Abstract

We propose new security architecture, called Fail-Safe Security Architecture (FSSA), which eliminates, or at least minimizes, the chance of privacy leaks for e-commerce customers, protecting their privacy even for the worst cases: the security administrators of the e-commerce servers convert to attackers or the merchants servers are hijacked by external attackers, giving the attackers full access to anything in the servers. FSSA is based on a security design that allows each party to access only the information necessary to perform their business and it makes sure no party, except the customer and the law enforcement authority, has access to the complete information of customers privacy. We analyzed the types of the security threats FSSA covers. The results of our analyses indicated that, FSSA protects customer privacy against the internal attackers (converted administrators and full hijacks), as well as the known security threats by external attackers of eavesdropping, replay, masquerading, man-in-middle, and traffic analyses, except denial of service attacks. Our performance studies suggested that the cost factor of running FSSA is 1.8 (1.8 times more computational power) to achieve the same response time and transaction throughput compared to the existing architecture, where there is no protection against the customer private information leaks.