Professional Documents
Culture Documents
Prepareed by AtsbhaHagos
Id 7520/19
Sec 1
June-2023
1.1. Background
Despite the fact that electronic commerce is not widely practiced in Ethiopia, producers and
consumers of goods and services on the international market can exchange goods and services
online due to a number of factors, such as strong financial institutions, infrastructure, and
knowledge. E-commerce is an easy-to-use platform that allows sellers to reach a global market
and make money by offering their goods and services to potential customers.
The most common and lucrative kind of e-commerce, business-to-business transactions produce
significantly more revenue than all other forms combined.
In terms of textual presentation, video display, image formats, and sound/audio explanations,
numerous commercial firms are communicating extremely sensitive information, money, and
sample images of various things to be offered online.
When customers agree to purchase a product, a web-based system called e-commerce (or
electronic commerce) places their order or adds it to their shopping cart. After that, the system
settles the transaction using online payment methods like credit cards and debit cards. Business-
to-Business (B2B) transactions, in which companies trade goods and services among themselves,
Business-to-Consumer (B2C) transactions, in which companies market their goods and services
to customers online, and Consumer-to-Consumer (C2C) transactions, in which customers sell
goods to other customers, are the three most popular types of e-commerce transactions.
Additionally, the development of new technologies like mobile commerce, electronic funds
transfers, supply chain management, Internet marketing, online transaction processing, electronic
data interchange (EDI), inventory management systems, and automated data collection systems
has led to the development of new ways to reach out to potential customers. The employed
technology will help businesses increase sales, improve operational effectiveness, and lay the
groundwork for new goods and services on a worldwide scale.
When money is sent from a buyer's account to a seller's account, hackers and crackers frequently
intercept the communication route. Thus, security in e-commerce refers to the fundamental idea
of safeguarding all web-based assets against unauthorized access, use, alteration, and destruction.
The fundamental components of e-commerce security are Integrity (ensuring that any
1
information that customers have shared online is unaltered), Non-repudiation (a legal principle
that requires participants not to dispute their actions in a transaction), and Truthfulness (both the
merchant and the purchaser should be real). They should be who they claim to be, and they
should practice safety (avoid any actions that can lead to the sharing of customer information
with unwelcome third-party businesses).
The Deffie Hellman Algorithm, the Message Digest Algorithm 5 (MD5), the Advanced
Encryption Standard (AES), the Data Encryption Standard (DES), the Triple Data Encryption
Standard (3DES), and the Ravish Shamir Algorithm are some of the most popular security
ensuring mechanisms introduced and implemented in various websites on their digital payment
mechanisms.
Through experimentation and measurement of changes in terms of file size and data types using
a Python program, this paper evaluates the performance of Advanced Encryption Standard
algorithms and strengthens the security and algorithm performance among the aforementioned
cryptographic algorithms to facilitate the encrypt/decrypt procedures of data blocks of different
file sizes. Python is a contemporary programming language that has a wealth of content. The
modified AES method can also be used in conjunction with the Message Digest 5 (MD5)
hashing algorithm, the other key management standard, to protect the key exchange between the
buyer and seller in an electronic transaction.
2
encryption and decoding. Since 2001 G.C., the typical AES with 128 bits has used a 10-round
procedure.
Because the security hasn't been breached by a large attack in around 20 years, taking any longer
to finish all ten rounds will be ineffective. The fundamental purpose of this thesis is to adapt the
AES algorithm and combine it with MD5 for secure key exchange.
Several research have been undertaken to discover the ideal cryptographic algorithm
combinations for e-commerce between organizations, but no obvious victor has emerged,
according to the articles I have studied.
The goal of this work was to discuss the advantages of combining AES encryption with the MD5
hashing algorithm to increase the security of the encryption process.
1.4. Objectives
3
To modify the Advanced Encryption Standard (AES) by increasing its security
and reducing its computation time through reducing the number of rounds from
10 to 8.
To combine the modified AES algorithm with the MD5 hashing algorithm to
ensure better security and performance of the electronic commerce key
exchange mechanism.
4
conclusion and summary of the final results and will indicate the future work to be done in line
with this particular research topic.
Chapter Two
2. Literature Review
2.1. Introduction
Martin defines electronic commerce as a computer-based market system where vendors offer
their goods and services to potential customers and consumers search for goods or services to
purchase. Numerous well-known websites have been developed to connect customers and
businesses using the internet and a web-based personal computer, which then provides a payment
method based on the agreement of the buyers and sellers. Electronic communication will be used
to maintain a payment and disburse funds.
5
authenticated and authorized won't have their privileges limited. The ability and right to do a job
are defined as authorization.
He asserts that E-Commerce businesses use online storefronts for direct-to-consumer retail sales,
provide products or participate in online markets that deal with independent producers.-to-
consumer or end user to end user sales, producer-to-producer electronic data sharing, email or
fax marketing to prospective and current clients, and engaging in or before to the introduction of
new products and services.
The book defines e-commerce as the exchange of goods between autonomous organizations
and/or people, backed by the pervasive usage of strong deployment of computer systems and
internationally standardized technologies.
The book also lists some advantages of e-commerce for consumers, including adaptability in
weekly store hours, lack of forced wait times once the network is fully operational, willingness
to shop at home, ability to meet personal needs through personalization, international offers,
increased competitive pressure, price pressure, and improved customer service from providers, as
well as faster customer communication, global visibility, and lack of protectionist measures.
Additionally, it discussed some drawbacks, including security risks associated with data breaches
(credit card theft), impersonation (name or user account), abuse, crimes like impersonating a firm
that doesn't exist, deception (invoice is paid but goods are never delivered), and unclear legal
standing.
Security is a situation when a person, a resource, or a process is safeguarded from a danger or its
harmful effects, according to the book's definition at the conclusion.
The protection of our digital stuff is referred to as communication security. The use of
cryptographic methods as an efficient cyber security approach for e-commerce is mentioned in
the book's conclusion.
The "The Role of Cryptography in Security for Electronic Commerce" study, according to Ann
and Murphy et al., has shown that the digital economy faces a variety of issues and potential
risks, including unauthorized entities, embezzlement, tampering, and damage to all
organizational information systems. The article looks at the main user and corporate security
issues, as well as the cryptographic techniques that are employed to reduce possible risks.
The main security concerns of businesses and customers engaging in electronic commerce are
also covered in the paper, with an emphasis on how cryptology might reduce the risk of
6
conducting business online. In-depth explanations are provided regarding the methods and
terminology used by cryptologists, including private and public key cryptography, as well as its
applications and advantages in protecting data and information systems.The problem of
biometric authentication verification and verification agencies is examined.
They claim that Secured Socket Layer (SSL), which encrypts data and uses open, cutting-edge
technology to authenticate the server, provides a secure connection between the client and the
server. SET, although being more difficult and expensive to install, enhances SSL by providing
solutions to protect User Information and the security of financial operations through the
segregation of merchant and payment information. Finally, they encourage businesses to accept
the fact that maintaining online security will always be a struggle if they want to be sure that
their digital payments are secure.
When protocols, identification, stability, security measures, and secrecy advance, hacking
techniques will also advance. Humans will still be in charge of evaluating and implementing
hardware and software solutions, as well as continuously monitoring digital infrastructure.
The Secure Electronic Transaction (SET) protocol is used to conduct transactions in online
business, as correctly described by Churi. Information confidentiality, payment integrity, and
identity authentication are all guaranteed by the complete security protocol known as SET, which
uses cryptography. It makes use of encryption, a digital certificate, and SMS verification to offer
communication secrecy and security. The introduction of the essay discusses internet stores and
how to create them. Then, it goes on to explain SET's operation and the various components that
make it up. The report then goes into depth on how the protocol was created.
The report also makes the case that when it comes to online business transactions, consumers and
merchants will have a comparable set of requirements and concerns: Security: Since digital
currency is only data, it may easily be stolen. It must be confirmed that no one else can forge
checks or pose as someone else to steal his money. Additionally, multiparty security should be
used to protect each partner from third party collaboration.
No member of the group needs to have any confidence in another member, or at the very least, as
little as is practical. The public must be able to verify the praised security features. In order to
provide a better safety system, it was intended to genuinely implement the SET standard by
fixing its shortcomings and incorporating equivalent capabilities.
7
A verification number was sent to the customer's phone to verify their identity, and a regular SSL
certificate was used to authenticate the website.
Strong cryptographic techniques are utilized to maintain the confidentiality of the customer's
private information, including encrypted communications and login credentials.
In their essay, Niranjanamurthy and Dharmendra [4] attempted to grasp the fundamentals of
ecommerce security, which they define as the preservation of ecommerce properties from
security breaches, use, modifications, or annihilation.
The components of e-commerce cyber security include fidelity, non-repudiation, validity,
secrecy, privacy, and accessibility. The financial industry has many excellent opportunities
because to e-commerce, but it also faces new dangers and weaknesses including security issues.
Information security is therefore an essential administrative and technological need for any
efficient and successful online payment transaction activity. However, because of the rapid
advancement of technology and the market, developing it is a challenging task that calls for a
coordinated blending of algorithm and workable solutions.
The authors have used common guidelines to study the common problems and concluded that
Common mistakes that leave people vulnerable include purchasing online that aren't secure,
giving out too much private information, and leaving computers open to malwares.
They also discussed security precautions, the digital e-commerce cycle, threats associated with
online shopping, and ideas for convenient and secure retail on shopping sites.
The flaw in this work is that it fails to describe the suitable approach that was applied to get the
desired conclusion, which prevents it from adding new value or producing a novel discovery.
EjubKajan is an expert in security concerns related to violence and company-to-company
internet commerce. B2B is a ground-breaking method of doing business online. The B2B science
community is mostly concerned in the irregular connections between businesses. The goal of this
study is to understand how security fits into the overall scheme of B2B device-to-device
communications.The report also revealed that Payments have exceptionally high security
requirements.
Before throughoutandafter transactions on the transmission line, business data must be
safeguarded. When a third party is involved in a financial transaction, it frequently occurs
between two parties that do not trust one another.
8
A significant challenge in B2B cyber security is the question of trust. Therefore, we must clearly
define what exactly qualifies as a safe (trusted) personal computer (network).
9
found that cryptography, which is used to exchange and send information over open channels, is
crucial to computer security, according to the experts. Data protection requires the use of
cryptography.
The researcher also used the AES and RSA algorithms in their regular Java implementations
while creating his own encryption scheme in C++. In Java (AES) and Java (RSA), all packets are
received in 0.17035 and 0.17035 seconds, respectively. 1.9268 sec. All packets are received in
1.388925 seconds for C++ (AES) and in 2.954425 seconds for C++ (RSA). Thus, it can be said
that AES and RSA both operate more effectively in Java. The average time determined the
packet speed. The test model ran more quickly because JAVA is a more sophisticated language
than C++. The Java Runtime Environment (JRE), which C++ applications must explicitly
accomplish, automates garbage collection and eliminates memory leaks for Java programs. The
study found that writing the encryption method in C++ was challenging because there was
limited documentation for C++ in this case. Additionally, as previously mentioned, in order to
reduce resource leakage in C++, data variables must be manually deleted; however, this is
automatically created in JAVA. Furthermore, unlike JAVA, where well-defined data types can
be used in programming, C++ lacks well-defined data types, making C++ programming
challenging.
10
The outcomes demonstrate that the Blowfish method outperforms other algorithms in terms of
processing speed. Additionally, it demonstrates that due to 3DES's triple phase encryption
feature, AES always takes longer than DES when the data block size is rather large.
Blowfish outperformed other encryption methods despite having a long key (448 bits). There
have been security flaws found in DES and 3DES, but none have been found in Blowfish or AES
as of yet. The results indicate that Blowfish decrypts a 20 MB data file in about 3 seconds, faster
than DES, 3DES, and AES (which take 4.5, 6 seconds, and 16 seconds, respectively).
The use of simulation technique in this research to gauge encryption and decryption on the web
is its strongest point. The paper's drawback is that it does not provide new information or provide
value; rather, it merely measures performance, compares it to that of other algorithms, and
chooses the approach that takes the least amount of time.
"Performance Analysis on the Implementation of Data Encryption Algorithms Used
in Network Security," according to Abraham Lemma, claims that E-commerce is unreliable
without security. Security is not as straightforward as it may look to the untrained eye. The
criteria appear to be simple; indeed, most of the primary security service needs may be
summarized in a single word: secrecy, authentication, nonrepudiation, or integrity. In the realm
of network security, cryptography is critical.
Many encryption techniques are already available to safeguard data, but they use a
significant amount of computational resources, such as memory and CPU time. The
major topic of this study is a comparison of four symmetric encryption algorithms:
DES, Triple DES, AES, and Blowfish.
The time, speed, and memory usage of the encryption and decryption processes are used to
compare and evaluate these approaches' performance. The developments are carried out on two
computers running separate operating systems using the Java program. To evaluate the
effectiveness of encryption and decryption techniques simulated with JDK jdk1.7.0 45, the
author utilized Net Beans IDE 7.4. Several simulations with various text sizes were run to test
the effectiveness of encryption techniques.
The paper compares four cryptographic algorithms—DES, AES, Triple DES, and Blowfish—
that are implemented using the robust handheld programming language Java and JCA (Java
Cryptography Architecture) in a variety of scenarios and file sizes.
11
The results are compared and the necessary conclusions are drawn to evaluate the performance
of four cryptographic methods. The study reached a conclusion based on the performance of the
cryptographic algorithms measured by a metric.
According to the study, Triple DES takes more time to encrypt/decrypt, requires less memory,
and has low throughput. AES and Blowfish both require the same amount of time to
encrypt/decrypt and have higher throughput, but AES requires more memory than Blowfish.
DES also requires the same amount of memory as Triple DES, but requires the least amount of
time to encrypt/decrypt and has better bandwidth.
The strength of the paper lies in the use of appropriate techniques and approaches to evaluate the
effectiveness of the algorithms. The author failed to develop a creative idea or bring a new value
to the article; instead, the same result as other researchers was copied.
H. Arif and S. Zarina, et al [8] are working on a fast and secure electronic payment system for e-
commerce so that the customers can connect with the seller immediately. Even though the
customer can disguise his identity and create a temporary identity to perform the service, the
proposed system does not require the customer to provide his identity on the merchant's website.
It was found that the protocol developed by the authors provides significantly higher security
performance in terms of secrecy, consistency, non-repudiation, confidentiality, identification and
permission.
The customer (C), the retailer (M), the payment gateway (PG), the user's bank (B), and the
financial institution are the five entities that form a conceptual system. They function in the
following way. Each entity, such as the customer, the vendor, the user banks, and the merchant
bank, must register with the payment gateway to create a secret key. A secure connection
requires the use of secret key elements. Also, the user and the merchant create a secret key
between them. The buyer investigates the seller and orders the product after establishing a
preliminary identity on the merchant's website, and the retailer forwards the request to the
payment gateway.
The paper compares the proposed architecture with the other three current methods that RSA and
DES use to encrypt and anonymize debit/credit card data. Most customers prefer an e-commerce
programme because it offers numerous benefits. Customers need such a security mechanism
because it meets all the requirements and is appropriate.
12
Based on these requirements, researchers presented a secure digital currency for e-commerce
contexts. They developed a mechanism in which the payment gateway acts as an intermediary
between the customer/merchant and the bank. According to the security analysis, the proposed
technique provides a higher level of protection in terms of confidentiality, non-repudiation,
integrity, availability and anonymity.
The strength of this work is that it introduces a novel mechanism known as an e-commerce
payment protocol; however, its implementation and performance have not yet been studied.
The paper "A Comprehensive Evaluation of Cryptographic Algorithms: DES, 3DES, AES, RSA,
and Blowfish" by Priyadarshini, Prashant, and others [9] discusses the various cryptographic
techniques that can be used to ensure confidentiality in electronic commerce and argues that a
user needs a cryptographic technique that is cost-effective and powerful. In reality, however,
there is no algorithm that provides such a complete solution. For a number of algorithms, there is
a tradeoff between costandperformance. For example, a financial application requires maximum
security at a significant cost, while a gaming implementation that sends player patterns for
analytics does not care about security and needs to be fast and cost-effective.
The researchers have determined which of the existing cryptographic algorithms best meets the
user's needs, and an examination of the benefits, weaknesses, costs and performance of each
algorithm will provide important information. The researchers then developed and studied in
detail the performance and efficiency of the widely used cryptographic algorithms DES, 3DES,
AES, RSA and Blowfish in their article to demonstrate an actual performance analysis.
DES, 3DES, AES, blowfish and RSA were all developed and compared by the researchers. Java
Eclipse IDE was used to create an algorithm. They used Java Security and Java Crypto packages.
They used Java Crypto and Security modules that provide security features such as encryption,
decryption, key generation, identity management architecture, authentication and authorization.
Blowfish, on the other hand, is not included in the Java Security and Crypto libraries.
They also wrote Blowfish in Java, converted it to a jar, and added the jar to the external library
of the crypto library. They used text and image files with sizes of 25KB, 50KB, 1MB, and 2MB,
3MB as input for encryption. The encrypted output of each file is stored in a file which is then
used for decryption. Throughout the experiment, they can use the same input files for all
algorithms to allow comparison.
13
The same system was used for all implementations and analyzes, so the memory and processor
constraints were the same for all algorithms. All block cipher algorithms are set to the same
mode, namely ECB, which is the default setting in Java cryptography and security.
Finally, the results show that RSA takes the longest time to encrypt data, while Blowfish takes
the shortest time to encrypt data, making it the fastest. 3DES is a technique for reusing DES
implementations by cascading three DES instances with different keys. 3DES is considered to be
secure. The result also shows that RSA takes the most time to decrypt, while Blowfish takes the
least time and is the fastest. The researchers also found that RSA is slower than symmetric key
algorithms due to its use of modular multiplication, multiplicative inversion and two keys (public
and private). The result also shows that Blowfish requires the least amount of memory per unit of
processing, while RSA requires the most. The requirements of RAM for DEA and AES are
moderate.
The strength of the paper is the appropriate technique of testing with the results and presenting
them; however, the integration to the web was not done with an appropriate simulation.
In [10], Norman D. Jorstad deals with the development of measures to describe the strength of
cryptographic methods. In this study, a few symmetric block ciphers in codebook mode are
considered, as well as an asymmetric public-key algorithm. Other methods of communication
consistency, verification, and biometric authentication, as well as cryptographic techniques, were
not examined. For his research, he relied solely on publicly available information.
Six symmetric or secret (one-key) block ciphers (DES (DEA, 3DES (EDE), SKIPJACK,
RC4TM, RC5TM) and one asymmetric or public (two-key) algorithm (RSA) were actually
chosen as an approach to provide a modest representative sample of known cryptographic
algorithms.
The authors believe that this tiny sample population of cryptographic algorithms, as well as
examples of the types of metrics that could be used to quantify algorithm effectiveness, are
sufficient to demonstrate that cryptographic algorithms and associated systems can be evaluated.
They could also be used to establish Common Criteria reliability levels for cryptographic
subsystems or operational divisions. These metrics could be useful for evaluating and comparing
service offerings, although an alternative (or additional) set of scales could be developed for
evaluating the strength of cryptographic functionality in various commodities.
14
The merit of this research is that it examines eight methods that use the factorization algorithm
and creates some pilot metrics for the cryptographic techniques mentioned above. A weakness of
the work could be that the simulator and software used to perform the experiment and obtain the
results were not mentioned.
15
mixed column. According to him, AES was originally developed for unclassified official U.S.
statistics, but due to its success, AES -256 can now be used for top secret government data. As of
July 2009, no real attack on AES has succeeded.
The strength of the paper is that it includes a new technique to modify the AES encryption
standard, while its drawback is that it does not use a simulator to evaluate the performance from
sender to receiver. Anurag Rawa, et al describe several algorithms for ensuring secure
information transmission, ranging from classical ciphers to today's hash functions. Cryptography,
according to the authors, enables the transmission of data or information over a network in an
unidentifiable manner so that intruders cannot decrypt it.
Only the source and intended destination can read and understand the message because of the
methodology of cryptography. Cryptography has evolved over time, from letter substitution to
today's unbreakable public key systems. They also discovered how cryptography has changed
over time, from centuries ago, when cryptographic techniques were used primarily for military
and parliamentary purposes, to today, when these algorithms are used primarily for data security
and are cryptographically secure.
Finally, they discovered that the BLOWFISH algorithm is the most secure of all symmetric
cryptographies. Many studies have shown that the BLOWFISH algorithm outperforms all other
block ciphers in terms of efficiency. The next technique used to protect our data is RSA, which is
currently used in a large number of applications.
They also propose to combine the RSA method with other algorithms such as
RSA and DES, RSA and AES, RSA and DIffie Hellman, and RSA and IDEA to make the
information even more secure.
As a limitation, it should be said that the researchers have not developed a new idea, but only
repeat and recommend what other researchers have already done. The main focus of Abraham
Lemma is to compare four symmetric encryption algorithms: DES, Triple DES, AES and
Blowfish. The effectiveness of these methods is compared and evaluated based on encryption
and decryption time, throughput, and memory usage. Operations were performed on two PCs
with different operating systems, namely Windows 7 and Windows 8, using the Java software.
The results show that Triple DES takes more time for encryption and decryption, uses less
memory and has low throughput. AES and Blowfish both take the same amount of time for
encryption and decryption and have higher throughput, but AES takes more memory than
16
Blowfish. DES also takes the same amount of memory as Triple DES, but takes the least amount
of time for encryption and decryption and has higher throughput.
According to the results, the Blowfish encryption/decryption algorithm performs better than the
other algorithms. For files larger than 2547kb, the result may change.
17
of security approaches is high, and this competence increases with the coupling of security
methods.
Researchers investigated the performance of existing algorithms DES, 3DES and AES, to
develop a novel hybrid performance system. The programs written in MATLAB and their
performance tested in real-world scenarios were stored in three different arrays for key
generation, encryption and decryption methods. The test was performed with a length of 100
bits.
The result shows that the DES algorithm is used with a key length of 64 bits. The AES method
with a key size of 256 bits took 10 seconds to encrypt and decrypt. 3- DES with a key size of
2112 took 20 seconds to encrypt and decrypt. SSK+RiSA method with a key size of 2,048 took
15 seconds to encrypt and decrypt, while SSK+RiSA method with a key size of 2,048 took 10
seconds to encrypt and decrypt. The drawback of the work is that it only calculates the
performance of the algorithm without evaluating the text transmission between the client and
server simulation computers.
Sidraah Matte, et al. experimented with several encryption algorithms that improve Diffie-
Hellman key exchange by using a reduced polynomial in the discrete logarithm problem (DLP)
that enhances the security of Internet-based e-commerce transactions. This includes algorithms
such as MD5 and AES. MD5 is an asymmetric key scheme, while AES is a symmetric key
algorithm.
Experimental analysis was used to improve Diffie-Hellman key exchange by using a truncated
polynomial in a discrete logarithmic output to increase the complexity of the method over an
insecure channel.
The weakness of the paper is that no specific results are presented to increase the effectiveness of
the novel hybrid method. There is no mention of which simulator was used to test the algorithm
on both the client and server side. JothinaMazarir and ClopasKwenda addressed the algorithm
AES, which is most widely used for securing e-commerce transactions, and began by examining
the main limitations associated with the algorithm's performance in performing a transaction,
namely that the algorithm is slow in both encryption and decryption and therefore cannot handle
large amounts of data. Given this dilemma, a hybrid algorithm combining AES and RSA was
developed in the hope that RSA's weaknesses would be mitigated by AES and vice versa.
18
This study by Edjie M. De Los Reyes focuses on reducing the number of rounds in the AES
algorithm from ten to six to ensure file secrecy. The encryption round AES was modified by
reducing the round repetitions from 10 to 6, adding more key permutations between states, and
adding an additional byte substitution procedure to the key schedule.
The efficiency of the application's encryption/decryption process was measured in terms of time
and throughput. The avalanche effect and random tests were also used to evaluate the
trustworthiness of the modified AES algorithm.
The paper also argued that AES has several attractive advantages such as high security and high
throughput and can be easily implemented in both hardware and software.
With the development of new computing concepts that could weaken the strength of current and
standard cryptography, the need to strengthen and modify cryptography is widely recognized.
Some studies have proposed modifications to AES: it has been proposed to replace the mix-
column transformation with bit permutation to speed up the encryption of texts and images.
However, the modified algorithm AES with six rounds of iteration is vulnerable to many security
concerns such as brute force attacks, saturation attacks, quadratic attacks, and biclique attacks, so
the introduction of a stronger mechanism is required.
In summary, most of the above publications focused on integrating two or more algorithms to
improve security.
Some of the articles also aimed to evaluate the same algorithm on different platforms and
application platforms to increase effectiveness without adding new value to the algorithms.
There is only one study related to the topic of this work that focuses on reducing the number of
rounds of the AES algorithm from ten to six, however, the researcher points out that reducing the
round repetition to six exposes the algorithm to tangible security attacks.
Therefore, the goal of this work is to develop a hybrid method that combines the modified AES
with 8 rounds iteration with the MD5 hashing algorithm to close the gap and vulnerabilities in
AES in key exchange between sender and receiver.
19
Chapter Three
3. Methodology
This chapter describes the research design used, the data source, the methods used for data
analysis, and the data processing and analysis.
20
through put and compare with the conventional AES algorithm. The revision will be done
through minimizing the round key of the AES algorithm from 10 to 8. An interview also made
with a business- to- business type of establishment to bandy about how an online business deals
are being done using an ecommerce business spots and the problems they're facing in the area.
For AES, the 10 number of rounds in proposition ensures a large enough security periphery
which wasn't affected for the once 20 times. On reducing the number of round replication to 6
round can be affected by the best given attack the' achromatism attack or square attack short- cut
attack. The recently modified AES- 128 with 8 round replication guarantee two fresh rounds of
security periphery to insure the security of the algorithm and also reduce the encryption and
decryption time of the algorithm. About six lines of different size and data type were named
aimlessly to be translated and deciphered by the conventional AES algorithm with 10 round and
also compared with the modified AES algorithm with only six round and measure the
performance of the modified AES algorithm. Eventually the result of the trial will be farther
demonstrated using quantitative analysis system through different graphs and maps.
21
creating a graphic user interface that allow us to upload each file at a time to encrypt and decrypt
using the
modified AES and the conventional AES algorithm to measure both execution time and through
put using python.
23
3.5. System Architecture
The encryption process was designed to secure user’s file supposed as confidential;
the confidential files can be of any type and format. The system was developed using python
programming language.
The user will select a confidential file of different data type and file size as two text files with
100KB and 1MB, two PDF files with 100KB and 1MB, two image files with 100KB and 1MB
and two audio files with 100KB and 1MB were tested in the experimentation to measure the
effect of file size and data types on the result of the modified algorithm and input the secret key
for the file, and the application then prepares the file and the key for encryption by converting
them to their hexadecimal corresponding. The hexadecimal values are then fed to the MRRA
algorithm to
transform the file into cipher text and secured format. Then encrypted file is saved with the same
file extension as with that of the original file for storage or transmission.
To recover the original file, the user selects the encrypted file and inputs the appropriate secret
key. The encrypted file and the key are then converted into their equivalent hexadecimal values
and passed to the MRRA for decryption.
Each layer in the algorithm involves with S-boxes and inverse S-boxes to function. In our
implementation, instead of one irreducible polynomial of degree '8,' we employ sixteen
irreducible polynomials of degree '8'. AES keys are commonly 128, 192, or 256 bits in length;
we utilize a 128-bit key.
24
3.6.1. Message Digest 5 (MD5) algorithm description
MD5 (Message-Digest Algorithm 5) is a frequently used cryptographic hash function with a 128-
bit message digest and is an Internet protocol. This has been used in a number of different
security applications. The primary MD5 algorithm uses a 128-bit word that is partitioned into
four 32-bit terms.
This thesis will further demonstrates the combinations of the best features of both symmetric and
asymmetric encryption techniques, hence the data (plain text) that is to be transmitted is
encrypted using the AES algorithm. The data (plain text) used input to MD5 to generate AES
key. This key encrypted by using modification of Diffie-Hellman (MDF). MD5 algorithm is used
to ensure integrity of the data that is transmitted through the e-commerce sites, in addition it also
easily generate secret key used in AES algorithm.
As a result, the client provides the message's cipher text, as well as the AES key's cipher text and
the message digest's cipher text. The signal, as well as the cipher text of the AES key, is
decrypted using (MDH) at the receiver side to retrieve the AES key. This could then be used to
decipher the message's encrypted text.AES decryption to obtain the plain text. The plaintext is
again subjected to MD5 hash algorithm to compare with decrypted message digest to ensure
integrity of data.
This thesis took this standard algorithm and intended to modify by reducing the number of
iteration from 10 to 8 without compromising its security and reliability, in addition the newly
modified algorithm were combined with another algorithm theMD5 which avoids the limitation
of AESalgorithm on exchanging key between the sender and receiving party.
The goal and objective defined at the initial stage of this thesis were met by using an appropriate
methodology and hence the result of this study could be operational. The evaluation process
25
were done on selected sample files running on the standard algorithm and the execution time
were measured through calculating the elapsed time by deducting the starting time from the end
time and compared with the standard AES algorithm.
26
Chapter Four
Text, audio, images, animations, and videos are frequently exchanged for electronic commerce
transactions in the global online market. Therefore, protecting these transactions against
unauthorized access and harmful attacks is crucial. The thesis aims to enhance the security of
these multimedia data transactions and the execution time of message encryption and decryption
through cryptographic techniques in e-commerce. Cryptography involves encrypting and
decrypting messages or files by converting plain text data into cipher data and vice versa using
specific algorithms and keys. The thesis intends to implement a modified Advanced Encryption
Standard (AES) algorithm by reducing the number of round key from 10 to 8 to improve
performance and security when transacting multimedia data such as text, images, and videos in
the global market through e-commerce.
The focus of this thesis centered on the implementation of symmetric key cryptography (AES) in
four primary steps and these are:
a. substitution,
b. shift rows,
c. mix columns, and
d. Add round key.
These four steps were modified and applied in a new AES algorithm with a reduced number of
iterations from 10 rounds to 8 rounds, and a decrease in the word size from 43 words in
conventional AES algorithm to only 35 words. This reduction in the word size was achieved by
reducing the number of MRRA rounds.
27
Chapter Five
5.1. Conclusion
E-commerce is a new platform introduced to enable producers to produce and promote their
products and services to the global market and attract potential buyers online without crossing
boundaries and consume time and cost through traveling. The buyers also get benefit from this
technology through buying any product being home from the global market with a fair price.
Cryptography is the science of protecting files and data items which are being stored within the
database system and also those are being transmitted from one network environment to the other
through various communication media.
To ensure the required security through cryptography there are two types of cryptography, the
symmetric and the asymmetric cryptography.
The focus of this thesis is on the symmetric cryptography and the standard algorithm used in the
symmetric encryption is the Advanced Encryption Algorithm (AES). As various research papers
indicated AES algorithm has registered fast execution time and performance than the other
algorithms and also has ensured maximum security.
This was one of the reason which initiated the researcher to focus on the AES algorithm and to
enhance the performance of this algorithm further and to reduce the execution time.
One of the limitation of the AES algorithm is the exchange of key in between the source and the
destination which hackers and crackers intercept the communication channel and got the
encryption key and used for unauthorized access of valuable information and also used for theft
of money.
28
The other focus of this thesis is to secure the key exchange between the buyer and the seller
through using the MD5 hashing algorithm and encrypt the key and using the encrypted key for
converting the plain text into cipher text and also exchange the hashed key with the receiver for
decryption process.
Therefore, four experiments were made first through firs selecting sample files with different
data types of Text, PDF, Image and Audio files with 100KB file size both encryption and
decryption are done using the modified AES algorithm and the result were measured and stored
and next the same files are taken with a different file size of 1MB in order to test the impact of
file size change in the encryption and decryption process through the modified AES algorithm
and the result were measured and documented.
In the first measurement the sample files with a 100KB were encrypted using the standard AES
and the modified AES algorithm using a Java Programming language in millisecond and the
MRRA resulted with a total of 19,236.4 millisecond which is about 48%. The same files with the
same size were tested in the case of the standard AES algorithm and the result found as about
29482.3millisecond which is about 52%.
Therefore the result showed that there is an increase of performance in terms of execution time
about 4% by the MRRA than that of the standard AES algorithm.
For the decryption process the same sample files with 100KB of each were measured in both
algorithms. First MRRA has registered a total measurement of about 16,269.1 millisecond which
is about 48% of the total execution time and that of the standard AES algorithm registered a total
execution time of 16,465.3 millisecond which is about 50% of execution time. As it is shown
here the decryption process in general registered less execution time than that of the standard
execution time and the improvement of performance is only about 2% registered by the
MRRA.59
5.2 Recommendation
Maintaining strong security without compromising the performance of the algorithm is a must to
be implemented in the electronic business to enhance the confidentiality of the system and also
to increase the confidence of the buyers and the sellers to transact through this recent technology.
29
After analyzing the results gathered from the experiment and comparing with theoretical
framework in various literatures and sound international practices the following
recommendations are made with the objective to improve the e-commerce business transaction
security:
The AES standard algorithm shall be modified by reducing the number of iteration round from
the standard 10 round to 8 round to enhance the performance of its execution time.
We also recommend that to ensure the security of the standard AES algorithm basically the
key exchange problem can be resolved by combining the Standard AES algorithm with the MD5
hashing algorithm.
The buyer and the seller must exchange the key after being hashed by the MD5 hashing
algorithm.
Organizations must invest on maintaining such a research work which will further reduce the
time and cost incurred on waiting until a complex encryption and decryption algorithms perform
extended procedures.
Researcher in the area can also further extend their work by enabling a mechanism that will
enable the modified AES algorithm instead of counting the elapsed time by a manual watch
counting it is better if the algorithm measure the time from the system and compute
30
References
1. Abdel-Karim Al Tamimi, “Performance Analysis of Data Encryption Algorithms”,
2005.
2. Abdul Monem S, “Hybrid Model for Securing E-commerce Transaction”,
International Journal of Advances in Engineering & Technology, ISSN: 2231-
1963, Nov 2011.
3. Abraham Lemma, “A Review and Comparative Analysis of Various Encryption
Algorithms” International Journal of Security and its Applications 9(4):289-306
DOI:10.14257/ijsia.2015.9.4.27, 2015.
4. Abraham Lemma," Performance Analysis on the Implementation of Data
Encryption Algorithms Used in Network Security", ISSN: 2279 – 0764, Volume
04, July 2015.
5. Anurag Rawa, et al, “Cryptography Algorithm”, Journal of Analog and Digital
Communications volume 2, 2019.
6. AsmaaEssamAlhibshi, “Encryption Algorithms for Data Security in Local Area
Network”, Melbourne, Florida May, 2019.
7. David Gstir, "Analysis of Recent Attacks on AES", Graz, 15 October 2012.
8. Douglas Selent, “ADVANCED ENCRYPTION STANDARD”, River Academic
Journal, Volume6, Number2, 2010.
9. Edjie M. De Los Reyes et al, “File encryption based on reduced-round AES with
revised Round keys and key schedule", Indonesian Journal of Electrical Engineering
and Computer Science Vol. 16, No. 2, November 2019, pp. 897~905, May10,
2019.
10. Edjie M. De Los Reyes1, et al, "File encryption based on reduced-round AES
with revised round keys and key schedule", Indonesian Journal of Electrical
Engineering and Computer Science Vol. 16, No. 2, November 2019.
11. EjubKajan, "The Security issues of B2B
interactions"https://www.researchgate.net/publication/265396662, Article · January
2006.
12. H. Arif and S. Zarina, et al, “An Efficient Secure Electronic Payment System for
ECommerce", UKM, Bangi 43600, Selangor, Malaysia, August 2020.
13. Hanna Willa Dhany et al, “Encryption and Decryption using Password Based
Encryption, MD5, and DES”, International Conference on Public Policy, Social
Computing and Development, (ICOPOSDev 2017).
14. JothinaMazarir, ClopasKwenda, “Hybrid Algorithm for E-commerce
Applications”, International Journal of Research in IT and Management, Corpus
ID: 125760098, 2016.
15. M. Niranjanamurthy, C. Dharmendra, "The study of E-Commerce Security Issues
and Solutions" International Journal of Advanced Research in Computer and
Computer Engineering, vol.2, Issue 7, July 2013.
31
16. Martin Kutz, " Introduction to E-commerce: Combining Business and Information
Technology", 1st edition, Martin Kutz and bookboon.com, ISBN 978-87-403-1520
2, 2016.
17. Murphy, Ann and Murphy, et al “The Role of Cryptography in Security for
Electronic Commerce," 2001. ITB Journal: Vol. 2: Iss. 1, Article 3.
18. Norman D. Jorstad, “Cryptographic Algorithm”, Institute for Defense Analyses
Science and Technology Division, January 1997.
19. P. Priyadarshini, N. Prashant, et al, A Comprehensive Evaluation of Cryptographic
Algorithms: DES, 3DES, AES, RSA and Blowfish, Procedia Computer Science 78
(2016) 617 – 624, December 2015.
20. Prakash Kuppuswamy, Y Saeed, “Securing E-Commerce Business Using
Hybrid Combination Based on New Symmetric Key and RSA Algorithm”, MIS
Review Vol. 20, No. 1, September (2014), pp. 59-71.
21. Priyanka Walia, “Implementation of New Modified MD5-512 bit Algorithm for
Cryptography”, International Journal of Innovative Research in Advanced
Engineering (IJIRAE) ISSN: 2349-2163, Volume 1 Issue 6 (July 2014).
22. Prof. PrathameshChuri, "E-commerce Security with Secured Electronic Transaction
protocol: A Survey and Implementation", ISSN No. 0976-5697, Volume 8, No. 8,
September-October 2017.
23. S Abdul Monem et al, “Hybrid Model for Securing E-commerce Transaction”,
International Journal of Advances in Engineering & Technology, ISSN: 2231-
1963, Nov 2011.
24. Sidraah Matte, et al, “Hybrid Model for Securing E-Commerce Transaction”
International Journal of Scientific & Engineering Research Volume 9, 25 ISSN
2229-5518, April-2018.
32