Online Payment System using

Steganography and Visual

Cryptography

Under the esteemed guidance of

Mr.K. SAI BHARATH , M.tech
Asst.Proffessor
CSE DEPT.
YOGANANDA INSTITUTE OF TECHNOLOGY AND SCIENCE
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
(Approved by AICTE, New Delhi & Affiliated to JNTUA, Anantapur)

2011-2015
Abstract
 This paper presents a new approach for providing limited
information only that is necessary for fund transfer during
online shopping thereby safeguarding customer data and
increasing customer confidence and preventing identity theft.
A cryptographic technique based on visual secret sharing used
for image encryption. Using k out of n (k, n) visual secret
sharing scheme a secret image is encrypted in shares which are
meaningless images that can be transmitted or distributed over
an un trusted communication channel. Only combining the k
shares or more give the original secret image. Phishing is an
attempt by an individual or a group to thieve personal
confidential information such as passwords, credit card
information etc from unsuspecting victims for identity theft,
financial gain and other fraudulent activities The use of images
is explored to preserve the privacy of image captcha by
decomposing the original image captcha into two shares that
are stored in separate database servers such that the original
image captcha can be revealed only when both are
simultaneously available; the individual sheet images do not
reveal the identity of the original image captcha. Once the
original image captcha is revealed to the user it can be used as
the password. Several solutions have been proposed to tackle
phishing.
 INTRODUCTION

 In Online shopping the issue of purchase order through

electronic purchase request, filling of credit or debit
card information.

 Identity theft or phishing are the common threats to

online shopping.

 Identity theft is the stealing of someone’s identity in

the form of personal information and misuse.
 A new method is proposed, that uses text based steganography and visual
cryptography, which minimizes information sharing between consumer and
online merchant but enable successful fund transfer , thereby
safeguarding consumer information and preventing misuse.

 Steganography is the art of hiding of a message within the image, called

the cover
 Existing system

 A customer authentication system using visual

cryptography is presented , but it is specifically
designed for physical banking.

 A signature based authentication system for core

banking is proposed in but it also requires physical
presence of the customer presenting the share.

 A biometrics in conjunction with visual cryptography is

used as authentication system
 Disadvantages of Existing System

 Does not provide a friendly environment to encrypt or decrypt the data

(images).

 Not suitable for online payments

 It is expansive of Using biometrics

 Proposed System

 Proposed System, Visual Cryptography (VC), technique based on

visual secret sharing used for image encryption.
 A new method is proposed, that uses text based steganography and
visual cryptography, which minimizes information sharing between
consumer and online merchant.
 For phishing detection and prevention, we are proposing a new
methodology to detect the phishing website.
 Our methodology is based on the Anti-Phishing Image Captcha validation
scheme using visual cryptography. It prevents password and other
confidential information from the phishing websites.
 Cryptographic technique:(2, 2)- Threshold VCS scheme,(n, n) -Threshold
VCS scheme, (k, n) Threshold VCS scheme are used in this proposed
system.
 Advantages Of Proposed System

 Our methodology is based on the Anti-Phishing Image Captcha validation

scheme using visual cryptography.

 It prevents password and other confidential information from the phishing

websites.

 For phishing detection and prevention, we are proposing a new

methodology to detect the phishing website.
System Architecture
Proposed payment method
Algorithms
 Encoding
 First letter in each word of cover message is taken
 􀂃 Representation of each letter in secret message by its
 equivalent ASCII code.
 􀂃 Conversion of ASCII code to equivalent 8 bit binary
 number.
 Division of 8 bit bin Choosing of suitable letters from table 1
corresponding
 to the 4 bit parts.
 Meaningful sentence construction by using letters
 obtained as the first letters of suitable words.
 􀂃 Omission of articles, pronoun, preposition, adverb,
 was/were, is/am/are, has/have/had, will/shall, and
 would/should in coding process to give flexibility in
 sentence construction.ary number into two 4 bit parts.
Modules

1.Embedding text on the image

2. Encoding
3. Decoding Steps
5. Customer Authentication
6. Certification Authority Access
7. Final Authenticated Information Results:
1.Embedding text on the
image
 In this module, Steganography uses characteristics of English language
such as inflexion, fixed word order and use of periphrases for hiding data
rather than using properties of a sentence.

 This gives flexibility and freedom from the point view of sentence
construction but it increases computational complexity.
 2. Encoding
 Representation of each letter in secret message by its equivalent ASCII
code.
 Conversion of ASCII code to equivalent 8 bit binary number.
 Division of 8 bit binary number into two 4 bit parts.
 Choosing of suitable letters from table 1 corresponding to the 4 bit parts.
 Meaningful sentence construction by using letters obtained as the first
letters of suitable words.
 Encoding is not case sensitive.
 3. Decoding Steps

 First letter in each word of cover message is taken and represented by

corresponding 4 bit number.
 4 bit binary numbers of combined to obtain 8 bit number.
 ASCII codes are obtained from 8 bit numbers.
 Finally secret message is recovered from ASCII codes.
5. Customer Authentication

 Customer unique authentication password in connection

to the bank is hidden inside a cover text using the text
based Steganography method.
 Customer authentication information (account no) in
connection with merchant is placed above the cover
text in its original form.
 Now a snapshot of two texts is taken. From the
snapshot image, two shares are generated using visual
cryptography.
 Now one share is kept by the customer and the other
share is kept in the database of the certified authority.
 6. Certification Authority Access
 During shopping online, after selection of desired item and adding
it to the cart, preferred payment system of the merchant directs
the customer to the Certified authority portal.
 In the portal, shopper submits its own share and merchant submits
its own account details. Now the CA combines its own share with
shopper’s share and obtains the original image.
 From CA now, merchant account details, cover text are sent to the
bank where customer authentication password is recovered from
the cover text.
 7. Final Authenticated Information
Results:
 Customer authentication information is sent to the merchant by CA.
 Upon receiving customer authentication password, bank matches it with
its own database and after verifying legitimate customer, transfers fund
from the customer account to the submitted merchant account.
 After receiving the fund, merchant’s payment system validates receipt of
payment using customer authentication information.
Hardware & software
requirements

Hardware requirements

 Processor - Intel I3
 Speed - 1.80 ghz
 RAM - 4gb
 Storage Disk - 500gb
Software requirements

 Platform : Windows 7
 Programming Environment: JAVA 6
 HttpServer : Tomcat 6
 Design : HTML,Jsp,JavaScript.
 Server side Script : Java Server Pages.
 BackEnd : Oracle 10
 UML
Diagrams
Class diagram
User Authenticate
Registration
+uid: integer +uid: integer
+accountno: integer +uname: String
+password: integer +uname: String
+address: String +password: integer
+uid: integer +e_id: String
+uname: String +authenticate()
+signIn()
+register()

TBSteg
+password: integer
+text-c: String
+sentence: String
+encode()
+decode()

Encode
Decode
+ascii: integer
+binary: integer +ascii: integer
+accountno: integer +binary: integer
+accountno: integer
+toBinary()
+toASCII() +toASCII()
+to8bits() +toBinary()
+to4bits() +to4bits()
+numberAssignment() +to8bits()
+numberAssignment()

Steg Shares

+text: String +image: String

+image: String +share1: integer
+share2: integer
+extract()
+split()
+merge()
Object Diagram Kim, Hyunsoo
User Kim,
Authenticate
Keehyun
Kim,
Registration
Jeongil
+uid: 101 +uid: 101
+accountno: 12345666 +uname: "kala"
+uid: 101 +uname: "kala"
+address: "tpt" +password: *****
+uname: "kala" +e-id: kala@gmail.com

Kum,
TBSteg
Deukkyu
+password: ******

Lee,Encode
Jangwoo Lee,
Decode
Minkyu
+ascii: 7 +ascii: 7
+binary: 0111 +binary: 0111
+accountno: 12345666 +accountno: 12345666

Bae, Rankyoung
Shares
Lim,Steg
Heejin
+share1: 12345666
+text: 010110100 +share2: *******
Component Diagram

<<component>>
User <<component>>
<<component>>
Registration Authenticate

<<component>>
TBSeg

<<component>>
<<component>> Decode
Encode

<<component>> <<component>>
Steg Shares
Deployment Diagram

Registration User Authenticate

TBSteg

Encode Decode

steg Shares
Usecase Diagram

authenticate

Merchant
register user given some details to merchant

accountno

User

tbsteg CA

split

merge

result
bank
Interaction Diagram
1.Sequence Diagram
Decode Steg Shares
User Registration Authenticate TBSeg Encode

1 : signIn()
2 : register()
3 : authenticate()
4 : encode() 5 : toBinary()

6 : to8bit()

7 : to4bit()

8 : decode()

9 : to4bit()

10 : to8bit()

11 : extract()

12 : merge()

13 : result()
2.Collaboration Diagram
1 : register() 2 : authenticate()
Registration User Authentication

3 : convert()

TBSteg

7 : to8Bit()
4 : to8Bit()

5 : toASCII() 8 : toASCCI()

Decode
Encode

9 : to4Bit()
6 : to4Bit()
11 : extract()
10 : extract()

12 : split()
Shares
Steg
13 : merge()
Statechart Diagram
user give accountno & some details to the merchant
User authenticate Merchant

here user given authentication password changed to text binary format

TBSeg

image

accountno & user authentication password

CA contain accountno & password

CA
where mechant give accountno to the CA

CA checks accountno and transfer to bank

Bank

result
Activity Diagram

User Merchant CA Bank

user submitted only minimum

information to the merchant
i.e.accountno,uid ,uname not password merchant submitted accountno to the CA

merchant CA
User

CA contain image formate

Authenticate image result

image contains accountno and covetext

Enter accountno and password accountno

yes
user authentication password
TBSteg

no

CA checks accountno matched or not

 CONCLUSION

In this paper, a payment system for online

shopping is proposed by combining text based
Steganography and visual cryptography that provides
customer data privacy and prevents misuse of data at
merchant’s side. The method is concerned only with
prevention of identify theft and customer data security.
In comparison to other banking application which uses
Steganography and visual cryptography , are basically
applied for physical banking, the proposed method can
be applied for E-Commerce with focus area on payment
during online shopping as well as physical banking.
Thank You
“