International Journal of Computational Intelligence and Information Security, November 2012 Vol. 3, No.

9 ISSN: 1837-7823

Risk Investigation and Security Dimension for E-Commerce

Rakesh Pandey1, Sanjay Agrawal2 Dept. of Computer Engineering and Application, National Institute of Technical Teachers Training & Research, Bhopal, India

Abstract
When we are studied out the E-Commerce services, we can easily find out the security this sector is how much essential. In the field of E-Commerce most of the security issues are arising from the side of user attention. And they become growingly admired on internet and web environment. In this paper we have find out the survey of Risk Assessment in the field of E-Commerce. The information exchange on the network is very important for E-Commerce and this is always a key factor that affects the security of E-Commerce.Many risk assessment tactics are existing, that specialized in different kinds of risk or different areas of concern.Risk assessment is the most important face in the field of E-Commerce, and most of the risk factors and its possibilities in E-Commerce are evaluated by methods of engineering services and terminologies. Basically there are some kinds of risk analysis methods are available for the e-commerce security which measure and calculate the ecommerce security risk. Hence the study of the risk analysis methods and the management strategies are provided an available security skeleton. And this paper present risk analysis measurement and move toward for e-commerce. This paper also adapts the security faces in commercial services. Keywords: e-commerce; security analysis; CIM model; Fuzzy logic, FI model.

1. Introduction
With the continuously changes in on line business development of the e-commerce field the great changes of management circumstance are arising, which involves the traditional risk management confronted with defiances, the ecommerce risk supervision becomes an important issue of theory and practice. The e-commerce security is increasing as well as the on-line business is extended. For creating the safe and convenient e-commerce application environment, the security of information has become the attention of e-commerce.[1] Appropriate to energetic growth of internet technology, e-commerce is becomes the marvelous expansion which based on the network and multimedia technology. The e- commerce is also a public network, such as internet, the online transactions is performed by open computer network, which is fast and effective for the variety of business process. [7] In risk assessment, the most important factor is to decide what a hazard in the workplace is. If the risk is finding to be major enough, protection should be put into place so that the risk is minimized with altogether.[5] Fundamentally the Risk analysis is mainly performed by using risk matrix method the method based on CIM and FI models. E-commerce is faced with various risks. It is important that, you recognize the risks facing your e-commerce system, and the probable crash of any security event. Various kinds of risks are involved in the materialization of e commerce, but also bring new risks in the area of financial services. Lots of standardized norms and experiences are observed by other countries. On the other hand, the research and practice of e-commerce risk management are relatively toward the back, hence making a inclusive security risk assessment for modern days commercial requirements [5].

2. Security risks are faced with e-commerce

Relevant to the sophistication and exposure of the internet, the growth of e-commerce stand on internet is faced with serious security problems. Generally, there are various kinds of security risks as follows:-[5-6]

International Journal of Computational Intelligence and Information Security, November 2012 Vol. 3, No. 9 ISSN: 1837-7823

2.1 Tinkering among the data

The planned destruction or manipulation of data is known as Data Tinkering. Sometime tinkering among the data is not be detected in the outlook. For tinker the data and resources, various techniques are available. Generally Network attackers can easily tinker the data by copy, delete or insert transmitting information in order to damage the reliability of data.[5]

2.2 Risk with data admittance

Data admittance risk is the result of both sides on the data change and removal from the illegal access to the database system and the operational mistakes by the staff in the e-commerce [1].

2.3 Counterfeit with data

A criminal activity which involves burglary of some WEB PAGES and inserting them on your site in order for the site to be placed in a famous site when a search using a search engine is passed out. When attackers master the law of network information or decrypt business information of banks, they can become legitimate users of counterfeit or use fake information to deceive other users.[3]

2.4 Risk with Online Payment

With electronic transactions, protecting card details is the primary security risk. When the customer using cards in shops and over the phone despite the ever-present risk of details being duplicate or stolen. With payments over the Internet, there is more battle towards disclose the card information.[5]

2.5 Communicational Risk

The constituent of communications security that results from the application of measures planned to protect transmissions from inhibit and misuse by means other than cryptanalysis. [8]

3. Risk measurment and investigation methods 3.1 Risk Matrix

Risk matrix is the most instantly and supportive way of risk analysis. The probability of risk and the loss of resources are respectively regarded as the levels of rows columns, with the quantity higher, high, medium, low, and lower. The number at the cross of the matrix shows the risk. Supposing that risk probability and loss quantity are in the lower order from 10 to 0, respectively 10, 8,6,4,2, then the risk is the produce of two factors. Risk investigation matrix is shown in table 1. [5]
PROBABILITY

HIGHER

HIGH

MEDIUM

LOW

LOWER

LOSS DEGREE HIGHER HIGH MEDIUM LOW LOWER 10,10 8,10 6,10 4,10 2,10 10,8 8,8 6,8 4,8 2,8 10,6 8,6 6,6 4,6 2,6 10,4 8,4 6,4 4,4 2,4 10,2 8,2 6,2 4,2 2,2

Table 1: Risk investigation Matrix

3.2 Risk investigation Based on CIM

Fuzzy logic is a form of multi-valued logic derived from fuzzy set theory to deal with reasoning that is approximate rather than accurate. In distinction with "crisp logic", wherever binary sets have binary logic, the formal logic variables might 5

International Journal of Computational Intelligence and Information Security, November 2012 Vol. 3, No. 9 ISSN: 1837-7823 have a membership worth of not solely zero or one that's, the degree of truth of an announcement will vary between zero and 1and isn't forced to the 2 truth values of classic formal logic.[1] Fuzzy logic comes out as a significance of the 1965 proposal of fuzzy set theory by Lotfi Zadeh. Though fuzzy logic has been concerned with too many fields, from control theory to artificial intelligence, It still remains contentious among most statisticians, who prefer Bayesian logic, and some prevention engineers, who prefer conventional two-valued logic.[5]

3.2.1.Trapezoidal fuzzy number

In the domain X, the trapezoidal fuzzy number is as follows:

3.2.2.CIM Model
CIM model (control interval and memory model) is a kind of risk analysis model put forward by American scholars coopor and chapman. There are serial response model and the parallel reaction model, which were correspondingly the serial or parallel some of variable probability distribution. If an event has n risk factors and the occurrence of each factor will separately control the event, then the probability distribution model with n risk factors is called parallel response model.[1]

3.2.3.E-commerce Risk Assessment of E-commerce Based on CIM mode

This is indicated by a perform of the chance of risk event and its impact, that is, R=f (P, I), wherever R shows risk, P the chance of risk event, I the impact of risk incidents. visible of the characteristic of all risk factors in e-commerce of ecommerce, the Central Intelligence Machinery model is applied to e-commerce risk assessment of e-commerce as follows: a) Constructing risk issue sets and judgment sets: Risk issue sets and judgment sets of bank e-commerce ar made, and completely different judgment sets may be established for the incidence chance of risk factors and therefore the impact of risk factors. Assumption that the danger factors set is Fi = (f1,f2,.,fn), i = 1,2,3 and therefore the judgment set is J = (j1,j2,,jm), the qualitative comments within the judgment set ar expressed by trapezoid fuzzy range. [5] b) Quantifying the fuzzy evaluation of risk factors: The expert evaluation method is used to determine fuzzy evaluation of the judgment set of the occurrence probability of risk factors and the impact of risk factors of e-commerce. The fuzzy evaluation risk factors is processed by the fuzzy way to get the probability distribution range and the Impact distribution range, at the same time calculates expectation of individual risk factor judging the individual risk factor.[1] c) CIM Calculation: Central Intelligence Machinery model is employed to calculate the chance distribution vary and also the impact distribution vary of every type of e-commerce risks, by that the expectation of the general risk are often calculated to assess the e-commerce risk.[1]

3.3Risk investigation Based on FIM.

FIM (fuzzy iteration model) is evaluation method that applies composition of fuzzy relation theory and get some quantitative factors used for quantitative analysis which includes single level and multilevel; for such a complicated system of E-commerce multilevel fuzzy iteration model is proposed in this paper.[5]

International Journal of Computational Intelligence and Information Security, November 2012 Vol. 3, No. 9 ISSN: 1837-7823 The step of structure FIM as following: Universe of discourse A is split into Z subsets in step with some attribute, recording as following:

where the Ai = {ai1, ai2, ai3, .., aif } i = 1,2, ., z; f is factor number in Ai. (1) Going single level FIM for every Ai assuming evaluation set B = { b1, b2, b3, ., bm }, set of factors weighing of Ai as follows: Xi = (x1, x2, x3, ., xif)

Evaluation matrices of single issue of Ai is Ri; analysis model of single issue is Xi American state = Bi (i = one, 2, 3, ..f) (2) Regarding each Ai as an element, Bi is regarded one issue to evaluate: during this approach a membership matrices is obtained as following:

Ai in concert a part of A reflects its one attribute. in step with their importance consideration set are often given as following: X = (x1, x2, x3, .xf) : then second level FIM are often obtained as following: XR = B. frequently, 3 levels or structure model are often obtained. [5]

4. Related security issues for e-commerce

According to the survey of e-commerce security applications, its useful to distinguish between client side security issue, server-side security issue, and transaction security issue. In this section, we will take the security system in online banking for example.[8]

4.1 User-side Security Issues:

From the clients point of view user-side security is illustrative the major concern. In general client-side security requires the use of traditional computer security technologies, such as proper user validation and permission, access control, and antivirus protection. With observe to communication services, the customer could what is more need server validation and non desertion of receipt [8]. In addition, some applications may require ambiguity (e.g. anonymous browsing on the web), Following figure 1 is the survey of customer access online banking security setting in banks.

International Journal of Computational Intelligence and Information Security, November 2012 Vol. 3, No. 9 ISSN: 1837-7823

Clint Banks China Merchant Bank Industrial and Commercial Bank of China Agriculture Bank of China China Construction Bank Bank of China Transportation Bank of China

Account Information Security Active Controls General Controls General Controls General Controls General Controls General Controls

Cipher Information Security Active Controls Security Active Controls General Controls Soft keyboard General Controls Soft keyboard General Controls Security Active Controls

Cipher Verificati on Yes Yes

Yes

Yes

No Yes

Figure1. Data based on online banking access

Data analysis shows that the client-side security protection for online banking dose needs improvement. Most banks use single secret message security setting system is defenseless to virus attacks. one in all the necessary characteristic of on-line banking is that it offers safe and customized client service anytime, anyplace and anyhow. Without noise security safety will cause online banking transaction fail. User-side protection is weakest part of online banking service suppliers [8]. The application of encryption to provide validation and isolation of online operation, cryptography offer the beginning for achieving access control, transaction permission, data reliability and liability.[8]

4.2 Server-side Security Issues:

Opposite to that, server-side security is typically the major concern from the view of service providers. Security of Server side requires appropriate client validation and permission, non-refutation of origin, sender ambiguity (e.g., anonymous publishing on the Web), audit trail and liability, as well as dependability and availability. Following Figure2 shows the serverside security system for online banking.

Figure2.Online banking system

4.3 Operational Security Issues:

Operational security is equally important for both the user and server side. Operational security requires various protection services, such as data validation, access control, data privacy, data reliability, and non-refutation services. Therewith, certain application may also require transaction ambiguity guaranties [8]. Figure3 shows the data process of online banking system.

International Journal of Computational Intelligence and Information Security, November 2012 Vol. 3, No. 9 ISSN: 1837-7823

Figure3. Data process with online banking system

5. Risk management tactics for e-commerce

Because of the importance of e-commerce security, it is required for e-commerce to be provided with the complete and effective e-commerce risk management strategy to forecast and control effectively the risk which e-commerce probably are tackled. The tactics are mainly including the following:[1]

5.1 Corporal Security

For the security of e-commerce system corporal security is still must be required. According to the historical examples of corporal security it includes as simple as a locked door or as complicated as multiple layers of armed security guards and guardhouse placement. Corporal security exists entering a person from the side of physical facility. Corporal security can protect computer system, e-commerce server, and transmission links and so on from the different risks.[5]

5.2 Virus Supervision

Virus Supervision is a method which is discovers the viruses from inside the system and shield the system, like the firewall technology is used which afford the security for recognize and control the access to a variety of the viruses and its also perform the excellent work for the regular detection of virus, antivirus and the active protector.[1]

5.3 Data Protection

With the data protection many techniques are available which helps to reducing the loss of data and also protect the stealing of data and damage of data. There for data protection is necessary part of the e-commerce transaction and related data. Due to unauthorised access, data can be defendable. Hance the data protection also is defending unauthorised access of data.[1]

5.4 Defending the Application

With the development of e-commerce application security system, its necessary part to be secure the system, so the attacker cannot directly attack to the application, it defence from the attackers. Hance the protection of operating system can only offer some protection. The developers of e-commerce system have the responsibility to join protection into application in order to provide regions visited by applications with special protection.[5]

5.5 Enterprise of Internal organizational System

The directorial control system is managed by the internal organizational system. The internal organizational system is consisting advancement and preservation of data admittance control and backup system, and request control system. At that time, the security inspection is applied to the complete evaluation of the security of e-commerce system and the prophecy of e-commerce risk. The emergency mechanism and improvement safety measures are deal with the risk of e-commerce system.[7]

5.6 Personnel Training.

Personnel training are advice and guide by a professional trainer which is aware and experience in the areas of proficiency. They can assist user for designing a safe and valuable program to help user for achieve the organizational goals. E-commerce should engage or train this kind of talent to encourage the rapid development of e-commerce system. [8] 9

International Journal of Computational Intelligence and Information Security, November 2012 Vol. 3, No. 9 ISSN: 1837-7823

5.7 Enhancement of Management policies:

With the auditing and evaluation of data security e-commerce must be established the environment for communicating between risk management department and the sector of e-commerce and take some trial to improve the status of different kinds of risk. The risk management department is contains the overall risks like traditional risk, e-commerce security risk and constantly improve the ability to control the different risks is measured by e-commerce system.[7]

6. Conclusion
The security of e-commerce in commercial sectors becomes an important issue. Risk of E-commerce should be expansively implicit, and the necessary measures are taken to minimize the caused damage and prevent unnecessary loss. In this paper we have study of various e-commerce risk investigation and security dimension such as risk matrix, control interval and memory model and fuzzy iteration model. And we have analyse some security problems such as correctness of matrix values, also analyse some serious computational complexities in security dimension. Hance we are proposed a new technique for risk investigation of E-commerce.

Acknowledgement
The Success of this research work would have been uncertain without the help and guidance of a dedicated group of people in our institute NITTTR Bhopal. We would like to express our true and sincere acknowledgements as the appreciation for their contributions, encouragement and support. The researchers also wish to express gratitude and warmest appreciation to people, who, in any way have contributed and inspired the researchers.

References:[1] Li Bo, Xu Congwei, (2009) E-commerce Security Risk Analysis and Management Strategies of Commercial Bank, international forum on information technology and applications., IEEE computer society. [2] Yao Youli, Liu Jie, Jia Quan,Risk Assessment Model for E-commerce Security based on FCE proceeding of the 2009 international symposium on web information system and applications (WISA09). [3] Limin, Fei Yaoping A layered network evaluation method [j]. Microcomputer developing. 2003,13(6):pp106108(chinese) [4] Hua Liming, Wang Hua. Multilevel fuzzy evaluation method for network security [j]. Liaoning Engineering Technology University Journal.2004,23(4):510-513.(chinese) [5] Rizwan Beg,R.K.Pateriya,S.C.Shrivastava Risk Assessment for E-commerce Security based on Fuzzy Iteration Model [j]. International journal of computational Intelligence and Information security, july 2010. [6] Li Bo, Xu Congwei, E-commerce Security Risk Analysis and Management Strategies of Commercial Bank, international forum on information technology and applications.2009, IEEE computer society. [7] Yuanqiao Wen, Chunhui Zhou, Juan Ma, Kezhong Liu, Research on E-Commerce Security Issues, international seminar on business and information management,2008, ieee computer society. [8] Lu Tao, Lei Xue, Study on Security Framework in E-Commerce, 2007 ieee. [9] Wang Liping, Study of the Electronic Business Security Risk Management in E-Commerces, journal of Zhongnam university of electronic and law, 2007,(1) pp,75-78. [10] Luis Navarrow, Information Security Risk and Managed Security Service, information security technical report, 2001, 6(3) pp. 28-36. [11] Nie Jin, Lei Xue. Chiness Online Banking Security Analysis. The fifth wuhan international conference on ebusiness. Volume I, 2006, pp. 662-665. [12] Zhao Yiyao, Wang Shiping. Security evalution model for E-commerce based on PRA [j]. Computer Engineering and Design.2008 29(17): 4420-4422.(chinese)

10