Chapter 1

Online Payment System Using Steganography And Visual

Cryptography

Ashiq V M
Asst Professor in Computer Science, MCAS Vengara

Shameem Akthar K
Asst Professor in Computer Science, MCAS Vengara

Abstract :This paper presents a new approach for providing limited information only that is
necessary for fund transfer during online shopping thereby safeguarding customer data and
increasing customer confidence and preventing identity theft. A cryptographic technique based
on visual secret sharing used for image encryption. Using k out of n (k, n) visual secret sharing
scheme a secret image is encrypted in shares which are meaningless images that can be
transmitted or distributed over an untrusted communication channel. Only combining the k shares
or more give the original secret image. Phishing is an attempt by an individual or a group to
thieve personal confidential information such as passwords, credit card information etc from
unsuspecting victims for identity theft, financial gain and other fraudulent activities The use of
images is explored to preserve the privacy of image captcha by decomposing the original image
captcha into two shares that are stored in separate database servers such that the original image
captcha can be revealed only when both are simultaneously available; the individual sheet images
do not reveal the identity of the original image captcha. Once the original image captcha is
revealed to the user it can be used as the password. Several solutions have been proposed to
tackle phishing.
.

1 Introduction
Online shopping is the retrieval of product information via the Internet and issue of the purchase
order through electronic purchase request, filling of credit or debit card information and shipping
of product by mail order or home delivery by courier Identity theft and phishing are the common
dangers of online shopping. Identity theft is the stealing of someone’s identity in the form of
personal information and misuse of that information for making purchase and opening of bank
accounts or arranging credit cards. In 2012 consumer information was misused for an average of
48 days as a result of identity theft. Phishing is a criminal mechanism that employs both social
engineering and technical subterfuge to steal consumers ‘personal identity data and financial
account credentials. In 2ndquarter of 2013, Payment Service, Financial and Retail Service are the
most targeted industrial sectors of phishing attacks.Secure Socket Layer (SSL) encryption
prevents the interception of consumer information in transit between the consumer and the online
merchant. However, one must still trust merchant and its employees not to use consumer
information for their own purchases and not to sell the information to others. In this paper, a new
method is proposed, that uses text-based steganography and visual cryptography, which
minimizes information sharing between consumer and online merchant but enable successful
fund transfer from consumer’s account to merchant’s account thereby safeguarding consumer
information and preventing misuse of information at merchant side. The method proposed is
specifically for E-Commerce but can easily be extended for online as well as physical banking
 2 Problem Definition
In traditional online shopping the consumer selects items from online shopping portal and then is
directed to the payment page. An online merchant may have its own payment system or can take
advantage of third-party payment systems such as PayPal, pay online system, Web Money and
others. In the payment, the portal consumer submits his or her credit or debit card details such as
credit or debit card number, name on the card, expiry date of the card. Details of information
sought from shopper vary from one payment gateway to another. For example, payment in
IRCTC website requires Personal Identification Number (PIN) when paying using debit card
whereas shopping in Flipkart or Snapdeal requires Visa or Master secure code. In addition to that
merchant may require a Card Verification Value code, CVV (CVV2 for Visa, CVC2 for
MasterCard), which is basically an authorizing code in CNP transactions. According to the PCI
Data Security Standard, merchants are prohibited from storing CVV information or PIN data and
if permitted card information such as name, card number and the expiration date is stored, certain
security standards are required. However recent high profile breaches such as in Epsilon, Sony’s
PlayStation Network and Heartland Payment Systems show that cardholders’ information is at
risk both from outside and inside. A solution can be forcing the merchant to be a PCI complaint
but cost to be a PCI complaint is huge and the process is complex and time-consuming and it will
solve part of the problem. One still has to trust the merchant and its employees not to use card
information for there own purposes

3 Proposed System
In the proposed solution, information submitted by the customer to the online merchant
is minimized by providing only minimum information that will only verify the payment
made by the said customer from its bank account. This is achieved by the introduction
of a central Certified Authority(CA) and combined application of steganography and
visual cryptography. The information received by the merchant can be in the form of
account number related to the card used for shopping. The information will only
validate receipt of payment from an authentic customer. The process is shown in Below
Fig 2 In the proposed method.
customer-unique authentication password in connection to the bank is hidden inside a
cover text using the text-based steganography method as mentioned in section IV. Customer
authentication information (account no) in connection with a merchant is placed above the cover
text in its original form. Now a snapshot of two texts is taken. From the snapshot image, two
shares are generated using visual cryptography.Now one share is kept by the customer and the
other share is kept in the database of the certified authority. During shopping online, after
selection of the desired item and adding it to the cart, the preferred payment system of the
merchant directs the customer to the Certified Authority portal. In the portal, shopper submits its
own share and merchant submits its own account details. Now the CA combines its own share
with shopper’s share and obtains the original image. From CA now, merchant account details,
cover text are sent to the bank where customer authentication password is recovered from the
cover text. Customer authentication information is sent to the merchant by CA. Upon receiving
customer authentication password, bank matches it with its own database and after verifying
legitimate customer, transfers fund from the customer account to the submitted merchant account.
After receiving the fund, the merchant’s payment system validates receipt of payment using
customer authentication information.
 Fig 1: Existing System

Fig 2: Proposed System

4 Overview
A rapid growth in the E-Commerce market is seen in recent time throughout the world. With the
ever-increasing popularity of online shopping, Debit or Credit card fraud and personal
information security are major concerns for customers, merchants and banks specifically in the
case of CNP (Card Not Present). This paper presents a new approach for providing limited
information only that is necessary for fund transfer during online shopping thereby safeguarding
customer data and increasing customer confidence and preventing identity theft. The method uses
 the combined application of steganography and visual cryptography for this purpose

5 Required Analysis
The objective of the system analysis phase is the establishment of the system to be acquired,
developed and established. Analyzing the project to understand the intricacy forms the vital part
of system study. Problematic areas are identified and information collected. Fact finding or
gathering is essential to analysis of requirement. It is necessary that the analyst familiarize
himself with the objective, activities and functions of the organization in which the system is to
implemented. It involves studying the currently retrieves and processes data to produce
information with goal of determining how to make it better. For this reason, the system analyst
should develop alternate system and evaluate each in terms of cost benefit and feasibility.
System analysis includes investigation and possible changes to the existing system. At
the conclusion of system analysis there is a system description and the set of requirements for a
new system. If there is no existing system, analysis defines the requirements. Design, which
follows, proposes a new system that meets its needs. This new system may be built fresh or by
changing the existing system. Development begin by defining a model of new system and
converts this model to a working system. Finally, the data models are converted to a database and
processed to user procedures and computer programs.

5.1. Existing System

 The existing system supports with only one type of image format only. For example, if it
is .jpg, then it supports only that same kind of image format only.
 The existing system does not provide a friendly environment to encrypt or decrypt the
data (images).
 The existing visual cryptography schemes that are used for data hiding have a security
hole in the encrypted Share file.
 Here an image based authentication using Visual Cryptography is implemented.
Disadvantages
 Does not provide a friendly environment to encrypt or decrypt the data (images).
 Supports with only one type of image format only. For example, if it is .jpg, then it
supports only that same kind of image format only.
The most critical measurements to evaluate the effectiveness of a VCS
5.2. Proposed System
 Proposed System, Visual Cryptography (VC), technique based on visual secret sharing
used for image encryption.
 Secure Socket Layer (SSL) encryption prevents the interception of consumer
information in transit between the consumer and the online merchant.
 In this paper, a new method is proposed, that uses text based steganography and visual
cryptography, which minimizes information sharing between consumer and online merchant.
 VCS is a cryptographic technique that allows for the encryption of visual information
such that decryption can be performed using the human visual system
 For phishing detection and prevention, we are proposing a new methodology to detect
the phishing website.
 Our methodology is based on the Anti-Phishing Image Captcha validation scheme
using visual cryptography. It prevents password and other confidential information
from the phishing websites.
 Cryptographic technique: Threshold VCS scheme,(n, n) -Threshold VCS scheme, (k, n)
Threshold VCS scheme are used in this proposed system.
 Advantages
 Our methodology is based on the Anti-Phishing Image Captcha validation scheme using
visual cryptography.
 It prevents password and other confidential information from the phishing websites.
For phishing detection and prevention, we are proposing a new methodology to detect
the phishing website

6 Steganography

STEGANOGRAPHY comes from the Greek Words: STEGANOS – “Covered”,

GRAPHIE – “Writing”.Generally, the sender writes an innocuous message and then conceals a
secret message on the same piece of paper. The main goal of steganography is to communicate
securely in a completely undetectable manner and to avoid drawing suspicion to the transmission
of hidden data. It is not to keep others from knowing the hidden information, but it is to keep
others from thinking that the information even exists. The data can be hidden in basic formats
like Audio, Video, Text, and Images, etc. The various types of steganography include:

1. Image steganography
2. Audio steganography
3. Video Steganography

Least-Significant-Bit (LSB) Algorithm

The Least-Significant-Bit (LSB) technique is a kind of substitution algorithm spatial domain

algorithm which
embed data by substituting carefully chosen bits from the cover image pixels with secret message
bits. This
technique involves the modification of the LSB planes of the image. In this technique, the
message is stored in
the LSB of the pixels which could be considered as random noise. Therefore altering them does
not
significantly affect the quality of the cover image. Variations of the LSB algorithms include one
or more LSB
bits to be changed to a bit of secret massage. The main aim is to provide security to confidential
RGB images
such as maps or sensitive signed documents. The basic principle of steganography is to hide the
secret
information in the cover object, which can be a digital medium such as image, audio or video file,
to obtain a
stego file that has secret information hidden in it.
For example, for a 24-bit image, each of the red, green and blue color components of bit can be
used, as each
is represented by a byte. In other words, one can store 3 bits in each pixel An 800 × 600-pixel
image, can thus store a total amount of 1,440,000 bits or 180,000 bytes of embedded data . A grid
for 3 pixels of a 24-bit
image can be as represented as follows:
(00101101 00011100 11011100)
(10100110 11000100 00001100)
(11010010 10101101 01100011)
When the number 200, which binary representation is 11001000, is embedded into the least
significant bits of
this part of the image, the resulting grid is as follows: (00101101 00011101 11011100)
(10100110 11000101 00001100)
(11010010 10101100 01100011)
In the above example, the number was set in the first 8 bytes of the grid, only the 3 underlined
bits need to be
varied according to the implanted message. So, only half of the bits in an image will be modified
to hide a
secret message using the maximum cover size. For each primary color, there are 256 possible
intensities. If we
change the LSB of a pixel it results in small changes in the intensity of the colors. These changes
cannot be
perceived by the human eye - thus the message is successfully hidden. With an appropriate
image, we can even
hide the message in the least as well as second to least significant bit irrespective of noticing the
difference.

7 Visual Cryptography

Visual cryptography is a cryptographic technique which allows visual information

(pictures, text, etc.) to be encrypted in such a way that decryption can be done just by sight
reading. Visual cryptography, degree associated rising cryptography technology, uses the
characteristics of human vision to rewrite encrypted photos. Visual cryptography provides
secured digital transmission that is used just for merely the once.
Numerous guidance like military maps and business identifications are transmitted over
the internet. Whereas pattern secret photos, security problems ought to be compelled to be taken
into thought as a result of hackers may utilize weak link over the communication network to steal
info that they need.To touch upon the protection problems with secret photos, varied image secret
sharing schemes are developed. anyone will use it for coding with none science information and
any computations

Fig 3: Visual Cryptography

There are many methods in visual cryptography
 Visual cryptography for gray level images
 Visual cryptography for general access structures:
 Halftone Visual Cryptography:
 Recursive Threshold visual cryptography
 Visual cryptography for color images:
 Regional incrementing Visual Cryptography
 Segment based visual cryptography
 Extended visual cryptography for natural images
 Progressive visual cryptography
8 Results and Discussion
The performance and the outcome of the project are very satisfactory.
The ever growing field of electronics found the new milestones of discoveries through
embedded systems. This can be a better platform for the fast developing technologies. During
the designing, assembling and integrating the phase of the project, we faced a lot of problem.
We overcome the difficulties faced during the work. We have learned more about operation,
application, assembling of parts and successfully testing of the equipments by doing this project.
We utilize the facilities that are available to us. There are lots of features that can be used for
practical applications
By using this method, we can hide any information within an image and extract them
without much pain and there is no way to decrypt the embedded message without knowing the
encryption key
This method provides an option to compress the output file. Thus the size of the output file can
be set to that of the original file. So an outsider cannot find whether the image contains any data
by checking the original file and enchcrypted file

9 References
1] “E-mail security using advanced cryptography and steganography” Ashiq V M, Anoop K
[2] Kharrazi, M., Sencar, H. T. and Memon, N. (2006), “Performance study of common image
steganography and
steganalysis techniques”, Journal of Electronic Imaging, SPIE Proceedings
Vol.5681.15(4), 041104 pp.1-16.
[3] “High Capacity data hiding using LSB Steganograp hy and Encryption” Shamim Ahmed
Laskar and Kattamanchi
Hemachandran Department of Computer Science Assam University, Silchar, Assam,
India International Journalof Database Management Systems ( IJDMS ) Vol.4, No.6,
December 2012.
[4] Xu Bo, Wang Jia-zhen, Peng De-yun, “Practical Protocol Steganography : Hiding Data in IP
Header” ,2007.
[5] Miss D. D. DhobaJe Dr. V. R. Ghorpade Mr. B. S. Patjj Mrs. S. B. Patil “Steganography By
Hiding Data In Tcp/Ip
Headers”,2010.
[6] V. Lokeswara Reddy, Dr.A.Subramanyam, Dr.P. Chenna Reddy, “Implementation of LSB
Steganography and its Evaluation
for Various File Formats”, Int. J. Advan ced Networking and Applications 868 Volume:
02, Issue: 05,
[8] Mamta Juneja, Parvinder S. Sandhu, and Ekta Walia,”Application of LSB Based
Steganographic Technique for 8-bit
Color Images” World Academy of Science Engine ering, and Technology 50 2009.
[9] T Morkel, JHP Eloff and MS Olivier, "An Overview of Image Steganography," in Proceeding
of the Fifth Annual
Information Security South Africa Conference (ISSA2005), Sand to South Africa, June/July
2005
[10] M. Naor and A. Shamir "Visual cryptography 2: Improving t h e c o n t r a s t via t h e cover
base," 1996, a preliminary
version appears in “Security Protocols", M. Lomas ed. Vol. 1189 of Lecture Notes in
Computer Sciencee, Springer-Verlag,
Berlin, pp.197-202, 1997.
[11] Chang, C. C., Chuang, J. C., “An image intellectual property protection scheme for gray-
level images using visual secret
sharing strategy,” Pattern Recognition Letters, Vol. 23, pp. 931−941, 2002.
[12] Chen, C. T. and Lu, T. C.“A mobile ticket validation by VSS tech with time-stamp,”
Proceedings of the 2004 IEEE
International Conference on e-Technology, e-Commerce and eService, Taipei, Taiwan,
pp. 267−270, 2004.
[13] Zhou, G. R. Arce, and G. Di Crescenzo, “Halftone Visual Cryptography,” IEEE transactions
on Image Processing, 2006.
[14] M. Naor and B. Pinkas, “Visual authentication and identification,” Crypto97, LNCS, vol.
1294, pp. 322–340, 1997.
[15] A. Bonnis and A. Santis, “Randomness in secret sharing and visual cryptography schemes,”
Theory. Computer. Science, 314,
pp 351- 374, 2004.
[16] R. Hwang, “A digital Image Copyright Protection Scheme Based on Visual Cryptography,”
Tambang Journal of science and
Engineering, vol.3, No.2, pp. 97-106, 2000.
[17] E.Myodo, S. Sakazawa, Andy. Takishima, “Visual cryptography based on void-and-cluster
half toning technique,” in Proc.
IEEE ICIP, Atlanta, GA, Oct., 2006.

iii