The SEMPER Framework for Secure Electronic Commerce

Abstract

In 1995 the SEMPER consortium started with the objective to develop the first open and comprehensive framework for secure commerce over the Internet. We believe that SEMPER achieved this goal, and actually it is still the only project that aimed at securing electronic commerce as a whole. The SEMPER framework turned out to be a valuable tool for understanding and implementing electronic commerce. An indication for the quality of the concepts is that only minor changes to the framework were necessary during the course of the project. The design of some blocks, such as the payment block [AASW98], is very detailed and extended the state of the art. For some layers, e.g., the commerce layer, and specific topics, e.g., visualisation of security (TINGUIN), SEMPER has very promising approaches and results, but clearly more work is required [SEMP99b; Waid98], For some blocks, e.g., the cryptographic services block [SEMP99a], one would probably replace the SEMPER designs by now existing standards. The prototype uses existing technology as much as possible. But for some services no suitable solutions were available. This resulted in the development of new and innovative protocols, in particular for fair exchange services as described earlier [AsSW97; AsSW98], for specific certification services [Baum99], and for the support of dispute handling in electronic payment systems [AsHS98]. SEMPER also produced a legal framework and model contract for electronic commerce [SEMP99b]. Since 1995 several other, related electronic commerce framework projects started. Some projects developed specific service frameworks that correspond to the blocks on the lower layers of SEMPER, e.g., crypto [Inte97; PKCS97] and payment [DBGK98]. Experience has shown that for a commercial version of SEMPER one would use such specific frameworks for the supporting services, while one would use the SEMPER designs for the upper blocks, such as payments and fair exchanges. Some projects produced implementation architectures, e.g., the Java Commerce Client (JCC)5. SEMPER focused on the service architecture, and thus these approaches are rather complementary to than competing with SEMPER. Several projects investigated specific business scenarios, such as the Open Trading Protocol (OTP)3 and the Open Buying on the Internet (OBI)7 protocol, or developed business process frameworks, e.g., XML/EDI8. The results of these projects could naturally extend the commerce layer of SEMPER. Recently some projects started that aim at more general frameworks for electronic commerce. For instance, the eCo Framework Project9 of CommerceNet plans to develop a framework for interoperability among XML-based e-commerce applications. None of these projects targets the specific security aspects of electronic commerce, i.e., we feel they would gain a lot by keeping the security-oriented SEMPER Framework in mind. Since a couple of years electronic commerce has been a "hot topic" in economics and computer science. Neverthless, several security problems in electronic commerce are not yet sufficiently investigated [Waid98; SEMP99b]. The most urgent open problem is that of the security of the user's computer: At least one end of most electronic commerce transactions is handled by a personal computer with a standard operating system. Past experience has shown that these systems are notoriously insecure: they have severe security holes and are vulnerable to Trojan horse attacks. So far this has been no serious impediment for electronic commerce as criminals had probably simpler ways to make money. But the more commerce transactions are performed electronically, the more attractive becomes this fraud channel. We are convinced that more R&D work is required on the development of operating systems sufficiently secure for commercial transactions, on tamper-resistant components, and on provably secure security protocols.