International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)

ISSN: 2349-7009(P)
www.ijiris.com

Design and Development of an E-Commerce Security Using

RSA Cryptosystem
Chinedu J. Nwoye
School of Science & Technology,
National Open University of Nigeria, Enugu, Nigeria
Abstract-- E-commerce has presented a new way of doing transactions all over the world using internet. The success
of ecommerce depends greatly on how its information technology is used. Over the years the rate at which ecommerce
sensitive information is sent over the internet and network has increased drastically. It is for this reason that every
company wants to ensure that its ecommerce information is secured. There is need for ecommerce information
transmitted via the internet and computer networks to be protected. There is substantial growth in the areas of credit
card fraud and identity theft because the internet is a public network with thousands of millions of users. Amongst
users are crackers or hackers that carry out the credit card fraud and identity theft in numerous ways facilitated by
poor internet security; a concern regarding the exchange of money securely and conveniently over the internet
increases. The criticality, danger, and higher priority importance of any e-commerce money transfer makes it a hot
area of research interest in modern computer science and informatics. E-commerce industry is slowly addressing
security issues on their internal networks but security protection for the consumers is still in its infancy, thus posing a
barrier to the development of e-commerce. There is a growing need for technological solutions to globally secure
ecommerce transaction information by using appropriate data security technology. The technology solution proposed
for solving this security problem is the RSA cryptosystem. This research paper focuses on securing ecommerce
information sent through the computer network and internet using RSA cryptography. It elucidates the
implementation of RSA algorithm and shows that ecommerce security powered with RSA cryptography is very
important in ecommerce transaction. While many attacks exist, the system has proven to be very secure.
Keywords: e-commerce, e-commerce security, cryptography, RSA, RSA algorithm.
I.
INTRODUCTION
E-commerce or electronic commerce is trading in product or services conducted via computer networks such as the
internet. It is considered to be the sales aspect of e-business consisting of the exchange of data to facilitate the financing,
payment and security of business transactions. E-commerce refers to a wide range of online business activities for
products and services. High degree of confidence needed in authenticity and privacy of such transactions can be difficult
to maintain where they are exchanged over an unsecured public network such as the Internet. E-commerce also pertains
to any form of business transaction in which the parties interact electronically rather than by physical exchanges or direct
physical contact. A security objective is the contribution to security that a system is intended to achieve. Security has
emerged as an increasingly important issue in the development and success of an E-commerce organization. Gaining
access to sensitive information and replay are some common threats that hackers impose to E-commerce systems. Trojan
horse programs launched against client systems pose the greatest threat to e-commerce because they can bypass or
subvert most of the authentication and authorization mechanisms used in an ecommerce transaction. Privacy has become
a major concern for consumers with the rise of identity theft and impersonation and any concern for consumers must be
treated as a major concern for e-Commerce providers.
E-commerce security has its own particular nuances and is one of the highest visible security components that affect the
end user through their daily payment interaction with business. E-commerce shares security concerns with other
technologies in the field. Privacy concerns have been found, revealing a lack of trust in a variety of contexts, including
commerce, electronic health records, e-recruitment technology and social networking, and this has directly influenced
users. Security is one of the principal and continuing concerns that restrict customers and organizations engaged with
ecommerce. The e-commerce industry is slowly addressing security issues on their internal networks. There are
guidelines for securing systems and networks available for the ecommerce systems personnel to read and implement.
Educating the consumer on security issues is still in the infancy stage but will prove to be the most critical element of the
e-commerce security architecture.
A. Background Study
The success or failure of an e-commerce operation hinges on myriad of factors, including but not limited to the business
model, the team, the customers, the investors, the product, and the security of data transmissions and storage. Data
security has taken on heightened importance since series of high-profile "cracker" attacks have humbled popular Web
sites resulting in the impersonation of Microsoft employees for the purposes of digital certification and the misuse of
credit card numbers of customers at business-to-consumer (B2C) e-commerce destinations. Security is on the mind of
every e-commerce entrepreneur who solicits, stores, or communicates any sensitive information.
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -5

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)
ISSN: 2349-7009(P)
www.ijiris.com
An arms race is underway: technologists are building new security measures while others are working to crack the
security systems. One of the most effective means of ensuring data security and integrity is encryption.

Fig 1. Secure E-commerce Transaction

Encryption is a generic term that refers to the act of encoding data, in this context so that those data can be securely
transmitted via the Internet. Professor Lawrence Lessig of Stanford Law School put it thus, "Here is something that will
sound very extreme but is at most, I think, a slight exaggeration: encryption technologies are the most important
technological breakthroughs in the last one thousand years as in [1]. Rivest described it as a means of communication
in the presence of adversaries in [2]. Encryption can protect the data at the simplest level by preventing other people
from reading the data. In the event that someone intercepts a data transmission and manages to deceive any user
identification scheme, the data that they see appear gibberish without a way to decode it. Encryption technologies can
help in other ways as well by establishing the identity of users (or abusers); control the unauthorized transmission or
forwarding of data; verify the integrity of the data (i.e., that it has not been altered in any way); and ensure that users take
responsibility for data that they have transmitted. Encryption can therefore be used either to keep communications secret
(defensively) or to identify people involved in communications (offensively).
The basic means of encrypting data involves a symmetric cryptosystem. The same key is used to encrypt and to decrypt
data. Think about a regular, garden-variety code, which has only one key: two kids in a tree-house, pretending to be
spies, might tell one another that their messages will be encoded according to a scheme where each number, from 1 to 26,
refers to a letter of the alphabet (so that 1 = A, 2 = B, 3 = C, etc.). The key refers to the scheme that helps match up the
encoded information with the real message. Or perhaps the kids got a little more sophisticated and used a computer to
generate a random match-up of the 26 letters with 26 numbers (so that 6 = A, 13 = B, 2 = C, etc.). These codes might
work for a while, managing to confuse a nosy younger brother who wants to know what the notes they are passing mean
but the codes are fairly easy to crack. Much more complex codes, generated by algorithms, can be broken by powerful
computers when only one key exists.
Public Key Encryption (PKE) or asymmetric encryption is much more important than symmetric encryption for the
purposes of e-commerce. The big improvement brought by Public Key Encryption was the introduction of the second key
- which makes a world of difference in terms of protecting the integrity of data. Public Key Encryption relies on two
keys, one of which is public and one of which is private. If you have one key, you cannot infer the other key.
Here's how it works: I have a public key, and I give that key out to anyone with whom I wish to communicate. You take
my public key and use it to encrypt a message. You send that message in coded form over the network. Anyone else who
sees the message cannot read it because they have only the public key. The message only makes sense when it gets to me
as I have the only copy of the private key which does the decrypting magic to turn the encrypted message into readable
text.
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -6

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)
ISSN: 2349-7009(P)
www.ijiris.com
Public Key Encryption ostensibly creates a world in which it does not matter if the physical network is insecure. Even if as in the case of a distributed network like the Internet, where the data passes through many hands, in the form of routers
and switches and hubs - information could be captured the encryption scheme keeps the data in a meaningless form
unless the cracker has the private key. RSA is one of the first practicable public-key encryption algorithms and is widely
used for secure data transmission. In such a cryptosystem, the encryption key is public and differs from the decryption
key which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product of two large
prime numbers the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly
described the algorithm in 1977.
B. Motivation
Since the invention of the World Wide Web (WWW) in 1989, Internet-based electronic commerce has been transformed
from a mere idea into reality. Consumers browse through catalogues, searching for best offers, order goods, and pay for
them electronically. Information services can be subscribed online, and many newspapers and scientific journals are even
readable via the Internet. Most financial institutions have some sort of online presence, allowing their customers to
access and manage their accounts make financial transactions, trade stocks, and so forth. Electronic mails are exchanged
within and between enterprises and often already replace fax copies. Soon there is arguably no enterprise left that has no
Internet presence, if only for advertisement reasons. In early 1998 more than 2 million web servers were connected to the
Internet, and more than 300 million host computers. And even if actual Internet business or ecommerce is still marginal:
the expectations are high. For instance, Anderson consulting predicts ecommerce or Internet business to grow from $10
billion in 1998 to $500 billion in 2002 in [3]
Thus, doing some electronic commerce business on the Internet is already an easy task as is cheating and snooping.
Several reasons contribute to this insecurity: The Internet does not offer much security per-se. Eavesdropping and acting
under false identity is simple. Stealing data is undetectable in most cases. Popular PC operating systems offer little or no
security against virus or other malicious software, which means that users cannot even trust the information displayed on
their own screens. At the same time, user awareness for security risks is threateningly low.The first concern for both
business and consumer of entering the e-commerce market is the potential for loss of assets and privacy due to breaches
in the commercial transactions and corporate computer systems. However, this is not to say that e-commerce potential is
being totally ignored by consumers as in [4], in fact according to internet analyst World Wide Worx, the number of
online banking accounts in South Africa grew by 28% to 1.04 million in 2003 and that these figures are expected to
increase to 30% in 2004 as in [5]. Electronic banking in America is also on the increase as 17 percent of Americans used
online banking services by the end of 2002 and this figure will continue to grow by 14 percent up to the end of 2007.
These figures show that despite some security concerns electronic commerce related activities such as e-banking continue
to grow as in [6].
However some security concerns may be well founded when some of the statistics relating to electronic commerce
security are considered. Fraud is increasing at a rapid rate. According to a survey by Net Effect Systems while 94 percent
of online consumers use the Internet to shop, just 10 percent say they prefer to buy things online. 74 percent of
consumers cited security and privacy concerns. Therefore, if the security and privacy problems are addressed e-shoppers
will be converted into e-buyers, and the e-commerce will be pushed a big step forward as in [3].Below is the table
showing the report of fraud by consumers from 2001 to 2003 as in [7]
TABLE 1
INTERNET FRAUDS BASED ON INFORMATION PUBLISHED BY CONSUMER SENTINEL.

Internet Related Frauds reported to Consumer

Sentinal from 2001 to 2003
180,000
160,000
140,000
120,000
100,000
80,000
60,000
40,000
20,000
0

Number of reported
frauds

2001

2002

2003

_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -7

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)
ISSN: 2349-7009(P)
www.ijiris.com
Three possible worries facing an e-commerce customer are;

If I transmit a credit card number over the internet can people other than the recipient read it?

If I agree to pay N400 for goods can this information be captured and changed?

I am buying something from company X, is it really company X?

This raises some important Information Security issues:

Confidentiality: protecting information from unauthorised disclosure;

Integrity: protecting information from unauthorised modification, and ensuring that information is accurate and
complete;

Authentication Ensuring that the person you are making the transaction with is who he says he is.
TABLE 2
DIFFERENT DIMENSIONS OF E-COMMERCE

C. RSA Cryptography
RSA is the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in
public key cryptography. It is named for the three MIT mathematicians who developed it Ronald Rivest, Adi Shamir,
and Leonard Adleman.
RSA today is used in hundreds of software products and can be used for key exchange, digital signatures, or encryption
of small blocks of data. RSA uses a variable size encryption block and a variable size key. The key-pair is derived from a
very large number, n, that is the product of two prime numbers chosen according to special rules; these primes may be
100 or more digits in length each, yielding an n with roughly twice as many digits as the prime factors. The public key
information includes n and a derivative of one of the factors of n; an attacker cannot determine the prime factors of n
(and, therefore, the private key) from this information alone and that is what makes the RSA algorithm so secure.
Regardless, one presumed protection of RSA is that users can easily increase the key size to always stay ahead of the
computer processing curve as in [8].
RSA is very widely used today for secure Internet communication (browsers, S/MIME, SSL, S/WAN, PGP, and
Microsoft Outlook), operating systems (Sun, Microsoft, Apple,Novell) and hardware (cell phones, ATM machines,
wireless Ethernet cards, Mondex smart cards, Palm Pilots). Prasithsangaree and his colleague Krishnamurthy have
analyzed the Energy Consumption of RC4 (RSA) and AES Algorithms in Wireless LANs in the year 2003.They have
evaluated the performance of RC4 and AES encryption algorithms in [9]. The performance metrics were encryption
throughput, CPU work load, energy cost and key size variation. Experiments show that the RC4 is fast and energy
efficient for encrypting large packets. However, AES was more efficient than RC4 for a smaller packet size. The
tradeoffs with security are not completely clear In the Comparative Analysis of AES and RC4 Algorithms for Better
Utilization as in [10], the performance metrics were throughput, CPU process time, memory utilization, encryption and
decryption time and key size variation. Experiments show that the RC4 is fast and energy efficient for encryption and
decryption. Based on the analysis done as part of the research, RC4 is better than AES. we compare the encryption time
of AES and RC4 algorithm over different packet size. RC4 takes less time to encrypt files with respect to AES. The large
prime number is not easily factorized. Apparently in this research paper the RSA algorithm is developed to secure
ecommerce transaction with the large prime numbers.

_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -8

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)
ISSN: 2349-7009(P)
www.ijiris.com

Fig. 2: cryptographic encryption of plain text

II.

RESEARCH METHODOLOGY

The design of the RSA security software partly evolved from the need for an all embracing information security system
and partly from the need for a user friendly package that can fulfill any large ecommerce organizations information
security needs.
Changes of system are necessitated by a number of factors ranging from growth of ecommerce business to change in
national law. For instance, there could be
Changes in business policies and regulations
Change in government policies and regulations
New innovations/development of better methods of system operations.
For any of these reasons or more, a system can be forced to change. As online business outfit grows, so do the security
threats and vulnerabilities grow, there is a continuous search for a better method of securing online transaction
information.In this study, information was acquired through two sources namely; Primary source and Secondary source.
Primary source: Information from this source was given priority because It is firsthand information. Primary data are
those got from questionnaires, personal Interviews, observations, etc. as in [11].
Questionnaire In this study, 419 questionnaires were distributed to customers of different ages, genders, and educational
levels. Out of the 419 distributed questionnaires, 261 questionnaires were returned back. After checking the returned
questionnaire, the researchers rejected one questionnaire as it was not filled correctly. Thus 260 questionnaires were used
in this study.In the questionnaire, questions on how the IT staff handled the security of transaction information, their
mode of securing as well as storing of such transaction information were asked.
Interview: This involved a face to face discussion with some bank IT staff and customers. Questions were asked and the
responses received determined how security of credit card information used in carrying out ecommerce transactions is
handled.
To obtain in-depth and relevant information on the research questions, a series of semi-structured interviews were
conducted, affording the interviewees the opportunity of supplying their opinions, knowledge, and experiences on a wide
range of the security issues.
Secondary Source: Information from this source is second hand information. Secondary data are those gathered from
pamphlets, journals, newspapers, books, internet and records available at the organization under study as in [11]
In this study, so many journals, book, articles and books were consulted online
A. Data Analysis and Findings
In order to conduct online transactions, customers reveal their personal and financial information to e-commerce
merchants and banks online. Therefore, the security and privacy features of the transaction information are considered as
important factors.
Results showed that 72.6% of respondents are reluctant to reveal their sensitive information to the merchants or banks
web sites because of lack of information security. In addition to this, 63.4% of respondents believe that the endorsement
of these e-commerce web sites with a security seal would positively affect their trust to conduct online transactions.
In addition to this, 77% of respondents recommend that merchants and banks should use strong cryptography protocols
to protect their information during the transaction process and in web servers.
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -9

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)
ISSN: 2349-7009(P)
www.ijiris.com
B. Research Design
A Modular is a system component that provides services to other components but would not normally be considered as a
separate system as in [12]. A separable component is one that is interchangeable with others for assembling into units of
differing size, complexity or function as in [13]. Therefore RSA cryptosystem is designed along modular techniques.
This necessitated the decomposition of the system into clearly defined subsystems such that the initial requirements
specifications were met. The software system comprises the following subsystems: splash-screen subsystem, Admin/login subsystem, Task bar/Key generation subsystem, Encryption subsystem, Decryption subsystem, Track Transaction
subsystem, View record subsystem, Log out/Exit subsystem.
System
RSA Main Switch

Splash
screen

Admin/
login

Task
bar

Encrypti
on and

Decryptio
n and

Track
Transacti

View
Record

Log-out
/Exit

Fig. 3: Graphical relationship of these subsystems in top down hierarchy (modular design)

E-commerce security using RSA cryptosystem is designed to achieve a more secured system and it is structured to
include the following:
i. A relational database support and dependency: This feature promotes the efficient use and storage of data. It equally
optimizes data organization by the use of tables in the database.
ii. Efficient System Resource Usage: The transaction information databases are normally saved as compressed database
before and after their use by the system thus reducing the disk storage space they might take.
iii. Customizable data structure: By this RSA, the cryptographic software can be readily adopted to serve within
different corporate settings.
iv. Backup feature: With this system, the user has the options of backing data up in the database to removable disks. This
is a strong maintenance culture that can facilitate data recovery and smooth system running in times of system crash or
any other System Error.
C. RSA Cryptosystem
In the transmission of the credit card data during ecommerce transactions, we need to hide our confidential data from
other users. For this purpose we use encryption algorithms to encrypt our data. Encryption is the process of using
algorithmic schemes to transform plain text information into a non-readable form called cipher-text. A key (or algorithm)
is required to decrypt the information and return it to its original plain text format. Anytime that live cardholder data is in
the clear that is, in plain text format that is readable by a person or computer it is extremely vulnerable to theft. Of
course, cyber thieves know this and look for ways to capture a copy of that data. For example, its possible for a thief to
siphon off the card data as it is transmitted in plain text from a card reader to the point of sale (POS) server or the
merchants central server. (This is what is suspected to have happened in data breaches involving Hannaford Bros., TJX
and the Dave & Busters restaurant chain.).Encryption of either the data itself or the transmission path the data takes
along the network, or both, can vastly reduce the vulnerability of the data, which in turn reduces a merchants business
risks. There are multiple approaches to encryption in the payment process. A merchant will need to evaluate its own
environment to determine which approach or approaches would work best to meet its needs but in this research, RSA
cryptosystem is used for the proposed system. In data-level encryption, the payload within the tunnel is encrypted. That
is, encryption is applied to sensitive data elements such as the card number, the track data, the card security code (i.e.,
CVV, CVV2, etc.) and the expiration date. Depending on where in the process the data elements are encrypted, the
merchant could be protected from internal fraud as well as external fraud. If the card data that a merchant wants to
protect is encrypted at the point of capture for example, at the customer-facing PIN entry device in a multi-lane retailer
or at the data entry web page of an e-commerce site and if that data stays encrypted until it is received by the processor,
the data is protected all along the way. This is what often is called end-to-end encryption. Even if the transaction is
intercepted at any point along the way, the encrypted card data is unreadable and it means nothing to anyone other than
the processor that holds the decryption key.
Where possible and practical, data encryption is preferable to having only session level encryption. Of course, a merchant
can combine session encryption with data encryption for a belt and suspenders approach to security. Encrypted data
moving through an encrypted tunnel would be doubly secured. Asymmetric encryption uses two separate keys, each of
which has a specific function. A public key encrypts the data, while a private key decrypts the data.
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -10

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)
ISSN: 2349-7009(P)
www.ijiris.com

Fig. 4: Symmetric Data encryption

The public key can be freely distributed without the key management challenges of symmetric keys since it can only
encrypt and never decrypt data.

Fig. 5: Asymmetric Data encryption

In a payment environment, the public key can be distributed to a merchant or to the end POS device, and that device can
store the key in hardware or software. Even if that key is extracted by someone who shouldnt have rights to it, all that
the person can do is encrypt data with the key; he cant decrypt anything. On the other hand, the corresponding private
key where the decryption occurs must be handled very securely.
The RSA algorithm is the most commonly used public key encryption algorithm in asymmetric cryptography.
Two keys are used: Public Key and Private Key.
So in a public key cryptosystem, the sender encrypts the data using the public key of the receiver and uses an encryption
algorithm that is also decided by the receiver and the receiver sends only the encryption algorithm and public key. But by
using the public key, data can only be encrypted but not decrypted, and the data is only decrypted by the private key that
only the receiver has. So no one can hack our data. In simple terms:
Public Key: Shared with the public that wants to send us data.
Private Key: Kept secret so that when someone sends us data encrypted by our Public Key, we can decrypt the data using
the Private Key.
1) Bases for RSA cryptosystem: The RSA cryptosystem is based on the dramatic difference between the ease of finding
large primes and the difficulty of factoring the product of two large prime numbers (the integer factorization problem.
The RSA algorithm involves three steps: key generation, encryption and decryption.
2) Key generation: RSA involves a public key and a private key. The public key can be known by everyone and is used
for encrypting messages. Messages encrypted with the public key can only be decrypted in a reasonable amount of time
using the private key. The keys for the RSA algorithm are generated the following way:

_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -11

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)
ISSN: 2349-7009(P)
www.ijiris.com
Choose two distinct prime number p and q.
For security purposes, the integers p and q should be chosen at random, and should be of similar bit-length. Prime
integers can be efficiently found using a primality test.
Compute n = pq.
n is used as the modulus for both the public and private keys. Its length, usually expressed in bits, is the key length.
Compute (n) = (p)(q) = (p 1)(q 1) = n - (p + q -1), where is Eulers totient function.
Choose an integer e such that 1 < e < (n) and gcd(e, (n)) = 1; i.e., e and (n) are coprime.
e is released as the public key exponent.
e having a short bit-length and small Hamming weight results in more efficient encryption most commonly 216 + 1 =
65,537. However, much smaller values of e (such as 3) have been shown to be less secure in some settings.[5]
Determine d as d e1 (mod (n)); i.e., d is the multiplicative inverse of e (modulo (n)).
This is more clearly stated as: solve for d given de 1 (mod (n))
This is often computed using the extended Euclidean algorithm. Using the pseudocode in the Modular integers section,
inputs a and n correspond to e and (n), respectively.
d is kept as the private key exponent.
The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the
modulus n and the private (or decryption) exponent d, which must be kept secret. p, q, and (n) must also be kept secret
because they can be used to calculate d as in [14]
START

Read p and q

Are p and q
prime numbers

N=p*q
Phi = (p-1)*(q-1)

Are e and phi coprime?

Is (ed-1)/(p-1)(q-1) an
integer?

Print n, e andd
STOP
Fig. 6: flow chart illustrating the RSA Key generation

After getting the public and private key the main thing is how to encrypt and decrypt using RSA.
3) RSA Encryption: Alice transmits her public key (n, e) to Bob and keeps the private key d secret. Bob then
wishes to send message M to Alice. He first turns M into an integer m, such that 0 m < n by using an agreed-upon
reversible protocol known as a padding scheme. He then computes the ciphertext c corresponding to
This can be done quickly using the method of exponentiation by squaring. Bob then transmits c to Alice.

_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -12

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)
ISSN: 2349-7009(P)
www.ijiris.com

STAR

Read Plaintext, n and e

Encode plaintext=encodedText
M=encodedText
C=MeMod n
C=ciphertext

Print cipherText

STOP
Fig.7: A flow chart illustrating the RSA Encryption Algorithm

4) RSA Decryption: Alice can recover m from c by using her private key exponent d via computing
Given m, she can recover the original message M by reversing the padding scheme.
START

Read ciphertext, n and

d

CipherText=C
M=CdMod n
Decode M =PlainText
Print PlainText
STOP
Fig. 8: Flow Chart illustrating the RSA Decryption Algorithm

5) A worked example: Here is an example of RSA encryption and decryption. The parameters used here are
artificially small, but one can also use OpenSSL to generate and examine a real key-pair.
Choose two distinct prime numbers, such as
and
Compute n = pq giving
Compute the totient of the product as (n) = (p 1)(q 1) giving

_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -13

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)
ISSN: 2349-7009(P)
www.ijiris.com
Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime number for e leaves us only to check that e is
not a divisor of 3120.
Let
Compute d, the modular multiplicative inverse of e (mod (n)) yielding,

Worked example for the modular multiplicative inverse:

The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function is:

The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption function is:

For instance, in order to encrypt m = 65, we calculate;

To decrypt c = 2790, we calculate;

III.

SUMMARY OF RESULT

The name of the software developed is RSA Ecommerce Security System (RSA-ESS). The software captures
sending/transfer of encrypted credit card payment information online by a customer in a remote system and
decryption/use of such payment information by the bank staff to withdraw from customer account and credit
merchant account during an ecommerce transaction. It is organized into various subsystems/modules as reflected in
design.

the
the
the
the

A. Sample Implementation Input Snapshots.

Fig.9: Splash Screen

_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -14

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)
ISSN: 2349-7009(P)
www.ijiris.com

Fig 10: Admin/Log In Window

Fig.11: Taskbar Window

Fig. 12: Encryption/Send Window

_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -15

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)
ISSN: 2349-7009(P)
www.ijiris.com
B. Sample Implementation Output Snapshots

Fig. 13: window displaying received encrypted message

Fig 14: window displaying received and decrypted message

Fig.15: Track Transaction Window (on the right hand side)

_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -16

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)

Issue 2, Volume 6 (June 2015)
ISSN: 2349-7009(P)
www.ijiris.com

Fig 16: window showing records of transactions

IV.
CONCLUSION
In this research, a detailed implementation of 1024-bit RSA encryption/decryption algorithm is presented for use in
securing ecommerce payment information. This algorithm is implemented using VB.NET. The whole design was tested
using Visual Basic.net virtual environment tool. The system speed achieved was 36.3 MHz which comply with the speed
of smart card used in e-commerce.
The RSA algorithm has remained a secure scheme for sending encrypted messages for almost 40 years, earning Rivest,
Shamir, and Adleman the Association for Computing Machinerys 2002 Alan Turing Award, among one of the highest
honors in computer science. RSA keys are typically 1024 to 2048 bits long, though some experts believe that 1024-bit
keys could be broken in the near future. It is generally believed that 4096-bit keys are unlikely to be broken in the
foreseeable future, meaning that RSA should remain secure as long as n is chosen to be sufficiently large. It is currently
recommended that n be at least 2048 bits long.
ACKNOWLEDGEMENT
I wish to thank Dr. Arinze Steve Nwaeze of Caritas University, Enugu, Nigeria for the constructive criticism,
encouragement, scholarly advice and suggestions for improvement which he gave me throughout the period of this work.
I share my deepest gratitude with my wife, Jane, for her unconditional support, encouragement, love and extensive help
in preparing this paper.
REFERENCES
[1]. L. lessig: code and other laws of cyberspace, New York: basic books, 1999
[2]. A. J. Menezes, P.C. Vanoorschot, S.A Vanstone, Handbook of Applied Crytography, CPC Press, 1996
[3]. P. Li, Topics in E-commerce (reports): issues of security and privacy in E-commerce, 2013
[4]. A. Ghosh, E-Commerce Security: weak links, best defences. Canada: Wiley, 1998.
[5]. T.Burrows,
A
million
SA
e-bank
accounts,
more
coming.
Available:
www.itweb.co.za/sections/internet/2004/0403031143.asp?A=EBU&S=e- Business&O=E&CiRestriction
[6]. Gartner Group. Online banking goes mainstream in US, 10 March, 2003.
[7]. Consumer
Sentinel,
Three
year
trend
for
sentinel
complaints,
2004.
Available:
www.consumer.gov/sentinel/states03/3year_trens.pdf
[8]. G.C. Kessler, An Overview of Cryptography. Available: www. Garykessler.net/library/crypto.html#intro, 1998.
[9]. P. Prasithsangaree and P. Krishnamurthy, Analysis of Energy Consumption of RC4 and AES Algorithms in Wireless
LANs. Proceedings of the IEEE GLOBECOM, pp: 1445-1449, 2003.
[10]. S.Nidhi and J.P.S.Raina. "Comparative Analysis of AES and RC4 Algorithms for Better Utilization"International
Journal of Computer Trends and Technology, Vol.1 (3), pp: 259-263 July to Aug., 2011.
[11]. E.O. Chukwuemeka and O. R. Oji, Applied Social and Behavioral Research, Guideline for thesis writing. Enugu:
John Jacobs Classic, 1999.
[12]. V. Nwaocha, Software Engineering Methodologies. National Open University of Nigeria, Victoria Island, Lagos,
2008.
[13]. C.B. Obi, Design and development of personnel information system: Project Paper, Caritas University, Enugu,
Nigeria, 2013.
[14]. B. Persis, P. Mandiw and M. Kumar, A modified RSA cryptosystem based on n prime numbers: International
Journal of Engineering and Computer Science, vol. 1(2), pp: 63-66, 2012.

_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -17