status of the manufacturer on a need-to-know basis.

 This will be facilitated if the computers in the intranet of the supplier can have access to the
appropriate. information available in the automobile producer's intranet.

 This requires the intranets of the two organizations to be connected. As we pointed out in the last
section, intranets use TCP/IP protocol.

Thus, when the two intranets are connected, the expanded network will also use TCP/IP protocol.
Such a connection of several intranets of cooperating businesses using TCP/IP protocol is called
extranet.
As all the cooperating businesses use TCP/IP protocol, they can automatically use all the facilities
of the Internet such as e-mail, ftp, telnet and access internal web sites of each others business (based
on what is allowed to be seen by trusted outsiders).

This provides tremendous advantages to all the cooperating organizations to transact business.

The intranets of cooperating businesses can be interconnected either using the Internet which uses
PSTN or using private leased lines from a communications service provider.

 Using PSTN is insecure as PSTNs are accessible to anyone. The communication between a
manufacturer and its suppliers should be private as leakage of information to competitors will be
detrimental to both suppliers and manufacturers.

Thus, there is a need to use a secure connection. Private leased lines are secure. They are, however,
expensive. There is another method of using the Internet with enhanced security which is called
Virtual Private Network (VPN).

In a VPN security of transactions is ensured using a protocol called Internet Protocol Security
Architecture (IPSEC).
This protocol adds an additional security layer, to TCP/IP protocol. This layer is created by
encapsulating an IP packet in a new secure IP packet.

This encapsulation is performed by IPSEC compliant routers at the boundary of each intranet or
by IPSEC compliant server in the intranet which forwards IP packets to the Internet.

The encapsulation process encrypts the data within the IP packet as well as IP address using a
secret key. The IPSEC packet format is shown in Figure 3.3.
 The encapsulated secure packet can be decoded only by IPSEC compliant routers and servers
having access to the secret encryption key.

Messages sent using IPSEC protocol on the Internet between two IPSEC compliant
routers/servers is known as tunneling.

Thus, intranets of businesses may be connected together using the Internet employing IPSEC
compliant routers at their boundaries where they are connected to the Internet as shown in Figure 3.4.

Several Internet Service Providers implement VPN between cooperating businesses by using the
Internet. VPN is thus cheaper than leased lines to create extranets.
 FIREWALLS
A firewall is a combination of software and hardware, which protects an organization's intranet
from mischievous or unwelcome intrusion by users of the Internet.

A firewall is also meant to prevent the users of an organization's intranet from accessing Internet
sites considered undesirable by the managers of the organization.

For example, a company management would not like its employees to access gaming sites or sites
with known security threats.
We saw that the intranets of organizations are connected to the Internet using routers.

 The router connects the organization to its Internet service provider (ISP). ISP may have a large
number of clients.

An organization has no control over who sends messages to it and will not know whether it is a useful
message or not. If it is an e-commerce site, it should be accessible to anyone.

Also organizations maintain web-presence to let anyone access the site to get information. The main
point is that the Internet is "open" and allows anyone to access it.

Thus, there may be undesirable persons who may like to disrupt an organization's functioning by
accessing computers in it. Thus, access to computers must be controlled.

The types of undesirable intrusions which have been observed are:

•Attempts to access secret information such as credit card numbers, sales and client information, valuable
drawings, etc., stored in an organization's databases.
•Erasing or changing information on a web page. In general, mutilating the web page of an
organization.

•Attempts to prevent legitimate users from accessing an organization's intranet by monopolizing a

resource. Some examples are flooding it with e-mail, sending forged TCP connection-establishment
segments to a host which fills up TCP buffer space preventing legitimate users from accessing the
host.

Thus, the main purpose of a firewall is to prevent undesirable intrusions discussed above.

There are two main methods used to implement the functions of a firewall. One of them which is
simple and not expensive is to use packet filtering. The other more complex firewall uses a computer
at the boundary of the intranet and is called a proxy application gateway.

Packet filtering is normally implemented using the router which connects an organization's
intranet to its ISP. The router (which is a special purpose computer) is programmed to pass or block
some packets based on one or more criteria specified below:
•Source or destination IP address. In other words, if an IP address is known to be an undesirable site
no one from the intranet will be allowed to log on to it. Access to computers in the intranet storing
confidential information will be blocked by filtering any attempted access to their IP address.

•Certain type of accesses such as access to outsiders to log on to use computers in an intranet may be
blocked by filtering all packets requesting such a service. Other accesses such as file transfers may
also be similarly prevented. At certain times of day access to certain IP addresses inside/outside may
be blocked by filtering out packets with those IP addresses.

Proxy application gateways are servers within the intranet which work on behalf of user(s) by
performing certain specified functions. These are more complex than packet filtering. Some
examples are:

Filter data accessed with certain keywords, for example, any data which is marked company
confidential. Check for viruses in data files entering an intranet.
Prevent access to some applications with known security holes.

Create log files and audit trails of access by users to certain sites, files, and time at which they
were accessed and time spent in such activities.
Provide network address translation (abbreviated NAT) which converts internal IP addresses used
within the intranet to those recognized by (or registered with) the Internet.

The intranet's network may be very large with local IP addresses which are not all known(or
registered) with the Internet. Only a subset of addresses may be used for transaction with computers
outside the organization.

By this address translation method outsiders will not know the IP addresses used within the
organization by various computers. This is a good. method of ensuring security.

Firewall using proxy application gateway replace the source address of the transaction with its own
IP address.

Thus, outsiders will only know this address and will not be able to access any other computer in the
intranet.

Besides the two types of firewalls we have described, there. is one more firewall known as
application firewall.

 This is a software implemented in a computer at the gateway of an intranet which scans for viruses
in the incoming and outgoing files.
Virus is a malicious program which infects other programs by modifying them and puts a copy of
itself so that when this program is sent to another computer it is infected with the virus.

It also filters unsolicited e-mails (known as spam) and blocks programs entering the intranet which
are suspected to be hiding malicious codes. Some malicious codes may seem useful but will be hiding
spy programs to capture passwords or steal data.

 These are known as Trojans. Malicious codes known as worms are similar to viruses but propagate
from one computer connected to a network to another automatically using the network to spread. In
Figure 3.5 we give a block diagram of various firewalls and their connections between the Internet and
intranets.
We have seen that TCP/IP protocol is almost universally used by the Internet. In some
cases where packet loss may be tolerated, another protocol called UDP (user datagram
protocol) is used instead of TCP.

This is called a connectionless protocol as datagrams may be received in any order

(and not serialized) and there is no acknowledgement from the receiver back to the
sender as in TCP.

Thus, lost packets are not resent as the sender assumes that all packets reach safely.
By default, firewalls filter out all UDP packets as it is not possible to uniquely identify the
sender of the packet. Thus, special action should be taken to modify firewalls if an
organization wants to allow UDP packets into the intranet and send them out to the ISP.
3.8 THE FUTURE OF INTERNET TECHNOLOGY

From humble beginning in the late 60s, today the Internet spans the
whole world with 1.6 billion of computers connected to it.

 The remarkable achievement of the Internet technology is that it has

been able to accommodate exponential growth (i.e., doubling each
year) of the number of computers connected to it
. Also the speed of computers has been doubling every year and there are a
variety of computers connected to the Internet. Individual LANs in an organization
may use any type of interconnection and any local protocol for communication.

 The physical connection between computers may range from fast gigabit fibre
optics to slower wireless. In spite of this variety of technologies and speeds, the
Internet still works effectively.

The reason for this is the universal adoption of. TCP/IP as the standard protocol
which has proved very robust in spite of rapid changes in technology.

TCP/IP protocol emerged as a result of cooperative effort in which a large

number of organizations participated and experimented before accepting any
version.

The Internet protocol accommodates a variety of hardware and a variety of

network speeds as it makes no assumptions regarding the underlying network
hardware. Packet switching ensures efficient and fault tolerant routings of
packets.

TCP ensures reliable receipt of all packets sent by a sender to a receiver. It

continuously monitors traffic conditions on the Internet and automatically adapts
when there is congestion in the network.
The only major problems currently faced by the Internet are as follows:

•IP addresses are limited to 32 bits and the number of requests for addresses will
exceed this limit soon.

•Originally, the major data transmitted on the Internet was e-mail and character files.
Now multimedia use has increased and the data transmitted includes audio and
video files in real time for which Internet was not designed.

•To meet these demands a new generation Internet protocol called IPv6 has been
proposed which is expected to replace IPv4, the current protocol.

•Currently extensive research and experiments are in progress to test IPv6. Thus,
IPv6 will slowly replace the current protocol (IPv4) over the next few years. The
major new features proposed in IPv6 are as follows:

128-bit addresses for source and destination in place of 32 bits which is the current
address size. This address size will allow a huge increase in allowed devices to be
connected to the Internet.

The packet lengths can go up to 64 KB. This will allow easy transfer of multimedia
data, particularly, voice.
3. For computers made by different manufacturers to communicate and
cooperate in solving problems, it is necessary to implement a set of agreed
upon rules for exchanging messages. This is called a communication protocol.
4. Computers connected to LANs in two different organizations communicate
via . a special purpose computer called a router.

Using routers, LANs in different geographical .locations can be interconnected.

Such an (international) network of interconnected LANs is called the Internet.