Proceedings of IEEE CCIS2012

E-COMMERCE TRANSACTION SECURITY MODEL BASED ON CLOUD COMPUTING

Wasin Treesinthuros

Graduate School of Computer and Engineering Management, Assumption University of Thailand, Bangkok, Thailand

P5319426@au.edu

Abstract: A number of security issues arise from the development of the electronic commerce sector (e-commerce). The absence of ample security can lead to the spread of malicious agents over the internet without any form of restraint. Business activities can end up becoming chaotic if the internet is invaded by such malicious hosts. Consequently, e-commerce aims to come up and institute a safe and efficient transaction environment, which would ensure that businesses continue in a safe environment. This paper gives a summary of the security needs and also suggests a model that would resolve such security issues.

Keywords: Cloud security; E-commerce security; E-commerce transaction

1 IntroductionArguably, electronic commerce services have become a common phenomenon on the Internet. Numerous businesses and consumers are increasingly pursuing their transactions online due to its low cost and extensive coverage. However, before this venture attains its maximum gains, there is a pressing need to resolve matters dealing with security and e-commerce trust. According to Beard [2], examples of how businesses use e-commerce including online gaming, Pay-TV, distance learning, online banking, online shopping, virtual casinos and video-on demand. However, many customers and businesses take precautions before fully participating in e-commerce and the chief barrier is security. Increased stories and incidents of hacker attack on consumer data privacy and e-commerce sites fuel this insecurity. This paper seeks to investigate these e-commerce security setbacks and propose models that aim at curbing this menace.

2 E-commerce trasaction securitySecurity concerning the application of e-commerce includes transaction issues, server-side security concerns and client-side security concerns. Firstly, client side security entails using conventional computer security technologies like anti-virus protection, access control as well as proper user authorization and authentication. In terms of communication, the client will need things such as non-repudiation of receipt and server authentication. Some application may even call for anonymity while browsing the internet. This applies to cases involving online banking. Without adequate security, online banking transaction will cripple. There is a need for

strong cryptography and encryption for sound security protection.

Secondly, server-side security entails accountability, availability, reliability, audit trail, client authorization and authentication, as well as sender. This security concern mostly affects the server provider. The last of them all include transaction security concerns. This security concern affects both the server’s and client’s side. Transaction security entails a number of security services including data authentication, data integrity, data confidentiality, access control and non-repudiation services. Additionally, other applications may call for guarantees when it comes to transaction anonymity.

The Figure 1 shows the example of Chinese server side security system.

Figure 1 An example of Chinese server side security system

While there are examples of functional e-commerce security models, they are not well distributed or well known. Network security technologies go towards addressing physical security threats, communication security and access control [6].

2.1 Access controlPhysically, access control refers to the practice of limiting entrance to a room, building or property to any authorized individual. Physical access control is possible using human such as a receptionist or guard, technologies such as card access, or mechanical means such as keys. A number of technologies can help in controlling access tothe Internet and intranet resources. Ahuja [1] agrees that access control incorporates audit, authentication, and authorization. Additionally, it includes instituting physical devices such as hidden paths, metal locks, social barriers, automated systems, human monitoring, digital

___________________________________ 978-1-4673-1857-0/12/$31.00 ©2012 IEEE

Proceedings of IEEE CCIS2012

signatures, biometric scans as well as the use of encryption.

By definition, subjects refer to entities that work in access control systems while objects are those that represent resources that access needs some degree of control. Both objects and subjects are software entities and not human users. Human users need to use the software entities that they control to have any effect on the model or system. Access control models offer the necessary services including authentication, identification, accountability and authorization. Authentication and identification verify those who can enter a system as well as the alliance of users together with the software subjects they could control. Accountability pinpoints what subjects did while authorization decides what subjects can do.

2.2 Communication securityThe usefulness of electronic communication makes security a crucial matter affecting the development of electronic commercial activities. Communications have to be reliable, have to guarantee confidentiality, and offer accessibility on a high level. Communications security includes measures taken to rebuff unauthorized individual’s data from telecommunication. Such a move guarantees the continuity in such telecommunications.

Communications security entails transmission security, crypto security, physical security, emission security and traffic-flow security of COMSEC paraphernalia. Crypto security is from providing cryptosystems that are technically sound, for instance upholding messageauthenticity and confidentiality. Emission security is a protection from every measure directed towards rebuffing unauthorized individual valuable information that might be from compromising risk from telecommunication systems, computers or crypto-equipment.

2.3 Physical securityPhysical security stems from all physical steps meant to secure classified documents, equipment and materials from observation or access by unauthorized individuals. Traffic-flow security includes steps taken to cover up the present or information of legal messages on any network. Schneier [10] states that protection emanates from features in any crypto equipment that covers up the presence of legal messages on any communication circuit. This is possible by making the circuit look busy all the times. Transmission security refers to a constituent of communications security from application steps taken to secure transmissions from exploitation or interception by illegal means.

The entry of the Mobile Agent technology has also sparked a new revolution in the realization of e-commerce. It is independent, responsive, mobile and adaptable to e-commerce. However, there is still a need for further studies on e-commerce security technology that aligns to the Mobile Agent. There are a few security concerns in using this model. Dan & Roger [3] argue that industry analysts have also raised the issue of trust as one of hurdles to e-commerce expansion. In an abstract, trust refers to the degree to which a party measures the ability and willingness of the other party to act in their interest. Nonetheless, the idea of trust differs

in various contexts. Salam & Iyer [9] identify two categories of trust computing: security-based and non-security-based trust computing. In addition, security arises as a trust issue.

Looking into security-oriented trust computing, the issue of trust gives a mechanism that improves security thereby taking care of issues dealing with access control, authentication, privacy and authorization [13]. Trust is the extent to which a target object is seen to be secure. The evaluation of reputation-based trust resonates with non-security-based computing. This means a service will have a good reputation after building up good quality services over some time. Evaluation depends on customers’ ratings.

3 Cloud computingCloud computing refers to a novel high-tech product that has come with the internet revolution with numerous development venues. Cloud Computing presents a reliable structure and extensible security model that play a crucial role in guaranteeing security in the world on the Internet. Gillam [5] sees cloud computing as a revolution in the technology world; it will change the way business models work. Combining cloud computing together e-commerce will influence enterprises in an immense way.

Applications that depend on cloud cost less and can run for numerous days or weeks. Arguably, numerous businesses run a number of apps in the cloud including accounting, HR, customer relationship management (CRM) and many more. Services in cloud computing are scalable ad mostly virtual. To a user, the information they use gets stored on other computers, they can get access to it at any place and whenever they want.

3.1 Characters of cloud computingCloud computing empowers the end users with computing resources. It places the provisioning of the resources in the control of the users. Agility is enhanced once users are capable or re-provisioning technological resources.

Cloud computing possesses applicable programming interface (API) accessibility to any software. This allows machines to network with cloud software in the same manner as it happens between computers and humans. Moreover, the low cost limits barriers to enter the model.

Cloud computing possesses device and location independence, which allows users to use web browsers to access systems without considering the device or location.

The multi-tenancy in cloud computing means it is easy to share costs and resources across many users. This allows centralization of infrastructure in places that are cheap, increase in peak-load capacity, as well as improvements in the efficiency and utilization of systems to the maximum.

Cloud computing will help in disaster recovery or business continuity if redundant sites become busy. It will also monitor performance and construct coupled with architectures that are consistent and loose. Centralization of data in cloud computing gives room for improvement

Proceedings of IEEE CCIS2012

regarding security matters. Moreover, maintaining an application in cloud computing is easy since it does not call for an installation on each computer being used.

3.2 Influence of cloud computing upon e-commerceCloud computing can improve the security of e-commerce application and business enterprises. More than before, the scale of business enterprise is tremendously huge. Notably, cloud computing can present the data involving safety saving center and credibility for businesses. One can use cloud computing in calculating the enterprise since it saves the data in the clouds. Businesses should not worry about security any more [15].

Miller [7] also says that cloud computing has the capacity to improve the profession and vividness of business enterprise and application of e-commerce. Cloud computing can offer an e-commerce system that is dependable. Within the cloud, clients can buy these services in the form of infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), or even software-as-a-service (SaaS). There are two architectural modes representing the clouds. The first type provides extra computing instances on demand (for example PaaS and SaaS).

Figure 2 Cloud form diagram

The second type provides compute-intensive and data application through the scaling capacity. According to Zhao [14], integrating e-commerce with cloud computing will offer e-commerce an opportunity to develop and progress towards a positive direction.

4 E-Commerce application model based on cloud computingThe first includes management and operation based on cloud computing. E-commerce enterprises can flexibly process data during its management and operation. Toby [12] states that cloud computing can be helpful in realizing the automation of application solutions without minding where the equipment resources are. However, there has to be a demand in the calculation and knowledge about storage.

The second is building a novel program of e-commerce software system. By using the cloud platform, businesses can employ e-commerce software system as needed and pay depending on the service time as well as the magnitude of resource occupation. All these end up

cutting down the cost. The software versions are the latest, and do not require labor to maintain them.

The third includes realizing cloud marketing. It is essential to offer optimal proposal and intelligent analysis of marketing in order to realize cloud marketing. Nonetheless, it should be based on a strong background data. Enterprises should solely focus on the middle sector if they intend to reduce the operation cost.

The fourth includes facilities rental based upon cloud computing. Service providers take apart the equipment before repacking them with the intention of renting to e-commerce in a calculated way to collect rents. This would give room to these businesses to focus on their core enterprise process.

The next is supply chain management based on the cloud computing. Cloud computing brings with it secure and consistent service of data calculation and storage, which then adjust the demand for terminal equipment. This whole process enhances the sharing of data and distribution of resources equitably to every user. Cloud computing concurrently offers nearly unlimited space and service whenever the client requests for it.

The last includes mobile e-commerce based on cloud computing. A cloud system that is hugely distributed greatly enhances the processing ability and calculation competence. Therefore, users should not worry about service security or issues dealing with data transmission and information processing [4].

4.1 ConcernsDespite all the hype about cloud computing, a number of issues still hinder business from utilizing its full potential. Qiao [8] argues that the relationship between e-commerce and cloud computing is not yet mature; therefore, it calls for a lot of test practice. Currently, a number of issues still need quick solutions.

4.2 Security concernsIt is easy to use cloud computing model to solve traditional security issues like information integrity, legitimacy of authority, authenticity of identity, as well as repudiation. Nonetheless, issues that still need solutions include network security and confidentiality of information. Additionally, other novel issues keep popping up now and then.

4.3 ChallengesSome e-commerce companies still think that it is a risk to entrust the job to a third party element. Going overboard, however, will pose a greater risk than positive gains.

4.4 Cloud data securityThis includes confidentiality of privacy and data security. While many other concepts like public cloud, private cloud and mixed cloud have been proposed and put to practice, their effectiveness has not been fully verified yet.

SaaS

PaaS

IaaS

Cloud Application

Cloud Platform

Proceedings of IEEE CCIS2012

5 The standard provided by cloud computing servicesArguably, cloud-based e-service model still has room for growth. There is a need of an integrated industry standard to promote and use newly developed models.

5.1 Regulatory issues of servicesIn cloud computing environment, cloud service providers handle issues dealing with maintenance, data storage, information processing, security and other works. This means that the position of the service provider handlingthe data will be compromised. Therefore, issues that need to be urgently addressed include regulation of their services, control of behavior, and monitoring of providers.

5.2 Lack of govening laws and regulationNow, there has been a lack on corresponding laws or regulations to control or put in order necessary e-commerce activities. Some of the problems affecting cloud computing environment could be solved with laws and regulations put in place.

6 ConclusionsIn conclusion, a lot of research is still going on regarding the security of e-commerce. Security engineering is all about ensuring that everything goes well in front of an intelligent and malevolent antagonist who wants to commit fault every time. There is a lot of issue concerning the security in e-commerce. According to Tim [11], a secure product does not necessarily imply that it is functional. Security cannot be viewed by the user. It is also very tough to market. For instance, bad cryptography may just look like good cryptography; it is not easy to notice the difference even by experts. Most e-commerce models are still under exploration ad application; therefore, a lot of research will do justice.

References[1] Beard, H. (2008). Cloud computing best practices for

managing and measuring processes for on-demand computing, applications and data centers in the cloud with slas. Retrieved from Lulu.com.

[2] Li, J. & Chen, H. (2011). Design of a geological cloud system based on cloud. Computer Engineering & Science 06.

[3] Ahuja, V. (2000). Building trust in electronic commerce. IT Pro, 61-62.

[4] Schneier, B. (1996). Applied cryptography. New Yotk: John Wiley & Sons.

[5] Dan, S. & Roger, C. (2010). Privacy and consumer risks in cloud computing. Computer Law and Security Review, 26, 391-397.

[6] Salam, A. & Iyer L. et al (2005). Trust in e-commerce. Commun. ACM, 48(2), 72-77.

[7] Wang, L. & Guon, Y. (2009). Trust modeling and evaluation in e-commerce system. Computer Engineering, 35(10).

[8] Gillam, L. (2010). Cloud computing: Principles, systems and applications. London: Springer.

[9] Zhao, W. & Geng, Q. (2010). Application of cloud computing to GIS model. Geospatial Information 6.

[10] Miller, M. (2008). Cloud computing: Web-based applications that change the way you work and collaborate online. New Jersey: Que Publishing.

[11] Zhao, W. (2011). Cloud computing: Analysis of the core technology. Posts & Telecom Press.

[12] Qiao, W. (2010). The lacks of cloud computing applications and recommendations. Computer Knowledge and Technology 16 .

[13] Toby, A. (2009). Cloud computing, A practical approach. New York: McGraw-Hill Prof Med/Tech.

[14] Franklin, B. (2009). Cloud computing: Technologies and strategies of the ubiquitous data center. Florida: CRC Press.

[15] Tim, M. (2009). Cloud security and privacy: An enterprise perspective on risks and compliance. New York: O'Reilly Media Inc.