securing online shopping system using visual cryptography

3
International Journal of Emerging Technologies and Engineering (IJETE) Volume 2 Issue 1, January 2015, ISSN 2348 8050 17 www.ijete.org Securing Online Shopping System Using Visual Cryptography Prof. D. B. Satre*, Varad Durugkar**, Akshay Ambekar *** , AmitKumar Yadav **** , Sudarshan Patil ***** *Department of Information Technology, MMIT, Savitribai Phule Pune University, Lohgaon ** MMIT, Savitribai Phule Pune University, Lohgaon ** MMIT, Savitribai Phule Pune University, Lohgaon **** MMIT, Savitribai Phule Pune University, Lohgaon ***** MMIT, Savitribai Phule Pune University, Lohgaon ABSTRACT In today’s world of internet, various online attacks has been increased as well as spread and among them the most famous and harmful attack is phishing. it is trying by an individual person or a group to get personal secret confidential information such as passwords, all types of card information from unsuspecting victims for identity theft, financial gain and other stolen activities. Fake websites which appear very like to the original ones are being hosted to gain this. Here an image based authentication using Visual Cryptography is implemented. The use of visual cryptography is traverse to preserve the privacy of an image captcha by decomposing means that original image captcha into two shares (known as sheets) that are generated by bank server. Original image captcha can be betrayed only when both are simultaneously available. the individual sheet images do not betray the identity of the original image captcha. Once the original image captcha is passed to the user it can be used as the password by user. Using this website cross verifies its identity and proves that it is a genuine website before the end users.by Using (2,2) visual secret sharing scheme a secret image is encrypted in shares which are meaningless images that can be transmitted or distributed over an untrusted communication channel. Keywords - DBA, OTP , Phishing, VC. I. INTRODUCTION Online shopping is the retrieval of product information via the Internet and issue of purchase order through electronic purchase request, filling of all card information such as Credit card, debit card and shipping of product by mail order or home delivery by courier. Identity theft and phishing are the common dangers of online shopping. Identity theft is the stealing of someone identity in the form of personal information and misuse of that information for making purchase and opening of bank accounts or arranging credit cards. Phishing is a criminal mechanism that employs both social engineering and technical subterfuge to steal consumers personal identity data and financial account credentials. We can use Visual cryptography in our project for security purpose. For services such as Payment Service, Financial and Retail Service are the most targeted industrial sectors of phishing attacks. However, one must still trust merchant and its employees not to use consumer information for their own purchases and not to sell the information to others. In our project there are three parts that are Client, Merchant server, Bank server. II. PHISHING What is Phishing? Phishing is a deceptive communication. It’s Facilitates identity theft environment in website. Phishing is an analogy of fishing bait. Fraudsters use deceptive email messages that appear to be originating from legitimate businesses. Phishing attacker key point is Attacker sends an e-mail. Internet user is re-directed to a mimicking website to key in their personal identification details. The attacker will then use this information to commit identity fraud. Effects of Phishing: There are two main effect of phishing: Inflicts financial losses Corrodes consumer trust There are so many phishing techniques. Email / Spam Web Based Delivery Instant Messaging Trojan Hosts

Upload: ijeteeditor

Post on 01-Feb-2016

216 views

Category:

Documents


0 download

DESCRIPTION

In today’s world of internet, various online attacks has been increased as well as spread and among them the most famous and harmful attack is phishing. it is trying by an individual person or a group to get personal secret confidential information such as passwords, all types of card information from unsuspecting victims for identity theft, financial gain and other stolen activities. Fake websites which appear very like to the original ones are being hosted to gain this. Here an image based authentication using Visual Cryptography is implemented. The use of visual cryptography is traverse to preserve the privacy of an image captcha by decomposing means that original image captcha into two shares (known as sheets) that are generated by bank server. Original image captcha can be betrayed only when both are simultaneously available. the individual sheet images do not betray the identity of the original image captcha. Once the original image captcha is passed to the user it can be used as the password by user. Using this website cross verifies its identity and proves that it is a genuine website before the end users.by Using (2,2) visual secret sharing scheme a secret image is encrypted in shares which are meaningless images that can be transmitted or distributed over an untrusted communication channel.

TRANSCRIPT

Page 1: Securing Online Shopping System Using Visual Cryptography

International Journal of Emerging Technologies and Engineering (IJETE)

Volume 2 Issue 1, January 2015, ISSN 2348 – 8050

17

www.ijete.org

Securing Online Shopping System Using Visual Cryptography

Prof. D. B. Satre*, Varad Durugkar**, Akshay Ambekar***

, AmitKumar Yadav****

, Sudarshan Patil*****

*Department of Information Technology, MMIT, Savitribai Phule Pune University, Lohgaon

** MMIT, Savitribai Phule Pune University, Lohgaon

** MMIT, Savitribai Phule Pune University, Lohgaon

**** MMIT, Savitribai Phule Pune University, Lohgaon

***** MMIT, Savitribai Phule Pune University, Lohgaon

ABSTRACT In today’s world of internet, various online attacks has

been increased as well as spread and among them the

most famous and harmful attack is phishing. it is trying

by an individual person or a group to get personal secret

confidential information such as passwords, all types of

card information from unsuspecting victims for identity

theft, financial gain and other stolen activities. Fake

websites which appear very like to the original ones are

being hosted to gain this. Here an image based

authentication using Visual Cryptography is

implemented. The use of visual cryptography is traverse

to preserve the privacy of an image captcha by

decomposing means that original image captcha into two

shares (known as sheets) that are generated by bank

server. Original image captcha can be betrayed only

when both are simultaneously available. the individual

sheet images do not betray the identity of the original

image captcha. Once the original image captcha is

passed to the user it can be used as the password by user.

Using this website cross verifies its identity and proves

that it is a genuine website before the end users.by Using

(2,2) visual secret sharing scheme a secret image is

encrypted in shares which are meaningless images that

can be transmitted or distributed over an untrusted

communication channel.

Keywords - DBA, OTP , Phishing, VC.

I. INTRODUCTION

Online shopping is the retrieval of product information

via the Internet and issue of purchase order through

electronic purchase request, filling of all card

information such as Credit card, debit card and shipping

of product by mail order or home delivery by courier.

Identity theft and phishing are the common dangers of

online shopping. Identity theft is the stealing of someone

identity in the form of personal information and misuse

of that information for making purchase and opening of

bank accounts or arranging credit cards. Phishing is a

criminal mechanism that employs both social

engineering and technical subterfuge to steal consumers

personal identity data and financial account credentials.

We can use Visual cryptography in our project for

security purpose. For services such as Payment Service,

Financial and Retail Service are the most targeted

industrial sectors of phishing attacks. However, one

must still trust merchant and its employees not to use

consumer information for their own purchases and not to

sell the information to others. In our project there are

three parts that are Client, Merchant server, Bank server.

II. PHISHING

What is Phishing? Phishing is a deceptive

communication. It’s Facilitates identity theft

environment in website. Phishing is an analogy of

fishing bait. Fraudsters use deceptive email messages

that appear to be originating from legitimate businesses.

Phishing attacker key point is

Attacker sends an e-mail.

Internet user is re-directed to a mimicking

website to key in their personal identification

details.

The attacker will then use this information to

commit identity fraud.

Effects of Phishing:

There are two main effect of phishing:

Inflicts financial losses

Corrodes consumer trust

There are so many phishing techniques.

Email / Spam

Web Based Delivery

Instant Messaging

Trojan Hosts

Page 2: Securing Online Shopping System Using Visual Cryptography

International Journal of Emerging Technologies and Engineering (IJETE)

Volume 2 Issue 1, January 2015, ISSN 2348 – 8050

18

www.ijete.org

Web Based Delivery: Web based delivery is one of

the most sophisticated phishing techniques. Also known

as “man-in-the-middle,” the hacker is finded in between

the original website and the phishing systems. The

phisher accessas well as traces details during a

transaction between the legitimate website and the user.

As the user continues to send information, it is gathered

and store by the phishers.

Instant Messaging: It is the method in which the user

receives a message with a link directing them to a fake

phishing website which has the similar look and feel as

the authorized website. If the user doesn’t look at the

URL, it may be difficult to tell the difference between

the fraud and authorized websites. Then, the user is

asked to provide personal sensitive data on the page. for

phisher personal use they can use users stolen data.

III. VISUAL CRYPTOGRAPHY

Visual cryptography is a cryptographic technique which

allows visual information (pictures, text, etc.) to be

encrypted in such a way that the decryption can be

performed by the human visual system. Visual

cryptography was pioneered by Moni Naor and Adi

Shamir in 1994. it is a special encryption technique to

conceal information in images in such a way that it may

be decrypted in front of the human vision if the correct

key image is used. VC uses two transparent images. in

visual cryptography decomposes the original image into

two parts know as share, image or captcha . First image

contains random Means without any method pixels and

the other image contains the secret information.

It is absolutely impossible to retrieve the secret

information from one image. Both transparent images

and layers are required to betray the information. if

anyone got the one image that is meaningless. Whenever

we combining two image or share means superimpose

of image then and only then we got the original image.

Using (2,2) visual secret sharing scheme a secret image

is encrypted.

Various visual cryptography applications are as

follow:

1) Biometric security

2) Watermarking

3) Steganography

4) Printing and scanning applications

5) Bank customer identification

Types of visual cryptography

1) Halftone visual cryptography

2) Color visual cryptography

3) Visual Cryptography with Perfect Restoration

4) Multiresolution Visual Cryptography

5) Progressive Multiresolution Visual

Cryptography

Fig1: Visiual cryptography

IV. ARCHITECTURE

In this Architecture there are three main parts that are

1) Client,

2) Merchant server

3) Bank server.

• Client: Client is a person who wants to buy some

product online on merchant site, But it is necessary that

the person knows the merchant site is fraud or real. For

that user first enter OTP which can generate by bank and

then verify that merchant site is phishing or not. After

know that merchant site is real customer complete

further proceed and select or buy product.

• Merchant Server: Merchant server hosts the original

website it consists of all the database of products it is

managed by DBA. It is registered with bank server.

Merchant verify if the user is authentic or not by using

Login functionality. Merchant sends its Server ID and

Unique Customer ID to bank server for verification

purpose. Adding removing products into cart. Managing

database of products. Also checking transactions that has

happened.

Page 3: Securing Online Shopping System Using Visual Cryptography

International Journal of Emerging Technologies and Engineering (IJETE)

Volume 2 Issue 1, January 2015, ISSN 2348 – 8050

19

www.ijete.org

• Bank Server: Bank server verifies client and

merchant server using client UID or merchant id. Bank

server creating Hash Function for OTP. It divide’s OTP

into two share’s. Bank sends OTP shares to merchant

and client. At last verify if OTP entered is correct or not.

Fig 2: System Architecture

V. CONCLUSION

In this paper we present a method to protect user

from phishing website and avoid fraud of

money.Thus the system which we are providing will

initiate more secure online transaction that will lead to

increase the participation of clients.

REFERENCES

[1] Souvik Roy and P. Venkateswaran. Online payment

system using steganography and visual

cryptography. IEEE Studentsˆa Conference on

Electrical, Electronics and Computer

Science, 2014.

[2] Tommy W. S. Chow Senior Member Haijun Zhang,

Gang Liu and Senior Member Wenyin Liu. Textual and

Visual Content-Based Anti-Phishing: A Bayesian

Approach.

2011.

[3] Divya James and Mintu Philip. A novel anti phishing

framework based on visual cryptography” international

journal of distributed and parallel systems. 2012.