Cryptography

Data Encryption Standard (DES) is an algorithm for decrypting and encrypting unstipulated information in the United States administration standard. DES is derived from IBM’s Lucifer code and is depicted by the Federal Information Processing Standards (FIPS) 46, with its current modification being FIDS 46-3 (Conrad, 2007). DES is a mass code that takes a plaintext sequence as a key in and generates a code transcript wording of the same measurement lengthwise.

The mass of the DES obstruct is 64 bits which is also the same for the input dimension even though the 8 bits of the key are for the recognition of faults making the efficient DES input amount 56 bits. Because of the progressions in the authority of dispensation in workstations there are weaknesses in the 56-bit key extent presently (Conrad, 2007). In the company of proper hardware, there is a best chance assault on methodical efforts to all the 72 quadrillion hence, there is a possibility of dissimilar inputs.

Advanced Encryption Standard (AES) developed into an innovative FIPS-standard encryption average in 2001, 26th November to replace DES. Statistics Encryption Algorithm explains the definite algorithm as contested to the average. In such circumstances, TDEA is a short form for Triple DES. At the same time, there is a description of Triple Data Encryption Algorithm Modes of Operation ANSI X9. 52-1998 (Clayton & Bond, 2002). History of DES DES was proposed in 1975 and approved in 1977 as a federal information processing standard. It was criticized by the people who felt that it’s 56 key lengths to be insecure.

In spite of this, DES remained a strong encryption algorithm until mid 1990. In the year 1998 summer, the insecurity of DES was demonstrated when a $ 250,000 computer which was built by the electronic frontier foundation decrypted a DES-encoded message in 56 hours. This was improved in the 1999 to 2002 hours through a combination of 100,000 networked personal computers and the EFF machine. DES remains a de facto standard unless a substitute is found (Landau, 2000, p. 341). A certified DES is obtained from the National Institute of Standards and Technology (NIST).

This Advanced Encryption Standard (AES) works in three key lengths: 128, 192, and 256 bits. The publication of DES indicated a new era in cryptography. The development in the community of public cryptographers was enhanced by having an algorithm availability of study that the national security agent certified to be secure (Landau, 2000, p. 341). The (DES) Data Encryption Standard A system that encrypts quickly but is essentially what is impossible to break is all what cryptographers have always wanted. Public key systems have captured the imagination of mathematicians because of their reliance on elementary number theory.

Public key algorithms are used for establishing a key because they are too slow to be used for most data transmissions. Private key system does the encryption because they are typically faster than public key ones (Landau, 2000, p. 341). The data Encryption Standard (DES) workhorse uses private key algorithm besides relying on cryptographic design principles that predate public key. The RC4 in web browsers and the relatively insecure cable TV signal encryption are an exception to DES. DES is the most widely used public cryptosystem in the world. It is the cryptographic algorithm which is used by banks for electronic funds transfer.

It is also used for the protection of civilian satellite communications. Still, a variant of DES is used for UNIX password protection. There are three operation of the DES which involves XOR, substitution and permutation. The DES is an interrelated block cipher and a cryptosystem on a block of symbols that sequentially repeats an internal function which is called a round. It encrypts data by the use of a primitive that operates on a block of symptoms of moderate size. Self invert ability is also essential to enable one of the objects to encrypt and decrypt. When encrypting ordinary text, DES begins by grouping the text into 64 bit block.

A number of operations are performed by the DES on each block (Landau, 2000, p. 343). The transformation of how the block is to be carried out is determined by a single key of 56 bits. DES iterates sixteen identical rounds of mixing; each round of DES uses a 48-bit sub key. The DES begins with an initial permutation P and ends with its inverse. The permutations are of minor cryptographic implications but forms part of the official algorithm. The selection of sub keys starts by splitting the 56-bit key into two 28-bit halves and rotating each half one or two bits; either one bit in rounds 1, 2, 9, and 16 or two bits otherwise.

The two halves are put back together and then 48 particular bits are chosen and put in order (Landau, 2000, p. 343). Attacks of DES The selection of DES was followed by protests in which case some of the researchers appeared to object to the algorithm small key space. Investors in the key public cryptography claimed that a DES encoded message could be broken in about a day by a $ 20 million machine made up of a million specially designed VLSI capable of searching one key per microsecond while working in parallel.

The use of a meet in the middle attack to break a four round version of DES did not extend past seven rounds (Landau, 2000, p. 345). This is evidence that, for all these attacks none of them posed a serious threat to the DES. Other attacks on the DES were performed to poke harder to the innards of DES. This brought anomalies which led to the first attacks that were seen to be more theoretically better than exhaustive search. The attacks were against the block structure system and the need of all block-structured cryptosystems needed to be designed to be secure against differential and linear cryptanalysis.

There is a strong attack to DES which is differential cryptanalysis. This is apparently known to the algorithms designers. In order to design a secure cryptosystems, there is a need for a mixture of well known principles, some theorems and the presence of some magic. Attacks on a cryptosystem fall into two categories which are passive attacks and active attacks. The passive attacks are the ones which adversely monitors the communication channel. They are usually easier to mount although they yield less. The active attacks have the adversary transmitting messages to obtain information (Landau, 2000, p.

342). The aim of the attackers is to determine the plaintext from the cipher text which they capture. A more successful attack will determine the key and thus compromise a whole set of messages. By designing their algorithms, cryptographer’s help to resist attacks such as cipher text only attack whose adversary has access to the encrypted communications. The known plain text attack which has its adversary has some plain text and its corresponding cipher text. The third attack which can be avoided is the chosen text attack and its adversary chooses the plain text for encryption or decryption.

The plain text chosen by the adversary depends on the cipher text received from the previous requests (Landau, 2000, p. 342). Observations about DES The simplicity found in the DES amounts to some fully desirable properties. To start with it is the complementation. To illustrate, allow X to denote the bitwise complement of X. If C is the DES encryption of the plaintext P with key K, then P is the DES encryption of P with key K. In some cases the complementation can simplify DES cryptanalysis by basically cutting the investigating space in half.

These properties do not cause serious weakness in the algorithm. The set generated by the DES permutations do not form a group. The group may have at least 102499 elements. There is strength in the DES when it lacks a group structure. It appears to be double encryption where this is twice by two different keys, EK2 (EK1 (P) and is not stronger than single encryption. The reason is that when meeting in the middle attacks for a given plaintext cipher text pair, an adversary will compute all 256 possible enciphering of the plaintext i. e.

EKi (P), and indexes the same. The adversary will then compute all possible deciphering of the cipher text (Landau, 2000, p. 345). Models of DES There are four forms of DES, which are accepted by FIPS 81. They include (ECB) Electronic Codebook form, code mass sequence form (CFB), productivity reaction form (OFB) and system response (CFB). The forms are used to with both DES and Triple DES. Within each form, there are main dissimilarities which are based on the fault proliferation and obstruct vs. tributary codes (Conrad, 2007). Electronic Codebook (ECB) Mode

In this form of encryption, there is sovereign encryption into respective blocks of codes text. It is done by means of Feistel code which generates 16 sub-inputs derived from the symmetric input and also encrypts the plaintext using 16 surroundings of conversion. Similarly, the development is used in the conversion of code text reverse into simple text with the dissimilarity that, 16 sub inputs are contributed in overturn arrangement. The result of repeated blocks of identical plaintext is the repeated blocks of cipher text which is capable of assisting in the vault investigation of the code wording.

In Appendix 1 there is an illustration of the result (Conrad, 2007). The first picture of SANS symbol is the bitmap layout. The second picture is the encrypted logo of SANS bitmap via DES ECB form. The visibility of the model is due to the recurring of masses of the simple wording pixels in the bitmap which are encrypted into masses which are repeated and are of particular code pixels. In this form, faults do not proliferate due to the autonomous encryption of each obstruct. Cipher Block Chaining (CBC) Mode

The CBC form is an obstruct code which XORs every original obstruct of simple wording with the previous block of code wording. This indicates that repeated obstructs of simple wording do not give rise to repeated obstructs of code wording. CBC uses a vector of initialization which is an arbitrary original obstructs used to make sure that two simple wordings result in different code wordings. In figure 2 of the Appendix there is a clear illustration of the same SANS symbol bitmap data, encrypted with DES CBC form. There is no visibility of any prototype which is true for all DES forms apart from ECB.

Therefore, in this mode, there is proliferation of faults as each prior step’s encrypted output is XORed with the original obstructing of simple wording (Conrad, 2007). Cipher Feedback (CFB) Mode The Cipher Feedback Mode is a tributary code that encrypts simple wording by breaking into X (1-64) bits. This permits encryption of the level of byte or bits. This mode uses an arbitrary vector of initialization. The preceding elements of code wording are XORed with consequent components of code wording. Therefore, in this mode of CBC there is proliferation of faults (Conrad, 2007).

Output Feedback (OFB) Mode Similar to CFB form, the productivity reaction form makes use of the vector of random initialization and also encrypts simple wording by shattering downward into a tributary by encrypting components of X (1-64) bits of simple wording. This form fluctuates from CFB form by generating a simulated-arbitrary tributary of productivity which is XORed with the plaintext during every step. Therefore, the productivity is fed back to the simple wording and because the output is XORed to the simple wording, faults there is no proliferation of mistakes (Conrad, 2007).

Counter (CTR) Mode The oppose form is a tributary code similar to OFB form. The main disparity is the accumulation of contradict obstructs. The offset can be supplementary to an arbitrary importance that is used only once and then increased for each component of simple wording that is encrypted. The initial counter obstructs acts as a vector of initialization. Therefore, in each surrounding there is XORing of the offset obstructs with simple wording. Accumulation of offset obstructs permits disintegration of encryption into equivalent phases, improving presentation on a suitable hardware.

There is no proliferation of mistakes (Clayton & Bond, 2002). (Table 1 in the Appendix summarizes the Data Encryption Standard). Triple DES (T DES) In anticipation of 2030, TDES can be used as FIPS encryption algorithm which is permitted in order to allow conversion to AES. There are three surroundings of DES which are used by TDES which have an input extent of 168 bits (56 * 3). There is a possibility of reduced effective key length of TDES to roughly 12 bits though beast might assaults against TDES re not realistic at present (Conrad, 2007).

Architecture for Cryptanalysis All modern day practical ciphers both symmetrical and asymmetrical make use of security apparatus depending on their key length. In so doing, they provide a margin of security to cover from computational attacks with present computers. Depending on the level of security which is chosen for any software application, many ciphers are prone to attacks which unique machines having for instance a cost-performance ratio (Guneysu, 2006).

Reconfigurable computing has been recognized as way of reducing costs while also acting as an alternative to a variety of applications which need the power of a custom hardware and the flexibility of software based design such as the case of rapid prototyping (Diffie & Hellman, 1977, pp. 74-84). What this means is that cryptanalysis of today’s cryptographic algorithms need a lot of computation efforts. Such applications map by nature to hardware based design, which require repetitive mapping of the main block, and is easy to extend by putting in place additional chips as is needed.

However, it should be noted that the mere presence of resources for computation is not the main problem. The main problem is availability of affordable massive computational resources. The non-recurring engineering costs have enabled hardware meant for special purpose cryptanalysis in virtually all practicable situations unreachable. This has been unreachable to either commercial or research institutions, which has only been taken by government agencies as feasible (Diffie & Hellman, 1977, pp. 74-84).

The other alternative to distributed computing with loosely coupled processors finds its base on the idle circles of the large number of computers connected through the internet. This method has considerably been successful for some applications. However, the verified detection of extraterrestrial life is considerably still a problem more so for unviable problems with power of computing in a particular organization (Guneysu, 2006). In cryptanalysis some algorithms are very suitable for special-purpose hardware.

One main example for this is the search for the data encryption standard (DES) (FIPS, 1977). What this means is that a brute- force attack is more than twice the magnitude faster when put in place on FPGA’s as opposed to in software on computers meant for general purposes at relatively the same costs (FIPS, 1977). That notwithstanding, for many crypto algorithms the advantages due to cost-performance of hardware meant for special purposes over those meant for ordinary purposes is not really as dramatic as is usually the case of DES, more so for public-key algorithms (Guneysu, 2006).

Arising from the advent of low-cost FPGA families with much logic approaches recently, field programmable gate arrays offer a very interesting way for the thorough computational effort which cryptanalysis needs (Lesnsta & Verheul, 2001, pp. 255-293). Many algorithms dealing with the most important problems in cryptanalysis is capable of being put in place on FPGAs. Code breaking though, requires more additional efforts as opposed to just programming a single FPGA with a certain algorithm (Electronic Frontier Foundation, 1998).

Owing to the enormous perspectives of cryptanalysis problems, many more resources as opposed to FPGA are needed. This implies that the main need is massively powerful parallel machinery suited to the requirements of targeted algorithms. Many problems are capable of being put in parallel and are perfectly suited for an architecture distributed. Conventional parallel architectures for computing can theoretically be used for applications of cryptanalysis (Guneysu, 2006). An optical Architecture to Break Ciphers The targeted DES brute force attack has several characteristics.

To begin with, expensive computational operations which are put in parallel. Next, there is no need of communication between single parallel instances. The next characteristic is the fact that the general expense for communication is not high owing to the fact that the stage of computation strongly outweighs the data input and output stages. According to Blaze et al, (1996), communication is almost entirely used for results reporting as well as initialization. A central control instance with regards to communication is capable of being accomplished by a conventional low cost personal computer, connected simply by an interface.

This would imply that there is no need for a high-speed communication interface. The fourth characteristic is the fact that a DES brute-force attack and its following implementation require little memory. The final consequence of the above is the fact that the available memory on present day low cost FPGAs is sufficient (Guneysu, 2006). What this implies is that by making use of low-cost FPGAs, it is possible to develop a cost effective dynamic architecture which is capable of being reprogrammed which would be able to accommodate all the targeted architectures (Blaze et al, 1996).

Realization of COPACOBANA Drawing back, the Cost-Optimized Parallel Code Breaker (COPACOBANA) meeting the needs available comprise of several independent-low prized FPGAs, connected to a hosting PC by way of a standard interface such as a USB. Moreover, such a standard interface permits to extend a host-PC with more than one device of COPACOBANA. The initialization of FPGAs, the control as well as the process of results accumulation is carried out by the host. Critical computations are carried out by the FPGAs, which meet the actual cryptanalytical architecture (Schleiffer, 2006).

Developing a system of the above speculations with FPGA boards which are commercially available is certainly possible but at a cost. Therefore it is important to put into considerations the design and layout among others in coming up with the above kind of system (Schleiffer, 2006). This would therefore mean that our cost-performance design meant for cost optimization is only capable of being achieved if all functionalities are restricted to those required for code breaking. Arty the same time, many designs choices should be based on components and interfaces which are readily available (Guneysu, 2006).

Conclusion In conclusion, cryptanalysis of symmetric and asymmetric ciphers is extremely demanding in terms of computations. It would be fair to hold the belief that breaking codes with conventional PCs as well as super-computers is very much costly. Bit-sizes of keys should be chosen in a way that traditional methods of code breaking do not succeed (Rouvroy et al 2003, pp. 181-193). This would mean that the only way to go through ciphers is to develop special-purpose hardware purposely meant for suitable algorithms.

In the final analysis, traditional parallel architecture in the end equally appears to be too complicated and therefore not cost saving in finding solutions to cryptanalytical problems. As earlier observed, many of these problems can easily be put in parallel implying that the algorithms which correspond to them are equally capable of being parameterized to lower communication costs (Guneysu, 2006). A hardware architecture which is cost effective (COPACOBANA) is the end product of the algorithmic requirements of the intended problems of cryptanalysis.

This work represents not only the design but also the first prototype of an effective design which meets the demands of the request. In the final analysis, COPACOBANA would be able to accommodate as many as 120 FPGAs which are less costly. At the same time, it is possible to break data encryption standard (DES) within a period of nine days. This would require a hardware design comprising of reprogrammable logic which could be adopted to accommodate any task, even those not necessarily in line with code breaking (Rouvroy et al 2003, pp. 181-193). References Blaze, M.. , Diffie, W. , Rivest, R. L.

, Scheiner, B. , Shimomura, E. , and Weiner, M (1996). Minimal Key Lengths for Symmetry Ciphers to Provide Adequate Commercial Security. Ad Hoc Group of Cryptographers and Computer Scientists. Retrieved from December, 13, 2008 from http://www. counterpane. com/keylength. html. Clayton, R. and Bond, M. (2002). Experience Using a Low-Cost FPGA Design to Crack DES Keys. In B. S. Kaliski, C. K. Koc Cetin, and C. Paar, editors, Cryptographic Hardware and Embedded Systems – CHES 2002, 4th International Workshop, Redwood Shores, CA, USA,volume 2523 of series, pages 579 – 592. Springer-Verlag. Conrad, E. (2007).

Data Encryption Standard, The SANS Institute Diffie, W & Hellman, M. E. (1977). Exhaustive cryptanalysis of the NBS Data Encryption Standard. Computer, 10(6): 74-84 Electronic Frontier Foundation. (1998). Cracking DES: Secrets of Encryption Research, Wiretap Poolitics & Chip Design. O’Reilly & Associates Inc. Federal Information Processing Standard. (1977). Data Encryption Standard, U. S Department of Commerce. Guneysu, T. E. (2006). Efficient Hardware Architecture for Solving the Discrete Logarithm Problem on Elliptic Curves. AAmasters thesis, Horst Gortz Institute, Ruhr University of Bochum. Landau, S.

(2000). Standing the Test of Time: The Data Encryption Standard vol. 47, 3, pp. 341-349. Lenstra, A and Verheul, E. (2001). Selecting Cryptographic Key Sizes. Journal of Cryptology, 14(4):255–293. Rouvroy, G. , Standaert, F. X. , Quisquater, J. , and Legat, D. (2003). Design Strategies and Modified Descriptions to Optimize Cipher FPGA Implementations: Fast and Compact Results for DES and Triple-DES. In Field-Programmable Logic and Applications- FPL, pp. 181-193 Schleiffer, C. (2006). Design of Host Interface for COPACOBANA. Technical report, Studienarbeit, Host Gortz Institute, Ruhr University Bochum

With the rapid advancement in technology and the expansion of business, more and more companies are venturing into E-commerce in a race to grow not just regionally but also internationally. E-commerce adaption necessitates the change of the business model companies have been following traditionally and with it comes the change in the modes to make the payments.With the popularity of the internet for common use in business since 1990, E-commerce has been growing and touching the new horizons in every category of business, there are organizations today that depends heavily upon the E-commerce and there are examples amongst the fortune 500 giants which have seen tremendous growth in the era of E-commerce conducting the business online .(“Microsoft”,n. d) When the companies conduct business online the modes of financial payments become different from that of the traditional business payment ways like cash , checks, debit cards etc.Since while buying online, there is generally no physical presence involved and customers could order the products sitting anywhere using their computers.

B2B ( Business to Business) E-commerce today accounts for more than the 95 percent of total E-commerce and the B2B E-commerce means both the buying companies and the selling companies are the organizations and which consequently refer to larger amount of payment flow which is linked with buying or selling the products online , so electronic payment systems that are in place have to be very advanced when it comes to preciseness, security, privacy and the speed of processing the amount. “Turban et al” , 2004).

There are always risk associated with the information that could be revealed over the internet while making a transaction and could lead to something unexpected like misuse of the instruments like credit cards and E-checks used to make the payment online. In an effort to make electronic payments more robust and error free, there are various protocols that are being utilized to encrypt the information being sent over the internet and these protocols differ in the encryption techniques. (“Electronic Commerce,” n. ).

E-commerce is based on an ever advancing technology that gives birth to high end safety measures that could be applied while making the financial payments over the internet however internet Frauds, thefts still take place and need to be addressed since E-commerce is growing and would keep on growing at a fast pace as companies look to expand and make technology their platform for success in the retail market particularly.

Introduction

E -commerce is not limited only to buying and selling it also is an effective way of facilitating the inter and intra organizational flow of information and providing the customer service.There could be more than one way to define the E-commerce depending upon the prospective of the business and application of the technology, from a business prospective E-commerce is application of technology to make business more automated when it comes to day to day transactions and work flow, similarly if applied to the service industry E-commerce would mean a tool to address the service costs at the same time increasing the quality and speed of the service.

The essay touches the various modes of electronic payment systems that are being used today as part of E-commerce today however it particularly concentrates upon online credit card payment systems, the terms related to the credit cards, their transactional process over the network, protocols that make credit card transaction secure over the internet . Some evolving electronic payment methods are simply electronic version of existing payment systems such as paper checks and credit cards and some other are based on the technology.

Essay also focus upon the various protocols which exist to encrypt the information that is being sent over the internet to make the transaction exact and secure, the encryption technology that is being used along with the algorithms implanted in the cryptography techniques, the advantages and disadvantages of the various mode of payments that could make a difference when customers are concerned about the privacy and the security while making a transaction online keeping in view the amount of transactions that would take place in day to day business have been discussed since with increase in number of transactions number of thefts, frauds will also increase.

Concept and Size of Electronic Payment

Since payment systems use the electronic and computer networks, the nature of these payments is more complex than payment systems used in the conventional commerce so companies dealing in E-commerce should constitute frequent practice in banking. Most common form of the payments in E-commerce are payments made in Business to Business since they make more than 95 percent of total E-commerce payments today and these are executed through a proper network of electronic communication that would include digital telephony , IP telephony and use of internet to complete the transaction. (Turban et al, 2004 ).

The amount of payment made in the electronic payment system varies from one type to another of the E-commerce; the payments that are made in the Business to Business E-commerce are quite higher than what are made in Business to Consumer or Consumer to Business types of the E-commerce.There are transactions that may range from $1 to $ 10 which generally take place in Business to Consumer form only and by their nature are known as the micro payments.

Payments up to $ 500 are still mostly done under Business to Consumer form of E- commerce however are not considered micro payments, example of this could be buying a customized laptop from the Dell website which could cost around $500. (Danial, 2002) Payments higher than $1000 would generally fall under Business to Business E-commerce since individual customers who have to make a purchase bigger than this amount would preferably like to buy the products physically. “B2B transactions account about 95% of e-commerce transactions, while others account about 5%”. Turban et al, 2004 ).

Modes of Payment in Electronic Payment system in E- commerce.

There have been dozens of modes of payment in electronic payment system some of them are widely accepted and common however some of them are not. Some of them are just the electronic versions of the conventional methods that are there in regular form of commerce. Following are some common forms that are used in daily forms of E-commerce.

1. Electronic Fund Transfer.
2. Credit Cards.
3. E –cash.
4. Smart cards.
5. E –checks.
6. Electronic Debit Cards.

Online Credit Card Payment System.

“It seeks to extend the functionality of existing credit cards for use as online shopping payment tools.This payment system has been widely accepted by consumers and merchants throughout the world, and by far the most popular methods of payments especially in the retail markets”. (Laudon and Traver, 2002).

A credit card is generally issued by the banks or other financial institution. It comes with a fixed amount of spending limit depending upon the type of the credit card and payment is to be made to the issuing institution within a stipulated time period it could be 30-40 days after which customer has to pay interest on the amount due. Following are the few terms that are related to the use of credit cards.

1. Card holder: – a card holder is the authorized person who is entitled to do purchases online using the card.
2. Card issuer: – Card issuer could be financial institution or a bank that has issued the credit card to card holder after a certain amount of verification about the card holder.
3. The merchant:- Merchant is the one who accepts payment via credit card used online in exchange of goods or services offered by him.
4. The acquirer: – a financial institution that establishes an account for merchants and acquires the vouchers of authorized sales slips.
5. Card brand/card type :- there are types of credit cards that are accepted worldwide and different institution take care of different types of credit cards such as Visa and Master Card. (Turban ,Lee, King, chung , n.d).

Process of using Credit Card

While making a purchase online using a credit card, the transaction goes through a series of steps and following are few terms that need to be understood before understanding the transactional process, all these terms are kind of processes that could take place while processing a transaction.

Sale

A sale is when the card holder purchases a product or service from a merchant and the money is transferred to the merchant’s account.

Preauth

A preauth is not a sale transaction however it is a transaction to make sure that the credit card is valid and it typically charge around $1. 00(Techrepublic ,n. d) ·

Postauth

“A postauth involves purchasing something before it is shipped. The customer can preorder something, and the amount is deducted from the customer’s credit limit. No money is transferred, but the card hold is maintained on the customer’s card. When the merchant fulfills (typically, ships the product), the merchant can perform a postauth to transfer the money and remove the card hold from the customer’s card”. (Techrepublic, n. d)

Credit

This transaction is used while returning the good according to the procedure under the agreement and merchant puts the money back into the account.

Chargeback

A chargeback transaction is used in case of dispute settlement. In case of a dispute customer files a case and the financial institution involved temproraly withdraws money from the merchant`s account and transfers it to customer`s account. Each party have a certain number of days to prove the right billing and depending upon that amount goes in the account of right party. (“Techrepublic” ,n.)

Steps involved in the online transaction

While making a transaction customer fills in the credit card information on the HTML page and the information is sent over the server.

1. Server receives the information and sends it to the code that validates the information added by the user and if found valid this information is formatted into data that gateway could understand and is sent to gateway. (“Techrepublic” ,n. d)

2. “The gateway receives the formatted data from the HostRAD code, validates the card, and checks to see whether the amount for the transaction is available in the user’s account”. (“ Techrepublic” n.).

Upon validation if the card is found invalid or if there is not enough amount on the card a disapproval goes to the code and gateway charges the merchant money at this point of transaction even if it goes bad and if everything is found right the transaction is approved and an approval message is sent to the code.

3. Depending upon the type of the type of the card(Visa, Master card) gateway is batched upto the appropriate clearing house transactions arrive at the gateway, they’re batched through to the appropriate clearinghouse. The clearinghouse that is used is determined by the credit card type and the bank that issued the card. As the clearinghouses receive transactions from all the gateways, the clearinghouses batch the transactions for all the banks involved, transferring monies from bank to bank.For providing this service, the clearinghouse takes between two percent and five percent of the total sale. (“Techrepublic”, n.d)

4. As the clearinghouses batch the transactions they receive, they transfer money from the customer’s bank to the merchant’s bank.

5. The merchant’s bank receives the transactions from a clearinghouse and then transfers the appropriate amount of money for the customer transaction (started in box 1) into the Merchant’s Card Not Present merchant account (“Techrepublic”,n. d).

Credit Card Transaction Security

“More than 100 million personally-identifiable customer records have been breached in the US over the past two years. Many of these breaches involved credit card information. Continued credit card use requires confidence by consumers that their transaction and credit card information are secure”.

(“Texas department of information resource” ,2009)

The Payment Card Industry (PCI) Security Standards Council is the authoritarian agency that issues the standards and policies that help reduce the internet crimes in use of credit cards and all vendors that accept credit cards in their transactions have to abide by these laws . PCI council includes all the major Card brands like American Express, Discover Financial Services, JCB International, MasterCard , and Visa International.

“Texas department of information resource” ,2009) “The Council created an industry-wide, global framework that details how companies handle credit card data – specifically, banks, merchants and payment processors.

The result is the PCI Data Security Standard (DSS) – a set of best practice requirements for protecting credit card data throughout the information lifecycle”. (“Texas department of information resource” ,2009) “The PCI compliance security standards outline technical and operational requirements created to help organizations prevent credit card fraud, hacking, and various other security vulnerabilities and threats. The PCI DSS requirements are applicable if a credit card number is stored, processed, or transmitted.The major credit card companies require compliance with PCI DSS rules via contracts with merchants and their vendors that accept and process credit cards.

Banks, merchants, and payment processors must approach PCI DSS compliance as an ongoing effort. Compliance must be validated annually, and companies must be prepared to address new aspects of the standard as it evolves based on emerging technologies and threats”. (“Texas department of information resource” ,2009).

Following are some terms related to online Credit card frauds

Phishing

This technique refers to randomly distributed emails that attempt to trick recipients into disclosing account passwords, banking information or credit card information. This one scam has played a major factor in the crisis we face today. Since phishing emails typically appear to be legitimate, this type of crime has become very effective. Well designed, readily available software utilities make it nearly impossible to trace those guilty of phishing. Phishtank, an anti-phishing organization, recently revealed that nearly 75,000 attempts of this nature are made each month”

Pharming

This new technique is one of the most dangerous of them all.

Pharming involves a malicious perpetrator tampering with the domain name resolution process on the internet. By corrupting a DNS, (Domain Name System), a user can type in the URL for a legitimate financial institution and then be redirected to a compromised site without knowledge of the changes.Unaware of the background predators, the consumer types in their bank account details or credit card number, making them the latest victim of fraud.

Skimming

Refers to a process in which a special device is used to copy encoding data from the magnetic strip of a credit or debit card. This device is usually secretly mounted to an ATM machine as a card reader.

Dumpster Diving

This act refers to a process in which an individual vigorously shift’s through someone else’s trash in search of personal and financial information. With a mere credit card approval that contains a name and address, a criminal can easily open up a credit card in your name and accumulate substantial debt in no time.

Security measures in online credit card payment systems. Four necessary and important measures that must to be followed for safe electronic system are as following.

1. Authentication Authentication is a method to verify buyer`s identity before payment is authorized.
2. Encryption Encryption is a process to making data that has to be sent over the internet indecipherable so that it could not be read by unauthorized persons and read only by the persons in authority to do so.
3. Integrity It has to be made sure that information that is sent over the internet is not modified, altered in an intentional or unintentional way.
4. Nonrepudiation This is the quality of a secure system that prevents anyone from denying that they have sent certain data. Here the communication system should be fault tolerant. Server where the transaction has been sent should keep a record log of every transaction and the user can’t deny that he or she has not accessed the server.

Security Schemes

Key security schemes that make sure that information sent over the network while engaging in a transaction is secure include encryption, digital signature, certificates and certifying authorities.

Encryption

Encryption is a technology that deciphers any kind of information before being sent over the network so that it could not be retrieved and misused by an unauthorized person.

Two common encryption technologies that are used to encrypt and decrypt the data are Secret key and public key encryption as explained below.

Secret Key encryption

In this cryptography technique one key that is known as secret key is used to both encrypt and decrypt the data at sender`s as well as receiver end . Secret key encryption is easy to implement when number of users are less. The algorithm that is used for secret key cryptography is Data Encryption standard (DES) (Schneier ,n. d). The only problem with this encryption method is that the key has to be sent over to the counterpart. (“Dret”, n.d)

Public key cryptography/Assymetric encryption.

In this kind of encryption there are two keys that form the part of encryption technology they are the public key and the privaret key . the public key is known to allthe users however the private key is only known to one user the owner. there are two methods the kep pair could be used eithet the data could be encrypted by the receiver`s public key and it will be decrypted by his private key but there is a problem with this method since the encrypting key is public key no body will know who sent the message the other way is encrypting the data with receiver`s private key and decrypting it by public key however this method also has an issue every public key holder will be able to decrypt the message so it has to be combination of keys.The data is encrypted using the receiver`s public key and reencrypted using the receiver`s private key the reciver has to use combination of keys to decrypt the data fully which means that the first the reciver`s private key and then the sender`s public key. The algorithm that is used in this technique is RSA. (“turban, 2004) (“Dret”, n.d)

Electronic Protocols

SET (Secure Electronic Transaction) protocol is an e-commerce protocol designed by Visa and MasterCard. Customers can purchase online and their personal information would be protected and also their buying habits would be recorded along with the information they provided. “SET developed by Visa and MasterCard is an open standard for encryption and security specification for credit card transactions on the Internet.The SET is a set of security protocols and formats that main section are application protocol and payment protocol”. (“Itig” , n. d).

SET has many merits: SET has provided merchant protective method, cost-cutting and enough security for the electronic payment.

It helps making the online E-commerce free from online fraud to quite an extent. SET keeps more secrets for the consumer to improve the satisfaction of their on-line shopping experience. SET helps the bank and the credit card company to expand the service to more broad space –Internet. And it lowers the probability of credit card on-line fraud. Therefore SET seems more competitive than other online payment method. SET has defined interface for all quarters of online transaction so that a system can be built on the products made by the different manufacturers. SET protocol based E-commerce model Although SET has been widely used in the electronic payment area and has gained more attention from the electronic commerce promoter, the SET transaction mode model only.

Even for B2C model, its application is also limited. (“Itig”, n. d) DES algorithm and the RSA algorithm are used in SET protocol to carry on the encryption and the decryption process. SET protocol use DES as symmetrical encryption algorithm. However, DES was no longer a safe algorithm right now. Therefore, DES should be replaced by more intensive and safer algorithm.Moreover, along with the development of processing speed and storage efficiency enhancement of the computer, the algorithm will be cracked successively.

It is necessary to improve the extendibility of encryption service. SET protocol is huge and complex in the application process. In a typical SET transaction process, the digital certificates need to be confirmed 9 times, transmitted 7 times; the digital signature need be confirmed 6 times, and 5 times signature, 4 symmetrical encryptions and 4 asymmetrical encryptions are carried out. (“cs. ucf”,n. d).

SET protocol involves many entities such as customers, merchants and banks. All of them need to modify their systems to embed interoperability.

As the SET requests installment software in the network of bank, on the business server and PC of the customer and it also need to provide certificates to all quarters, so running cost of the SET is rather high. The protocol cannot prove transactions which are done by the user who signs the certificate. The protocol is unable to protect cardholder and business since the signature received finally in the protocol is not to confirm the content of the transaction but an authentication code. If cardholders and trade companies have the dispute, they cannot provide alone the evidence to prove its transaction between themselves and the banks. Although there are some drawbacks in the SET protocol, it is still the most standard and the safest in the present electronic commerce security protocol and the international standard of the security electron payment.In order to overcome the defect that SET protocol only supports credit payment style, PIN(Personal Identify Number) digital items are modified in this paper; with regard to the other deficiencies such as complexity, slow speed, poor safety and adaptation of SET protocol, this paper also makes a model of architecture security control mechanism, introduces electron transaction authentication center and strengthens the security of transaction process of SET protocol. (“cs.ucf”,n. d)

Transmission control Protocol (TCP) which is the main protocol used to send data over internet was not designed back then keeping in view the security issues that could arise in today`s World where E commerce plays an important role. The data transmitted through TCP could be read, intercepted and altered.Security breach still happens while an email is being sent or files are being transferred over the internet. Customer is always concerned over security when processing a transaction and sending information over the internet. Credit card information like name, number and date of expiration. Presently most of the companies use SSL (Secure Socket Layer) protocol to provide security and privacy this protocol encrypts the order at PC before sending it over the network however this protocol may not provide all the security needed.

There is another more secure protocol Secure Electronic transaction (SET) however SET is is a slow protocol and may take long time to respond and also it requires that the digital wallet is installed on the customer pc.

Electronic Fund Transfer

“Electronic funds transfer” means any transfer of funds, other than a transaction originated by check, draft, or similar paper instrument, that is initiated through an electronic terminal, telephonic instrument, or computer or magnetic tape, so as to order, instruct, or authorize a financial institution to debit or credit an account. Electronic funds transfers shall be accomplished by an automated clearinghouse debit, an automated clearinghouse credit, or by Federal Reserve Wire Transfer”. ” (Turban ,Lee, King;amp; chung ,n. d)

Electronic Checks

E check is the electronic version of the traditional paper based checks , Paper check has been one of the most important way of payments that has been in use for a long time keeping in view the same concept E check has been designed to serve the same purpose. E-check contains the same information like account number, issuing bank, address of the issuing bank and the amount of check.

To validate the authenticity of the person, instead of signatures it has a digital code which is generated while filling in a check and is cross verified with the database while encashing it. Electronic Check offers many advantages over the traditional paper check since all the information is filled in electronically over the computer and it is not revealed as it passes through very few people who are in authority. E checks are cheaper by many folds because of ease of processing, also E-checks are lot faster in procession since the data is sent electronically and the chances of getting a check bounced are almost negligible. Electronic Wallets Electronic wallets or the e wallets also referred to digital wallets.An e wallet is a software program that contains user`s payment information in encrypted form to ensure its security, for example an individual`s e wallet could contain credit card number , bank account number ,contact information and shipping location . This information can then be automatically and securely transferred to an online order form. ”. (Turban ,Lee, King).

Virtual Credit Cards

“Closely allied to e wallets is concept of virtual credit card. A virtual credit card is an image of a credit card placed on the computer desktop. With one click of the credit card image the card holder access the account information and pays for the online purchases.Customer can even drag and drop the virtual card from desktop onto an online checkout page . The credit card number and contact information is automatically entered into the checkout form and the customer just needs a pin to enter or other form of identification to authorize the transaction”. (Turban ,Lee, King).

Concluding Remarks

Although there are many online payment systems available to choose from while making a purchase under E-commerce however the credit card is still the dominant and the most popular way not only because of the convenience it has but also because of its worldwide acceptability. Despite of the several security measures in place, credit card frauds do take place and protection of the information provided over the internet while making a purchase is of utmost importance. Encryption using the DES and RSA algorithms make the data indecipherable while being transmitted over the network and these encryption technologies are hard to break into however there are other ways credit card information could be disclosed. Phishing and Pharming as mentioned above in the essay are recent threats that are becoming common and are needed to be addressed as soon as possible since the users who are not really aware of these threats could unintentionally disclose information they are not supposed to.Credit card has wider acceptability because of its long established network thanks to the credit card brands like the Master card, Visa international and American express and because of its friendly characteristics like ease of carriage, fast processing, 24 hour purchasing facility and the convenience of making purchase sitting anywhere. With the advancement of technology new protective measures like thumb imprint, retina scan are gaining popularity however it will take time for them to become common and implemented everywhere while making an online transaction since there are the cost and awareness issues related to these high end technology gadgets.

Abstraction

Cloud Computing is a new environment in computing machine oriented services. The high costs of web platforms, development in client demands, informations volumes and weights on response clip pushed companies to migrate to Cloud Computing supplying on demand web facilitated IT Services.

Cloud storage empowers users to remotely hive away their information and delectation in the on-demand high quality cloud applications without the affliction of local hardware direction and programming disposal. In order to work out the job of informations security in cloud computer science system, by presenting to the full homomorphism encoding algorithm in the cloud calculating informations security, another kind of information security solution to the insecurity of the cloud computer science is proposed and the scenarios of this application is hereinafter constructed, This new security agreement is wholly fit for the processing and retrieval of the encrypted informations, successfully motivating the broad relevant chance, the security of informations transmittal and the stockpiling of the cloud computer science.

Keyword: Cloud storage, Data security, to the full homomorphic encoding

Introduction

Enterprises are the speedy nearing new advanced clip in which we store our information and execute our excessive calculation remotely. With the usage of cloud there are legion points of involvement in disbursals and usefulness, but the issue with the cloud is secret informations may non be secure. Today, endeavors are looking towards cloud calculating environment to spread out their on-premise substructure, but most can non afford the cost of the danger of trading off the security of their applications and information. Recent progresss in Fully homomorphic encoding ( FHE ) allows us to execute arbitrarily-complex dynamically picked calculations on encrypted informations, despite non holding the secret decoding key. Processing encrypted informations homomorphically requires greater figure of calculations than treating the information unencrypted.

Scientifically talked is a homomorphic cryptosystem, a cryptosystem whose encoding map is a homomorphy and therefore conserves group operation performed on cypher texts. The two group operations are the arithmetic add-on and generation. A homomorphic encoding strategy is said to be linear if the followerss holds –

E ( x+y ) = E ( x )E ( Y )

What ‘s more it is said to be multiplicative if –

E ( x, Y ) = E ( x ) * E ( Y )

Where E characterizes an encoding map.

The cryptosystem that support either of the two operations are said to be partly homomorphic encoding system, and the one time that supports both the add-ons and generations of cypher texts is called as to the full homomorphic encoding ( FHE ) .

Cloud computer science and fully homomorphic encoding

The patterned advance of FHE has empowered the cloud service suppliers a better attack to guarantee confidentiality and privateness of user informations. a solution to the old unfastened issue of developing a to the full homomorphic encoding strategy. This thought, once called a privateness homomorphy, was presented by Rivest, Adelman and Dertouzous [ 3 ] shortly after the innovation of RSA by Rivest, Shamir and Adleman.

To supply the better security we are traveling to widen the security solution for cloud calculating with the aid of to the full homomorphic encoding cryptosystem.

Principle to the full homomorphic encoding

Craig Gentry develop homomorphy encoding program including 4 techniques. They are the cardinal coevals, encoding, decoding algorithm and extra Evaluation algorithm. Fully homomorphic encoding incorporates two cardinal homomorphy types. They are the multiply homomorphic encoding algorithm and additively homomorphic encoding algorithm.The generation and add-on with Homomorphic belongingss. Homomorphic encoding algorithm underpins merely add-on homomorphy and generation homomorphy before 2009. Fully homomorphic encoding is to detect an encoding algorithm, which can be any figure of add-on algorithm and generation algorithm in the encoded information. For merely, this paper utilizes a symmetrical wholly encryption homomorphic algorithm proposed by Craig Gentry [ 4 ]

Encoding algorithms

The encoding parametric quantities p, Q and R, where P is a positive uneven figure, Q is a big positive whole number, P and Q determined in the cardinal coevals stage, P is an encoding key, and R is a random figure encrypted when selected.

For the text m, computation

Then you can acquire the cypher text.

Decoding algorithms

To plaintext

Because the p?q is much less than, so

Homomorphism verification

The homomorphy linear belongings confirmations

Suppose there are two groups of the plaintext M1 and M2. To scramble them turn into the cypher text.

To plaintext

Due to

Equally long as the
is much less than P, so

This algorithm fulfills the linear homomorphic conditions

The homomorphic multiplicative belongings confirmation

To plaintext

Due to

Equally long as the
is much less than P, so

This algorithm fulfills the multiplicative homomorphic conditions

Application scene and security architecture

Privacy protection

User is hive awaying their informations in cloud, by agencies of security it is stored in encrypted signifier and while conveying the informations cloud service supplier and user ensures that plaintext information can non be found to others. That implies both will guarantee the safe storage and transmittal of informations.

Datas processing

Fully homomorphic encoding constituent empowers clients or the sure 3rd party procedure cypher text informations squarely, instead than the original informations. Users can get figure of arithmetic consequences to decode to acquire good information. for illustration, in medical information system, electronic medical records are in the signifier of cypher text and are stored over the cloud waiter.

Retrieval of cypher text

Fully homomorphic encoding engineering based on retrieval of cypher text method, FHE non merely ensures the privateness and efficiency of retrieval but besides the retrieval informations can be added and multiply without altering the plaintext.

Decision

Security is the most widely recognized issue for Cloud Computing. While hive awaying, conveying and recovering the information from cloud server security substructure is needed. Encoding is the common engineering to guarantee the informations security of cloud calculating. To supply precaution to net and overcast services Gentry proposed Fully Homomorphic Encryption ( FHE ) strategy from his old encoding theoretical account i.e. , slightly homomorphic encoding strategy.

Taking into history the cloud security issues this paper presented the thought of to the full homomorphic encoding strategy and proposed a security architecture which ensures the security of transmission and storage of informations over the cloud waiter

References

1. new wave Dijk, M. , Gentry, C. , Halevi, S. , Vaikuntanathan, V. : Fully homomorphic encoding over the whole numbers. In: Gilbert, H. ( ed. ) EUROCRYPT. LNCS, vol. 6110, pp. 24–43, 2010.

2. hypertext transfer protocol: //epubs.siam.org/doi/abs/10.1137/120868669

3. Rivest R, Adleman L, Dertouzos M. On informations Bankss and privateness homomorphies Academic Press, pp.169—180, 1978.

4. Gentry, C. , Halevi, S. : Implementing Gentry’s fully-homomorphic encoding strategy. Preliminary version ( August 5, 2010 ) , hypertext transfer protocol: //researcher.ibm.

5. Wikipedia. Cloud calculating [ EB/OL ] . hypertext transfer protocol: //en.wikipedia.org/wiki/Cloud_Computing, 2012-12-05.

6. Feng Zhao, Chao Li, Chun Feng Liu, “ A cloud calculating security solution based on to the full homomorphic encryption” IEEE 16^ThursdayInternational Conference, pp.485-488, Feb 2014.

7. Jian Li, Danjie Song, Sicong Chen, Xiaofeng Lu, “A simple to the full homomorphic encoding strategy available in cloud computing” . IEEE 2^neodymiumInternational Conference ( Vol-01 ) , pp. 214-217, Nov 2012.