Professional Documents
Culture Documents
Online Payment Using Cryptography and Steganography
Online Payment Using Cryptography and Steganography
Ashiq V M
Asst Professor in Computer Science, MCAS Vengara
Shameem Akthar K
Asst Professor in Computer Science, MCAS Vengara
Abstract :This paper presents a new approach for providing limited information only that is
necessary for fund transfer during online shopping thereby safeguarding customer data and
increasing customer confidence and preventing identity theft. A cryptographic technique based
on visual secret sharing used for image encryption. Using k out of n (k, n) visual secret sharing
scheme a secret image is encrypted in shares which are meaningless images that can be
transmitted or distributed over an untrusted communication channel. Only combining the k shares
or more give the original secret image. Phishing is an attempt by an individual or a group to
thieve personal confidential information such as passwords, credit card information etc from
unsuspecting victims for identity theft, financial gain and other fraudulent activities The use of
images is explored to preserve the privacy of image captcha by decomposing the original image
captcha into two shares that are stored in separate database servers such that the original image
captcha can be revealed only when both are simultaneously available; the individual sheet images
do not reveal the identity of the original image captcha. Once the original image captcha is
revealed to the user it can be used as the password. Several solutions have been proposed to
tackle phishing.
.
1 Introduction
Online shopping is the retrieval of product information via the Internet and issue of the purchase
order through electronic purchase request, filling of credit or debit card information and shipping
of product by mail order or home delivery by courier Identity theft and phishing are the common
dangers of online shopping. Identity theft is the stealing of someone’s identity in the form of
personal information and misuse of that information for making purchase and opening of bank
accounts or arranging credit cards. In 2012 consumer information was misused for an average of
48 days as a result of identity theft. Phishing is a criminal mechanism that employs both social
engineering and technical subterfuge to steal consumers ‘personal identity data and financial
account credentials. In 2ndquarter of 2013, Payment Service, Financial and Retail Service are the
most targeted industrial sectors of phishing attacks.Secure Socket Layer (SSL) encryption
prevents the interception of consumer information in transit between the consumer and the online
merchant. However, one must still trust merchant and its employees not to use consumer
information for their own purchases and not to sell the information to others. In this paper, a new
method is proposed, that uses text-based steganography and visual cryptography, which
minimizes information sharing between consumer and online merchant but enable successful
fund transfer from consumer’s account to merchant’s account thereby safeguarding consumer
information and preventing misuse of information at merchant side. The method proposed is
specifically for E-Commerce but can easily be extended for online as well as physical banking
2 Problem Definition
In traditional online shopping the consumer selects items from online shopping portal and then is
directed to the payment page. An online merchant may have its own payment system or can take
advantage of third-party payment systems such as PayPal, pay online system, Web Money and
others. In the payment, the portal consumer submits his or her credit or debit card details such as
credit or debit card number, name on the card, expiry date of the card. Details of information
sought from shopper vary from one payment gateway to another. For example, payment in
IRCTC website requires Personal Identification Number (PIN) when paying using debit card
whereas shopping in Flipkart or Snapdeal requires Visa or Master secure code. In addition to that
merchant may require a Card Verification Value code, CVV (CVV2 for Visa, CVC2 for
MasterCard), which is basically an authorizing code in CNP transactions. According to the PCI
Data Security Standard, merchants are prohibited from storing CVV information or PIN data and
if permitted card information such as name, card number and the expiration date is stored, certain
security standards are required. However recent high profile breaches such as in Epsilon, Sony’s
PlayStation Network and Heartland Payment Systems show that cardholders’ information is at
risk both from outside and inside. A solution can be forcing the merchant to be a PCI complaint
but cost to be a PCI complaint is huge and the process is complex and time-consuming and it will
solve part of the problem. One still has to trust the merchant and its employees not to use card
information for there own purposes
3 Proposed System
In the proposed solution, information submitted by the customer to the online merchant
is minimized by providing only minimum information that will only verify the payment
made by the said customer from its bank account. This is achieved by the introduction
of a central Certified Authority(CA) and combined application of steganography and
visual cryptography. The information received by the merchant can be in the form of
account number related to the card used for shopping. The information will only
validate receipt of payment from an authentic customer. The process is shown in Below
Fig 2 In the proposed method.
customer-unique authentication password in connection to the bank is hidden inside a
cover text using the text-based steganography method as mentioned in section IV. Customer
authentication information (account no) in connection with a merchant is placed above the cover
text in its original form. Now a snapshot of two texts is taken. From the snapshot image, two
shares are generated using visual cryptography.Now one share is kept by the customer and the
other share is kept in the database of the certified authority. During shopping online, after
selection of the desired item and adding it to the cart, the preferred payment system of the
merchant directs the customer to the Certified Authority portal. In the portal, shopper submits its
own share and merchant submits its own account details. Now the CA combines its own share
with shopper’s share and obtains the original image. From CA now, merchant account details,
cover text are sent to the bank where customer authentication password is recovered from the
cover text. Customer authentication information is sent to the merchant by CA. Upon receiving
customer authentication password, bank matches it with its own database and after verifying
legitimate customer, transfers fund from the customer account to the submitted merchant account.
After receiving the fund, the merchant’s payment system validates receipt of payment using
customer authentication information.
Fig 1: Existing System
4 Overview
A rapid growth in the E-Commerce market is seen in recent time throughout the world. With the
ever-increasing popularity of online shopping, Debit or Credit card fraud and personal
information security are major concerns for customers, merchants and banks specifically in the
case of CNP (Card Not Present). This paper presents a new approach for providing limited
information only that is necessary for fund transfer during online shopping thereby safeguarding
customer data and increasing customer confidence and preventing identity theft. The method uses
the combined application of steganography and visual cryptography for this purpose
5 Required Analysis
The objective of the system analysis phase is the establishment of the system to be acquired,
developed and established. Analyzing the project to understand the intricacy forms the vital part
of system study. Problematic areas are identified and information collected. Fact finding or
gathering is essential to analysis of requirement. It is necessary that the analyst familiarize
himself with the objective, activities and functions of the organization in which the system is to
implemented. It involves studying the currently retrieves and processes data to produce
information with goal of determining how to make it better. For this reason, the system analyst
should develop alternate system and evaluate each in terms of cost benefit and feasibility.
System analysis includes investigation and possible changes to the existing system. At
the conclusion of system analysis there is a system description and the set of requirements for a
new system. If there is no existing system, analysis defines the requirements. Design, which
follows, proposes a new system that meets its needs. This new system may be built fresh or by
changing the existing system. Development begin by defining a model of new system and
converts this model to a working system. Finally, the data models are converted to a database and
processed to user procedures and computer programs.
6 Steganography
1. Image steganography
2. Audio steganography
3. Video Steganography
7 Visual Cryptography
9 References
1] “E-mail security using advanced cryptography and steganography” Ashiq V M, Anoop K
[2] Kharrazi, M., Sencar, H. T. and Memon, N. (2006), “Performance study of common image
steganography and
steganalysis techniques”, Journal of Electronic Imaging, SPIE Proceedings
Vol.5681.15(4), 041104 pp.1-16.
[3] “High Capacity data hiding using LSB Steganograp hy and Encryption” Shamim Ahmed
Laskar and Kattamanchi
Hemachandran Department of Computer Science Assam University, Silchar, Assam,
India International Journalof Database Management Systems ( IJDMS ) Vol.4, No.6,
December 2012.
[4] Xu Bo, Wang Jia-zhen, Peng De-yun, “Practical Protocol Steganography : Hiding Data in IP
Header” ,2007.
[5] Miss D. D. DhobaJe Dr. V. R. Ghorpade Mr. B. S. Patjj Mrs. S. B. Patil “Steganography By
Hiding Data In Tcp/Ip
Headers”,2010.
[6] V. Lokeswara Reddy, Dr.A.Subramanyam, Dr.P. Chenna Reddy, “Implementation of LSB
Steganography and its Evaluation
for Various File Formats”, Int. J. Advan ced Networking and Applications 868 Volume:
02, Issue: 05,
[8] Mamta Juneja, Parvinder S. Sandhu, and Ekta Walia,”Application of LSB Based
Steganographic Technique for 8-bit
Color Images” World Academy of Science Engine ering, and Technology 50 2009.
[9] T Morkel, JHP Eloff and MS Olivier, "An Overview of Image Steganography," in Proceeding
of the Fifth Annual
Information Security South Africa Conference (ISSA2005), Sand to South Africa, June/July
2005
[10] M. Naor and A. Shamir "Visual cryptography 2: Improving t h e c o n t r a s t via t h e cover
base," 1996, a preliminary
version appears in “Security Protocols", M. Lomas ed. Vol. 1189 of Lecture Notes in
Computer Sciencee, Springer-Verlag,
Berlin, pp.197-202, 1997.
[11] Chang, C. C., Chuang, J. C., “An image intellectual property protection scheme for gray-
level images using visual secret
sharing strategy,” Pattern Recognition Letters, Vol. 23, pp. 931−941, 2002.
[12] Chen, C. T. and Lu, T. C.“A mobile ticket validation by VSS tech with time-stamp,”
Proceedings of the 2004 IEEE
International Conference on e-Technology, e-Commerce and eService, Taipei, Taiwan,
pp. 267−270, 2004.
[13] Zhou, G. R. Arce, and G. Di Crescenzo, “Halftone Visual Cryptography,” IEEE transactions
on Image Processing, 2006.
[14] M. Naor and B. Pinkas, “Visual authentication and identification,” Crypto97, LNCS, vol.
1294, pp. 322–340, 1997.
[15] A. Bonnis and A. Santis, “Randomness in secret sharing and visual cryptography schemes,”
Theory. Computer. Science, 314,
pp 351- 374, 2004.
[16] R. Hwang, “A digital Image Copyright Protection Scheme Based on Visual Cryptography,”
Tambang Journal of science and
Engineering, vol.3, No.2, pp. 97-106, 2000.
[17] E.Myodo, S. Sakazawa, Andy. Takishima, “Visual cryptography based on void-and-cluster
half toning technique,” in Proc.
IEEE ICIP, Atlanta, GA, Oct., 2006.
iii