ABSTRACT
Growth in technology has made online shopping such an interesting thing but has introduced fraud, making personal information security a major issue for customers as well as merchants and banks in the case of CNP (Card Not Present). In a bid to arrest this ugly situation, this thesis creates a Secured web-based e-Payment system integrating image-based Steganography encryption that will allow a customer to provide limited information necessary for fund transfer during online shopping, enhance security of customer data, prevent misuse of customer’s information and also increase their confidence for online transactions. This platform utilizes this encryption method to send payments between a user and a recipient, which in most times is an e-commerce platform. Here, the user after making purchase, logs into the payment platform, provides his/her payment details which will be automatically encrypted and hidden inside an image and thereafter forwarded to the e-commerce server were the payment details is verified, decrypted and forwarded to the bank for the customer to be billed accordingly. This way, any interception midway by a malicious attacker or unauthorized intrusion (also known as Man-In-The-Middle or MITM attack) of any sort is totally useless to the interceptor as the decryption key is stored in the database. The idea behind this image-based steganography encryption is that the message will be encrypted and also hidden in an image which makes the information that is being transmitted not detectable by the casual eye and more secured. This work therefore concludes that steganography encryption will enhance security of information against middle attackers and also prevent misuse of customer’s information.
TABLE OF CONTENTS
Title Page……………………………………………………………………………… i
Declaration……………………………………………………....................ii
Certification……………………………………………………………………… iii
Dedication……………………………………………………………………………….iv
Acknowledgements…………………………………………………………………… v
Table of Content vi
List of Figures ix
Abstract x
CHAPTER 1: INTRODUCTION
1.1 Background of the Study 1
1.2 Problem Statement 2
1.3 Aim and Objectives of the Study 3
1.4 Justification of the Study…………………………. 3
1.5 Scope of the Study…………………………….…...... 4
CHAPTER 2: LITERATURE REVIEW 5
2.1 Theoretical Framework 5
2.2 Steganography 5
2.2.1 Text-based steganography 6
2.2.2 Audio steganography 8
2.2.3 Video steganography………………………………….8
2.2.4 Network steganography……………………………8
2.2.5 Image steganography…………………………………9
2.3 Image Domain………………………………… 10
2.3.1 Least significant bit in bitmap image…………….… 10
2.3.2 Least significant bit in graphics interchange format 12
2.4 Transform Domain…………………………………………………….……… 13
2.4.1 Joint photographic expert group (JPEG) compression……13
2.4.1 Joint photographic expert group (JPEG) steganography… 14
2.5 Image or Transform Domain…………………………….…… 15
2.5.1 Patchwork………………………………………………15
2.5.2 Spread spectrum…………………………………………… 16
2.6 Image Definition and Compression……………….17
2.7 Mathematical Model of Image-Based Steganography System……….…..…… 18
2.7.1 The Universal steganographic system………………….19
2.8 Review of Related Works…..…………………….… 20
2.9 Advanced Encryption Standard………………………… 25
2.9.1 Overall structure of AES……………………… 27
2.9.2 Encryption process…………………………………… 28
2.9.3 Decryption process………………………………… 28
2.9.4 Advanced encryption standard analysis……………… 29
2.10 Literature Gap……………………………………… 29
CHAPTER 3: MATERIALS AND METHODS 31
3.1 Materials for the System Development…………… 31
3.2 Hardware Requirements………………………… 33
3.3 Relevant Data Needed for the Development of the System…….. 33
3.4 The System Flowchart………………………… 34
3.5 Block Diagram of the System……………………… 38
3.6 The System Design Methodology………………… 38
3.7 Input Design……………………………………………… 39
3.7.1 Objectives of input design…………………………… 39
3.7.2 Data input method……………… 40
3.7.3 Input integrity control………………….…….... 40
3.7.4 System input design algorithm……………………… 40
3.7.5 The system input design………………………………. 42
3.7.6 System input design algorithm implementation………..43
3.8 Output Design…………………………………………………………………. 46
3.8.1 Objectives of output design………………….……46
3.8.2 System output design algorithm………… 46
3.8.3 The system output design…………………… . 48
3.8.4 System output design algorithm implementation…………49
3.9 Working Principle of the Integrated Module………… 51
3.10 The System Database Relationship…………… 53
3.11 The Use Case Diagram……………………. 54
3.12 Comparison of the New and Previous Systems……… 55
CHAPTER 4: RESULTS AND CONCLUSION 56
4.1 Design View of the System…………………………………… 56
CHAPTER 5: CONCLUSION AND RECOMMENDATIONS 64
5.1 Conclusion…………………………………………………………………… 64
5.2 Recommendation……………………………………………………………… 64
5.3 Contribution to Knowledge…………………………………………………… 64 References
Appendices
LIST OF FIGURES
2.1: Categories of image-based steganography…………………… 10
2.2 Direct spreading………………………………………………………………. 16
2.3: Pictorial representation of the working mechanism of lossy and lossless compression……………… 18
2.4: AES encryption and decryption structure…………..…… 27
3.1: The system flowchart……………………………...34
3.2: Data flow diagram……………………………….…………………..…………38
3.3: The system input design………...…………...…………………………………44
3.4: The system output design……………………..……….…48
3.5: Integrated module…………………………..…… 52
3.6: Database relationship……………………………………… 53
3.7: Use case diagram (user)…………………………….…… 54
3.8; Use case diagram (admin)………………....………… 55
4.1: Log in portal…………………………………………………………56
4.2: Registration portal………………..……………………… 57
4.3: Payment portal…………………………………………….……59
4.4: Admin login…………………………………………….…60
4.5: Admin dashboard………………………………………… 61
4.6: Encrypted payment details………………………… 62
4.7: Decrypted payment details…………………………… 63
CHAPTER 1
INTRODUCTION
1.1 BACKGROUND OF THE STUDY
The rapid growth in technologies have greatly enhanced the way things are done, starting from education, governance, manufacturing, shopping, etc. Through the use online stores, online payment methods or some others which include; Direct Debit, Cash on Delivery (COD), Cheque, Gifts Card, Debit card, Electronic Money, Postal Money Order, Wireless Transfer, etc, the purchases and sales of goods and services from any part of the world has now become an easy task to accomplish etc (Lopresti, 2007; Rao, 2010). These concepts are known as Online Shopping.
Customers can access, order and as well make payments for their orders either online or on delivery in online shopping. The client provides his card details when making payment online to the merchant and thereafter, the online merchant uses the same card details to request payment from the customer’s bank for the customer to be billed accordingly.
Although, this approach has made shopping easier, faster and better but it has also introduced security challenges such as identity theft, hacking, phishing etc. Identity theft, hacking and phishing are the common dangers of online shopping. Identity theft involves stealing of someone’s identity (personal information) and using that same information illegally for making purchase, opening of bank accounts or arranging credit cards. Identity theft results in the misuse of customer’s information for an average of 48days in 2012. Secure Socket Layer (SSL) encryption prevents the hacking of customer’s payment details in transit between the client and online merchant. Nevertheless, merchant and its employees should be trusted not to use customer’s payment details for their own selfish interest and as well not to sell them to others. This study proposed a new technique which uses image-based steganography encryption technique that reduces information(card details) sharing between the client and the online merchant, enables successful transfer of fund from customer’s account to the online merchant’s account, protect customer’s information(card details) and as well prevent the misuse of customer’s information. Steganography involves hiding a message within another such that hidden file is indistinguishable. One good thing with steganography is that a middle attacker is unaware of the fact that the observed information contains concealed information. The main idea about steganography is that information to be transmitted is not visible to naked eye. The method proposed is specifically for e-commerce but can easily be extended for manual shopping.
1.2 PROBLEM STATEMENT
The e-commerce platform, like all other sectors that heavily utilize internet technology for its operations, is challenged by security issues. Users and businesses, small or big, face this challenge of securing their payment processes both during transmission and at the online merchant side.
Traditionally, payment has always been made sent from the client side (User) to the e-commerce servers, where the payment details are retrieved and then user is billed accordingly.
Here, the problem is that most times, card details may likely be easily intercepted by malicious attackers’ midway before the card details get to the servers side. This type of attack is regarded as Man-in-the-middle attack. The secured web-based e-payment system therefore addresses this problem.
1.3 AIM AND OBJECTIVES OF THE STUDY
This thesis is aimed at development of a secured web-based e-payment gateway integrating image-based steganography encryption that will help eliminate any interception midway by a malicious attacker of payment details of clients for payment of goods purchased.
The objectives of the thesis include the following:
1. To identify the relevant data needed to develop a secured web-based e-payment system.
2. To develop an algorithm that will enable a user login so as to have access to the encrypted payment platform which encrypts the payment details using Advance encryption standard.
3. To implement the algorithm in (2 above) using HTML, JAVASCRIPT and PHP for the client side and MySQL for the backend.
4. To develop an algorithm that will enable the administrator have access to the e-commerce server for payment details decryption and retrieval using Advance Encryption Standard.
5. To implement the algorithm in (4 above) using HTML, JAVASCRIPT and PHP for the Administrator side and MySQL for the backend.
6. To integrate the two modules for the effective operation of the system.
7. To test the system using a local remote server (XampSever).
1.4 JUSTIFICATION OF THE STUDY
Over the years, there has been numerous examples of executed projects on e-payment systems, but only a few literatures has given attention on the security of data (payment details) during transaction which was not properly addressed. And also, almost all the systems were implemented incorporating cryptography encryption which when data is transmitted, an intruder will be aware that there is a hidden message which might prompt him/her to attack. Based on these reasons, we decided to develop and implement an e-payment system that will solve the problem of insecurity of payment details during online transactions.
1.5 SCOPE OF THE STUDY
The study focuses on developing a secured web-based e-payment system integrating image based steganography encryption for online shopping and it is specifically for payment purpose only.
Login To Comment