Providing practical solution for increasing security in e- commerce

ISSN 0976-2612, Online ISSN 2278–599X, Vol-7, Special Issue-Number5-July, 2016, pp988-992 http://www.bipublication.com

Research Article

Providing practical solution for increasing security in e- commerce

Ghahramankhani. Behnam1 and Akram Amiri2

1

Department of Computer Engineering, Faculty of Engineering, University of Science and Research Branch, Tehran, Iran.

2

Department of Electronic Engineering, Faculty of Engineering, University of Zanjan, Zanjan, Iran.

[Received: Accepted: Published:]

ABSTRACT

Despite all of the benefits that are associated with e- commerce, online transactions and communications provide larger vehicles for abuse of technology and even criminal acts. So using of electronic commerce need to create a secure environment for doing online transactions and communications for preventing abuse through informational and computer systems. The best way for creating this secure environment is identifying security threats and ways to combat with existing of these threats. This study examines the security threats. So the security protocols of SSL, S-MIME, SET, and PKI have been studied in details. In addition, several practical solutions have proposed to increase the public confidence and trust in electronic commerce and increase data security.

Key words: electronic commerce (e-commerce), security, security threats, online communications, security solutions.

1. INTRODUCTION

E-commerce is based on processing and transferring data including text, sound, and image[1]. E-commerce has various activities such as electronic exchange of goods and services and instant delivery of digital content and electronic transmission. Applications of e-commerce are broader than exchange of goods and services and funds. E-commerce has many benefits and features including globalization of trade, removing limitation of time and place, reducing the price of resources to buy, increasing the percent of sale, easy access to necessary information, significantly reducing of transaction costs, reducing the time costs of transactions and etc[2]. Developing e-commerce requires create public's confidence and trust in this type of trade[3]. Given that, the buyers and sellers do not know each other and even can't see each other; this confidence should be done by ensuring security and reliability of interchanging

electronic data. So, one of the most important issues in the information technology area is security of information technology. This paper examines security threats and gives ways for increasing security of information. This paper has been set in six sections: the second part defines security of information technology and security factors, the third part defines types of threats and risks of internet , the fourth part identifies security tools and protocols, the fifth part pays to security ways and the sixth part is paid to summary and conclusions.

2. SECURITY OF INFORMATION TECHNOLOGY:

returns to protect of information during the saving or processing of it by computer that can be put in a network.While security of communication returns to protect information during transmission between computer systems and networks [4]. In the following, we are paid to investigate the security of communication. Security threats can be placed in two following categories[5]:

Technical: software and knowledge –based systems, viruses, worms.

Nontechnical: human oriented like by phone, computer oriented like sending an email – chat rooms.

2.1 Security factors

In order to achieve a proper safety security services must have the following features:

Authentication: a process that verifies the identity of individuals and organization in internet.

Authorization: a process that by examining the qualification of people, allowing them to access to the resources.

Auditing: a process that allows IT personnel to identify visitors.

Confidentially: privacy information of people should not provide for people without a license.

Integrity: the information should not be changed without authentication and access.

Availability: the users at any time can access to pages, information and services.

Nonrepudiation: when receiving and sending information or service, the performing person or receiver can't deny it[6].

3. THREATS AND RISKS OF INTERNET

Security of communication due to its widespread is very important. One of the most important parts of communication security is security of network and internet. Because, the computer and internet in a short time have been able to prove their Presence all areas of human. Presence of great revolutions in communication, buying and selling goods, electronic equipment is examples in this area. Internet, despite all the positive aspects has extensive sum of security risks and threats that

some of them are very serious and important and some of them are less important. The most important risks that threat users of e-commerce are include: illegal copy, creating change and manipulating the information, publishing information, a change in the appearance of the site, demolition of databases, send and spread viruses, creating access and defining new users[7]. To avoid of these risks, we need to use security tools. In the following, we are paid to examine of security tools.

4. SECURITY TOOLS IN E-COMMERCE:

There are many security tools that can be used according to significant of data. The most important security tools are include: software and hardware firewalls, digital certificates, digital signatures, PKL, Coding software , biometric, retinal scanner, finger print, sound/voice, etc[8]. in the following , we examine the security protocols of security factors suppliers.

4.1 Protocol of PKI

Protocol PKI1 [9] provides confidence in digital environment. PKI is based on digital certificate (digital certificate equivalent digital certificate to a passport that is used in physical world). Digital certificate is for verifying the nature of person or institution that plays a role in communication and causes digital transactions. A certificate-based system provides security services of authentication, data integrity, confidentially and non-denial. The main components of PKI are including registration authority and certificate authority (figure 1). Registration authority has the task of authentication and registration of new users and request certificates for them. Certificate authority according to demand made by registration authority has done issue and send them. A model of PKI also includes: policies, procedures and contracts that determine the issuing of certificate, reissuing and revocation of certificate. Applications that support the PKI, can manage of user certificates and production of

1

digital certificate on PC, mobile phones and so on.

Figure (1): Protocol PKI

4.2 Protocol of SET

SET1 [10] provides a payment protocol in level of communication network between buyer, seller, and bank and payment gateway. SET is a security description and open coding for protect electronic transaction conducted over the internet that enables the users to use of secure credit cards in an open network such as internet. To use this protocol, the person should have a credit card and seller should have a certificate. These certificates are issued by a certificate authority. On the side of buyer, should be installed a software of SET and a credit card account should be opened that supports the SET and provides the require certificate. The seller should also install the software and put it on the web in combine it with web-based software for using of customers. The software used by seller is a bit more complex because requires to communicate with both parties of buyer and payment gateway. SET creates a transaction between the customers like the owner of credit cards , banks , commercial party, organizations of processing payment of money and certificate authorities and it has all of the require facilities for transactions of credit cards on the internet such as privacy of information, data integrity, authentication of credit card holder and authentication of commercial party.

4.3 Protocol of S-MIME

1 _{Secure Electronic Transaction}

S-MIME2 [11] is a protocol that adds a digital signature and coding to internet messages of MIME. MIME is a proposed standard format for e-mail. E-mail messages contain 2 parts: title and body. Title part is sum of pairs of field/value that provides necessary information for conveying messages. Body part usually is without structure unless the e-mail is in format of MIME. MIME determines how to define body of e-mail in structured form. The MIME format allows using improved texts, graphic, sound, etc. in the e-mail messages. The purpose of S/MIME is inserting digital signatures and coding body part of MIME. Recently, S/MIME has been approved by number of large company such as connect Soft, Frontier, FTP Software, Qualcomm, Lotus, Microsoft, Wollongong, Banyan, NCD, Secure Ware, Netscape, Verisign, Novell.

4.4 Protocol of SSL

Protocol of SSL3 has been developed to provide security and privacy over the internet[12]. This protocol supports the authentication on the side of service provider and client. The protocol of SSL maintains the security and integrity of transmission channel by using coding, authentication and authentication codes of message. Protocol of SS includes 2 steps: such as authentication of service provider and client. Of these, the second step is optional. In the first step, the server in response to client request sends its authentication certificate along with its favorite cases for coding, then, the client generates a master key and sends the coded master key to the service provider. The service provider retrieves the master key and justifies itself by restoration a message that coded by master key. The next data is coded by the keys derived from this master key. In the second step, the service provider sends a command for identifying to the client. The client on the identifying command that received generates itself digital signature and sends it along with its authentication certificate of public key to the service provider.

2

5. PROVIDING PRACTICAL SOLUTION FOR SUPPLYING SECURITY OF E-COMMERCE

In the following we provide some ways for protecting information to users of e- commerce. 1. In the following we provide some ways for protecting information to users of e- commerce. Selecting a password that it is not easily available. A good password should be at least more than 6 characters and be a combination of small and capital letters, numbers and special characters such as $,#. The password should be chosen that is not easily forgotten. Creating a good password requires different methods so that jobber people can't guess or access to it. One of the best ways to create a secure password is using Lastpass software. This software is a tool for managing your passwords. In addition to this enables you to combine numbers, letters and special characters for secure passwords. For most people that speak Persian this happened that you want to type Persian but you take a mistake and don't change the keyboard language and see that much English character aligned together that have no special meaning. The same method can be used for creating password. In this way, you type a sentence or a poetry or something that is in your mind and not forgettable without changing a keyboard of board in to the Persian language. The result is strange and very secure password. If combine this method with number and special characters you will get a nearly impenetrable password.

2. One of the largest mobile threats are malwares that apparently similar to programs of mobile bank but in fact is a malware that is able to steal users account information or it may be a malware like that with absence of necessary security mechanisms make banking information of people at risk. To avoid this risk, it is recommended that receive the application of mobile bank from main bank. So that, they determine a serial for application that user can able to receive serial by entering a special code like account number. Also

activation code of mobile bank is unique for every user that this code can be receive via SMS. 3. For credit cards issue a serial that have 16 numbers at the time of delivery and this cod is requested when the card is use either physically or online. This prevented fake of credit cards. 4. For ATM machines and card readers should be provided a fingerprint recognition section. That is, the bank when opening account receives a finger print from customer and records it in the banking system. The customer when using a credit card, should enter fingerprint, if it matches with fingerprint that exist in banking system, the pay continues otherwise the pay canceled. This prevents the copying of the card. For enough ensure, we can fingerprint of other fingers so when one of them was injure, use another fingers. 5. When opening an account, we can ask some secure questions and record answer of them in system. During online payment, after entering card information, it should ask one of the security questions that if answer be correct, the pay operation will continue. Note that the answers to security questions should not be guess.

6. When opening an account, receive an email from person that as online payment after entering information of credit card you receive a massage from payment gateway with this content that complete the process of purchase with click on send link to your email. In that, if payer of email is holder a card it able to do online shopping. This prevents fictitious purchases.

7. Payment gateway should design in such a way that after entering card information, it requested a code that now it was sends to user via bank. The bank can do this by receiving the cost of SMS. 8. According to the accounts, different security layers to be design the security layers also should be increased.

9. Using a system for validating address and card. Activating a system for validating address and need to verification card for deals causes decrease of fabled costs.

suspicious transactions through the same address of IP, as the user receives an alert and knows some one else using your account.

11. We are recommended to people who are into e-business and have web site that regularly monitoring on your website and ensure that who is holder of your site. Always using a tool for analyzing traffic of your site. This is equation of installing camera in store in the real world. The tools such as Woorpa or Clicky allow you to see how the visitors interact with your website. It also enables you to detect suspicious behaviors and receive an alert on your mobile and thus prevent the suspicious behaviors.

12. Selecting a shopping cart that record in management part of store and it has the ability for blocking IP of users.

6. CONCLUSION

Since, in the e-commerce, buyers and sellers do not know each other and even can't see each other, maintaining security of data is very important as a way of attracting confidence of customers into the e-commerce. This truth/ confidence must be performed by ensuring security and reliability of electronic data interchange. The purpose of security is protection of data (messages, documents, and other data transmitted) against threats and unauthorized persons in the context of electronic transactions. The best way for creating a secure environment in e-commerce, investigating problems for creating security and providing practical solutions instead of theoretical studies. In this paper, we investing and identifying the security needs and threats and vulnerability of e-commerce system with practical technology. As well as technologies such as PKL, SET, S-MIME and SSL were introduced for creating a security system. Several practical solutions were proposed for increasing confidence and security of e- commerce. From sum of proposed solution, it can be concluded that the best way for creating a secure environment in data exchange are different levels of security.

7 RFERENCES

1. Turban.E, Leidner, M, Dorothy.E, and Wetherbe, Jm(2008), "information technology for management transforming organization in the digital economy" Wiley,6th Edition. 2. Nili, H. and Boulhasani,H.R.(2007), "

Examining the applications and effects of e-commerce in development of export" National conference on e-commerce.

3. Heydari, M.(2005)" Evaluating security threats in the field of e-commerce" the third Conference of ISC, Sept.

4. Nada. M.A and Slamy. Al(2008)," E-commerce security" Alzaytoonah university MIS Dept. Amman, Jordan 962, IJCSNS International Journal of Computer Science and Network Security, 8,5.

5. SENGUPTA.A,(2005)," e-Commerce security –Alife cycle approach , " Center for Distributed Computing , Kolkata, India , pp.119-140.

6. Torabi.M and Zamani.K, (2010),"Mobile Banking and its security issues" 5th international Conference on e-Commerce in Developing Countries: with focus on export. 7. Wang.R, and Chen.Sh, " How to shop for free

online security Analysis of Cashier-as-a-Service Based Web Stores," IEEE S&'11 proceedings.

8. Tourabi,M and Zamani, Z.(2013), Analysis of security challenges in e-commerce and how to fight with it"8th conference of scientific development, Mashhad, Iran.

9. Benantar.M,(2001)," The Internet public key infrastructure" IEEE Journal IBM Systems,40(3),648-665.

10.Wang.Ch,and Leung.H.F, (2005),"Mobile agents for secure electronic commerce transactions with privacy protection of the customers, Technology, Commerce and e-Service," EEE'05. Proceedings international Conference on IEEE, pp.530-535.

11.Severance. C, and Borenstein .N,(2014), "Multipurpose Internet Mail Extensions (MIME), IEEE Computer Society", 47 (5), 9-11.