European Research Projects on Electronic Commerce and Open Networks
Security
by Rüdiger Grimm
In the past two years, several European research consortia have started
to work on security solutions for electronic commerce and binding telecooperation
over the Internet. This is a brief overview over the projects E2S (Esprit),
SEMPER (ACTS), IMPRIMATUR (Esprit), MERCI (Telematics) and ICE-TEL (Telematics).
The Internet is a great success. It is still growing dramatically. It
is becoming common to use electronic mail both for business and private
purposes. It is also becoming common for firms to have World Wide Web homepages.
There is much public relation, fun and other non-binding data exchange
on the Internet. However, there are almost no serious applications like
commerce, administra-tion or real private communication, mainly because
of security concerns.
It is commonly agreed that asymmetric cryptography is a kernel-piece
for security functions in open networks. However, there is a manifold of
unsolved security problems in order to integrate the theoretical algorithms
into user-friendly functions which make the user communication secure both
in a technical and legal sense.
Problems include technical, organisa-tional, psychological, economical
and legal aspects. For example, authentication and integrity mechanisms
must be properly implemented and socially accepted in order to protect
such different issues as electronic cash coins, copyright watermarks, business
contracts, user access capabilities and public key certificates.
The three research funding programmes of the European Commission
ACTS, Esprit and Telematics are supporting research in this area.
All consortia working on security solutions in these programmes, comprise
technology developers and technology users. In joint trials, the consortia
prove the success of their work and finally demonstrate it to the public.
The aim is a strategy for technology fit for introduction to the market.
The five projects briefly presented here are aware of one another's
presence. There is both a healthy competence and good cooperation with
respect to results which can be used across project boundaries, like, for
example, a common public-key certification infrastructure. In these projects,
ERCIM members, eg, GMD and CWI, are cooperating with computer and smartcard
manufacturers, financial institutions, mail order houses, service providers,
network providers, universities and new Internet business enterprises.
All projects are open to other projects. Even invitations of other project
partners to project meetings is possible in favour of a topic-of-interest
oriented information-flow.
The projects cooperate in that they:
- draw one others' attention to interesting results
- exchange important documents and experiences
- initiate case-to-case cooperations
- use the ICE-TEL support (Interworking Public Key Certification for
Europe Telematics) for public-key certification
- invite other projects to important project meetings
- speak with one voice for the electronic commerce with respect to to
the G7 initiative.
At TERENA's (Trans-European Research and Education Networking Association)
yearly networking conference JENC 8 in Edinburgh, May 1997, the TERENA
working group Security has organised a meeting between all projects and
other security activities including the Computer Emergency Response Teams
(CERT). In particular, high-quality papers from all these projects were
accepted and presented at regular JENC conference sessions.
E2S End-to-end Security over the Internet
E2S is an Esprit programme from September 1995 to November 1997. Kernel
targets: development of a flexible architecture for secure business transactions
over the Internet. Deployment and enhancement of existing Internet and
security functionality to support existing business models. Protection
and interconnection of communication within closed groups with individual
access controls. There are trials and exploitation of results. More info
about E2S at: http://www.ansa.co.uk/E2S/index.html
SEMPER Secure Electronic Marketplace for Europe
ACTS programme, September 1995 to August 1998. Kernel targets: Development
of a generic model and architecture for secure electronic commerce over
the Internet. Provides a framework for the integration of existing electronic
commerce applications, like SET (Secure Electronic Transaction) for credit-card
payments and ecash(TM) for cash-like payments. Supports interoperability
between the different modules needed to implement the complete Internet-part
of a business process, like contracting and payment. Makes interdisciplinary
user requirements studies. There are trials and exploitation of results.
More info about SEMPER: http://www.semper.org/
IMPRIMATUR Intellectual Multimedia Property Rights Model and
Terminology for Universal Reference
Esprit programme. Kernel targets: establishment of consensus in the
Information Industry on key issues in copyright and related intellectual
property rights (IPR) management, in the areas of business modelling, technology,
law and standards. The project is studying the quadrangular of creation,
production/publication, distribution and use of dematerialized intellectual
products. Very open project, with opportunities for collaboration and dialogue
with experts at various levels within the project. The project is also
establishing a generic IPR-managed server which can be made available over
World Wide Web and ISDN2 connections for modelling IPR management proposals
from other electronic commerce framework for projects. More info about
IMPRIMATUR: http://www.imprimatur.alcs.co.uk/
MERCI Multimedia European Research Conferencing Integration
Telematics programme, December 1995 to November 1997. Kernel targets:
The aspects of the project which concern electronic commerce are those
concerned with security. Here the main activity is building multicast media
transport tools that can be encrypted for confidentiality, and devising
mechanisms for distributing the encryption keys. An important aspect of
the Mbone tools (Multicast Backbone for the Internet) is the way that conferences
are announced to all interested parties in a way that the conferences
can be started from the announcement. For secure conferences, this announcement
must itself be authenticated and partially encrypted. The relevant standards
are being defined in the Internet Engineering Task Force (IETF), and implemented
in the MERCI project. One aspect is to make use of the ICE-TEL infrastructure
when it is available. More info about MERCI: http://boom.cs.ucl.ac.uk/mice/merci/
ICE-TEL Interworking Public-key Certification Infrastructure
for Europe
Telematics programme, December 1995 to November 1997 a successor
is planned. Kernel targets: Building up and providing a basic infrastructure
of public-key certification authorities all over Europe. Implementing and
using some secure applications on the basis of the infrastructure. Public-key
certification service provision and security support of other projects
in Europe. A basic infrastructure, a set of applications, and a set of
interworking security tools. Interworking within Europe and the United
States (Internet Engineering Task Force/Internet). More info about ICE-TEL:
http://www.darmstadt.gmd.de/ice-tel/
These five projects are aware that they have tied together all relevant
forces in the context of European research projects with respect to models,
reusable components, real commercial trials, and key technology distribution.
Please contact:
Rüdiger Grimm - GMD
Tel: +49 6151 869 716
E-mail: grimm@darmstadt.gmd.de
