Online paymentusingsteganographt&Visualcryptography

Online Payment System using Steganography and Visual Cryptography

PROJECT REPORT ON

PBHARGAVI 114P1A0545KNIREESHA REDDY 114P1A0523MNAGARJUNA 114P1A0532ACHANDRA SEKHARA 114P1A0503

Under the esteemed guidance of

MrK SAI BHARATH Mtech

AsstProffessorCSE DEPT

YOGANANDA INSTITUTE OF TECHNOLOGY AND SCIENCEDEPARTMENT OF COMPUTER SCIENCE amp ENGINEERING (Approved by AICTE New Delhi amp Affiliated to JNTUA Anantapur)

2011-2015

Abstract This paper presents a new approach for providing limited

information only that is necessary for fund transfer during online shopping thereby safeguarding customer data and increasing customer confidence and preventing identity theft A cryptographic technique based on visual secret sharing used for image encryption Using k out of n (k n) visual secret sharing scheme a secret image is encrypted in shares which are meaningless images that can be transmitted or distributed over an un trusted communication channel Only combining the k shares or more give the original secret image Phishing is an attempt by an individual or a group to thieve personal confidential information such as passwords credit card information etc from unsuspecting victims for identity theft financial gain and other fraudulent activities The use of images is explored to preserve the privacy of image captcha by decomposing the original image captcha into two shares that are stored in separate database servers such that the original image captcha can be revealed only when both are simultaneously available the individual sheet images do not reveal the identity of the original image captcha Once the original image captcha is revealed to the user it can be used as the password Several solutions have been proposed to tackle phishing

INTRODUCTION

In Online shopping the issue of purchase order through electronic purchase request filling of credit or debit card information

Identity theft or phishing are the common threats to online shopping

Identity theft is the stealing of someonersquos identity in the form of personal information and misuse

A new method is proposed that uses text based steganography and visual cryptography which minimizes information sharing between consumer and online merchant but enable successful fund transfer thereby safeguarding consumer information and preventing misuse

Steganography is the art of hiding of a message within the image called the cover

Existing system

A customer authentication system using visual cryptography is presented but it is specifically designed for physical banking

A signature based authentication system for core banking is proposed in but it also requires physical presence of the customer presenting the share

A biometrics in conjunction with visual cryptography is used as authentication system

Disadvantages of Existing System

Does not provide a friendly environment to encrypt or decrypt the data (images)

Not suitable for online payments

It is expansive of Using biometrics

Proposed System

Proposed System Visual Cryptography (VC) technique based on visual secret sharing used for image encryption

A new method is proposed that uses text based steganography and visual cryptography which minimizes information sharing between consumer and online merchant

For phishing detection and prevention we are proposing a new methodology to detect the phishing website

Our methodology is based on the Anti-Phishing Image Captcha validation scheme using visual cryptography It prevents password and other confidential information from the phishing websites

Cryptographic technique(2 2)- Threshold VCS scheme(n n) -Threshold VCS scheme (k n) Threshold VCS scheme are used in this proposed system

Advantages Of Proposed System

Our methodology is based on the Anti-Phishing Image Captcha validation scheme using visual cryptography

It prevents password and other confidential information from the phishing websites

For phishing detection and prevention we are proposing a new methodology to detect the phishing website

System ArchitectureProposed payment method

Algorithms Encoding

First letter in each word of cover message is taken

1048707 Representation of each letter in secret message by its

equivalent ASCII code

1048707 Conversion of ASCII code to equivalent 8 bit binary

number

Division of 8 bit bin Choosing of suitable letters from table 1 corresponding

to the 4 bit parts

Meaningful sentence construction by using letters

obtained as the first letters of suitable words

1048707 Omission of articles pronoun preposition adverb

waswere isamare hashavehad willshall and

wouldshould in coding process to give flexibility in

sentence constructionary number into two 4 bit parts

Modules

1Embedding text on the image

2 Encoding

3 Decoding Steps

5 Customer Authentication

6 Certification Authority Access

7 Final Authenticated Information Results

1Embedding text on the image

In this module Steganography uses characteristics of English language such as inflexion fixed word order and use of periphrases for hiding data rather than using properties of a sentence

This gives flexibility and freedom from the point view of sentence construction but it increases computational complexity

2 Encoding Representation of each letter in secret message by its equivalent

ASCII code

Conversion of ASCII code to equivalent 8 bit binary number

Division of 8 bit binary number into two 4 bit parts

Choosing of suitable letters from table 1 corresponding to the 4 bit parts

Meaningful sentence construction by using letters obtained as the first letters of suitable words

Encoding is not case sensitive

3 Decoding Steps

First letter in each word of cover message is taken and represented by corresponding 4 bit number

4 bit binary numbers of combined to obtain 8 bit number

ASCII codes are obtained from 8 bit numbers

Finally secret message is recovered from ASCII codes

5 Customer Authentication

Customer unique authentication password in connection to the bank is hidden inside a cover text using the text based Steganography method

Customer authentication information (account no) in connection with merchant is placed above the cover text in its original form

Now a snapshot of two texts is taken From the snapshot image two shares are generated using visual cryptography

Now one share is kept by the customer and the other share is kept in the database of the certified authority

6 Certification Authority Access

During shopping online after selection of desired item and adding it to the cart preferred payment system of the merchant directs the customer to the Certified authority portal

In the portal shopper submits its own share and merchant submits its own account details Now the CA combines its own share with shopperrsquos share and obtains the original image

From CA now merchant account details cover text are sent to the bank where customer authentication password is recovered from the cover text

7 Final Authenticated Information Results

Customer authentication information is sent to the merchant by CA

Upon receiving customer authentication password bank matches it with its own database and after verifying legitimate customer transfers fund from the customer account to the submitted merchant account

After receiving the fund merchantrsquos payment system validates receipt of payment using customer authentication information

Hardware amp software requirements

Hardware requirements

Processor - Intel I3

Speed - 180 ghz

RAM - 4gb

Storage Disk - 500gb

Software requirements

Platform Windows 7

Programming Environment JAVA 6

HttpServer Tomcat 6

Design HTMLJspJavaScript

Server side Script Java Server Pages

BackEnd Oracle 10

UML Diagrams

Class diagramUser

+uid integer+uname String+address String+e_id String

+signIn()

Registration

+accountno integer+password integer+uid integer+uname String

+register()

Authenticate

+uid integer+uname String+password integer

+authenticate()

TBSteg

+password integer+text-c String+sentence String

+encode()+decode()

Encode

+ascii integer+binary integer+accountno integer

+toBinary()+toASCII()+to8bits()+to4bits()+numberAssignment()

Decode

+ascii integer+binary integer+accountno integer

+toASCII()+toBinary()+to4bits()+to8bits()+numberAssignment()

Steg

+text String+image String

+extract()

Shares

+image String+share1 integer+share2 integer

+split()+merge()

Object DiagramKim Hyunsoo

+uid 101+uname kala+address tpt+e-id kalagmailcom

Kim J eongil

+accountno 12345666+uid 101+uname kala

Kim Keehyun

+uid 101+uname kala+password

User

Kum Deukkyu

+password

Lee J angwoo

+ascii 7+binary 0111+accountno 12345666

Lee Minkyu

+ascii 7+binary 0111+accountno 12345666

Lim Heejin

+text 010110100

Bae Rankyoung

+share1 12345666+share2

Registration Authenticate

TBSteg

Encode Decode

StegShares

Component Diagram

Userltltcomponentgtgt

Registrationltltcomponentgtgt

Authenticateltltcomponentgtgt

TBSegltltcomponentgtgt

Encodeltltcomponentgtgt Decode

ltltcomponentgtgt

Stegltltcomponentgtgt

Sharesltltcomponentgtgt

Deployment Diagram

Registration User Authenticate

TBSteg

Encode Decode

steg Shares

Usecase Diagram

User

authenticate

register

tbsteg CA

accountno

Merchantuser given some details to merchant

split

bank

result

merge

Interaction Diagram1Sequence Diagram

User Registration Authenticate TBSeg Encode Decode Steg Shares

1 signIn()

2 register()3 authenticate()

4 encode() 5 toBinary()

6 to8bit()

7 to4bit()

8 decode()

9 to4bit()

10 to8bit()

11 extract()

12 merge()

13 result()

2Collaboration DiagramUserRegistration Authentication

TBSteg

EncodeDecode

StegShares

1 register() 2 authenticate()

3 convert()

4 to8Bit()

5 toASCII()

6 to4Bit()

7 to8Bit()

8 toASCCI()

9 to4Bit()

10 extract()

11 extract()

12 split()

13 merge()

Statechart DiagramUser authenticate

TBSeg

image

accountno amp user authentication password

here user given authentication password changed to text binary format

CA

CA contain accountno amp password

Merchant

user give accountno amp some details to the merchant

where mechant give accountno to the CA

CA checks accountno and transfer to bank

result

Bank

Activity Diagram

User CAMerchant Bank

User

Authenticate

Enter accountno and password

TBSteg

merchant

user submitted only minimum information to the merchantieaccountnouid uname not password

CA

image

user authentication password

accountno

merchant submitted accountno to the CA

CA contain image formate

image contains accountno and covetext

no

CA checks accountno matched or not

result

yes

SCREENSHOTS

REGISTRATION

LOGIN

PAYMENT FORM

CONCLUSION

In this paper a payment system for online shopping is proposed by combining text based Steganography and visual cryptography that provides customer data privacy and prevents misuse of data at merchantrsquos side The method is concerned only with prevention of identify theft and customer data security In comparison to other banking application which uses Steganography and visual cryptography are basically applied for physical banking the proposed method can be applied for E-Commerce with focus area on payment during online shopping as well as physical banking

Thank You

ldquo

rdquoANY QUERIES