Available online at www.sciencedirect.com ScienceDirect

Procedia Technology 24 ( 2016 ) 1623 – 1628

International Conference on Emerging Trends in Engineering, Science and Technology (ICETEST - 2015) E –PAYMENT SYSTEM USING VISUAL AND QUANTUM

Shemin P A a* ,Prof. Vipinkumar K S b

a Department of Computer Science and Engineering,Government Engineering college Thrissur b Department of Computer Science and Engineering,Government Engineering college Thrissur

Abstract

In recent years E-shopping gained a tremendous growth due to its benefits. Even though benefits of E-shopping are considerable, it creates some security threats such as debit, credit card fraud, phishing etc. In this paper we introduce an E-payment system that provides an unrivaled security using visual and . Visual cryptography hides the details of customer by generating shares whereas Quantum cryptography secures the transmission of one time password .Image embeds the share with one time password which results in secure transmission of share to bank. Proposed approach guarantees unconditional security than traditional E-payment system by using two important cryptographic techniques. ©© 2016 2016 The The Authors. Authors. Published Published by Elsevierby Elsevier Ltd. LtdThis. is an open access article under the CC BY-NC-ND license (Peerhttp://creativecommons.org/licenses/by-nc-nd/4.0/-review under responsibility of the organizing). committee of ICETEST – 2015. Peer-review under responsibility of the organizing committee of ICETEST – 2015 Keywords: Quantum cryptography ;visual cryptography ;steganography

1. Introduction

E-shopping refers to process of buying commodities through web browser instead of using mortar stores. Due to wide variety of selection and higher convenience customers are magnetized to E shopping. Even though customer focuses on E-shopping than traditional shopping because of its advantage, security problems such as identity theft and phishing are the major concern for both customers and merchant. Identity theft is the practice of stealing another

* Corresponding author. Tel.: +4-872-334-144. E-mail address: [email protected]

2212-0173 © 2016 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-review under responsibility of the organizing committee of ICETEST – 2015 doi: 10.1016/j.protcy.2016.05.166 1624 P.A. Shemin and K.S. Vipinkumar / Procedia Technology 24 ( 2016 ) 1623 – 1628

person’s identity for gaining access to his resource where as phishing refers to process of acquiring sensitive information by masquerading as a reputed entity. In this paper we propose a new method for E-payment that provides unrivaled security by using cryptographic techniques visual cryptography, quantum cryptography and steganography. Visual cryptography hides the authentication details of customer by generating two shares for customer and bank respectively. Quantum cryptography secures the transmission of one time password. Steganography is used to combine the customer’s share along with one time password in order to secure the transmission of customer’s share to bank .Proposed method for E-shopping can be extended for other bank applications. The rest of the paper is organized as follows: Section 2 contains description about visual cryptography, quantum cryptography and steganography. Section 3 includes related works. Section 4 describes the infrastructure of proposed system. Section 5 includes proposed system. Section 6 contains the performance analysis of proposed system. Section 7 concludes the paper.

2. Visual cryptography, Quantum cryptography and Steganography

Visual cryptography is a cryptographic technique proposed by Moni Naor and Adi Shamir in 1994[12].This cryptographic technique encrypts the images in to number of meaningless shares which are Xeroxed in to transparencies and only after combining all the shares generated from the image , the original image is retained. Quantum cryptography is a cryptographic technique based on quantum mechanics. It is usually referred to quantum distribution since quantum mechanics is used to distribute an encrypted key not for transmitting data message between users. in quantum cryptography is done using quantum states called qubits. It is not possible to measure and clone the quantum states so that an eavesdropper cannot clone or measure the qubits. This technique require two type of channels ,quantum channel for secure transferring of key and classic channel for verification of key received. Steganography is the process of hiding data in another data in ways that prevents the detection of hidden data from human’s casual eye contact [15] .Steganography requires two files for embedding hidden message in another data. First one is cover media that will hold hidden message. Second one is data to be hidden. Depending upon the type of cover media steganography can be classified in to text steganography, image steganography, video and audio steganography. Image steganography uses image as cover media and hidden message can be any that can be hidden in a bit stream. Combination of cover image and hidden message make a stego-image.

3. Related work

A brief survey of related work in the area of payment system is given in this section. An online payment system using visual cryptography and steganography is proposed in [2] but the customer’s share generated using visual cryptography is not secured during transmission, As a result of that an eavesdropper can masquerade as customer by hacking customer’s share. In [14] an off-line electronic cash scheme using partial blind signature is proposed but it is not meant for online payment. An electronic payment using quantum blind signature is proposed in [3] but it requires account in same bank for both customer and merchant and it is not an online payment method

4. Infrastructure of proposed system

In traditional E- payment system after the selecting the items from E –shop portal, customer submits his credit or debit card information for paying the merchant .The details submitted by customer are verified by bank and when the verification gets right fund is transferred to merchant’s account. This payment system is not secure since any eavesdropper can act as customer by hacking information submitted by customer. Proposed payment system solves this problem by using two cryptographic techniques visual cryptography and quantum cryptography. In proposed method snapshot of text containing customer’s account number and debit and credit card information is taken. From the snapshot image two shares are generated using visual cryptography.one share will be in the hand of customer and other one will be in database of bank. Merchant and customer agrees on a sessional key at the start of E-shopping. After that customer select the desired items and transfer blinded list of items P.A. Shemin and K.S. Vipinkumar / Procedia Technology 24 ( 2016 ) 1623 – 1628 1625 along with encrypted account number to bank. This blinded list is generated by encrypting list of items with sessional key between customer and merchant. On receiving blinded list of items along with encrypted account number bank generates an one time password and securely transfers it to customer using quantum cryptography .After receiving one time password ,image steganography is performed by taking customer’s share as cover image and hidden information as one time password and stego image is passed to bank. Bank extracts embedded one time password so that share and one time password gets separated. Then Bank combines customer’s share with bank’s share and obtains account number and credit card details. Finally bank validates the one time password and credit card details and if both verification gets right fund is transferred to merchant account number. Figure 1 illustrates transactions in proposed payment system.

Fig 1: Transactions in proposed payment system

Quantum cryptography in proposed method uses BB84 protocol [10] .It is based on single particles. It encodes one time password using polarization of photon. In BB84 protocol sender and receiver has to define two basis, rectilinear and diagonal. In rectilinear basis photons with horizontal polarization indicates bit zero and with vertical polarization indicates bit one. In diagonal basis photon with polarization -450 indicates bit zero and photon with polarization +450 indicates bit one. Sender can choose basis randomly for sending each bit of key to receiver through a quantum channel. Receiver on receiving bits chooses basis randomly to measure it and informs sender which basis he used through a public channel. On receiving the basis sender informs receiver when he has chosen the basis correctly .Key consist of bits for which receiver has chosen the basis correctly. New key consist of bits for which receiver has chosen the basis correctly. Subset of the new key is compared in order to detect eavesdropping. Eavesdropping is not possible in BB84 protocol since measurement of polarization of photons using incorrect basis results in change of polarization of photons .As a result receiver do not get correct bit even after using same basis as that of sender and during comparison of subset of keys ,mismatch occurs indicating eavesdropping.

1626 P.A. Shemin and K.S. Vipinkumar / Procedia Technology 24 ( 2016 ) 1623 – 1628

5. Proposed system

Proposed payment method involves three characters for transaction, customer bank and merchant. Initially before doing shopping customer requires to open an account in bank by giving his personal details to bank. After opening account, bank will give a private key and one of the shares generated by visual cryptography to customer. Bank will keep other share in its database. Share is generated by applying visual cryptography to snapshot of text containing customer’s account number and debit and credit card information. Now customer can perform E-shopping using this share. Figure 2 illustrates steps involved in proposed system.

Fig 2: Steps in proposed system

At the start of E-shopping customer and merchant shares a sessional key. After customer select the items needed from shop-portal. To pay the merchant customer will send a blinded list of items along with encrypted account number as payment request to bank .Blinded list of items are created by encrypting list of items using P.A. Shemin and K.S. Vipinkumar / Procedia Technology 24 ( 2016 ) 1623 – 1628 1627 sessional key shared between customer and merchant at the start of E-shopping .Account number is encrypted using private key of customer given by bank .On receiving payment request bank generates one time password (OTP) and securely transfer the key through quantum channel using BB84 protocol of quantum cryptography to customer .The basis for encryption of one time password is determined by bits of private key of customer and blinded list of items .That is ith bit of one time password is determined by ith bit of private key of customer and blinded list of items .This is illustrated in table 1. On receiving quantum signature customer uses the same basis chosen by bank to measure one time password same as the way in which bank has chosen the basis. After that one time password measured is embedded inside the share of customer using image steganography which generates a stego-image .This stego-image is passed to bank for further transactions. Bank decrypts the stego-image and separates one time password and share .Bank validates one time password and customer’s share is combined with bank’s share .Bank also validates details obtained by combining share .If both verification gets right amount will be transferred to merchant’s account .If any of the verification gets wrong transaction gets failed .

Table 1.Basis.

. Blinded list of items Private key of Basis customer 0 0 Rectilinear 0 1 Rectilinear 1 0 Diagonal 1 1 Diagonal

6. Performance analysis

The proposed payment method provides considerable improvements on security than the existing approaches. In proposed method customer’s authentication details are hided by using visual cryptography .Embedding of one time password in customer’s share prevents an eve from masquerading as customer by hacking share. Use of quantum cryptography secures the transmission of one time password. Consider an eavesdropper has hacked the customer’s share embedded with one time password during transmission of share to bank .Eavesdropper can’t reuse this share for acting as customer since one time password, which varies for each transmission is embedded in share .So when an eavesdropper sends this hacked share to bank for transaction, validation of one time password gets failed and transaction gets rejected . Also eavesdropper cannot able to gain user authentication details from share because in order to gain information of customer from customer’s share both the customer’s share and bank’s share should be combined .Quantum cryptography used in proposed payment method prevents an eavesdropper from measuring and cloning the one time password .So an eavesdropper cannot guess the function used for generating one time password .Thus the proposed system guarantees unconditional security using visual cryptography, quantum cryptography and image steganography.

7. Conclusion

In this paper E-payment method using quantum and visual cryptography and image steganography is proposed .This proposed system based on two cryptographic provides unconditional security by preventing man in the middle attack. Visual cryptography used in this system safeguards the customer’s data where as quantum cryptography and 1628 P.A. Shemin and K.S. Vipinkumar / Procedia Technology 24 ( 2016 ) 1623 – 1628

image steganography prevents security threats such as phishing, identity theft. Proposed method for E-shopping can be extended for other bank applications

Acknowledgement

The author would like to thank the anonymous reviewers. They had put a real great effort into reviewing this article, and they had provided a lot of useful feedback that helped to improve the presentation of this article.

References

[1] Frdric Dupuis, Omar Fawzi, and Stephanie Wehner Entanglement Sampling and Applications ,IEEE TRANSACTIONS ON INFORMATION THEORY,VOL. 61, NO. 2, FEBRUARY 2015 [2] Souvik Roy a, *, P.Venkateswaran b, Online Payment System using Steganography and Visual Cryptography ,2014 IEEE Students Conference on Electrical, Electronics and Computer Science [3] Siavash Khodambashi, Ali ZakerolhosseiniA Quantum Blind Signature Scheme for Electronic Payments The 22nd Iranian Conference on Electrical Engineering (ICEE 2014), May 20-22, 2014, Sahid Beheshti University [4] Monika Agarwal Department of Computer Science and Engineering, PDPM-IIITDM, Jabalpur, India, TEXT STEGANOGRAPHIC APPROACHES A COMPARISON , International Journal of Network Security Its Applications (IJNSA), Vol.5, No.1, January 2013 [5] Souvik Roy a, *, P.Venkateswaran b, A Text based Steganography Technique with Indian Root ,International Conference on Computational Intelligence:Modeling Techniques and Applications (CIMTA) 2013. [6] Marcin Niemiec and Andrzej R. Pach, AGH University of Science and TechnologyManagement of Security in Quantum Cryptography ,IEEE Communications Magazine August 2013 [7] N.H.Abdul-mahdia , *,A.Yahyaa, R.B.Ahmada and O.M.Al-Qershi b, Secured and Robust Information Hiding Scheme, Malaysian Technical Universities Conference on Engineering Technology 2012, MUCET 2012 Part 3 - Civil and Chemical Engineering[553-560] [8] Zhongmin Wang, Student Member, IEEE, Gonzalo R. Arce, Fellow, IEEE, and Giovanni Di Crescenzo, Halftone Visual Cryptography Via Error Diffusion, IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY ,VOL. 4,NO.3,SEPTEMBER 2009 [9] William A. Fedaka and Jeffrey J. PrentisbDepartment of Natural Sciences,University of MichiganDearborn, Dearborn, Michigan 48128 The 1925 Born and Jordan paper On quantum mechanics”,2009 American Association of Physics Teachers [10] Jrgen Cederlf and Jan-ke Larsson Security Aspects of the Authentication Used in Quantum Cryptography,IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 54, NO. 4, APRIL 2008 [11] Tzonelih Hwang, Kuo-Chang Lee, and Chuan-Ming Li Provably Secure Three-Party Authenticated Protocols,IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,VOL. 4, NO. 1, JANUARY-MARCH 2007 [12] Zhi Zhou, Member, IEEE, Gonzalo R. Arce, Fellow, IEEE, and Giovanni Di Crescenzo, Halftone Visual Cryptography , IEEE TRANSACTIONS ON IMAGE PROCESSING, VOL. 15, NO. 8, AUGUST 2006 [13] Bernardo Cuenca Grau How to Teach Basic Quantum Mechanics to ComputerScientists and Electrical Engineers,IEEE TRANSACTIONS ON EDUCATION,VOL. 47, NO. 2, MAY 2004 [14] WangG Changji , WU Jianping , Duan Haixin A Fair Off-Line Electronic Cash Scheme Based on Restrictive Partially Blind Signature Tsinghua Science and Technology ISSN 1007-0214 13/21 pp441-443 Volume 9, Number 4, August 2004 [15] Johnson and Jajodia at the Center for Secure Information Systems, Dept. of Information and Soft- ware Systems Engineering, George Mason University,Exploring Steganography: Seeing the Unseen , IEEE TRANSACTIONS ON SECURITY, february 1998