Optimizing Security Mechanism for Electronic Commerce (Preliminary Report) XiaoFeng Wang Pradeep K. Khosla Department of Electrical and Computer Engineering Carnegie Mellon University Ramayya Krishnan Heinz School Carnegie Mellon University Abstract The benefits of a security mechanism should be weighed against its cost to maximize system utility. However, traditional hard security techniques (cryptography) consider only the worst-case situation thus complicating security mechanism for electronic commercial transaction. On the other hand, though some soft security alternatives (game theoretic incentive engineering based on reputation mechanism) are attempted to realize less expensive self-enforcing security by engineering players’ incentives, they tend to be either computationally intractable or sub-optimal. In our research, we consider the mechanism combining hard and soft security together to optimize the security strategies for the players in the Internet trading scenario. An example presented in this preliminary work is an approach to protect mobile trade agent from malicious merchant hosts. By using game theoretic model and non-repudiation tracing method, the mechanism provides an equilibrium strategy for consumers to protect their agents. Further investigations are made to investigate the possibility of pushing this Nash point to approach an optimal point by driving merchants’ incentives. This approach is trying to keep the optimization and stability of the security strategy during the evolution of players’ intentions. 1. Introduction The worldwide expansion of network access is driving an increase in electronic trading activities. Both merchants and customers can benefit from the vast amount of commercial information online and convenient communication channel. However, such open trading environment also brings in great security challenges. Under the chaotic and uncertain Internet, a trader would find difficult to know his perspective partner’s identity, to say nothing of protecting himself from being deceived. Traditional approach to this problem is to use cryptography techniques. Security protocols help establish that the party you are dealing with is authenticated and authorized to take various actions. They also guarantee the integrity and confidentiality of the data in order to detect possible violations of the trading agreements and non- repudiation of activities to trace the malicious breeders. Some security commercial transactions, such as SET [1], have already been implemented in the electronic commerce. Other lower layer protocols such as PGP, IPSec and SSL are also widely used in commercial activities. A major problem of the cryptography approach (we call it hard security) is its cost. Hard security usually considers the worst-case situation. It assumes that the potential enemies have perfect information and organization and are irrational, sparing no efforts to commit crimes. This assumption makes security protocols complicated (e.g., SET) and in some cases, even intractable (e.g., mobile code security).