Fail-Safe Security Architecture to Prevent Privacy Leaks from E-commerce Servers

نویسندگان

  • Hiroshi Fujinoki
  • Christopher A. Chelmecki
  • David M. Henry
چکیده

We propose new security architecture, called Fail-Safe Security Architecture (FSSA), which eliminates, or at least minimizes, the chance of privacy leaks for e-commerce customers, protecting their privacy even for the worst cases: the security administrators of the e-commerce servers convert to attackers or the merchants servers are hijacked by external attackers, giving the attackers full access to anything in the servers. FSSA is based on a security design that allows each party to access only the information necessary to perform their business and it makes sure no party, except the customer and the law enforcement authority, has access to the complete information of customers privacy. We analyzed the types of the security threats FSSA covers. The results of our analyses indicated that, FSSA protects customer privacy against the internal attackers (converted administrators and full hijacks), as well as the known security threats by external attackers of eavesdropping, replay, masquerading, man-in-middle, and traffic analyses, except denial of service attacks. Our performance studies suggested that the cost factor of running FSSA is 1.8 (1.8 times more computational power) to achieve the same response time and transaction throughput compared to the existing architecture, where there is no protection against the customer private information leaks.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Transaction Management for M-Commerce at a Mobile Terminal

Although there has been a lot of discussion of "transactions" in mobile e-commerce (m-commerce), very little attention has been paid for distributed transactional properties of the computations facilitating m-commerce. In this paper we first present a requirement analysis and then present a wireless terminal-based Transaction Manager (TM) architecture. This architecture is based on the assumpti...

متن کامل

Protecting Consumer Data in Composite Web Services

The increasing number of linkable vendor-operated databases present unique threats to customer privacy and security intrusions, as personal information communicated in online transactions can be misused by the vendor. Existing privacy enhancing technologies fail in the event of a vendor operating against their stated privacy policy, leading to loss of customer privacy and security. Anonymity ma...

متن کامل

An Architecture for Security and Protection of Big Data

The issue of online privacy and security is a challenging subject, as it concerns the privacy of data that are increasingly more accessible via the internet. In other words, people who intend to access the private information of other users can do so more efficiently over the internet. This study is an attempt to address the privacy issue of distributed big data in the context of cloud computin...

متن کامل

Study on Protection Measures of People’s Information Privacy right in E-commerce

Define the basic content of people’s privacy information and information privacy right in E-commerce, analyze the creating reasons of the problem about people’s information privacy right in E-commerce, point out some protection measures of people’s information privacy right in E-commerce in four aspects, such as to improve people’s safety awareness, to make good external environment of E-commer...

متن کامل

Safe

E-business, information serving, and ubiquitous computing will create heavy request traffic from strangers or even incognitos. Such requests must be managed automatically. Two ways of doing this are well known: giving every incognito consumer the same treatment, and rendering service in return for money. However, different behavior will be often wanted, e.g., for a university library with diffe...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • J. Internet Serv. Inf. Secur.

دوره 4  شماره 

صفحات  -

تاریخ انتشار 2014