Volume 4 - Issue 2
Fail-Safe Security Architecture to Prevent Privacy Leaks from E-commerce Servers
- Hiroshi Fujinoki
Southern Illinois University Edwardsville Edwardsvill, Illinois, USA
hfujino@siue.edu
- Christopher A. Chelmecki
Southern Illinois University Edwardsville Edwardsvill, Illinois, USA
- David M. Henry
Southern Illinois University Edwardsville Edwardsvill, Illinois, USA
Keywords: e-commerce security, security against insiders, prevention of privacy leaks, confirmation of delivered products in e-commerce, network application security
Abstract
We propose new security architecture, called Fail-Safe Security Architecture (FSSA), which eliminates,
or at least minimizes, the chance of privacy leaks for e-commerce customers, protecting their
privacy even for the worst cases: the security administrators of the e-commerce servers convert to
attackers or the merchants servers are hijacked by external attackers, giving the attackers full access
to anything in the servers. FSSA is based on a security design that allows each party to access only
the information necessary to perform their business and it makes sure no party, except the customer
and the law enforcement authority, has access to the complete information of customers privacy.
We analyzed the types of the security threats FSSA covers. The results of our analyses indicated
that, FSSA protects customer privacy against the internal attackers (converted administrators and full
hijacks), as well as the known security threats by external attackers of eavesdropping, replay, masquerading,
man-in-middle, and traffic analyses, except denial of service attacks. Our performance
studies suggested that the cost factor of running FSSA is 1.8 (1.8 times more computational power)
to achieve the same response time and transaction throughput compared to the existing architecture,
where there is no protection against the customer private information leaks.