Admas University

School of Post Graduate Studies

Department of Computer Science

Enhancing the security and performance of business - to -business E-commerce

using Hybrid model

A thesis Proposal submitted to Admas University School of Post Graduate studies

in partial fulfillment of the requirement for a Master of Computer Science

Prepareed by AtsbhaHagos

Id 7520/19

Sec 1

June-2023

Addis Ababa, Ethiopia

Table of Contents Pages
Chapter One.................................................................................................................................................1
1. Introduction.........................................................................................................................................1
1.1. Background..................................................................................................................................1
1.2. Problem Statement.......................................................................................................................2
1.3. Research Questions......................................................................................................................3
1.4. Objectives....................................................................................................................................3
1.4.1. General Objective................................................................................................................3
1.4.2. Specific Objectives..............................................................................................................3
1.5. Significance of the Study.............................................................................................................4
1.6. Scope and limitation of the Study................................................................................................4
1.7. Organization of the study.............................................................................................................4
Chapter Two................................................................................................................................................5
2. Literature Review............................................................................................................................5
2.1. Introduction.................................................................................................................................5
2.2. E-commerce security...................................................................................................................5
2.3. Cryptographic algorithm..............................................................................................................8
2.4. DES, 3DES, Blowfish and AES (Rijndael) encryption decryption algorithms..........................10
2.5. Message Digest 5 Algorithm......................................................................................................14
2.6. Hybrid cryptographic algorithms...............................................................................................16
Chapter Three............................................................................................................................................20
3. Methodology......................................................................................................................................20
3.1. General approach.......................................................................................................................20
3.2. Specific research design.............................................................................................................20
3.3. Data Collection Methods and Approaches.................................................................................21
3.4. Experimental Process and Tools................................................................................................21
3.4.1. Python in cryptography......................................................................................................22
3.4.2. Java Crypto Package..........................................................................................................22
3.4.3. Message Digest 5 (MD5)...................................................................................................22
3.5. System Architecture...................................................................................................................23
3.6. AES Algorithm Description.......................................................................................................23
3.6.1. Message Digest 5 (MD5) algorithm description................................................................24
3.7. Validation and Evaluation Process.............................................................................................24
References.................................................................................................................................................26
 Chapter One
1. Introduction

1.1. Background
Despite the fact that electronic commerce is not widely practiced in Ethiopia, producers and
consumers of goods and services on the international market can exchange goods and services
online due to a number of factors, such as strong financial institutions, infrastructure, and
knowledge. E-commerce is an easy-to-use platform that allows sellers to reach a global market
and make money by offering their goods and services to potential customers.
The most common and lucrative kind of e-commerce, business-to-business transactions produce
significantly more revenue than all other forms combined.
In terms of textual presentation, video display, image formats, and sound/audio explanations,
numerous commercial firms are communicating extremely sensitive information, money, and
sample images of various things to be offered online.
When customers agree to purchase a product, a web-based system called e-commerce (or
electronic commerce) places their order or adds it to their shopping cart. After that, the system
settles the transaction using online payment methods like credit cards and debit cards. Business-
to-Business (B2B) transactions, in which companies trade goods and services among themselves,
Business-to-Consumer (B2C) transactions, in which companies market their goods and services
to customers online, and Consumer-to-Consumer (C2C) transactions, in which customers sell
goods to other customers, are the three most popular types of e-commerce transactions.
Additionally, the development of new technologies like mobile commerce, electronic funds
transfers, supply chain management, Internet marketing, online transaction processing, electronic
data interchange (EDI), inventory management systems, and automated data collection systems
has led to the development of new ways to reach out to potential customers. The employed
technology will help businesses increase sales, improve operational effectiveness, and lay the
groundwork for new goods and services on a worldwide scale.
When money is sent from a buyer's account to a seller's account, hackers and crackers frequently
intercept the communication route. Thus, security in e-commerce refers to the fundamental idea
of safeguarding all web-based assets against unauthorized access, use, alteration, and destruction.
The fundamental components of e-commerce security are Integrity (ensuring that any

1
information that customers have shared online is unaltered), Non-repudiation (a legal principle
that requires participants not to dispute their actions in a transaction), and Truthfulness (both the
merchant and the purchaser should be real). They should be who they claim to be, and they
should practice safety (avoid any actions that can lead to the sharing of customer information
with unwelcome third-party businesses).
The Deffie Hellman Algorithm, the Message Digest Algorithm 5 (MD5), the Advanced
Encryption Standard (AES), the Data Encryption Standard (DES), the Triple Data Encryption
Standard (3DES), and the Ravish Shamir Algorithm are some of the most popular security
ensuring mechanisms introduced and implemented in various websites on their digital payment
mechanisms.
Through experimentation and measurement of changes in terms of file size and data types using
a Python program, this paper evaluates the performance of Advanced Encryption Standard
algorithms and strengthens the security and algorithm performance among the aforementioned
cryptographic algorithms to facilitate the encrypt/decrypt procedures of data blocks of different
file sizes. Python is a contemporary programming language that has a wealth of content. The
modified AES method can also be used in conjunction with the Message Digest 5 (MD5)
hashing algorithm, the other key management standard, to protect the key exchange between the
buyer and seller in an electronic transaction.

1.2. Problem Statement

Hackers and crackers are stealing, damaging, and destroying people's and organizations'
property, posing a severe danger to global electronic commerce. AES and these algorithms
reduce the pace of transactions between the buyer and seller on numerous commercial websites.
New technology is also helping them by improving computer platforms that allow them to crack
huge block size algorithms. Even if multiple industry experts have proposed various techniques
to ensure maximum security, there is still a loss of secrecy within corporate organizations and a
delay in transaction execution time.
These commercial entities are among those complaining about the lengthy file transfer execution
times. When striving to shorten execution time, one of the elements considered is the structure of
the AES standard algorithm. AES, an exclusive key encryption technique, is used for both

2
encryption and decoding. Since 2001 G.C., the typical AES with 128 bits has used a 10-round
procedure.

Because the security hasn't been breached by a large attack in around 20 years, taking any longer
to finish all ten rounds will be ineffective. The fundamental purpose of this thesis is to adapt the
AES algorithm and combine it with MD5 for secure key exchange.
Several research have been undertaken to discover the ideal cryptographic algorithm
combinations for e-commerce between organizations, but no obvious victor has emerged,
according to the articles I have studied.
The goal of this work was to discuss the advantages of combining AES encryption with the MD5
hashing algorithm to increase the security of the encryption process.

1.3. Research Questions

1. What aspects need to be taken into account when changing the AES cryptographic
algorithm?
2. What are the issues with B2B e-commerce transactions involving the online exchange of
goods and services?
3. What other cryptographic standards can be added to the AES standard to improve the
speed and security of business-to-business e-commerce transactions?

1.4. Objectives

1.4.1. General Objective

The general objective of this thesis is to strengthen and enhance the performance of e-commerce
security by altering the AES algorithm and combining it with the MD5 hashing technique.

1.4.2. Specific Objectives

The specific objectives to be achieved by this thesis are:
 To measure the performances of the selected cryptographic algorithm and
measure its response time on different files with different size and data type.
 To identify the essential properties of the MD5 hashing algorithm.

3
  To modify the Advanced Encryption Standard (AES) by increasing its security
and reducing its computation time through reducing the number of rounds from
10 to 8.
 To combine the modified AES algorithm with the MD5 hashing algorithm to
ensure better security and performance of the electronic commerce key
exchange mechanism.

1.5. Significance of the Study

The beneficiaries of this study thesis include different import and export company businesses
that engage in online shopping and selling of products and services, as well as third parties like
financial institutions who act as middlemen between buyers and sellers.
It also raises awareness among academics in the field of education on how to change
cryptographic algorithms for the best possible performance and security. Additionally,
governments can profit from streamlined trade on the international stage and draw in foreign
capital that will boost the economy.

1.6. Scope and limitation of the Study

The study's scope is restricted to assessing and quantifying the performance of the AES
algorithm and improving it to speed up the process of encrypting and decrypting
communications and business transactions that will be sent over an electronic network. The AES
algorithm and the message digest 5 hashing technique are used in this thesis to assure the
security of key exchange between the sender and receiver.

1.7. Organization of the study

This research paper is organized into five distinct chapters. The first chapter deals with the
introduction, which discusses the general perspective of the paper.The literature review section
of chapter two summarizes the research studies conducted by various scholars on this particular
topic of research, and chapter three details the methods, data, and techniques used on this paper
to study, analyze, and present the findings. Chapter four also deals with the experiments, results,
and findings of the study in a summarized manner. Finally, chapter five will present the final

4
conclusion and summary of the final results and will indicate the future work to be done in line
with this particular research topic.

Chapter Two

2. Literature Review

2.1. Introduction
Martin defines electronic commerce as a computer-based market system where vendors offer
their goods and services to potential customers and consumers search for goods or services to
purchase. Numerous well-known websites have been developed to connect customers and
businesses using the internet and a web-based personal computer, which then provides a payment
method based on the agreement of the buyers and sellers. Electronic communication will be used
to maintain a payment and disburse funds.

2.2. E-commerce security

Martin defined a trustworthy condition in his book as one in which a person, a resource, or a
method is protected from danger or its damaging deeds. Information security is the protection of
our information asset.
The following are the "information security protection goals," as they are sometimes often
known: A thing or subject is said to be authentic if it can be proven to be true or believable.
Integrity, the ability to prevent data modification without both sufficient consent and knowledge.
Information retrieval is prohibited without the necessary authorization due to confidentiality.
Availability: Until the required authorization has been acquired, subjects who have been

5
authenticated and authorized won't have their privileges limited. The ability and right to do a job
are defined as authorization.
He asserts that E-Commerce businesses use online storefronts for direct-to-consumer retail sales,
provide products or participate in online markets that deal with independent producers.-to-
consumer or end user to end user sales, producer-to-producer electronic data sharing, email or
fax marketing to prospective and current clients, and engaging in or before to the introduction of
new products and services.
The book defines e-commerce as the exchange of goods between autonomous organizations
and/or people, backed by the pervasive usage of strong deployment of computer systems and
internationally standardized technologies.
The book also lists some advantages of e-commerce for consumers, including adaptability in
weekly store hours, lack of forced wait times once the network is fully operational, willingness
to shop at home, ability to meet personal needs through personalization, international offers,
increased competitive pressure, price pressure, and improved customer service from providers, as
well as faster customer communication, global visibility, and lack of protectionist measures.
Additionally, it discussed some drawbacks, including security risks associated with data breaches
(credit card theft), impersonation (name or user account), abuse, crimes like impersonating a firm
that doesn't exist, deception (invoice is paid but goods are never delivered), and unclear legal
standing.
Security is a situation when a person, a resource, or a process is safeguarded from a danger or its
harmful effects, according to the book's definition at the conclusion.
The protection of our digital stuff is referred to as communication security. The use of
cryptographic methods as an efficient cyber security approach for e-commerce is mentioned in
the book's conclusion.
The "The Role of Cryptography in Security for Electronic Commerce" study, according to Ann
and Murphy et al., has shown that the digital economy faces a variety of issues and potential
risks, including unauthorized entities, embezzlement, tampering, and damage to all
organizational information systems. The article looks at the main user and corporate security
issues, as well as the cryptographic techniques that are employed to reduce possible risks.
The main security concerns of businesses and customers engaging in electronic commerce are
also covered in the paper, with an emphasis on how cryptology might reduce the risk of

6
conducting business online. In-depth explanations are provided regarding the methods and
terminology used by cryptologists, including private and public key cryptography, as well as its
applications and advantages in protecting data and information systems.The problem of
biometric authentication verification and verification agencies is examined.
They claim that Secured Socket Layer (SSL), which encrypts data and uses open, cutting-edge
technology to authenticate the server, provides a secure connection between the client and the
server. SET, although being more difficult and expensive to install, enhances SSL by providing
solutions to protect User Information and the security of financial operations through the
segregation of merchant and payment information. Finally, they encourage businesses to accept
the fact that maintaining online security will always be a struggle if they want to be sure that
their digital payments are secure.
When protocols, identification, stability, security measures, and secrecy advance, hacking
techniques will also advance. Humans will still be in charge of evaluating and implementing
hardware and software solutions, as well as continuously monitoring digital infrastructure.
The Secure Electronic Transaction (SET) protocol is used to conduct transactions in online
business, as correctly described by Churi. Information confidentiality, payment integrity, and
identity authentication are all guaranteed by the complete security protocol known as SET, which
uses cryptography. It makes use of encryption, a digital certificate, and SMS verification to offer
communication secrecy and security. The introduction of the essay discusses internet stores and
how to create them. Then, it goes on to explain SET's operation and the various components that
make it up. The report then goes into depth on how the protocol was created.
The report also makes the case that when it comes to online business transactions, consumers and
merchants will have a comparable set of requirements and concerns: Security: Since digital
currency is only data, it may easily be stolen. It must be confirmed that no one else can forge
checks or pose as someone else to steal his money. Additionally, multiparty security should be
used to protect each partner from third party collaboration.
No member of the group needs to have any confidence in another member, or at the very least, as
little as is practical. The public must be able to verify the praised security features. In order to
provide a better safety system, it was intended to genuinely implement the SET standard by
fixing its shortcomings and incorporating equivalent capabilities.

7
A verification number was sent to the customer's phone to verify their identity, and a regular SSL
certificate was used to authenticate the website.
Strong cryptographic techniques are utilized to maintain the confidentiality of the customer's
private information, including encrypted communications and login credentials.
In their essay, Niranjanamurthy and Dharmendra [4] attempted to grasp the fundamentals of
ecommerce security, which they define as the preservation of ecommerce properties from
security breaches, use, modifications, or annihilation.
The components of e-commerce cyber security include fidelity, non-repudiation, validity,
secrecy, privacy, and accessibility. The financial industry has many excellent opportunities
because to e-commerce, but it also faces new dangers and weaknesses including security issues.
Information security is therefore an essential administrative and technological need for any
efficient and successful online payment transaction activity. However, because of the rapid
advancement of technology and the market, developing it is a challenging task that calls for a
coordinated blending of algorithm and workable solutions.
The authors have used common guidelines to study the common problems and concluded that
Common mistakes that leave people vulnerable include purchasing online that aren't secure,
giving out too much private information, and leaving computers open to malwares.
They also discussed security precautions, the digital e-commerce cycle, threats associated with
online shopping, and ideas for convenient and secure retail on shopping sites.
The flaw in this work is that it fails to describe the suitable approach that was applied to get the
desired conclusion, which prevents it from adding new value or producing a novel discovery.
EjubKajan is an expert in security concerns related to violence and company-to-company
internet commerce. B2B is a ground-breaking method of doing business online. The B2B science
community is mostly concerned in the irregular connections between businesses. The goal of this
study is to understand how security fits into the overall scheme of B2B device-to-device
communications.The report also revealed that Payments have exceptionally high security
requirements.
Before throughoutandafter transactions on the transmission line, business data must be
safeguarded. When a third party is involved in a financial transaction, it frequently occurs
between two parties that do not trust one another.

8
A significant challenge in B2B cyber security is the question of trust. Therefore, we must clearly
define what exactly qualifies as a safe (trusted) personal computer (network).

2.3. Cryptographic algorithm

Cryptology is a branch of mathematics that covers both cryptanalysis and cryptography. Today's
cryptologists frequently hold degrees in computer science and speculative mathematics.
Cryptographers use cryptography as a tool and approach to keep communications secure.
Cryptanalysts are professionals in decoding cipher text, or discovering plaintext hidden behind a
cryptographic mask, which is the application of science in cryptanalysis. The need for daily
contact between cryptography and cryptanalysis is a special difficulty that is not present in other
fields of study and is exclusive to the study of cryptography.
This interaction starts with a request from security experts, who start each cycle by introducing a
new optimization technique. They then get a response from cryptanalysts, who try to find flaws
in the model, which is frequently much harder than creating the algorithms in the first place. This
healthy rivalry leads to the development of "strong" cryptography.
Network security requires the use of cryptography, especially when sharing and transferring data
across open channels. Cryptography is necessary for safeguard the data.
AsmaaEssamAlhibshi focused on assessing the effectiveness of a few alternative encryption
techniques. It emphasizes how crucial cybersecurity is to data protection. The article gives a brief
introduction to cryptography. In this study, the most popular cryptographic algorithms, RSA and
AES, are analyzed and their performance in Java and C++ is evaluated.
A brief introduction to the many types of cybersecurity, including symmetric and asymmetric
cryptographic protocols, follows. The previous research on these encryption techniques is then
reviewed, and their effectiveness is evaluated. The study categorizes encryption methods into
two groups: symmetric algorithms and asymmetric algorithms.
In symmetric key encryption methods, the keys for the encryption and decryption processes are
identical. Symmetric encryption occurs when the transmitter and receiver use the same key for
both encryption and decryption. TRIPLE DES, BLOWFISH, AES, RC4, and RC6 are examples
of symmetric encryption methods.
Techniques for asymmetric key encryption Information will only be encrypted and decrypted
using a single key. RSA, DSA, and Diffie-Hellman are among examples. The researcher has

9
found that cryptography, which is used to exchange and send information over open channels, is
crucial to computer security, according to the experts. Data protection requires the use of
cryptography.
The researcher also used the AES and RSA algorithms in their regular Java implementations
while creating his own encryption scheme in C++. In Java (AES) and Java (RSA), all packets are
received in 0.17035 and 0.17035 seconds, respectively. 1.9268 sec. All packets are received in
1.388925 seconds for C++ (AES) and in 2.954425 seconds for C++ (RSA). Thus, it can be said
that AES and RSA both operate more effectively in Java. The average time determined the
packet speed. The test model ran more quickly because JAVA is a more sophisticated language
than C++. The Java Runtime Environment (JRE), which C++ applications must explicitly
accomplish, automates garbage collection and eliminates memory leaks for Java programs. The
study found that writing the encryption method in C++ was challenging because there was
limited documentation for C++ in this case. Additionally, as previously mentioned, in order to
reduce resource leakage in C++, data variables must be manually deleted; however, this is
automatically created in JAVA. Furthermore, unlike JAVA, where well-defined data types can
be used in programming, C++ lacks well-defined data types, making C++ programming
challenging.

2.4. DES, 3DES, Blowfish and AES (Rijndael) encryption decryption

algorithms
According to Abdel-Karim Al Tamimi, The two main factors that set one encryption method
apart from another are the capacity to defend the data under protection from attacks and the
speed and effectiveness with which it does so.
The performance of four of the most used encryption algorithms—DES, 3DES, Blowfish, and
AES (Rijndael)—is compared in this work. Numerous encryption settings were tested to see how
quickly the algorithm could encrypt and decrypt data blocks of different sizes. The methods were
then compared based on how long it took to encrypt and decrypt data blocks ranging in size from
0.5MB to 20MB. The implementations were all meticulously done to guarantee that the results
would be trustworthy and impartial.

10
The outcomes demonstrate that the Blowfish method outperforms other algorithms in terms of
processing speed. Additionally, it demonstrates that due to 3DES's triple phase encryption
feature, AES always takes longer than DES when the data block size is rather large.
Blowfish outperformed other encryption methods despite having a long key (448 bits). There
have been security flaws found in DES and 3DES, but none have been found in Blowfish or AES
as of yet. The results indicate that Blowfish decrypts a 20 MB data file in about 3 seconds, faster
than DES, 3DES, and AES (which take 4.5, 6 seconds, and 16 seconds, respectively).
The use of simulation technique in this research to gauge encryption and decryption on the web
is its strongest point. The paper's drawback is that it does not provide new information or provide
value; rather, it merely measures performance, compares it to that of other algorithms, and
chooses the approach that takes the least amount of time.
"Performance Analysis on the Implementation of Data Encryption Algorithms Used
in Network Security," according to Abraham Lemma, claims that E-commerce is unreliable
without security. Security is not as straightforward as it may look to the untrained eye. The
criteria appear to be simple; indeed, most of the primary security service needs may be
summarized in a single word: secrecy, authentication, nonrepudiation, or integrity. In the realm
of network security, cryptography is critical.
Many encryption techniques are already available to safeguard data, but they use a
significant amount of computational resources, such as memory and CPU time. The
major topic of this study is a comparison of four symmetric encryption algorithms:
DES, Triple DES, AES, and Blowfish.
The time, speed, and memory usage of the encryption and decryption processes are used to
compare and evaluate these approaches' performance. The developments are carried out on two
computers running separate operating systems using the Java program. To evaluate the
effectiveness of encryption and decryption techniques simulated with JDK jdk1.7.0 45, the
author utilized Net Beans IDE 7.4. Several simulations with various text sizes were run to test
the effectiveness of encryption techniques.
The paper compares four cryptographic algorithms—DES, AES, Triple DES, and Blowfish—
that are implemented using the robust handheld programming language Java and JCA (Java
Cryptography Architecture) in a variety of scenarios and file sizes.

11
The results are compared and the necessary conclusions are drawn to evaluate the performance
of four cryptographic methods. The study reached a conclusion based on the performance of the
cryptographic algorithms measured by a metric.
According to the study, Triple DES takes more time to encrypt/decrypt, requires less memory,
and has low throughput. AES and Blowfish both require the same amount of time to
encrypt/decrypt and have higher throughput, but AES requires more memory than Blowfish.
DES also requires the same amount of memory as Triple DES, but requires the least amount of
time to encrypt/decrypt and has better bandwidth.
The strength of the paper lies in the use of appropriate techniques and approaches to evaluate the
effectiveness of the algorithms. The author failed to develop a creative idea or bring a new value
to the article; instead, the same result as other researchers was copied.
H. Arif and S. Zarina, et al [8] are working on a fast and secure electronic payment system for e-
commerce so that the customers can connect with the seller immediately. Even though the
customer can disguise his identity and create a temporary identity to perform the service, the
proposed system does not require the customer to provide his identity on the merchant's website.
It was found that the protocol developed by the authors provides significantly higher security
performance in terms of secrecy, consistency, non-repudiation, confidentiality, identification and
permission.
The customer (C), the retailer (M), the payment gateway (PG), the user's bank (B), and the
financial institution are the five entities that form a conceptual system. They function in the
following way. Each entity, such as the customer, the vendor, the user banks, and the merchant
bank, must register with the payment gateway to create a secret key. A secure connection
requires the use of secret key elements. Also, the user and the merchant create a secret key
between them. The buyer investigates the seller and orders the product after establishing a
preliminary identity on the merchant's website, and the retailer forwards the request to the
payment gateway.
The paper compares the proposed architecture with the other three current methods that RSA and
DES use to encrypt and anonymize debit/credit card data. Most customers prefer an e-commerce
programme because it offers numerous benefits. Customers need such a security mechanism
because it meets all the requirements and is appropriate.

12
Based on these requirements, researchers presented a secure digital currency for e-commerce
contexts. They developed a mechanism in which the payment gateway acts as an intermediary
between the customer/merchant and the bank. According to the security analysis, the proposed
technique provides a higher level of protection in terms of confidentiality, non-repudiation,
integrity, availability and anonymity.
The strength of this work is that it introduces a novel mechanism known as an e-commerce
payment protocol; however, its implementation and performance have not yet been studied.
The paper "A Comprehensive Evaluation of Cryptographic Algorithms: DES, 3DES, AES, RSA,
and Blowfish" by Priyadarshini, Prashant, and others [9] discusses the various cryptographic
techniques that can be used to ensure confidentiality in electronic commerce and argues that a
user needs a cryptographic technique that is cost-effective and powerful. In reality, however,
there is no algorithm that provides such a complete solution. For a number of algorithms, there is
a tradeoff between costandperformance. For example, a financial application requires maximum
security at a significant cost, while a gaming implementation that sends player patterns for
analytics does not care about security and needs to be fast and cost-effective.
The researchers have determined which of the existing cryptographic algorithms best meets the
user's needs, and an examination of the benefits, weaknesses, costs and performance of each
algorithm will provide important information. The researchers then developed and studied in
detail the performance and efficiency of the widely used cryptographic algorithms DES, 3DES,
AES, RSA and Blowfish in their article to demonstrate an actual performance analysis.
DES, 3DES, AES, blowfish and RSA were all developed and compared by the researchers. Java
Eclipse IDE was used to create an algorithm. They used Java Security and Java Crypto packages.
They used Java Crypto and Security modules that provide security features such as encryption,
decryption, key generation, identity management architecture, authentication and authorization.
Blowfish, on the other hand, is not included in the Java Security and Crypto libraries.
They also wrote Blowfish in Java, converted it to a jar, and added the jar to the external library
of the crypto library. They used text and image files with sizes of 25KB, 50KB, 1MB, and 2MB,
3MB as input for encryption. The encrypted output of each file is stored in a file which is then
used for decryption. Throughout the experiment, they can use the same input files for all
algorithms to allow comparison.

13
The same system was used for all implementations and analyzes, so the memory and processor
constraints were the same for all algorithms. All block cipher algorithms are set to the same
mode, namely ECB, which is the default setting in Java cryptography and security.
Finally, the results show that RSA takes the longest time to encrypt data, while Blowfish takes
the shortest time to encrypt data, making it the fastest. 3DES is a technique for reusing DES
implementations by cascading three DES instances with different keys. 3DES is considered to be
secure. The result also shows that RSA takes the most time to decrypt, while Blowfish takes the
least time and is the fastest. The researchers also found that RSA is slower than symmetric key
algorithms due to its use of modular multiplication, multiplicative inversion and two keys (public
and private). The result also shows that Blowfish requires the least amount of memory per unit of
processing, while RSA requires the most. The requirements of RAM for DEA and AES are
moderate.
The strength of the paper is the appropriate technique of testing with the results and presenting
them; however, the integration to the web was not done with an appropriate simulation.
In [10], Norman D. Jorstad deals with the development of measures to describe the strength of
cryptographic methods. In this study, a few symmetric block ciphers in codebook mode are
considered, as well as an asymmetric public-key algorithm. Other methods of communication
consistency, verification, and biometric authentication, as well as cryptographic techniques, were
not examined. For his research, he relied solely on publicly available information.
Six symmetric or secret (one-key) block ciphers (DES (DEA, 3DES (EDE), SKIPJACK,
RC4TM, RC5TM) and one asymmetric or public (two-key) algorithm (RSA) were actually
chosen as an approach to provide a modest representative sample of known cryptographic
algorithms.
The authors believe that this tiny sample population of cryptographic algorithms, as well as
examples of the types of metrics that could be used to quantify algorithm effectiveness, are
sufficient to demonstrate that cryptographic algorithms and associated systems can be evaluated.
They could also be used to establish Common Criteria reliability levels for cryptographic
subsystems or operational divisions. These metrics could be useful for evaluating and comparing
service offerings, although an alternative (or additional) set of scales could be developed for
evaluating the strength of cryptographic functionality in various commodities.

14
The merit of this research is that it examines eight methods that use the factorization algorithm
and creates some pilot metrics for the cryptographic techniques mentioned above. A weakness of
the work could be that the simulator and software used to perform the experiment and obtain the
results were not mentioned.

2.5. Message Digest 5 Algorithm

Priyanka Walia is working on extending the length of the hash code to 512, which will make the
technique more resistant to collisions. According to the author, a hash function computes an
output of a certain length, called a message digest, from an input message of varying length. The
MD5 method was developed by Ron Rivest (MIT) and generates a 128-bit hash code from a
message of varying length. It is one of the most popular hashing algorithms. However, it has
been reported that the algorithm poses a security risk.
Moreover, in the near future, a 128-bit hash result might not provide sufficient security
protection. Finally, researchers have developed a unified design for MD5 and MD5-512 by using
message-digest algorithm 5. Hanna Willa et al. focus on the two basic cryptographic techniques
of encryption and decryption with the same key. In secret key, shared key, or symmetric key
cryptosystems, the same key is used for both encryption and decryption.
Encryption makes the message readable (plaintext) but randomly unintelligible (ciphertext),
while decryption is the reverse of encryption and converts the ciphertext to plaintext using the
same key. We will use password-based encryption schemes in the encryption and decryption
processes to perform symbolic and operational cryptography with symmetric, asymmetric, and
password-based encryption.
The researcher created a program that generates an encryption and decryption file depending on
which key is pressed. To enter the standard iteration hash password 100, the program uses PBE
with MD5. The method generates the secret key of an artificial password called Password-Based
Encryption and by applying MD5 because it uses an algorithm that combines standard hashing
and encryption methods, as well as DES, which works in plaintext useful for returning the same
size cipher text.
Douglas Selent, the researcher, has tried to develop an algorithm that is resistant to known
attacks, simple and fast to encode by choosing the GF(2)8 field. OR The algorithm uses
exclusive operations (XOR), octet substitution with an S-box, row and column rotations, and a

15
mixed column. According to him, AES was originally developed for unclassified official U.S.
statistics, but due to its success, AES -256 can now be used for top secret government data. As of
July 2009, no real attack on AES has succeeded.
The strength of the paper is that it includes a new technique to modify the AES encryption
standard, while its drawback is that it does not use a simulator to evaluate the performance from
sender to receiver. Anurag Rawa, et al describe several algorithms for ensuring secure
information transmission, ranging from classical ciphers to today's hash functions. Cryptography,
according to the authors, enables the transmission of data or information over a network in an
unidentifiable manner so that intruders cannot decrypt it.
Only the source and intended destination can read and understand the message because of the
methodology of cryptography. Cryptography has evolved over time, from letter substitution to
today's unbreakable public key systems. They also discovered how cryptography has changed
over time, from centuries ago, when cryptographic techniques were used primarily for military
and parliamentary purposes, to today, when these algorithms are used primarily for data security
and are cryptographically secure.
Finally, they discovered that the BLOWFISH algorithm is the most secure of all symmetric
cryptographies. Many studies have shown that the BLOWFISH algorithm outperforms all other
block ciphers in terms of efficiency. The next technique used to protect our data is RSA, which is
currently used in a large number of applications.
They also propose to combine the RSA method with other algorithms such as
RSA and DES, RSA and AES, RSA and DIffie Hellman, and RSA and IDEA to make the
information even more secure.
As a limitation, it should be said that the researchers have not developed a new idea, but only
repeat and recommend what other researchers have already done. The main focus of Abraham
Lemma is to compare four symmetric encryption algorithms: DES, Triple DES, AES and
Blowfish. The effectiveness of these methods is compared and evaluated based on encryption
and decryption time, throughput, and memory usage. Operations were performed on two PCs
with different operating systems, namely Windows 7 and Windows 8, using the Java software.
The results show that Triple DES takes more time for encryption and decryption, uses less
memory and has low throughput. AES and Blowfish both take the same amount of time for
encryption and decryption and have higher throughput, but AES takes more memory than

16
Blowfish. DES also takes the same amount of memory as Triple DES, but takes the least amount
of time for encryption and decryption and has higher throughput.
According to the results, the Blowfish encryption/decryption algorithm performs better than the
other algorithms. For files larger than 2547kb, the result may change.

2.6. Hybrid cryptographic algorithms

Abdul Monem proposes an encryption method that improves Diffie-Hellman key exchange by
combining the MD5 hashing algorithm, the symmetric key algorithm AES, and the asymmetric
key algorithm Modification of Diffie-Hellman in a discrete logarithm problem (DLP) to increase
the complexity of this method over an unsecured channel (MDH).
The researchers used the mathematics of the irreducible truncated polynomial to develop the
proposed system because it is very efficient and compatible with personal computers.
They combine the best aspects of both symmetric and asymmetric encryption. The algorithm
AES is used to encrypt the data to be transmitted (plaintext). To generate a AES key, the data
(plaintext) was entered into MD5. This key was encrypted using a Diffie-Hellman modification
(MDF). The MD5 process is important in two ways: first, it guarantees the integrity of the
transmitted data, and second, it is easy to generate the secret key used in the AES process.
The results show that AES takes about 0.30 milliseconds to encrypt and 0.17 milliseconds to
decrypt a message of 1000 characters, while MDH takes about 0.700 milliseconds to encrypt and
0.500 milliseconds to decrypt, and MD5 takes 0.20 milliseconds.
They concluded that the use of hybrid cryptographic techniques will almost certainly improve
the performance of cryptographic algorithms. Confidentiality, integrity and authentication are
guaranteed by this protocol. The AES method ensures confidentiality, the MD5 hash function
ensures integrity, and the Diffie-Hellman modification ensures verification.
We put the algorithm through its paces with a variety of message sizes. According to the
experimental results, the model was able to increase interactive performance while providing a
high-quality security service for the intended e-commerce operations. Using hybrid models by
modifying Diffie-Hellman is a strength, but the tool used to simulate the test is not mentioned.
Prakash Kuppuswamy and Saeed have developed a hybrid cryptography system that combines
the symmetric key method and the widely used RSA algorithm. In all areas of data security, the
integer-based symmetric key algorithm and the RSA method are commonly used. The efficiency

17
of security approaches is high, and this competence increases with the coupling of security
methods.
Researchers investigated the performance of existing algorithms DES, 3DES and AES, to
develop a novel hybrid performance system. The programs written in MATLAB and their
performance tested in real-world scenarios were stored in three different arrays for key
generation, encryption and decryption methods. The test was performed with a length of 100
bits.
The result shows that the DES algorithm is used with a key length of 64 bits. The AES method
with a key size of 256 bits took 10 seconds to encrypt and decrypt. 3- DES with a key size of
2112 took 20 seconds to encrypt and decrypt. SSK+RiSA method with a key size of 2,048 took
15 seconds to encrypt and decrypt, while SSK+RiSA method with a key size of 2,048 took 10
seconds to encrypt and decrypt. The drawback of the work is that it only calculates the
performance of the algorithm without evaluating the text transmission between the client and
server simulation computers.
Sidraah Matte, et al. experimented with several encryption algorithms that improve Diffie-
Hellman key exchange by using a reduced polynomial in the discrete logarithm problem (DLP)
that enhances the security of Internet-based e-commerce transactions. This includes algorithms
such as MD5 and AES. MD5 is an asymmetric key scheme, while AES is a symmetric key
algorithm.
Experimental analysis was used to improve Diffie-Hellman key exchange by using a truncated
polynomial in a discrete logarithmic output to increase the complexity of the method over an
insecure channel.
The weakness of the paper is that no specific results are presented to increase the effectiveness of
the novel hybrid method. There is no mention of which simulator was used to test the algorithm
on both the client and server side. JothinaMazarir and ClopasKwenda addressed the algorithm
AES, which is most widely used for securing e-commerce transactions, and began by examining
the main limitations associated with the algorithm's performance in performing a transaction,
namely that the algorithm is slow in both encryption and decryption and therefore cannot handle
large amounts of data. Given this dilemma, a hybrid algorithm combining AES and RSA was
developed in the hope that RSA's weaknesses would be mitigated by AES and vice versa.

18
This study by Edjie M. De Los Reyes focuses on reducing the number of rounds in the AES
algorithm from ten to six to ensure file secrecy. The encryption round AES was modified by
reducing the round repetitions from 10 to 6, adding more key permutations between states, and
adding an additional byte substitution procedure to the key schedule.
The efficiency of the application's encryption/decryption process was measured in terms of time
and throughput. The avalanche effect and random tests were also used to evaluate the
trustworthiness of the modified AES algorithm.
The paper also argued that AES has several attractive advantages such as high security and high
throughput and can be easily implemented in both hardware and software.
With the development of new computing concepts that could weaken the strength of current and
standard cryptography, the need to strengthen and modify cryptography is widely recognized.
Some studies have proposed modifications to AES: it has been proposed to replace the mix-
column transformation with bit permutation to speed up the encryption of texts and images.
However, the modified algorithm AES with six rounds of iteration is vulnerable to many security
concerns such as brute force attacks, saturation attacks, quadratic attacks, and biclique attacks, so
the introduction of a stronger mechanism is required.
In summary, most of the above publications focused on integrating two or more algorithms to
improve security.
Some of the articles also aimed to evaluate the same algorithm on different platforms and
application platforms to increase effectiveness without adding new value to the algorithms.
There is only one study related to the topic of this work that focuses on reducing the number of
rounds of the AES algorithm from ten to six, however, the researcher points out that reducing the
round repetition to six exposes the algorithm to tangible security attacks.
Therefore, the goal of this work is to develop a hybrid method that combines the modified AES
with 8 rounds iteration with the MD5 hashing algorithm to close the gap and vulnerabilities in
AES in key exchange between sender and receiver.

19
 Chapter Three
3. Methodology
This chapter describes the research design used, the data source, the methods used for data
analysis, and the data processing and analysis.

3.1. General approach

In this thesis, an experimental exploration design system was applied, the system is used to test
the performance of the modified AES algorithm through measuring the prosecution time and

20
through put and compare with the conventional AES algorithm. The revision will be done
through minimizing the round key of the AES algorithm from 10 to 8. An interview also made
with a business- to- business type of establishment to bandy about how an online business deals
are being done using an ecommerce business spots and the problems they're facing in the area.
For AES, the 10 number of rounds in proposition ensures a large enough security periphery
which wasn't affected for the once 20 times. On reducing the number of round replication to 6
round can be affected by the best given attack the' achromatism attack or square attack short- cut
attack. The recently modified AES- 128 with 8 round replication guarantee two fresh rounds of
security periphery to insure the security of the algorithm and also reduce the encryption and
decryption time of the algorithm. About six lines of different size and data type were named
aimlessly to be translated and deciphered by the conventional AES algorithm with 10 round and
also compared with the modified AES algorithm with only six round and measure the
performance of the modified AES algorithm. Eventually the result of the trial will be farther
demonstrated using quantitative analysis system through different graphs and maps.

3.2. Specific research design

To conduct this thesis primarily an experimental exploration system was applied due to the
nature of the study to test the performance and strength of the modified AES algorithm through
executing the algorithm at the encryption and decryption procedures using a customer and server
side in python programming language. In addition, both descriptive and quantitative exploration
types were also used to assess the performances of the AES and the MD5 cryptographic
algorithms grounded on the result linked on the analysis and also quantitative exploration system
used to quantify the performance of the algorithm and to compare the result and epitomize the
total result of the algorithm and to explain the findings using colorful graphs and maps..

3.3. Data Collection Methods and Approaches

Thus, this thesis was mainly based on primary data that were obtained by random selection of
messages to encrypt and decrypt in order to measure the performance and strength through
different size of data, therefore, eight files of size of approximately two text files with 100KB
and 1MB, two PDF files with 100KB and 1MB, two image files with 100KB and 1MB and two
audio files with 100KB and 1MB were tested in the experimentation to measure the effect of file
size and data types on the result of the modified algorithm and the implementation through

21
creating a graphic user interface that allow us to upload each file at a time to encrypt and decrypt
using the
modified AES and the conventional AES algorithm to measure both execution time and through
put using python.

3.4. Experimental Process and Tools

Experimental research methodology was employed to evaluate the strength of the newly
modified AES algorithm of 128 bits size which cannot easily penetrated by a hacker and cracker
using a python program which has its own feature tools and techniques.
The following step are used on testing the performance of the algorithms:
1. A python component packets of the GUI programming with TKinter and the java Crypto
Utils packages were used to create an interactive interface which the user can upload the
six files one at a time with different file size and data type, the user also expected to input
the secret key so as to do the encryption and decryption operations.
2. The application then prepares the file and the key for encryption by converting them to
their hexadecimal equivalent. The hexadecimal values are then fed to the Modified
Reduced Advanced Encryption Standard algorithm (MRAA) to transform the file into an
unreadable and secured format. Subsequently, the encrypted file is saved with the same
file extension as with that of the original file for storage or transmission.
3. To recover the original file, the secret key will be encrypted using the MD5
algorithm and sent to the receiver with the encrypted data messages then the receiver
selects the encrypted file and inputs the appropriate hashed secret key. The encrypted file
and the key are then converted into their equivalent hexadecimal values and passed to the
MRAA for decryption. The above steps can be further demonstrated using the following
standard diagram of the conventional AES diagram.

3.4.1. Python in cryptography

Using Python for cryptography is simpler than using languages such as C or C++; while free
libraries such as OpenSSL are available, their use can be quite complex. Python removes these
complexities with many built-in libraries that aid in cryptography scripting. It is also a great
choice because Python is free in terms of license. Python can be described as an open-source,
22
general-purpose language that is object oriented, functional, and procedural, and it allows for the
interface with Python GUI Programming with Tkinter.
Up until now, the only way our programs have been able to interact with the user is through
keyboard input via the inputstatement. But most real programs use windows,buttons, scrollbars,
and various other things. These widgets are part of what is called a Graphical User Interface or
GUI.

3.4.2. Java Crypto Package

A java crypto package is one of a tool used to write, test and implement cryptographic algorithm
in an AES encryption and decryption process.
In this thesis the Java crypto package is used to encrypt and decrypt some of the sample files of
text type, PDF and audio and the encryption and decryption results are included in the thesis to
measure the execution time of each of these files and used to compare their execution time.
One of the essential advantage of java over that of the python programming language in terms of
encryption and decryption process is that Java will compute the time taken by the program to
encrypt a given file and also to decrypt the time taken for both activities will be issued by the
program. Since this thesis intended to reduce the execution time of AES algorithm by reducing
the iteration round from 10 to 8, another operation or mechanism to measure execution time
would not be requiredsince java program itself provide the execution time.

3.4.3. Message Digest 5 (MD5)

MD5 is a one-way hash function that takes an input and generates a hash value. It gives you a
technique to encrypt any messages you send and a way to verify the validity of any data you send
between servers. Despite the fact that MD5 has been discovered to collide, it remains one of the
most extensively used hash functions in the world. One of the most significant uses of MD5 is to
ensure that data is safely moved between servers. We can check the integrity of files transported
between servers by generating MD5 hashes on both sides and comparing them.
The data transmission was successful if the hash value matched. MD5 is a one way hashing
function meaning that one can create a hash value from a message but cannot recreate the
message from the hash value.MD5 creates a 128-bit message digest from the data input which is
typically expressed in 32 digit hexadecimal number.

23
 3.5. System Architecture
The encryption process was designed to secure user’s file supposed as confidential;
the confidential files can be of any type and format. The system was developed using python
programming language.
The user will select a confidential file of different data type and file size as two text files with
100KB and 1MB, two PDF files with 100KB and 1MB, two image files with 100KB and 1MB
and two audio files with 100KB and 1MB were tested in the experimentation to measure the
effect of file size and data types on the result of the modified algorithm and input the secret key
for the file, and the application then prepares the file and the key for encryption by converting
them to their hexadecimal corresponding. The hexadecimal values are then fed to the MRRA
algorithm to
transform the file into cipher text and secured format. Then encrypted file is saved with the same
file extension as with that of the original file for storage or transmission.
To recover the original file, the user selects the encrypted file and inputs the appropriate secret
key. The encrypted file and the key are then converted into their equivalent hexadecimal values
and passed to the MRRA for decryption.

3.6. AES Algorithm Description

Advanced Encryption Standard (AES) refers for Advanced Encryption Standard. Rijndael is
another name for it. NIST (National Institute of Standards and Technology) created it with the
goal of securing confidential but unclassified information held by US public agencies. It is
presently utilized all around the world. To encrypt data with AES requires only one private key
(symmetric key). The approach uses a single standard irreducible polynomial of degree '8' to
compute multiplicative inverse tables.

Each layer in the algorithm involves with S-boxes and inverse S-boxes to function. In our
implementation, instead of one irreducible polynomial of degree '8,' we employ sixteen
irreducible polynomials of degree '8'. AES keys are commonly 128, 192, or 256 bits in length;
we utilize a 128-bit key.

It is founded on the substitution-permutation network principle. It has a 128-bit constant block

size and 128, 192, or 256-bit variable key size.

24
 3.6.1. Message Digest 5 (MD5) algorithm description
MD5 (Message-Digest Algorithm 5) is a frequently used cryptographic hash function with a 128-
bit message digest and is an Internet protocol. This has been used in a number of different
security applications. The primary MD5 algorithm uses a 128-bit word that is partitioned into
four 32-bit terms.

This thesis will further demonstrates the combinations of the best features of both symmetric and
asymmetric encryption techniques, hence the data (plain text) that is to be transmitted is
encrypted using the AES algorithm. The data (plain text) used input to MD5 to generate AES
key. This key encrypted by using modification of Diffie-Hellman (MDF). MD5 algorithm is used
to ensure integrity of the data that is transmitted through the e-commerce sites, in addition it also
easily generate secret key used in AES algorithm.

As a result, the client provides the message's cipher text, as well as the AES key's cipher text and
the message digest's cipher text. The signal, as well as the cipher text of the AES key, is
decrypted using (MDH) at the receiver side to retrieve the AES key. This could then be used to
decipher the message's encrypted text.AES decryption to obtain the plain text. The plaintext is
again subjected to MD5 hash algorithm to compare with decrypted message digest to ensure
integrity of data.

3.7. Validation and Evaluation Process

The algorithm used to optimize the functionality of the AES encryption algorithm is used to
evaluate the correctness of this research topic. AEs is a standard algorithm being allowed to
serve to protect the security of useful data items being stored within the database and also on
transmitting data items through the global network without losing its integrity and
confidentiality.

This thesis took this standard algorithm and intended to modify by reducing the number of
iteration from 10 to 8 without compromising its security and reliability, in addition the newly
modified algorithm were combined with another algorithm theMD5 which avoids the limitation
of AESalgorithm on exchanging key between the sender and receiving party.

The goal and objective defined at the initial stage of this thesis were met by using an appropriate
methodology and hence the result of this study could be operational. The evaluation process

25
were done on selected sample files running on the standard algorithm and the execution time
were measured through calculating the elapsed time by deducting the starting time from the end
time and compared with the standard AES algorithm.

26
Chapter Four

4. Experimentation and Result

4.1. Model Description

Text, audio, images, animations, and videos are frequently exchanged for electronic commerce
transactions in the global online market. Therefore, protecting these transactions against
unauthorized access and harmful attacks is crucial. The thesis aims to enhance the security of
these multimedia data transactions and the execution time of message encryption and decryption
through cryptographic techniques in e-commerce. Cryptography involves encrypting and
decrypting messages or files by converting plain text data into cipher data and vice versa using
specific algorithms and keys. The thesis intends to implement a modified Advanced Encryption
Standard (AES) algorithm by reducing the number of round key from 10 to 8 to improve
performance and security when transacting multimedia data such as text, images, and videos in
the global market through e-commerce.

The focus of this thesis centered on the implementation of symmetric key cryptography (AES) in
four primary steps and these are:

a. substitution,
b. shift rows,
c. mix columns, and
d. Add round key.

These four steps were modified and applied in a new AES algorithm with a reduced number of
iterations from 10 rounds to 8 rounds, and a decrease in the word size from 43 words in
conventional AES algorithm to only 35 words. This reduction in the word size was achieved by
reducing the number of MRRA rounds.

27
Chapter Five

5. Conclusion and Future Work

5.1. Conclusion

E-commerce is a new platform introduced to enable producers to produce and promote their
products and services to the global market and attract potential buyers online without crossing
boundaries and consume time and cost through traveling. The buyers also get benefit from this
technology through buying any product being home from the global market with a fair price.

Cryptography is the science of protecting files and data items which are being stored within the
database system and also those are being transmitted from one network environment to the other
through various communication media.

To ensure the required security through cryptography there are two types of cryptography, the
symmetric and the asymmetric cryptography.

One form of cryptographic transformation is symmetric encryption, where the transformation is

reversible using a single secret key also called as a cipher key for both encryption and
decryption. The other one uses two key for both encryption and decryption.

The focus of this thesis is on the symmetric cryptography and the standard algorithm used in the
symmetric encryption is the Advanced Encryption Algorithm (AES). As various research papers
indicated AES algorithm has registered fast execution time and performance than the other
algorithms and also has ensured maximum security.

This was one of the reason which initiated the researcher to focus on the AES algorithm and to
enhance the performance of this algorithm further and to reduce the execution time.

One of the limitation of the AES algorithm is the exchange of key in between the source and the
destination which hackers and crackers intercept the communication channel and got the
encryption key and used for unauthorized access of valuable information and also used for theft
of money.

28
The other focus of this thesis is to secure the key exchange between the buyer and the seller
through using the MD5 hashing algorithm and encrypt the key and using the encrypted key for
converting the plain text into cipher text and also exchange the hashed key with the receiver for
decryption process.

Therefore, four experiments were made first through firs selecting sample files with different
data types of Text, PDF, Image and Audio files with 100KB file size both encryption and
decryption are done using the modified AES algorithm and the result were measured and stored
and next the same files are taken with a different file size of 1MB in order to test the impact of
file size change in the encryption and decryption process through the modified AES algorithm
and the result were measured and documented.

In the first measurement the sample files with a 100KB were encrypted using the standard AES
and the modified AES algorithm using a Java Programming language in millisecond and the
MRRA resulted with a total of 19,236.4 millisecond which is about 48%. The same files with the
same size were tested in the case of the standard AES algorithm and the result found as about
29482.3millisecond which is about 52%.

Therefore the result showed that there is an increase of performance in terms of execution time
about 4% by the MRRA than that of the standard AES algorithm.

For the decryption process the same sample files with 100KB of each were measured in both
algorithms. First MRRA has registered a total measurement of about 16,269.1 millisecond which
is about 48% of the total execution time and that of the standard AES algorithm registered a total
execution time of 16,465.3 millisecond which is about 50% of execution time. As it is shown
here the decryption process in general registered less execution time than that of the standard
execution time and the improvement of performance is only about 2% registered by the
MRRA.59

5.2 Recommendation

Maintaining strong security without compromising the performance of the algorithm is a must to
be implemented in the electronic business to enhance the confidentiality of the system and also
to increase the confidence of the buyers and the sellers to transact through this recent technology.

29
After analyzing the results gathered from the experiment and comparing with theoretical
framework in various literatures and sound international practices the following
recommendations are made with the objective to improve the e-commerce business transaction
security:

 The AES standard algorithm shall be modified by reducing the number of iteration round from
the standard 10 round to 8 round to enhance the performance of its execution time.

 We also recommend that to ensure the security of the standard AES algorithm basically the
key exchange problem can be resolved by combining the Standard AES algorithm with the MD5
hashing algorithm.

 The buyer and the seller must exchange the key after being hashed by the MD5 hashing
algorithm.

 Organizations must invest on maintaining such a research work which will further reduce the
time and cost incurred on waiting until a complex encryption and decryption algorithms perform
extended procedures.

5.3. Future Work

Researcher in the area can also further extend their work by enabling a mechanism that will
enable the modified AES algorithm instead of counting the elapsed time by a manual watch
counting it is better if the algorithm measure the time from the system and compute

30
 References
1. Abdel-Karim Al Tamimi, “Performance Analysis of Data Encryption Algorithms”,
2005.
2. Abdul Monem S, “Hybrid Model for Securing E-commerce Transaction”,
International Journal of Advances in Engineering & Technology, ISSN: 2231-
1963, Nov 2011.
3. Abraham Lemma, “A Review and Comparative Analysis of Various Encryption
Algorithms” International Journal of Security and its Applications 9(4):289-306
DOI:10.14257/ijsia.2015.9.4.27, 2015.
4. Abraham Lemma," Performance Analysis on the Implementation of Data
Encryption Algorithms Used in Network Security", ISSN: 2279 – 0764, Volume
04, July 2015.
5. Anurag Rawa, et al, “Cryptography Algorithm”, Journal of Analog and Digital
Communications volume 2, 2019.
6. AsmaaEssamAlhibshi, “Encryption Algorithms for Data Security in Local Area
Network”, Melbourne, Florida May, 2019.
7. David Gstir, "Analysis of Recent Attacks on AES", Graz, 15 October 2012.
8. Douglas Selent, “ADVANCED ENCRYPTION STANDARD”, River Academic
Journal, Volume6, Number2, 2010.
9. Edjie M. De Los Reyes et al, “File encryption based on reduced-round AES with
revised Round keys and key schedule", Indonesian Journal of Electrical Engineering
and Computer Science Vol. 16, No. 2, November 2019, pp. 897~905, May10,
2019.
10. Edjie M. De Los Reyes1, et al, "File encryption based on reduced-round AES
with revised round keys and key schedule", Indonesian Journal of Electrical
Engineering and Computer Science Vol. 16, No. 2, November 2019.
11. EjubKajan, "The Security issues of B2B
interactions"https://www.researchgate.net/publication/265396662, Article · January
2006.
12. H. Arif and S. Zarina, et al, “An Efficient Secure Electronic Payment System for
ECommerce", UKM, Bangi 43600, Selangor, Malaysia, August 2020.
13. Hanna Willa Dhany et al, “Encryption and Decryption using Password Based
Encryption, MD5, and DES”, International Conference on Public Policy, Social
Computing and Development, (ICOPOSDev 2017).
14. JothinaMazarir, ClopasKwenda, “Hybrid Algorithm for E-commerce
Applications”, International Journal of Research in IT and Management, Corpus
ID: 125760098, 2016.
15. M. Niranjanamurthy, C. Dharmendra, "The study of E-Commerce Security Issues
and Solutions" International Journal of Advanced Research in Computer and
Computer Engineering, vol.2, Issue 7, July 2013.

31
16. Martin Kutz, " Introduction to E-commerce: Combining Business and Information
Technology", 1st edition, Martin Kutz and bookboon.com, ISBN 978-87-403-1520
2, 2016.
17. Murphy, Ann and Murphy, et al “The Role of Cryptography in Security for
Electronic Commerce," 2001. ITB Journal: Vol. 2: Iss. 1, Article 3.
18. Norman D. Jorstad, “Cryptographic Algorithm”, Institute for Defense Analyses
Science and Technology Division, January 1997.
19. P. Priyadarshini, N. Prashant, et al, A Comprehensive Evaluation of Cryptographic
Algorithms: DES, 3DES, AES, RSA and Blowfish, Procedia Computer Science 78
(2016) 617 – 624, December 2015.
20. Prakash Kuppuswamy, Y Saeed, “Securing E-Commerce Business Using
Hybrid Combination Based on New Symmetric Key and RSA Algorithm”, MIS
Review Vol. 20, No. 1, September (2014), pp. 59-71.
21. Priyanka Walia, “Implementation of New Modified MD5-512 bit Algorithm for
Cryptography”, International Journal of Innovative Research in Advanced
Engineering (IJIRAE) ISSN: 2349-2163, Volume 1 Issue 6 (July 2014).
22. Prof. PrathameshChuri, "E-commerce Security with Secured Electronic Transaction
protocol: A Survey and Implementation", ISSN No. 0976-5697, Volume 8, No. 8,
September-October 2017.
23. S Abdul Monem et al, “Hybrid Model for Securing E-commerce Transaction”,
International Journal of Advances in Engineering & Technology, ISSN: 2231-
1963, Nov 2011.
24. Sidraah Matte, et al, “Hybrid Model for Securing E-Commerce Transaction”
International Journal of Scientific & Engineering Research Volume 9, 25 ISSN
2229-5518, April-2018.

32