European Research Projects on Electronic Commerce and Open Networks Security
by Rüdiger Grimm
In the past two years, several European research consortia have started to work on security solutions for electronic commerce and binding telecooperation over the Internet. This is a brief overview over the projects E2S (Esprit), SEMPER (ACTS), IMPRIMATUR (Esprit), MERCI (Telematics) and ICE-TEL (Telematics).
The Internet is a great success. It is still growing dramatically. It is becoming common to use electronic mail both for business and private purposes. It is also becoming common for firms to have World Wide Web homepages. There is much public relation, fun and other non-binding data exchange on the Internet. However, there are almost no serious applications like commerce, administra-tion or real private communication, mainly because of security concerns.
It is commonly agreed that asymmetric cryptography is a kernel-piece for security functions in open networks. However, there is a manifold of unsolved security problems in order to integrate the theoretical algorithms into user-friendly functions which make the user communication secure both in a technical and legal sense.
Problems include technical, organisa-tional, psychological, economical and legal aspects. For example, authentication and integrity mechanisms must be properly implemented and socially accepted in order to protect such different issues as electronic cash coins, copyright watermarks, business contracts, user access capabilities and public key certificates.
The three research funding programmes of the European Commission ACTS, Esprit and Telematics are supporting research in this area. All consortia working on security solutions in these programmes, comprise technology developers and technology users. In joint trials, the consortia prove the success of their work and finally demonstrate it to the public. The aim is a strategy for technology fit for introduction to the market.
The five projects briefly presented here are aware of one another's presence. There is both a healthy competence and good cooperation with respect to results which can be used across project boundaries, like, for example, a common public-key certification infrastructure. In these projects, ERCIM members, eg, GMD and CWI, are cooperating with computer and smartcard manufacturers, financial institutions, mail order houses, service providers, network providers, universities and new Internet business enterprises.
All projects are open to other projects. Even invitations of other project partners to project meetings is possible in favour of a topic-of-interest oriented information-flow.
The projects cooperate in that they:
- draw one others' attention to interesting results
- exchange important documents and experiences
- initiate case-to-case cooperations
- use the ICE-TEL support (Interworking Public Key Certification for Europe Telematics) for public-key certification
- invite other projects to important project meetings
- speak with one voice for the electronic commerce with respect to to the G7 initiative.
At TERENA's (Trans-European Research and Education Networking Association) yearly networking conference JENC 8 in Edinburgh, May 1997, the TERENA working group Security has organised a meeting between all projects and other security activities including the Computer Emergency Response Teams (CERT). In particular, high-quality papers from all these projects were accepted and presented at regular JENC conference sessions.
E2S End-to-end Security over the Internet
E2S is an Esprit programme from September 1995 to November 1997. Kernel targets: development of a flexible architecture for secure business transactions over the Internet. Deployment and enhancement of existing Internet and security functionality to support existing business models. Protection and interconnection of communication within closed groups with individual access controls. There are trials and exploitation of results. More info about E2S at: http://www.ansa.co.uk/E2S/index.html
SEMPER Secure Electronic Marketplace for Europe
ACTS programme, September 1995 to August 1998. Kernel targets: Development of a generic model and architecture for secure electronic commerce over the Internet. Provides a framework for the integration of existing electronic commerce applications, like SET (Secure Electronic Transaction) for credit-card payments and ecash(TM) for cash-like payments. Supports interoperability between the different modules needed to implement the complete Internet-part of a business process, like contracting and payment. Makes interdisciplinary user requirements studies. There are trials and exploitation of results. More info about SEMPER: http://www.semper.org/
IMPRIMATUR Intellectual Multimedia Property Rights Model and Terminology for Universal Reference
Esprit programme. Kernel targets: establishment of consensus in the Information Industry on key issues in copyright and related intellectual property rights (IPR) management, in the areas of business modelling, technology, law and standards. The project is studying the quadrangular of creation, production/publication, distribution and use of dematerialized intellectual products. Very open project, with opportunities for collaboration and dialogue with experts at various levels within the project. The project is also establishing a generic IPR-managed server which can be made available over World Wide Web and ISDN2 connections for modelling IPR management proposals from other electronic commerce framework for projects. More info about IMPRIMATUR: http://www.imprimatur.alcs.co.uk/
MERCI Multimedia European Research Conferencing Integration
Telematics programme, December 1995 to November 1997. Kernel targets: The aspects of the project which concern electronic commerce are those concerned with security. Here the main activity is building multicast media transport tools that can be encrypted for confidentiality, and devising mechanisms for distributing the encryption keys. An important aspect of the Mbone tools (Multicast Backbone for the Internet) is the way that conferences are announced to all interested parties in a way that the conferences can be started from the announcement. For secure conferences, this announcement must itself be authenticated and partially encrypted. The relevant standards are being defined in the Internet Engineering Task Force (IETF), and implemented in the MERCI project. One aspect is to make use of the ICE-TEL infrastructure when it is available. More info about MERCI: http://boom.cs.ucl.ac.uk/mice/merci/
ICE-TEL Interworking Public-key Certification Infrastructure for Europe
Telematics programme, December 1995 to November 1997 a successor is planned. Kernel targets: Building up and providing a basic infrastructure of public-key certification authorities all over Europe. Implementing and using some secure applications on the basis of the infrastructure. Public-key certification service provision and security support of other projects in Europe. A basic infrastructure, a set of applications, and a set of interworking security tools. Interworking within Europe and the United States (Internet Engineering Task Force/Internet). More info about ICE-TEL: http://www.darmstadt.gmd.de/ice-tel/
These five projects are aware that they have tied together all relevant forces in the context of European research projects with respect to models, reusable components, real commercial trials, and key technology distribution.
Rüdiger Grimm - GMD
Tel: +49 6151 869 716