Documente Academic
Documente Profesional
Documente Cultură
INTRODUCTION
1.1. OVERVIEW
Network security consists of the policies and practices adopted to prevent and monitor
access, misuse, modification, or denial of a computer network and network-accessible resources.
Network security involves the authorization of access to data ina network, which is controlled by
the network administrator Users choose or are assigned an ID and password or other
authenticating information that allows them access to information and programs within their
authority. Network security covers a variety of computer networks, both public and private, that
are used in everyday jobs; conducting transactions and communications among businesses,
government agencies and individuals.
In 1997, research work was started for the Mobile payment research later on the first
payment transaction was performed on the mobile device. It is held on the Finland; at first Coca
Cola company was started performing with vending machines that proved SMS payments. Then
later on of research work carried out by Dahlberg et al. (2008) who was established, his ideas in
the journal of Electronic Commerce Research and Applications [1]. Several authors has reviewed
his approach and accepted the reflected the authors’ excogitated understanding of payment
through the mobile devices, therefore, it had independently evaluated in various continents and
countries for so many years.
Then, some authors has submitted a fair report by doing literature on this specific area s,
the authors felt that there was arequired to give the support for future research [2].Their main
goal was that mobile payment problems were not completely discovered by the educational
community. In despite, a certain number of the publications concentrated particularly on two
problems: consumer adoption and technology. Fascinatingly, at the certain time duration, some
customers were able to gone through mobile payments. Thus, it results to a huge number of
1
mobile payment initiatives, but failed before they attain their specific end-users. As, there is
higher complexity of this phenomenon, it describes about the analysis of the consumer adoption
in isolation would only result a restricted users in the mobile payments.
1.2. PROJECT DESCRIPTION
Micropayment applications have turns to be general usage in electronic payment due to
the fasted development of the Internet and the improving sophistication of electronic commerce.
In contrast tothis applications is macro payment systems, like electronic cash, micropayment was
commonly introduced to underline transactional efficiency. Hence, it is specifically considered
for common small-value transactions in terms of the audio streaming and pay-per-view movies,
videoconferencing. Previous research work on micropayment did not concentrate on the fairness
and anonymity mobile payment so there is appreciation for the higher advancements in
technology and the developed in computing power, it is now very common to include these
properties to micropayment.
Micropayment technique can be divided into two class: prepaid method and postpaid
method. While prepaid method, users can make the payment before doing anypurchase in the
online services. A postpaid method used to permit users to do payment after they dopurchasing.
Due to this cause, a most of the electronic payment becomes flexible to large number of users
obtains more transactions, with the using the schemeof interest in the delayed payment, the
postpaid scheme is obviously more flexible for the users. User anonymity is difficult to
accomplishing in a postpaid method as it needs atrace scheme for redemption that is in conflict
topmost user anonymity. Therefore, proposing an anonymous postpaid micropayment technique
is very hardest in the mobile payment. Majority of the anonymous micropayment mechanisms
was introduced in the literature study of the are prepaid ones.
Contribution
This paper proposes and analysis the FRoDO, asecure off-line micro-payment approaches
utilizing multiple physical inclinable functions. Frodo special features analysis coin element and
the identity element to make secure authenticate for the customer,and a coin element where
digital coins are not locally stored in the devices. The FRoDO protocol utilized for the making
the secure transaction payment which not only analyze the customers coins but also verify the
identity of the user using identify element.
2
Problem and Objectives
The vendor have been victims of information security breaches and payment data theft
targeting consumer payment card data and Personally Identifiable Information(PII).Theuser data
can be used by the criminals for fraud operations. For improving security, the credit card and
debit card holders use Payment card industry Security Standard Council.PoS system always
handle critical information and requires remote management.PoS System acts as gateways and
require network connection to work with external credit card processors. However, a network
connection not be available due to either a temporary network service or due to permanent lack
of network coverage. On solutions are not very efficient since remote communication can
introduce delays in thepayment process. Brute forcing remote access connections and stolen
credentials involved in PoS intrusions. Settlement comprises all actions happening after the
authorization stage.
POS device are the most important entities in an electronic payment system. All the
attacks described and requires the PO S to be connected to a network and attacker break the
payment system and infect either the PO S itself or a specific component within the EPS. In this
scenario, no data is going to leave the POS and there is no way to infect the Poss. As such,
breaches based on network-level hacking cannot be unleashed. However, data processed by the
POS can still be eavesdropped by having physical access to the POS itself or by exploiting
device vulnerabilities. The description of the possible breaches threatening POS systems will
beprovided.
3
Fig 2. POS System Architecture
THREAT MODELS
Based on the capabilities and on the amount of devices that can be accessed during attack,
attackers introduced as follows,
4
1.3. Literature Survey
5
running specialized software. Increasingly typically, user devices are utilized as input to the PoS.
In these scenarios, malware that can take card information when they are read by the device has
thrived. So thatwe proposed FRODO techniques, a safe disconnected from the net transaction
arrangement that is strong toPoS information breaches. Our solution enhances over exceptional
methodologies as far as adaptability and security.
6
connection not be available due to either a temporary network service or due to permanent lack
of network coverage. On solutions are not very efficient since remote communication can
introduce delays in the payment process. Brute forcing remote access connections and stolen
credentials involved in PoS intrusions.
7
An evenmore important drawback when it comes to providing incentives for spending
energy is that must systems consume lots of energy by themselves, e. g., by requiring the use of
public key cryptography on each payment, contradicting the primary goal of the incentive
system.
8
2. SYSTEM IMPLEMENTATION
2.1. System Requirements
2.1.1 HARDWARE REQUIREMENTS:
9
2.2. Existing System:
• The most issue the problem of checking the trait of a dealings while not a trusty third
party.
• Keeping track of past transactions with no out there association to external parties or
shared databases is quite tough.
• Attackers usually aim at stealing such customer data by targeting the point of Sale (for
short, PoS) system, i.e. the point at that a marketer initial acquires customer data.
Disadvantages:
• Malware that can take card information when they are read by the device has thrived.
• Increasing malware that steal card information as presently as they are scan by the
device.
• Customer and vendor are steady or intermittently disconnected from the network, and no
secure throughout on-line payment.
10
2.3. Proposed System:
• It proposed FRODO techniques, a safe disconnected from the net transaction arrangement
that is strong to PoS information breaches.
• All details are encrypted by using Private Key and public key, Keys are generated during
user to purchase the product.
• Both the communications between the customer and the vendor and those between the
identity element to achieve message confidentiality.
• The storage device that is kept physically safe by the vendor prevents the adversary from
being able to delete past transactions, thus protecting against malicious repudiation
requests.
Advantages
it's possible to brute-force in finite time on modern processors, so no-one uses it for
anything serious anymore.
Also, some password systems secured with 3DES were limited to 8 characters and would
silently truncate otherwise-secure passwords (match only the first 8 characters).
11
3. MODULES DESCRIPTION
• Secure Payments
• ErasablePUFs
• FraudResilience
• Cybercrime
It is also the point at which a customer makes a payment to the merchant in exchange for
goods or after provision of a service. After receiving payment, the merchant may issue a receipt
for the transaction, which is usually printed, but is increasingly being dispensed with or sent
electronically.
12
To calculate the amount owed by a customer, the merchant may use any of a variety of
aids available, such as weighing scales, barcode scanners, and cash registers. To make a
payment, payment terminals, touch screens, and a variety of other hardware and software options
are available.
13
Cybercrime may threaten a person or a nation's security and financial health.Issues
surrounding these types of crimes have become high-profile, particularly those surrounding
hacking, copyright infringement, unwarranted mass-surveillance, child pornography, and child
grooming. There are also problems of privacy when confidential information is intercepted or
disclosed, lawfully or otherwise.
Define cybercrime from the perspective of gender and defined 'cybercrime against
women' as "Crimes targeted against women with a motive to intentionally harm the victim
psychologically and physically, using modern telecommunication networks such as internet and
mobile phones". Internationally, both governmental and non-state actors engage in cybercrimes,
including espionage, financial theft, and other cross-border crimes. Activity crossing
international borders and involving the interests of at least one nation state is sometimes referred
to as cyber warfare.
14
4. SYSTEM DESIGN
4.1. ARCHITECTURE DIAGRAM
Login: Here admin can directly login for the home page to see the all details about the
users and bank accounts details.
View all users’ profiles: Here also admin view all Users profiles in a list and one by
one can view also and about users all information can read.
Upload Products: Here only admin can see about the product that one upload and
download the product. Admin handle the all activity of the System. Who is uploading the
product with name and time and date?
View all Products: And here admin can view the all product list with name and with
user name and time and date. So this is very useful to know the all product and handle the
system. Who is one doing activity and user user uploading name.
Payments status: And this sub module inside admin can see the payment status of
users who is done payments and full information of payments which time user done own
payment with date finally logout the website
15
4.2.Use case Diagram:
a use case itself might drill into a lot of detail about every possibility, a use-case diagram
can help provide a higher-level view of the system. It has been said before that "Use case
diagrams are the blueprints for your system".They provide the simplified and graphical
representation of what the system must actually do.
Due to their simplistic nature, use case diagrams can be a good communication tool
for stakeholders. The drawings attempt to mimic the real world and provide a view for
the stakeholder to understand how the system is going to be designed. Siau and Lee conducted
research to determine if there was a valid situation for use case diagrams at all or if they were
unnecessary. What was found was that the use case diagrams conveyed the intent of the system
in a more simplified manner to stakeholders and that they were "interpreted more completely
than class diagrams".
The purpose of the use case diagrams is simply to provide the high level view of the
system and convey the requirements in layman's terms for the stakeholders. Additional diagrams
and documentation can be used to provide a complete functional and technical view of the
system.
16
4.3. DATA FLOW DIAGRAM
A data flow diagram (DFD) is a graphical representation of the “flow” of data through an
information system. It differs from the flowchart as it shows the data flow instead of the control
flow of the program. A data flow diagram can also be used for the visualization of data
processing. The DFD is designed to show how a system is divided into smaller portions and to
highlight the flow of data between those parts.
Level 0:
Username
Login Database
Password
17
Level 1:
Admin
Login
Payment using
Credit card
Report
18
Level 2:
User
Login
Logout
19
4.4. Sequence Diagram
To understand what a sequence diagram is, it's important to know the role of the Unified
Modeling Language, better known as UML. UML is a modeling toolkit that guides the creation
and notation of many types of diagrams, including behavior diagrams, interaction diagrams, and
structure diagrams.
Note that there are two types of sequence diagrams: UML diagrams and code-based diagrams.
The latter is sourced from programming code and will not be covered in this guide.
Lucidchart’s UML diagramming software is equipped with all the shapes and features you will
need to model both.
20
5. SOFTWARE DECRIPTION
The Java programming language is a high-level language that can be characterized by all
of the following buzzwords:
Simple
Architecture neutral
Object oriented
Portable
Distributed
High performance
Interpreted
Multithreaded
Robust
Dynamic
Secure
With most programming languages, you either compile or interpret a program so that you
can run it on your computer. The Java programming language is unusual in that a program is
both compiled and interpreted. With the compiler, first you translate a program into an
intermediate language called Java byte codes —the platform-independent codes interpreted by
the interpreter on the Java platform. The interpreter parses and runs each Java byte code
instruction on the computer. Compilation happens just once; interpretation occurs each time the
program is executed. The following figure illustrates how this works.
21
You can think of Java byte codes as the machine code instructions for the Java Virtual
Machine (Java VM). Every Java interpreter, whether it’s a development tool or a Web browser
that can run applets, is an implementation of the Java VM. Java byte codes help make “write
once, run anywhere” possible. You can compile your program into byte codes on any platform
that has a Java compiler. The byte codes can then be run on any implementation of the Java VM.
That means that as long as a computer has a Java VM, the same program written in the Java
programming language can run on Windows 2000, a Solaris workstation, or on an iMac.
You’ve already been introduced to the Java VM. It’s the base for the Java platform and is ported
onto various hardware-based platforms.
22
The Java API is a large collection of ready-made software components that provide many useful
capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped into
libraries of related classes and interfaces; these libraries are known as packages. The next
section, What Can Java Technology Do?, highlights what functionality some of the packages in
the Java API provide.
The following figure depicts a program that’s running on the Java platform. As the figure shows,
the Java API and the virtual machine insulate the program from the hardware.
Figure:Java Platforms
Native code is code that after you compile it, the compiled code runs on a specific hardware
platform. As a platform-independent environment, the Java platform can be a bit slower than
native code. However, smart compilers, well-tuned interpreters, and just-in-time byte code
compilers can bring performance close to that of native code without threatening portability.
However, the Java programming language is not just for writing cute, entertaining applets
for the Web. The general-purpose, high-level Java programming language is also a powerful
software platform. Using the generous API, you can write many types of programs.
An application is a standalone program that runs directly on the Java platform. A special
kind of application known as a server serves and supports clients on a network. Examples of
servers are Web servers, proxy servers, mail servers, and print servers.
23
Another specialized program is a servelet. A servelet can almost be thought of as an
applet that runs on the server side. Java Servelets are a popular choice for building interactive
web applications, replacing the use of CGI scripts. Servelets are similar to applets in that they are
runtime extensions of applications. Instead of working in browsers, though, servelets run within
Java Web servers, configuring or tailoring the server.
How does the API support all these kinds of programs? It does so with packages of software
components that provides a wide range of functionality. Every full implementation of the Java
platform gives you the following features:
The essentials: Objects, strings, threads, numbers, input and output, data structures, system
properties, date and time, and so on.
Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram Protocol)
sockets, and IP (Internet Protocol) addresses.
Internationalization: Help for writing programs that can be localized for users worldwide.
Programs can automatically adapt to specific locales and be displayed in the appropriate
language.
Security: Both low level and high level, including electronic signatures, public and private key
management, access control, and certificates.
Software components: Known as JavaBeansTM, can plug into existing component architectures.
Object serialization: Allows lightweight persistence and communication via Remote Method
Invocation (RMI).
Java Database Connectivity (JDBCTM): Provides uniform access to a wide range of relational
databases.
The Java platform also has APIs for 2D and 3D graphics, accessibility, servers, collaboration,
telephony, speech, animation, and more. The following figure depicts what is included in the
Java 2 SDK.
24
Figure:Java IDE
We can’t promise you fame, fortune, or even a job if you learn the Java programming
language. Still, it is likely to make your programs better and requires less effort than other
languages. We believe that Java technology will help you do the following:
Get started quickly: Although the Java programming language is a powerful object-
oriented language, it’s easy to learn, especially for programmers already familiar with C or C++.
Write less code: Comparisons of program metrics (class counts, method counts, and so
on) suggest that a program written in the Java programming language can be four times smaller
than the same program in C++.
Write better code: The Java programming language encourages good coding practices,
and its garbage collection helps you avoid memory leaks. Its object orientation, its JavaBeans
component architecture, and its wide-ranging, easily extendible API let you reuse other people’s
tested code and introduce fewer bugs.
Develop programs more quickly: Your development time may be as much as twice as fast
versus writing the same program in C++. Why? You write fewer lines of code and it is a simpler
programming language than C++.
25
Avoid platform dependencies with 100% Pure Java: You can keep your program portable by
avoiding the use of libraries written in other languages. The 100% Pure JavaTMProduct
Certification Program has a repository of historical process manuals, white papers, brochures,
and similar materials online.
Distribute software more easily: You can upgrade applets easily from a central server. Applets
take advantage of the feature of allowing new classes to be loaded “on the fly,” without
recompiling the entire program.
A Java source files is a text file that contains one or more class definitions. The java
compiler expects these files to be stored with the '.java' filename extension. When Java source
code is compiled, each individual class is put into its own output file named after the class with a
‘.class’ extension since there is no global functions or variables in Java and only thing that can be
in a Java, source file is one or more class definitions.
Java requires that all code reside inside of a names class. Java is highly case sensitive
with respect to all keywords and identifiers. In java the code for any method must be started by
an open brace and so ended by a close brace.
Every java application must have a 'main' method. The main method is simply a starting
place for the interpreter to begin. Java applets won't use a main method at all, since the web
browser's java runtime has a different conversion for boot strapping applets. In java every
statement must end with a semicolon, there are no limits on the length of the statements. Java is
a free form language.
Java allows to groups classes in a collection called packages. Packages are convenient
way of organizing the classes and libraries. Packages can be nested. A number of classes having
same kind of behavior can be grouped under a package.
26
Packages are imported into the required java programs using the implements keyword.
Interfaces provide a mechanism that allows unrelated classes to implement the same set of
methods.
An interface is a collection of method prototypes and constant values that is free from
dependency on a specific class. Interfaces are implemented by using the implements keyword.
Introduction to API
Application programming interface (API) forms the heart of any java program. These
API'S are defined in corresponding java packages and are imported to the program.
PACKAGES DESCRIPTION
27
SocketOverview
The same idea applies to network sockets, except we talk about TCP/IP packets & IP
addresses rather than electrons and street addresses. Internet Protocol (IP) is a low-level routing
protocol that breaks data into small packets and sends them to an address across a network,
which does not guarantee to deliver said packets to the destination. Transmission Control
Protocol (TCP) is a higher-level protocol that manages to robustly string together these packets,
sorting and retransmitting them as necessary to reliably transmit your data. A third protocol, User
Datagram Protocol (UDP), sits next to TCP and can be used directly to support fast,
connectionless, unreliable transport of packets
28
Client and Server
You often hear the term client/server mentioned in the context of networking. It seems
complicated when you read about it in corporate marketing statements, but it is actually quite
simple. A server is anything that has some resource that can be shared. There are compute
servers, which provide computing power; print servers, which manage a collection of printers;
disk servers, which provide networked disk space; and web servers, which store web pages. A
client is simply any other entity that wants to gain access to a particular server.
The interaction between client and server is just like the interaction between a lamp and
an electrical socket. The power grid of the house is the server, and the lamp is a power client.
The server is a permanently available resource, while the client is free to “unplug” after it is has
been served. In Berkeley sockets, the notion of a socket allows a single computer to serve many
different clients at once, as well as serving many different types of information. This feat is
managed by the introduction of a port, which is a numbered socket on a particular machine.
A server process is said to “listen” to a port until a client connects to it. A server is
allowed to accept multiple clients connected to the same port number, although each session is
unique. To manage multiple client connections, a server process must be multithreaded or have
some other means of multiplexing the simultaneous I/O.
29
6. SYSTEM TESTING
6.2.SYSTEM TESTING
Several modules constitute a project. If the project is long-term project, several
developers write the modules. Once all the modules are integrated, several errors may arise. The
testing done at this stage is called system test. System testing ensures that the entire integrated
software system meets requirements. It tests a configuration to ensure known and predictable
results. System testing is based on process descriptions and flows, emphasizing pre-driven
process links and integration points.
Functional test can be defined as testing two or more modules together with the intent of
finding defects, demonstrating that defects are not present, verifying that the module performs its
intended functions as stated in the specification and establishing confidence that a program does
what it is supposed to do.
30
6.4. INTEGRATION TESTING:
Testing in which modules are combined and tested as a group. Modules are typically
code modules, individual applications, source and destination applications on a network, etc.
Integration Testing follows unit testing and precedes system testing.Testing after the product is
code complete. Betas are often widely distributed or even distributed to the public at large in
hopes that they will buy the final product when it is released.
6.7.MAINTENANCE
Software maintenance is widely accepted part of SDLC now a days. It stands for all the
modifications and updations done after the delivery of software product. There are number of
reasons, why modifications are required, some of them are briefly mentioned below:
Market Conditions - Policies, which changes over the time, such as taxation and newly
introduced constraints like, how to maintain bookkeeping, may trigger need for
modification.
Client Requirements - Over the time, customer may ask for new features or functions in
the software.
Host Modifications - If any of the hardware and/or platform (such as operating system)
of the target host changes, software changes are needed to keep adaptability.
31
Organization Changes - If there is any business level change at client end, such as
reduction of organization strength, acquiring another company, organization venturing
into new business, need to modify in the original software may arise.
Types of maintenance
In a software lifetime, type of maintenance may vary based on its nature. It may be just a
routine maintenance tasks as some bug discovered by some user or it may be a large event in
itself based on maintenance size or nature. Following are some types of maintenance based on
their characteristics:
Corrective Maintenance - This includes modifications and updations done in order to
correct or fix problems, which are either discovered by user or concluded by user error
reports.
Adaptive Maintenance - This includes modifications and updations applied to keep the
software product up-to date and tuned to the ever changing world of technology and
business environment.
Perfective Maintenance - This includes modifications and updates done in order to keep
the software usable over long period of time. It includes new features, new user
requirements for refining the software and improve its reliability and performance.
Preventive Maintenance - This includes modifications and updations to prevent future
problems of the software. It aims to attend problems, which are not significant at this
moment but may cause serious issues in future.
32
7.SCREENSHOTS
HOME PAGE
FRODO LOGIN
33
REGISTRATION FORM
VENDOR REGISTRATION
34
FRODO LOGIN
35
DEPOSIT AMOUNT
VENDOR LOGIN
36
VENDOR BANK DETAILS
TRANSECTION PROCESS
37
8. SAMPLE CODING
SOURCE CODE
packagecom.example.readmsg;
importjava.util.regex.Matcher;
importjava.util.regex.Pattern;
importandroid.os.Bundle;
importandroid.app.Activity;
importandroid.view.Menu;
importandroid.view.View;
importandroid.widget.Button;
importandroid.widget.CheckBox;
importandroid.widget.EditText;
import android.widget.RadioButton;
importandroid.widget.RadioGroup;
importandroid.widget.Toast;
importandroid.content.Intent;
importandroid.database.sqlite.SQLiteDatabase;
importandroid.view.View.OnClickListener;
public class MainActivity extends Activity implements OnClickListener {
Button btn_save;
EditTexte_firstname,e_lastname,e_username,e_password,e_email,secret;
CheckBoxcbx,cbxs;
String $username;
String $password;
int id;
RadioGroupradioSexGroup;
privateRadioButtonradioSexButton;
String getusername,getpassword;
SQLiteDatabasedbs;
@Override
protected void onCreate(Bundle savedInstanceState) {
38
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
dbs = openOrCreateDatabase("datacollect.db", MODE_PRIVATE, null);
String sql_create = "create table if not exists login(_id integer primary key
autoincrement, username varchar(120),password varchar(120),
secretvarchar(120))";
dbs.execSQL(sql_create);
radioSexGroup = (RadioGroup) findViewById(R.id.goodbutton);
e_username = (EditText)findViewById(R.id.username);
e_password = (EditText)findViewById(R.id.password);
secret=(EditText)findViewById(R.id.secure);
e_email=(EditText)findViewById(R.id.email);
e_firstname=(EditText)findViewById(R.id.firstname);
e_lastname=(EditText)findViewById(R.id.lastname);
btn_save = (Button)findViewById(R.id.login);
btn_save.setOnClickListener(this);
}
privatebooleanisValidEmail(String email) {
String EMAIL_PATTERN = "^[_A-Za-z0-9-\\+]+(\\.[_A-Za-z0-9-]+)*@"
+ "[A-Za-z0-9-]+(\\.[A-Za-z0-9]+)*(\\.[A-Za-z]{2,})$";
39
}
public void onClick(View v)
{
switch(v.getId())
{
caseR.id.login:
String s_username = e_username.getText().toString();
String s_password = e_password.getText().toString();
String s_email=e_email.getText().toString();
String s_securekey=secret.getText().toString();
intselectedId = radioSexGroup.getCheckedRadioButtonId();
// find the radiobutton by returned id
radioSexButton = (RadioButton) findViewById(selectedId);
String command = radioSexButton.getText().toString().trim()
if(s_password.equals("") || s_password==null || s_username.equals("") ||
s_username==null&&s_email.equals("")||s_email==null
s_securekey.equals("")||s_securekey==null)
{
Toast.makeText(getFrameworkContext(), "Fill all above
details to proceed", Toas.LENGTH_LONG).show();
}
String $password;
int id;
RadioGroupradioSexGroup;
privateRadioButtonradioSexButton;
String getusername,getpassword;
SQLiteDatabasedbs;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
40
dbs = openOrCreateDatabase("datacollect.db", MODE_PRIVATE, null);
String sql_create = "create table if not exists login(_id integer primary key
autoincrement, username varchar(120),password varchar(120),
secretvarchar(120))";
dbs.execSQL(sql_create);
radioSexGroup = (RadioGroup) findViewById(R.id.goodbutton);
e_username = (EditText)findViewById(R.id.username);
e_password = (EditText)findViewById(R.id.password);
secret=(EditText)findViewById(R.id.secure);
e_email=(EditText)findViewById(R.id.email);
e_firstname=(EditText)findViewById(R.id.firstname);
e_lastname=(EditText)findViewById(R.id.lastname);
btn_save = (Button)findViewById(R.id.login);
btn_save.setOnClickListener(this);
}
caseR.id.login:
String s_securekey=secret.getText().toString();
intselectedId = radioSexGroup.getCheckedRadioButtonId();
// find the radiobutton by returned id
radioSexButton = (RadioButton) findViewById(selectedId);
String command = radioSexButton.getText().toString().trim()
if(s_password.equals("") || s_password==null || s_username.equals("") ||
s_username==null&&s_email.equals("")||s_email==null
s_securekey.equals("")||s_securekey==null)
else{
41
String inse_query = "insert into login(username,password,secret)
values('"+s_username+"','"+s_password+"','"+s_securekey+"')";
dbs.execSQL(inse_query);
Toast.makeText(getFrameworkContext(), "Success",
Toast.LENGTH_SHORT).show();
if(command.equals("Default Commands"))
{
Intent intent=new Intent();
intent.setClassName("com.example.readmsg","com.example.readmsg.CommandLine");
intent.setFlags(intent.FLAG_ACTIVITY_NEW_TASK);
startActivity(intent);
Toast.makeText(getFrameworkContext(), "Use default command
keywords", Toast.LENGTH_LONG).show();
finish();
}
Pattern pattern = Pattern.compile(EMAIL_PATTERN);
Matcher matcher = pattern.matcher(email);
returnmatcher.matches();
}
// validating password with retype password
privatebooleanisValidPassword(String pass) {
if (pass != null &&pass.length() >= 2) {
return true;
}
42
10. CONCLUSION
10. CONCLUSION
In this proposed system introduced FRoDO that is, to the best of our knowledge, the first
data-breach-resilient fully off-line micropayment approach. The security analysis shows that
FRoDO does not impose trustworthiness assumptions. Further, FRoDO is also the first solution
in the literature where no customer device data attacks can be exploited to compromise the
system. This has been achieved mainly by leveraging a novel erasable PUF architecture and a
novel protocol design. Furthermore, our proposal has been thoroughly discussed and compared
against the state of the art. This analysis shows that FRoDO is the only proposal that enjoys all
the properties required to a secure micro-payment solution, while also introducing flexibility
when considering the payment medium (types of digital coins).
43
11.REFERENCES
[1] J. Lewandowska, http://www.frost.com/prod/servlet/press-release.pag?docid=274238535,
2013.
[2] R. L. Rivest, “Payword and micromint: two simple micropaymentschemes,” in CryptoBytes,
1996, pp. 69–87.
[3] S. Martins and Y. Yang, “Introduction to bitcoins: a pseudo-anonymouselectronic currency
system,” ser. CASCON ’11. Riverton, NJ, USA:IBM Corp., 2011, pp. 349–350.
[4] Verizon, “2014 data breach investigations report,” Verizon, TechnicalReport, 2014.
[5] T. M. Incorporated, “Point-of-sale system breaches,” Trend Micro Incorporated,Technical
Report, 2014.
[6] Mandiant, “Beyond the breach,” Mandiant, Technical Report, 2014.
[7] Bogmar, “Secure POS & kiosk support,” Bogmar, Technical Report,2014.
[8] V. Daza, R. Di Pietro, F. Lombardi, and M. Signorini, “FORCE – FullyOff-line
secuReCrEdits for Mobile Micro Payments,” in 11th Intl. Conf.on Security and Cryptography,
SCITEPRESS, Ed., 2014.
[9] W. Chen, G. Hancke, K. Mayes, Y. Lien, and J.-H. Chiu, “Using 3G networkcomponents to
enable NFC mobile transactions and authentication,”in IEEE PIC ’10, vol. 1, Dec 2010, pp. 441
–448.
[10] S. Golovashych, “The technology of identification and authenticationof financial
transactions. from smart cards to NFC-terminals,” in IEEE IDAACS ’05, Sep 2005, pp. 407–
412.
[11] G. Vasco, Maribel, S. Heidarvand, and J. Villar, “Anonymous subscriptionschemes: A
flexible construction for on-line services access,” inSECRYPT ’10, July 2010, pp. 1–12.
[12] K. S. Kadambi, J. Li, and A. H. Karp, “Near-field communication-basedsecure mobile
payment service,” in ICEC ’09. ACM, 2009.
[13] V. C. Sekhar and S. Mrudula, “A complete secure customer centricanonymous payment in a
digital ecosystem,” ICCEET ’12, 2012.
[14] S. Dominikus and M. Aigner, “mCoupons: An application for nearfield communication
(NFC),” in Advanced Information Networking andApplications Workshops, ser. AINAW ’07,
vol. 2. Washington, DC,USA: IEEE Computer Society, 2007, pp. 421–428.
44
[15] T. Nishide and K. Sakurai, “Security of offline anonymous electroniccash systems against
insider attacks by untrusted authorities revisited,”ser. INCOS ’11. Washington, DC, USA: IEEE
Comp. Soc., 2011, pp.656–661.
[16] W.-S. Juang, “An efficient and practical fair buyer-anonymity exchangescheme using
bilinear pairings,” in Asia JCIS 2013, July 2013, pp. 19–26.
[17] M. A. Salama, N. El-Bendary, and A. E. Hassanien, “Towards securemobile agent based e-
cash system,” in Intl. Workshop on Security andPrivacy Preserving in e-Societies. New York,
NY, USA: ACM, 2011,pp. 1–6.
[18] C. Wang, H. Sun, H. Zhang, and Z. Jin, “An improved off-line electroniccash scheme,” in
ICCIS 2013, June 2013, pp. 438–441.
45