Documente Academic
Documente Profesional
Documente Cultură
Number of reported
frauds
2001
2002
2003
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -7
If I transmit a credit card number over the internet can people other than the recipient read it?
If I agree to pay N400 for goods can this information be captured and changed?
Integrity: protecting information from unauthorised modification, and ensuring that information is accurate and
complete;
Authentication Ensuring that the person you are making the transaction with is who he says he is.
TABLE 2
DIFFERENT DIMENSIONS OF E-COMMERCE
C. RSA Cryptography
RSA is the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in
public key cryptography. It is named for the three MIT mathematicians who developed it Ronald Rivest, Adi Shamir,
and Leonard Adleman.
RSA today is used in hundreds of software products and can be used for key exchange, digital signatures, or encryption
of small blocks of data. RSA uses a variable size encryption block and a variable size key. The key-pair is derived from a
very large number, n, that is the product of two prime numbers chosen according to special rules; these primes may be
100 or more digits in length each, yielding an n with roughly twice as many digits as the prime factors. The public key
information includes n and a derivative of one of the factors of n; an attacker cannot determine the prime factors of n
(and, therefore, the private key) from this information alone and that is what makes the RSA algorithm so secure.
Regardless, one presumed protection of RSA is that users can easily increase the key size to always stay ahead of the
computer processing curve as in [8].
RSA is very widely used today for secure Internet communication (browsers, S/MIME, SSL, S/WAN, PGP, and
Microsoft Outlook), operating systems (Sun, Microsoft, Apple,Novell) and hardware (cell phones, ATM machines,
wireless Ethernet cards, Mondex smart cards, Palm Pilots). Prasithsangaree and his colleague Krishnamurthy have
analyzed the Energy Consumption of RC4 (RSA) and AES Algorithms in Wireless LANs in the year 2003.They have
evaluated the performance of RC4 and AES encryption algorithms in [9]. The performance metrics were encryption
throughput, CPU work load, energy cost and key size variation. Experiments show that the RC4 is fast and energy
efficient for encrypting large packets. However, AES was more efficient than RC4 for a smaller packet size. The
tradeoffs with security are not completely clear In the Comparative Analysis of AES and RC4 Algorithms for Better
Utilization as in [10], the performance metrics were throughput, CPU process time, memory utilization, encryption and
decryption time and key size variation. Experiments show that the RC4 is fast and energy efficient for encryption and
decryption. Based on the analysis done as part of the research, RC4 is better than AES. we compare the encryption time
of AES and RC4 algorithm over different packet size. RC4 takes less time to encrypt files with respect to AES. The large
prime number is not easily factorized. Apparently in this research paper the RSA algorithm is developed to secure
ecommerce transaction with the large prime numbers.
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -8
II.
RESEARCH METHODOLOGY
The design of the RSA security software partly evolved from the need for an all embracing information security system
and partly from the need for a user friendly package that can fulfill any large ecommerce organizations information
security needs.
Changes of system are necessitated by a number of factors ranging from growth of ecommerce business to change in
national law. For instance, there could be
Changes in business policies and regulations
Change in government policies and regulations
New innovations/development of better methods of system operations.
For any of these reasons or more, a system can be forced to change. As online business outfit grows, so do the security
threats and vulnerabilities grow, there is a continuous search for a better method of securing online transaction
information.In this study, information was acquired through two sources namely; Primary source and Secondary source.
Primary source: Information from this source was given priority because It is firsthand information. Primary data are
those got from questionnaires, personal Interviews, observations, etc. as in [11].
Questionnaire In this study, 419 questionnaires were distributed to customers of different ages, genders, and educational
levels. Out of the 419 distributed questionnaires, 261 questionnaires were returned back. After checking the returned
questionnaire, the researchers rejected one questionnaire as it was not filled correctly. Thus 260 questionnaires were used
in this study.In the questionnaire, questions on how the IT staff handled the security of transaction information, their
mode of securing as well as storing of such transaction information were asked.
Interview: This involved a face to face discussion with some bank IT staff and customers. Questions were asked and the
responses received determined how security of credit card information used in carrying out ecommerce transactions is
handled.
To obtain in-depth and relevant information on the research questions, a series of semi-structured interviews were
conducted, affording the interviewees the opportunity of supplying their opinions, knowledge, and experiences on a wide
range of the security issues.
Secondary Source: Information from this source is second hand information. Secondary data are those gathered from
pamphlets, journals, newspapers, books, internet and records available at the organization under study as in [11]
In this study, so many journals, book, articles and books were consulted online
A. Data Analysis and Findings
In order to conduct online transactions, customers reveal their personal and financial information to e-commerce
merchants and banks online. Therefore, the security and privacy features of the transaction information are considered as
important factors.
Results showed that 72.6% of respondents are reluctant to reveal their sensitive information to the merchants or banks
web sites because of lack of information security. In addition to this, 63.4% of respondents believe that the endorsement
of these e-commerce web sites with a security seal would positively affect their trust to conduct online transactions.
In addition to this, 77% of respondents recommend that merchants and banks should use strong cryptography protocols
to protect their information during the transaction process and in web servers.
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -9
Splash
screen
Admin/
login
Task
bar
Encrypti
on and
Decryptio
n and
Track
Transacti
View
Record
Log-out
/Exit
Fig. 3: Graphical relationship of these subsystems in top down hierarchy (modular design)
E-commerce security using RSA cryptosystem is designed to achieve a more secured system and it is structured to
include the following:
i. A relational database support and dependency: This feature promotes the efficient use and storage of data. It equally
optimizes data organization by the use of tables in the database.
ii. Efficient System Resource Usage: The transaction information databases are normally saved as compressed database
before and after their use by the system thus reducing the disk storage space they might take.
iii. Customizable data structure: By this RSA, the cryptographic software can be readily adopted to serve within
different corporate settings.
iv. Backup feature: With this system, the user has the options of backing data up in the database to removable disks. This
is a strong maintenance culture that can facilitate data recovery and smooth system running in times of system crash or
any other System Error.
C. RSA Cryptosystem
In the transmission of the credit card data during ecommerce transactions, we need to hide our confidential data from
other users. For this purpose we use encryption algorithms to encrypt our data. Encryption is the process of using
algorithmic schemes to transform plain text information into a non-readable form called cipher-text. A key (or algorithm)
is required to decrypt the information and return it to its original plain text format. Anytime that live cardholder data is in
the clear that is, in plain text format that is readable by a person or computer it is extremely vulnerable to theft. Of
course, cyber thieves know this and look for ways to capture a copy of that data. For example, its possible for a thief to
siphon off the card data as it is transmitted in plain text from a card reader to the point of sale (POS) server or the
merchants central server. (This is what is suspected to have happened in data breaches involving Hannaford Bros., TJX
and the Dave & Busters restaurant chain.).Encryption of either the data itself or the transmission path the data takes
along the network, or both, can vastly reduce the vulnerability of the data, which in turn reduces a merchants business
risks. There are multiple approaches to encryption in the payment process. A merchant will need to evaluate its own
environment to determine which approach or approaches would work best to meet its needs but in this research, RSA
cryptosystem is used for the proposed system. In data-level encryption, the payload within the tunnel is encrypted. That
is, encryption is applied to sensitive data elements such as the card number, the track data, the card security code (i.e.,
CVV, CVV2, etc.) and the expiration date. Depending on where in the process the data elements are encrypted, the
merchant could be protected from internal fraud as well as external fraud. If the card data that a merchant wants to
protect is encrypted at the point of capture for example, at the customer-facing PIN entry device in a multi-lane retailer
or at the data entry web page of an e-commerce site and if that data stays encrypted until it is received by the processor,
the data is protected all along the way. This is what often is called end-to-end encryption. Even if the transaction is
intercepted at any point along the way, the encrypted card data is unreadable and it means nothing to anyone other than
the processor that holds the decryption key.
Where possible and practical, data encryption is preferable to having only session level encryption. Of course, a merchant
can combine session encryption with data encryption for a belt and suspenders approach to security. Encrypted data
moving through an encrypted tunnel would be doubly secured. Asymmetric encryption uses two separate keys, each of
which has a specific function. A public key encrypts the data, while a private key decrypts the data.
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -10
The public key can be freely distributed without the key management challenges of symmetric keys since it can only
encrypt and never decrypt data.
In a payment environment, the public key can be distributed to a merchant or to the end POS device, and that device can
store the key in hardware or software. Even if that key is extracted by someone who shouldnt have rights to it, all that
the person can do is encrypt data with the key; he cant decrypt anything. On the other hand, the corresponding private
key where the decryption occurs must be handled very securely.
The RSA algorithm is the most commonly used public key encryption algorithm in asymmetric cryptography.
Two keys are used: Public Key and Private Key.
So in a public key cryptosystem, the sender encrypts the data using the public key of the receiver and uses an encryption
algorithm that is also decided by the receiver and the receiver sends only the encryption algorithm and public key. But by
using the public key, data can only be encrypted but not decrypted, and the data is only decrypted by the private key that
only the receiver has. So no one can hack our data. In simple terms:
Public Key: Shared with the public that wants to send us data.
Private Key: Kept secret so that when someone sends us data encrypted by our Public Key, we can decrypt the data using
the Private Key.
1) Bases for RSA cryptosystem: The RSA cryptosystem is based on the dramatic difference between the ease of finding
large primes and the difficulty of factoring the product of two large prime numbers (the integer factorization problem.
The RSA algorithm involves three steps: key generation, encryption and decryption.
2) Key generation: RSA involves a public key and a private key. The public key can be known by everyone and is used
for encrypting messages. Messages encrypted with the public key can only be decrypted in a reasonable amount of time
using the private key. The keys for the RSA algorithm are generated the following way:
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -11
Read p and q
Are p and q
prime numbers
N=p*q
Phi = (p-1)*(q-1)
Print n, e andd
STOP
Fig. 6: flow chart illustrating the RSA Key generation
After getting the public and private key the main thing is how to encrypt and decrypt using RSA.
3) RSA Encryption: Alice transmits her public key (n, e) to Bob and keeps the private key d secret. Bob then
wishes to send message M to Alice. He first turns M into an integer m, such that 0 m < n by using an agreed-upon
reversible protocol known as a padding scheme. He then computes the ciphertext c corresponding to
This can be done quickly using the method of exponentiation by squaring. Bob then transmits c to Alice.
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -12
STAR
Print cipherText
STOP
Fig.7: A flow chart illustrating the RSA Encryption Algorithm
4) RSA Decryption: Alice can recover m from c by using her private key exponent d via computing
Given m, she can recover the original message M by reversing the padding scheme.
START
CipherText=C
M=CdMod n
Decode M =PlainText
Print PlainText
STOP
Fig. 8: Flow Chart illustrating the RSA Decryption Algorithm
5) A worked example: Here is an example of RSA encryption and decryption. The parameters used here are
artificially small, but one can also use OpenSSL to generate and examine a real key-pair.
Choose two distinct prime numbers, such as
and
Compute n = pq giving
Compute the totient of the product as (n) = (p 1)(q 1) giving
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -13
The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function is:
The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption function is:
III.
SUMMARY OF RESULT
The name of the software developed is RSA Ecommerce Security System (RSA-ESS). The software captures
sending/transfer of encrypted credit card payment information online by a customer in a remote system and
decryption/use of such payment information by the bank staff to withdraw from customer account and credit
merchant account during an ecommerce transaction. It is organized into various subsystems/modules as reflected in
design.
the
the
the
the
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -14
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -15
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -16
IV.
CONCLUSION
In this research, a detailed implementation of 1024-bit RSA encryption/decryption algorithm is presented for use in
securing ecommerce payment information. This algorithm is implemented using VB.NET. The whole design was tested
using Visual Basic.net virtual environment tool. The system speed achieved was 36.3 MHz which comply with the speed
of smart card used in e-commerce.
The RSA algorithm has remained a secure scheme for sending encrypted messages for almost 40 years, earning Rivest,
Shamir, and Adleman the Association for Computing Machinerys 2002 Alan Turing Award, among one of the highest
honors in computer science. RSA keys are typically 1024 to 2048 bits long, though some experts believe that 1024-bit
keys could be broken in the near future. It is generally believed that 4096-bit keys are unlikely to be broken in the
foreseeable future, meaning that RSA should remain secure as long as n is chosen to be sufficiently large. It is currently
recommended that n be at least 2048 bits long.
ACKNOWLEDGEMENT
I wish to thank Dr. Arinze Steve Nwaeze of Caritas University, Enugu, Nigeria for the constructive criticism,
encouragement, scholarly advice and suggestions for improvement which he gave me throughout the period of this work.
I share my deepest gratitude with my wife, Jane, for her unconditional support, encouragement, love and extensive help
in preparing this paper.
REFERENCES
[1]. L. lessig: code and other laws of cyberspace, New York: basic books, 1999
[2]. A. J. Menezes, P.C. Vanoorschot, S.A Vanstone, Handbook of Applied Crytography, CPC Press, 1996
[3]. P. Li, Topics in E-commerce (reports): issues of security and privacy in E-commerce, 2013
[4]. A. Ghosh, E-Commerce Security: weak links, best defences. Canada: Wiley, 1998.
[5]. T.Burrows,
A
million
SA
e-bank
accounts,
more
coming.
Available:
www.itweb.co.za/sections/internet/2004/0403031143.asp?A=EBU&S=e- Business&O=E&CiRestriction
[6]. Gartner Group. Online banking goes mainstream in US, 10 March, 2003.
[7]. Consumer
Sentinel,
Three
year
trend
for
sentinel
complaints,
2004.
Available:
www.consumer.gov/sentinel/states03/3year_trens.pdf
[8]. G.C. Kessler, An Overview of Cryptography. Available: www. Garykessler.net/library/crypto.html#intro, 1998.
[9]. P. Prasithsangaree and P. Krishnamurthy, Analysis of Energy Consumption of RC4 and AES Algorithms in Wireless
LANs. Proceedings of the IEEE GLOBECOM, pp: 1445-1449, 2003.
[10]. S.Nidhi and J.P.S.Raina. "Comparative Analysis of AES and RC4 Algorithms for Better Utilization"International
Journal of Computer Trends and Technology, Vol.1 (3), pp: 259-263 July to Aug., 2011.
[11]. E.O. Chukwuemeka and O. R. Oji, Applied Social and Behavioral Research, Guideline for thesis writing. Enugu:
John Jacobs Classic, 1999.
[12]. V. Nwaocha, Software Engineering Methodologies. National Open University of Nigeria, Victoria Island, Lagos,
2008.
[13]. C.B. Obi, Design and development of personnel information system: Project Paper, Caritas University, Enugu,
Nigeria, 2013.
[14]. B. Persis, P. Mandiw and M. Kumar, A modified RSA cryptosystem based on n prime numbers: International
Journal of Engineering and Computer Science, vol. 1(2), pp: 63-66, 2012.
_________________________________________________________________________________________________
2014-15, IJIRIS- All Rights Reserved
Page -17