Authors: Karl Aberer, Anwitaman Datta, Manfred Hauswirth
Addresses: Distributed Information System Lab, Swiss Federal Institute of Technology, Lausanne (EPFL), CH-1015 Lausanne, Switzerland. ' Distributed Information System Lab, Swiss Federal Institute of Technology, Lausanne (EPFL), CH-1015 Lausanne, Switzerland. ' Distributed Information System Lab, Swiss Federal Institute of Technology, Lausanne (EPFL), CH-1015 Lausanne, Switzerland
Abstract: The success story of eBay has shown the demand for customer-to-customer (C2C) electronic commerce. eBay is a centralised infrastructure with all its scalability problems (network bandwidth, server load, availability, etc.). In this paper, we argue that C2C e-commerce is an application domain that maps naturally onto the emerging field of peer-to-peer (P2P) systems simply by its underlying interaction model of customers, i.e., peers. This offers the opportunity to take P2P systems beyond mere file sharing systems into interesting new application domains. The long-term goal would be to design a fully functional decentralised system which resembles eBay without eBay|s dedicated, centralised infrastructure. Since security (authenticity, non-repudiation, trust, etc.) is key to any e-commerce infrastructure, our envisioned P2P e-commerce platform has to address these security issues adequately. As the first step in this direction, we present an approach for a completely decentralised P2P public key infrastructure (PKI) which can serve as the basis for higher-level security service. We base it on a statistical approach and present an analytical model to quantify its behaviour and properties and to provide probabilistic guarantees. To justify our claims, we provide a first-order analysis and discuss the PKI|s resilience against various known threats and attack scenarios.
Keywords: customer-to-customer e-commerce; public key infrastructure; peer-to-peer systems; C2C electronic commerce; P2P systems; security; authenticity; non-repudiation; trust; business process integration.
International Journal of Business Process Integration and Management, 2005 Vol.1 No.1, pp.26 - 33
Published online: 28 Apr 2005 *Full-text access for editors Access for subscribers Purchase this article Comment on this article