securing online shopping system using visual cryptography
DESCRIPTION
In today’s world of internet, various online attacks has been increased as well as spread and among them the most famous and harmful attack is phishing. it is trying by an individual person or a group to get personal secret confidential information such as passwords, all types of card information from unsuspecting victims for identity theft, financial gain and other stolen activities. Fake websites which appear very like to the original ones are being hosted to gain this. Here an image based authentication using Visual Cryptography is implemented. The use of visual cryptography is traverse to preserve the privacy of an image captcha by decomposing means that original image captcha into two shares (known as sheets) that are generated by bank server. Original image captcha can be betrayed only when both are simultaneously available. the individual sheet images do not betray the identity of the original image captcha. Once the original image captcha is passed to the user it can be used as the password by user. Using this website cross verifies its identity and proves that it is a genuine website before the end users.by Using (2,2) visual secret sharing scheme a secret image is encrypted in shares which are meaningless images that can be transmitted or distributed over an untrusted communication channel.TRANSCRIPT
International Journal of Emerging Technologies and Engineering (IJETE)
Volume 2 Issue 1, January 2015, ISSN 2348 – 8050
17
www.ijete.org
Securing Online Shopping System Using Visual Cryptography
Prof. D. B. Satre*, Varad Durugkar**, Akshay Ambekar***
, AmitKumar Yadav****
, Sudarshan Patil*****
*Department of Information Technology, MMIT, Savitribai Phule Pune University, Lohgaon
** MMIT, Savitribai Phule Pune University, Lohgaon
** MMIT, Savitribai Phule Pune University, Lohgaon
**** MMIT, Savitribai Phule Pune University, Lohgaon
***** MMIT, Savitribai Phule Pune University, Lohgaon
ABSTRACT In today’s world of internet, various online attacks has
been increased as well as spread and among them the
most famous and harmful attack is phishing. it is trying
by an individual person or a group to get personal secret
confidential information such as passwords, all types of
card information from unsuspecting victims for identity
theft, financial gain and other stolen activities. Fake
websites which appear very like to the original ones are
being hosted to gain this. Here an image based
authentication using Visual Cryptography is
implemented. The use of visual cryptography is traverse
to preserve the privacy of an image captcha by
decomposing means that original image captcha into two
shares (known as sheets) that are generated by bank
server. Original image captcha can be betrayed only
when both are simultaneously available. the individual
sheet images do not betray the identity of the original
image captcha. Once the original image captcha is
passed to the user it can be used as the password by user.
Using this website cross verifies its identity and proves
that it is a genuine website before the end users.by Using
(2,2) visual secret sharing scheme a secret image is
encrypted in shares which are meaningless images that
can be transmitted or distributed over an untrusted
communication channel.
Keywords - DBA, OTP , Phishing, VC.
I. INTRODUCTION
Online shopping is the retrieval of product information
via the Internet and issue of purchase order through
electronic purchase request, filling of all card
information such as Credit card, debit card and shipping
of product by mail order or home delivery by courier.
Identity theft and phishing are the common dangers of
online shopping. Identity theft is the stealing of someone
identity in the form of personal information and misuse
of that information for making purchase and opening of
bank accounts or arranging credit cards. Phishing is a
criminal mechanism that employs both social
engineering and technical subterfuge to steal consumers
personal identity data and financial account credentials.
We can use Visual cryptography in our project for
security purpose. For services such as Payment Service,
Financial and Retail Service are the most targeted
industrial sectors of phishing attacks. However, one
must still trust merchant and its employees not to use
consumer information for their own purchases and not to
sell the information to others. In our project there are
three parts that are Client, Merchant server, Bank server.
II. PHISHING
What is Phishing? Phishing is a deceptive
communication. It’s Facilitates identity theft
environment in website. Phishing is an analogy of
fishing bait. Fraudsters use deceptive email messages
that appear to be originating from legitimate businesses.
Phishing attacker key point is
Attacker sends an e-mail.
Internet user is re-directed to a mimicking
website to key in their personal identification
details.
The attacker will then use this information to
commit identity fraud.
Effects of Phishing:
There are two main effect of phishing:
Inflicts financial losses
Corrodes consumer trust
There are so many phishing techniques.
Email / Spam
Web Based Delivery
Instant Messaging
Trojan Hosts
International Journal of Emerging Technologies and Engineering (IJETE)
Volume 2 Issue 1, January 2015, ISSN 2348 – 8050
18
www.ijete.org
Web Based Delivery: Web based delivery is one of
the most sophisticated phishing techniques. Also known
as “man-in-the-middle,” the hacker is finded in between
the original website and the phishing systems. The
phisher accessas well as traces details during a
transaction between the legitimate website and the user.
As the user continues to send information, it is gathered
and store by the phishers.
Instant Messaging: It is the method in which the user
receives a message with a link directing them to a fake
phishing website which has the similar look and feel as
the authorized website. If the user doesn’t look at the
URL, it may be difficult to tell the difference between
the fraud and authorized websites. Then, the user is
asked to provide personal sensitive data on the page. for
phisher personal use they can use users stolen data.
III. VISUAL CRYPTOGRAPHY
Visual cryptography is a cryptographic technique which
allows visual information (pictures, text, etc.) to be
encrypted in such a way that the decryption can be
performed by the human visual system. Visual
cryptography was pioneered by Moni Naor and Adi
Shamir in 1994. it is a special encryption technique to
conceal information in images in such a way that it may
be decrypted in front of the human vision if the correct
key image is used. VC uses two transparent images. in
visual cryptography decomposes the original image into
two parts know as share, image or captcha . First image
contains random Means without any method pixels and
the other image contains the secret information.
It is absolutely impossible to retrieve the secret
information from one image. Both transparent images
and layers are required to betray the information. if
anyone got the one image that is meaningless. Whenever
we combining two image or share means superimpose
of image then and only then we got the original image.
Using (2,2) visual secret sharing scheme a secret image
is encrypted.
Various visual cryptography applications are as
follow:
1) Biometric security
2) Watermarking
3) Steganography
4) Printing and scanning applications
5) Bank customer identification
Types of visual cryptography
1) Halftone visual cryptography
2) Color visual cryptography
3) Visual Cryptography with Perfect Restoration
4) Multiresolution Visual Cryptography
5) Progressive Multiresolution Visual
Cryptography
Fig1: Visiual cryptography
IV. ARCHITECTURE
In this Architecture there are three main parts that are
1) Client,
2) Merchant server
3) Bank server.
• Client: Client is a person who wants to buy some
product online on merchant site, But it is necessary that
the person knows the merchant site is fraud or real. For
that user first enter OTP which can generate by bank and
then verify that merchant site is phishing or not. After
know that merchant site is real customer complete
further proceed and select or buy product.
• Merchant Server: Merchant server hosts the original
website it consists of all the database of products it is
managed by DBA. It is registered with bank server.
Merchant verify if the user is authentic or not by using
Login functionality. Merchant sends its Server ID and
Unique Customer ID to bank server for verification
purpose. Adding removing products into cart. Managing
database of products. Also checking transactions that has
happened.
International Journal of Emerging Technologies and Engineering (IJETE)
Volume 2 Issue 1, January 2015, ISSN 2348 – 8050
19
www.ijete.org
• Bank Server: Bank server verifies client and
merchant server using client UID or merchant id. Bank
server creating Hash Function for OTP. It divide’s OTP
into two share’s. Bank sends OTP shares to merchant
and client. At last verify if OTP entered is correct or not.
Fig 2: System Architecture
V. CONCLUSION
In this paper we present a method to protect user
from phishing website and avoid fraud of
money.Thus the system which we are providing will
initiate more secure online transaction that will lead to
increase the participation of clients.
REFERENCES
[1] Souvik Roy and P. Venkateswaran. Online payment
system using steganography and visual
cryptography. IEEE Studentsˆa Conference on
Electrical, Electronics and Computer
Science, 2014.
[2] Tommy W. S. Chow Senior Member Haijun Zhang,
Gang Liu and Senior Member Wenyin Liu. Textual and
Visual Content-Based Anti-Phishing: A Bayesian
Approach.
2011.
[3] Divya James and Mintu Philip. A novel anti phishing
framework based on visual cryptography” international
journal of distributed and parallel systems. 2012.