Pinki Prakash Vishwakarma1*, Amiya Kumar Tripathy2, 3, Srikanth Vemuru1

1 Department of Computer Science and Engineering, Koneru Lakshmaiah Education Foundation, Andhra Pradesh, India
2 Department of Computer Engineering, Don Bosco Institute of Technology, Mumbai, India
3 School of Science, Edith Cowan University, Perth, Australia


Download Citation: |
Download PDF


ABSTRACT


Since the evolution of m-commerce, security and entrustment of digitized transactions have become of captious concern to financial institutions. Card information hacking has caused money losses around the world, therefore it is imperative for financial institutions to get rid of such losses. Currently, the number of mobile payment schemes have been purposed but primarily the schemes aim attention at transaction security, fraud detection and prevention, not on data at rest encryption in mobile payments. Therefore, this work aims attention to encrypt sensitive static data residing at database server in mobile payments. Data at rest is the static data i.e., card details of the users which resides at the server. It is essential to ensure that the sensitive data of the payment users stay protected so as to prevent the adversaries looking for unauthorized access to the data. The encryption of data at rest is accomplished at the database level in this work. Cryptography is increasingly being used to combat against the security of sensitive data to guarantee data confidentiality and data integrity. In this work a cryptosystem is proposed which describes the management of cryptographic keys of the sensitive data at rest, in a mobile payment system with symmetric cryptographic implementation, the keys involved are identical for both encrypting and decrypting the sensitive data.


Keywords: Data confidentiality, Integrity, Encryption, Key management, Mobile payments.


Share this article with your colleagues

 


REFERENCES


  1. Bhatia, T., Verma, A.K. 2017. Data security in mobile cloud computing paradigm: a survey, taxonomy and open research issues, The Journal of Supercomputing, 73, 2558–2631. https://doi.org/10.1007/s11227-016-1945-y

  2. Gugelmann, D., Studerus, P., Lenders, V., Ager, B. 2015, July-Aug. Can Content-Based data loss prevention solutions prevent data leakage in Web Traffic?, in IEEE Security & Privacy, 13, 52–59.

  3. Huang, Y.L., Leu, F.Y., Dai, C.R. 2012. A secure data encryption method by employing a feedback encryption mechanism and Three-Dimensional operation. In: Quirchmayr G., Basl J., You I., Xu L., Weippl E. (eds) Multidisciplinary Research and Practice for Information Systems. CD-ARES 2012. Lecture Notes in Computer Science, 7465. Springer, Berlin, Heidelberg.

  4. Inside Secure. 2009 May. Securing mobile payments, white paper. Available at https://www.insidesecure.com/ content/download/1133/13650/file/Securing%20Mobile-Payments.pdf

  5. Javidan, R., Pirbonyeh, M.A. Nov, 2010. A new security algorithm for electronic payment via mobile phones, 2010 3rd International Symposium on Applied Sciences in Biomedical and Communication Technologies (ISABEL 2010), Rome, 7–10, 1–5.

  6. Kadambi, K.S., Li, J., Alan, H. Karp, 2009, August. Near-field communication-based secure mobile payment service, ICEC '09 Taipei, Taiwan, 12–15, 142–151.

  7. Moulds, R. 2007, July. The key to widespread data encryption, Computer Fraud and Security, 2007, 18–20.

  8. Muslukhov, I., Sun, S.-T., Wijesekera, P., Boshmaf, Y., Beznosov, K. Oct, 2016. Decoupling data-at-rest encryption and smartphone locking with wearable devices, Pervasive and Mobile Computing, 32, 26–34.  net.2020.107118.

  9. Nosrati, L., Bidgoli, A.M. May, 2016. A review of mobile banking security, 2016 IEEE Canadian Conference on Electrical and Computer Engineeri,ng (CCECE), Vancouver, BC, 15–18, 1–5.

  10. Nxumalo, Z.C., Tarwireyi, P., Adigun, M.O. Oct, 2014. Towards privacy with tokenization as a service, 2014 IEEE 6th International Conference on Adaptive Science & Technology (ICAST), Ota, 29–31, 1–6.

  11. PCI Security Standards Council, 2010, October. Understanding the payment card industry data security standard version 2.0, PCI DSS quick reference guide.

  12. Setiadi, D.R.I.M., Faishal Najib, A., Rachmawanto, E.H., Atika Sari, C., Sarker, K., Rijati, N. 2019. A comparative study MD5 and SHA1 algorithms to encrypt REST API authentication on Mobile-based application, 2019 International Conference on Information and Communications Technology (ICOIACT), Yogyakarta, Indonesia, 206–211. doi: 10.1109/ ICOIACT46704. 2019. 8938570.

  13. Shabtai, A., Elovici, Y., Rokach, L. 2012. A survey of data leakage detection and prevention solutions, Springer-Verlag New York Incorporated.

  14. Shah, S.Y., Paulovicks, B., Zerfos, P. Dec, 2016. Data-at-rest security for spark, 2016 IEEE International Conference on Big Data (Big Data), Washington, DC, 5–8, 1464–1473.

  15. Stilgherrian, June 18, 2015. Encrypting data at rest is vital but it’s just not happening, ZDNet.

  16. Storage Networking Industry Association (SNIA) Storage Security Industry Forum, 2009. Solutions guide for data-at-rest.

  17. Sultan, A., Elankayer, S., Vallipuram, M. 2016. A survey on data leakage prevention systems. Journal of Network and Computer Applications, 62, 137–152. https://doi.org/ 10.1016/j.jnca.2016.01.008.

  18. Tabrizchi, H., Rafsanjani, M.K. February, 2020. A survey on security challenges in cloud computing: issues, threats, and solutions. The journal of supercomputing (2020). https://doi.org/10.1007/s11227-020-03213-1.

  19. Turban, E., King, D., Lee, J.K., Liang, TP., Turban, D.C. 2015. Electronic Commerce Payment Systems. In: Electronic Commerce. Springer Texts in Business and Economics. Springer, Cham, 519–557, https://doi.org/10.1007/978-3-319-10091-3_11.

  20. Vishwakarma P.P., Tripathy A.K., Vemuru S. 2018. The Fact-Finding security examination in NFC-enabled mobile payment system. International Journal of Electrical and Computer Engineering (IJECE). 8, 1774 – 1780. DOI: 10.11591/ijece. v8i3.pp1774–1780.

  21. Vishwakarma, P., Tripathy, A.K., Vemuru, S. Dec, 2016. A hybrid security framework for near field communication driven mobile payment model, International Journal of Computer Science and Information Security, USA, 14, 337–348.

  22. Vishwakarma, P.P., Tripathy, A.K., Vemuru, S. 2018. A layered approach to fraud analytics for NFC-Enabled mobile payment system. In: Negi A., Bhatnagar R., Parida L. (eds) Distributed Computing and Internet Technology. ICDCIT 2018. Lecture Notes in Computer Science, 10722. Springer, Cham.

  23. Wang, C., Wang, Y., Chen, Yingying, Liu, Hongbo, Liu, J. 2020. User authentication on mobile devices: Approaches, threats and trends, Computer Networks, Volume 170, 107118, ISSN 1389–1286, https://doi.org/10.1016/j.com

  24. Zaw, T.M., Thant, M., Bezzateev, S.V. 2019. Database security with AES encryption, Elliptic Curve Encryption and Signature, 2019 Wave Electronics and its Application in Information and Telecommunication Systems (WECONF), Saint-Petersburg, Russia, 1–6. doi: 10.1109/ WECONF.2019.8840125.


ARTICLE INFORMATION


Received: 2020-03-31
Revised: 2020-08-21
Accepted: 2020-09-26
Available Online: 2020-12-01


Cite this article:

Vishwakarma, P.P., Tripathy, A.K., Vemuru, S. 2020. Designing a cryptosystem for data at rest encryption in mobile payments. International Journal of Applied Science and Engineering, 17, 373–382. https://doi.org/10.6703/IJASE.202012_17(4).373

  Copyright The Author(s). This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are cited.