Abstract hard security [4] and is unable to detect

 

Abstract – In today’s digital era Internet has
become an important business medium and there are growing number of
participants engaging in electronic commerce (E-commerce) .The use of e-payment
system for electronic trade is on its way to make daily life more easy and
convenient. Contrarily, there are a number of security issues to be addressed,
user anonymity and fair exchange have become important concerns along with
authentication, confidentiality, integrity and non-repudiation.Consumers are
reluctant to conduct business over Internet due to concerns about trust and
trustworthiness of participating entities. Protection with security services,
such as authentication, is referred to as hard security and is unable to detect
entities that will act deceitfully or provide misleading information after
(legally) entering the e-commerce system. Therefore, additional control
mechanisms should be deployed. The primary intention of this paper is to design
and develop a technique for DoS attack detection in the e-commerce applications
based on two mechanisms, namely authentication and authorization. The security
will be offered using the hashing function and Elliptic Curve Cryptography
(ECC) to show the robustness of the security protocol against various attacks.
Once the user and the server are authenticated, the authorization will be done
to mitigate the DoS attack during the e-commerce transactions.

 

Keywords – DOS; ECC; E-commerce; GSO; SVNN; Trust
and reputation.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

                                                                                                                                                          
I.      
INTRODUCTION

Cloud computing
emerges as an attractive model because it offers relatively unlimited computing
and network resources. The cost mainly depends on the usage and demand. The
resulting on-demand model of computing allows providers to achieve better
resource utilization through statistical multiplexing and avoids the costs of
resource over-provisioning through dynamic scaling 1. While the economic case
for cloud computing is compelling, the security challenges it poses are equally
striking 2. Trust and trustworthiness of participating entities is main
concern for consumers doing business over Internet 3. In order to protect
entities against malicious ones, security and trust mechanisms should be
deployed. Protection with security services, such as authentication, is referred to
as hard security 4 and is unable to detect entities that will act deceitfully
or provide misleading information after (legally) entering the e-commerce
system. Therefore, additional control mechanisms should be deployed to provide
protection against such type of threats. Such mechanisms are referred to as
soft security mechanisms 4, of which trust and reputation management systems
are among the most important 5.

Based on the
fact that computation, storage, and network resources are shared in the cloud,
adversary may take advantage of this sharing environment to launch attacks
against the confidentiality, integrity, availability, and accountability of the
service. Denial-of-service (DoS) attack now is a major security risk in cloud
computing environment. Cloud security alliance has pointed out those DoS ranks
fifth among cloud threats in the year 2013 6 2. In a denial-of-service
(DoS) attack, a malicious client (called the attacker) performs operations
designed to partially or completely prevent legitimate clients from gaining
service from a server (called the victim). DoS attacks are common and can cause
significant losses 7. Distributed denial of service (DDoS) attack is a form
of DoS attack which slowdowns the server in responding to the client/refuses
the client request. Now-a-days, the impact of DDoS attacks on internet security
is growing excessively. In general, this type of attack is launched explicitly
from a collection of compromised systems known as botnet by an attacker. The
main goal of such attack is to exhaust server resources such as CPU, I/O
bandwidth, sockets and memory etc. As the result, the resources available to
other normal users/clients get limited or sometimes may not be available. The
recent familiar victims of DDoS attack are explored in 8 and 9 and
strategies for successful attack mitigating are explored in 1011.
Therefore, existing defenses against such attacks are weak and not widely
deployed 6.

                                                                                                                                              
II.      
LITURATURE SURVEY

In recent years, many authors have presented computational
models of trust 12 13, in order to develop trust and reputation management
techniques. Trust and reputation management systems represent a method to