Computer Communications 153 (2020) 125–134

Contents lists available at ScienceDirect

Computer Communications
journal homepage: www.elsevier.com/locate/comcom

Enhancement of e-commerce security through asymmetric key algorithm

Dijesh P. a ,∗, SuvanamSasidhar Babu b , Yellepeddi Vijayalakshmi c
a
Department of Computer Science, Bharathiar University, Coimbatore, Tamilnadu, India
b
School of Computing and Information Technology, Reva University, Bengaluru, 560064, India
c
Department of CSE, Karpagam University, Coimbatore, Tamilnadu, India

ARTICLE INFO ABSTRACT

Keywords: Electronic commerce offers reduced transaction costs and much convenient mode of business to all over global
E-commerce security consumers. This paper explains asymmetric methods which uses electronic commerce transactions and other
Encryption assisted algorithms of cryptography that are important in set up of electronic commerce working. This study
Decryption
explains the essential security problems in electronic commerce. To avoid the issues of security certain secure
RSA algorithm
conditions must be followed which offers sufficient security to transaction data for every entity in transaction
Fernet cipher algorithm
of electronic commerce. In this study a multi-layer encryption algorithm namely RSA encryption algorithm
and Fernet cipher encryption algorithm is proposed based on security. Multi-layer encryption algorithm is
used to construct a sophisticated and complex approach of encryption. This algorithm integrates the strength
of several techniques of encryption at the same time. This study reveals how much safe consumer and payment
data order will be managed effectively by security-based approaches. Encryption technique discussed in this
study is the major technique to make the transaction over internet secure. A better technology of encryption can
decrease the fraudlent activities easily and effectively. This study proposes a multi-layer encryption algorithm
and implemented it in order to enable delivery of messages through network in a secure way. This study will
be helpful to control the decryption and encryption with the use of private and public key of receiver and
sender.

1. Introduction out online transactions, electronic commerce has not been capable
to accomplish its full importance. Several customers refuse to carry
With the development of online technology, an establishment is out internet transactions and associate that to lack of fear or trust
now existing i.e. electronic commerce based on the technology of for their personal data. The online transaction needs customers to
multimedia and network. It arranges operation through online sites mention their sensitive personal data to vendor placing themselves at
which is known as open public network i.e. efficient to run differ- essential hazard. Understanding the trust of customer is important for
ent methods of electronic business process. Electronic commerce is the continuing growth of electronic commerce [3]. Rathi and Gupta
an online trade of business which offers secured trade in electronic [4] have stated that the security of electronic commerce has their
commerce form. The security of web service plays an essential part in own definite distinctions and is one of the biggest noticeable security
such methods of business. Security is the major problem on internet components that influences end users through their day-to-day payment
to develop electronic commerce [1]. Security is on the mind of every communication with businesses. Electronic commerce security is the
electronic commerce entrepreneur who stores, interacts or solicits any security of electronic commerce properties from illegal access, modi-
data that may be sensitive if lost. Any business that intends to gain fication, use or destruction. The electronic security dimensions are non
competitive advantage over other business must acquire a comprehen- repudiation, integrity, confidentiality, privacy, availability and authen-
sive policy of security in discussion with distributors, suppliers and ticity. Patro et al. [5] has stated that non repudiation is the deterrence
partners that offer secure surroundings for electronic commerce based against a single party from another party reneging on a contact after
activities [2]. Due to the rise in warnings by media from privacy the circumstance. Integrity is the deterrence against illegal change of
and security breaches like financial fraud and identity theft and the information. The protection against illegal revelation of information
extended awareness of internet consumers about the threats of carrying is known as confidentiality whereas privacy is the delivery of data

Abbreviations: RSA, Rivest Sharmir Adleman; PKE, Private Key Encryption; PKC, Private Key Cryptography; IFP, integer factorization problem; DLP, Discrete
Logarithm Problem; PGP, Pretty Good Privacy; ECC, Elliptic Curve Cryptography; CPK, Cryptographic Public Key; PKI, Public Key Infrastructure; AES, Advanced
Encryption Standard; MD5, Message Digest-5; MAC, Message Authentication Code; SHA, Secure Hash Algorithm
∗ Corresponding author.
E-mail addresses: [email protected] (P. Dijesh), [email protected] (S. Babu), [email protected] (Y. Vijayalakshmi).

https://doi.org/10.1016/j.comcom.2020.01.033
Received 28 May 2019; Received in revised form 13 August 2019; Accepted 17 January 2020
Available online 31 January 2020
0140-3664/© 2020 Published by Elsevier B.V.
P. Dijesh, S. Babu and Y. Vijayalakshmi Computer Communications 153 (2020) 125–134

Fig. 1. Major issues in e-commerce industry.

Source: TestingExperts, 2019.

control and disclosure. The deterrence against data delays or removal mentioned that the schemes of digital signature allows a signer who
is known as availability whereas authentication is the authentication has set up a public key to sign a message such that other party can
of data source. The below Fig. 1 shows the major issues in electronic assure that the originated message from signer was not changed in
commerce industry: any way. Similarly Kamalakannan and Tamilselvan [15] has stated
To resolve the security issues in electronic commerce Secure Elec- that Elgamal cryptosystem is used on the criticality of the discrete
tronic transaction, message digest, symmetric key encryption and asym- logarithm issue for limited fields and the system is easy for sender and
metric key encryption techniques are used. Secure Electronic Transac- receiver in operations of cryptography. Elliptic curve cryptograph offers
tion is an extensive protocol of security which uses cryptography to powerful security and effective performance than other asymmetric key
offer confidentiality of data, assure integrity of payment and enable encryption algorithms [16]. Thus, security in transaction is essential in
authentication of identity. It depends on digital certificate, cryptogra- electronic commerce and security over internet is an essential problem
phy and authentication by messages of text to assure data security and which must be taken care seriously. This study describes the security
confidentiality [6]. Illayaraja et al. [7] has mentioned that Symmetric in electronic commerce through asymmetric key algorithm.
key encryption is also referred as private key encryption (PKE) and
private key cryptography (PKC). The same key is employed for message 2. Literature review
decryption and encryption. The symmetric key encryption is known
as secret and the encryption technique have 2 issues. The 1st issue is Kuppuswamy and Al-Khalidi [17] proposed a study on securing
simple symmetric encryption employed which not offers good security the business of electronic commerce using Hybrid combination based
of data and 2nd issue is to interchange secret key. Suguna et al. [8] on RSA algorithm and new symmetric key. In security, electronic
has mentioned that the Public Key Cryptography or Asymmetric key commerce is becoming much interesting as the transformation from
encryption is a set of keys employed for the decryption and encryption transactions and traditional shopping pass away from traditional to
process namely Public key for encryption and private or secret key online stores. Electronic commerce has made a huge influence on
for decryption. To encrypt the text public key is used and to decrypt worldwide economy and has enhanced over years quickly into trillions
the encrypted text private key is used. The Public Key Cryptography of dollars every year. Securing payment with application of web users’
depends upon the existence called mathematical function or one way and the systems of application needs an integration of physical, tech-
functions’. Garg and Yadav [9] has stated that the Public Key Cryp- nical and managerial controls. A hybrid cryptosystem is suggested in
tography allows to exchange messages safely that the user who has no this study that integrates both the RSA algorithm and symmetric key
pre-existing security arrangement. Here the private key never be shared algorithm. The effectiveness of security methods are distinguished and
or transmitted, all the communications are through the public keys. such capability rises as security methods are integrated with each other.
Asymmetric encryption is the technological revolution that provides the Shetty, ShravyaShetty and Krithika [18] stated in their research that
strong cryptography. cryptography is employed to make secure and safe exchange of data
The asymmetric key algorithms used for electronic commerce secu- over networks. For cryptography the chosen algorithm must meet the
rity enhancement are RSA algorithm, digital signature, Diffie Hellman, situations of confidentiality, non-repudiation, integrity and authentica-
ElGamal and Elliptical curve cryptography algorithm. According to tion. The deterrence of data from illegal contact is the major factor
Kaur et al. [10] in asymmetric key encryption RSA is the vastly used in the field of cryptography. There are several cases where a safe file
algorithm. The plain and cipher text are numbers between 𝑛 − 1 and transmission is needed for example in banking transactions, electronic
0 in a block cipher for certain n is known as RSA algorithm. A typical shopping etc. The asymmetric key cryptography namely ElGamal and
size of n is 309 decimal digits or 1024 bits. The block size must be RSA algorithm, also known as public key cryptography. In this study
similar or less than log2(n). The value must be known by the sender two asymmetric algorithms namely El gamal and RSA algorithm are
and the d value must be known by the receiver. The RSA is used by reviewed.
receiver with their secret or private key to decrypt the message and According to the study of Arora and Pooja [19] cryptography is
for recovery of session key [11]. Kumar and Vincent [12] have stated produced to create secure transmission of data over networks. For
that Diffie Hellman is one of the first public key processes and is a cryptography the algorithm chosen must fulfill the conditions of con-
way of exchanging the keys of cryptography securely. In Diffie Hellman fidentiality, non-repudiation, integrity and authentication. This study
algorithm the receiver and sender make a similar secret key and they designs an algorithm to combine both ElGamal and RSA algorithm
initiate communicating with each other over public channel which is to offer users with a greater data security level. The enhanced RSA
known to all. The Diffie Hellman algorithm is based on the fact that algorithm enables rapid decryption and encryption process and pro-
it is simple to estimate the integer powers in a finite field and it is ducing private and public key rapidly than original RSA algorithm. The
difficult to evaluate the discrete logarithms [13]. Shi et al. [14] has enhanced cryptosystem of RSA is used on integer factorization problem

126
P. Dijesh, S. Babu and Y. Vijayalakshmi Computer Communications 153 (2020) 125–134

(IFP) while the ElGamal cryptosystem is used on Discrete Logarithm cryptography and that assists with the security of electronic commerce.
Problem (DLP). This model performs based on integrating the problem This research has been designed for securing transactions of electronic
of Discrete Logarithm and Integer Factorization. commerce using the algorithm of PKE (public key encryption) based on
In the research of Kallam [20] key exchange is a strategy in cryp- discrete logarithms in finite groups or integer factorization.
tography by which cryptographic keys are exchanged between 2 gath- According to the study of Ahmad and Alam [25] electronic com-
erings and those keys are used as a part of certain cryptographic merce is regarded as an outstanding alternative, reduced transaction
algorithms like Advanced Encryption Standard. Using those keys, the costs and much accessible approach of business to all over the global
recipient and sender exchange encrypted messages public key cryp- customers. Several asymmetric methods which employ secure elec-
tography provides a secured strategy to exchange secret keys. The tronic transactions of electronic commerce and other algorithms of
major exchange problem is the means by which gatherings exchange cryptography are the major attractions in the setup of e-commerce. In
the data or keys in a channel of communication so that nobody else this study a framework of electronic transaction based on PGP (Pretty
other than recipient or sender can acquire those. This study presents Good Privacy) and Elliptical curve cryptography is proposed. It will
Diffie Hellman key exchange a process which is one of the first PKC describe how much secured consumer and payment data order will
(public key cryptographic) protocols employed to construct a private or be managed effectively by pretty good privacy based on dual digital
secret key between two gatherings over a frail channel. Diffie Hellman signature.
is proper for usage in communication of information however it is used Rane [26] proposed a study on services provided by digital signa-
less frequently for storage of information or archived over a long period tures in electronic commerce. The digital signature is generated for the
of time. aim of transmitting the actual information without any alterations. The
According to the study of Nwoye [21] electronic commerce has service of digital signature may perform as application of web server on
provided a new way of performing transactions all over the globe using users or client system. The client can pass documents to server as well
website. This success of electronic commerce relies highly on how its as acquire back relevant document or vice versa. The core specifications
IT is used. Every firm needs to assure that its electronic commerce of digital signature assure the basic elements and protocols which
data is secured. There is a requirement for electronic commerce in- are adopted to base the particular use cases in the profiles of digital
formation transmitted through internet and computer networks to be signature services. The study is carried out in the field of electronic
secured. Amongst users are hackers that undertaken identity theft and commerce and particularly digital signature has been used in electronic
credit card fraud in several ways facilitated by bad online security. commerce field. Some authors have already initiated researching on
Electronic commerce is slowly resolving security problems on their digital signature to assure message integrity as it supports in assuring
internal networks but protection of security for customers is still in its whether actual messages is transmitted or not the factor of integrity
development stage thus posing a challenge to the growth of electronic supports in assuring the message accuracy that is exchanged between
commerce. The technology solution suggested for solving this issue two parties through unsecured modes.
of security is the RSA cryptosystem. This study focuses of securing In the study of Shaikh et al. [27] the customer percentage using
electronic commerce data sent through internet and computer network e-commerce is developing rapidly and the transaction security of elec-
using RSA cryptography. tronic commerce is a major concern for electronic commerce sites along
Jain and Kapoor [22] proposed secure communication using RSA with their customers. The basic needs for any electronic commerce
algorithm for network environment. In network environment secure transaction are authentication, privacy, non-repudiation and integrity.
communication is an essential need to access remote sources in an To satisfy the electronic commerce security needs RSA cryptography
efficient and controlled way. For authentication and validation in elec- algorithm is used widely. Due to the limitations of RSA algorithm a new
tronic commerce and electronic banking transactions, digital signature public key cryptographic scheme referred as elliptic curve cryptography
using public key cryptography is used extensively. To manage confi- is developing a better choice for RSA. In this study ECC (elliptic
dentiality Digital Envelope which is the integration of signature and curve cryptography) performance system is investigated in terms of
message which is encrypted is used with symmetric key encryption. computation time taken by elliptic curve when employed for elliptic
This study has developed a hybrid approach using asymmetric and curve cryptography application. This study describes by comparing how
symmetric key cryptography. It also involves message authentication elliptic curve cryptography is good than traditional RSA.
code to manage message integrity. Therefore the proposed method will According to the study of Halim et al. [28] security of classified
not only support to manage authentication and confidentiality of user or sensitive information from unauthorized access, other personals and
and message but data integrity too. hackers is virtue. Data storage is performed in devices such as external
In the research of Jaju and Chowhan [23] digital signature has hard disk, USB, I-pad, laptops or at cloud. Cloud computing presents
been offering security services to secure electronic transaction. RSA with both pros and cons. However storing data raises the hazards of
algorithm was employed vastly to provide methods of security for being attacked by hackers. Besides the hazard of being stolen or losing
several applications namely transfer of electronic funds, electronic device is raising in storage case in portable devices. There are array of
mails exchange of electronic data, distribution of software, storage of communication medium and electronic mails used to send information
data, e-commerce and secure access of internet. In order to involve or data but these techniques exist along with serious drawbacks such
cryptosystem of RSA proficiently in several protocols it is wished to as confidentiality absence where message sent can be changed and
plan rapid decryption and encryption operations. This study explains sent to recipient. An e-mail authentication is proposed in this study
a systematic examination of RSA and its different digital signature namely hybrid encryption system. The hybrid encryption standard is
schemes. secured using asymmetric and symmetric key algorithm. The asymmet-
In the research of Fernando et al. [24] e-commerce is a huge benefit ric algorithms are RSA and symmetric algorithm is Advance Encryption
which helps them to develop on operations of supply chain, step into Standard.
new markets, developed service of customers, simple operations with Liu et al. [29] has mentioned that online communication technique
customers as well as suppliers. As a business when they enter into in real time has become essential in modern business applications. It
electronic commerce they required to secure their online transactions permits users to connect simply with business partners over internet
securely with trusting problems and privacy safeness that exists with through the lens of camera on digital tools. In spite of the fact that users
different kinds of intruders. This study will be discussing about the can confirm and recognize the identity of person in front of camera;
significance of electronic commerce security, various kinds of protocols, they cannot assure the message authenticity between the partners of
public key infrastructure, certificate based cryptography and digital communication. To secure confidential messages it is important to
signature using biometric cryptography and using techniques that are in set up a secure channel of communication between users. This study

127
P. Dijesh, S. Babu and Y. Vijayalakshmi Computer Communications 153 (2020) 125–134

suggests a RSA cryptosystem biometric to protect real time interaction

in business. This study generates a CPK (cryptographic public key)
based on biometric user information without using PKI (public key
infrastructure) and set up a secured public network channel.
Matte et al. [30] has mentioned that in nowadays world the need for
securing electronic commerce is on a huge demand. It involves privacy
of electronic commerce transaction, authentication, maintenance of its
non-repudiation and integrity. These are essential problems in nowa-
days time for trade which is taken over internet through the means
known as electronic commerce. This study discusses about different
techniques known as cipher approach that develops the key exchange
of Diffie Hellman using truncated polynomial to issue of discrete loga-
rithm that develops the electronic commerce transaction security which
rules over internet. It also comprises algorithms namely AES and MD5
where MD5 is an asymmetric key algorithm and AES is a symmetric
key algorithm.
Table 1 shows the reviews of e-commerce security using asymmetric
key algorithm:

3. Design of the system

This part describes the design of an e-commerce security using

asymmetric key algorithm. Security plays an essential part in
e-commerce web services because security is the major problem faced
by all users nowadays. This study proposes an algorithm and imple-
ments an approach for the encryption and decryption of message.
The traditional methods implement a single layer of encryption to the
messages which is sent through the network. The approach used in this
study is the multi-layer encryption algorithm which makes the delivery
of messages through network in a secure way. The below Fig. 2 shows
the proposed system flow diagram:
From the above flow diagram, the proposed system uses two types
of encryption in two different layers. The first layer of encryption
is applied using RSA encryption algorithm and the second layer of
encryption is applied using Fernet cipher encryption algorithm. The
Fig. 2. Proposed flow diagram.
message is passed initially and gets encrypted by RSA algorithm and Source: Author
then the Fernet cipher algorithm is applied which is based on AES
encryption algorithm. From the RSA output the message is generated
and the last message is provided by network through receiver. This
a major plan that comprises of a 1-dimensional array of 4-byte words
encrypted message once received by the receiver is then passed through
derived using the key expansion routine. In the pseudo code the cipher
the inverse Fernet cipher algorithm which is then decrypted to the first
is explained. The algorithm for the encryption is given below with
layer and then the decrypted message is passed to the RSA algorithm pseudo code for cipher:
which decrypts it to the original message. The RSA Encryption algo- From the above Fig. 3 where ARK stands for AddRoundKey, SBT
rithm enables secret information transmission over an open channel stands for SubBytes,
without a relevant secret key shared between them. This algorithm is
used for one way functions of encryption trapdoor that can be carried 3.1.1.1. Transformation of SubBytes(). In the transformation of Sub-
out in small amount of time while their inverse function execution Bytes() the following affine transformation is applied (over GF (2)):
occurs at infinite time. 𝑥𝑛 = 𝑥𝑛 ⊕ 𝑥(𝑛+4)𝑚𝑜𝑑8 ⊕ 𝑥(𝑛+5)𝑚𝑜𝑑8 ⊕ 𝑥(𝑛+6)𝑚𝑜𝑑8 ⊕ 𝑥(𝑛+7)𝑚𝑜𝑑8 ⊕ 𝑦𝑛

3.1. Fernet cipher algorithm For 0 <= 𝑛 < 8, where 𝑥𝑛 is the 𝑛th byte bit and 𝑦𝑛 is the 𝑛th byte bit
of y byte with the value {0 1 1 0 0 0 1 1} or {3 6}. Elsewhere a prime
Fernet cipher is a symmetric method of encryption which assures on a variable represents that the variable is updated with the right side
that the encrypted message cannot be read or manipulated without value.
the key. It employs uniform resource locator secure key encoding. 3.1.1.2. Transformation of RowsShift(). The equation of the transfor-
Fernet uses 128 bit Advanced Encryption Standard in mode of CBC mation of RowsShift() is mentioned as follows:
and padding of PKCS7 with Hash based MAC (message Authentication
Code) using SHA (Secure Hash Algorithm) 256 for authentication. The 𝑧′𝐶,𝑅 = 𝑧𝑅,(𝐶+𝑠ℎ𝑖𝑓 𝑡(𝑅,𝑛𝐵))𝑚𝑜𝑑 𝑛𝐵 for 0 ≤ 𝐶 < 𝑛𝐵, for 0 < 𝑅 < 4
two parts used for the Fernet Cipher algorithm is the encryption and 3.1.1.3. Transformation of AddRoundKey(). In the transformation of
decryption of messages. The two parts are explained below in detail: AddRoundKey()an easy XOR bitwise operation is added to a round key
to state. Every round key comprises of 𝑛𝐵 words from the key schedule
3.1.1. Encryption and those 𝑛𝐵 words are added into the columns state each such that
At the initiation of cipher using conventions the input is copied to [𝑧′0,𝐶 , 𝑧′1,𝐶 , 𝑧′2,𝐶 , 𝑧′3,𝐶 ] = [𝑧0,𝐶 , 𝑧1,𝐶 , 𝑧2,𝐶 , 𝑧3,𝐶 ] ⊕ [𝑊𝑅𝑜𝑢𝑛𝑑+𝑛𝐵+𝐶 ]
state array. After an initial addition of round key, the state array is
altered by using the function of round i.e. 10, 12 and 14 times with for 0 ≤ 𝐶 < 𝑛𝐵,
the last round varying slowly from the first rounds of Nr−1. Then the In this research the Add Round key is used to encipher block data using
last state is copied to output. The round function is parameterized using several numbers of rounds

128
P. Dijesh, S. Babu and Y. Vijayalakshmi Computer Communications 153 (2020) 125–134

Table 1
Reviews of e-commerce security using asymmetric key algorithm.
S. No Author Year Algorithm used Findings of the study
1 Kuppuswamy and Al-Khalidi 2014 Symmetric key and RSA algorithm Enhance the security of other network
2 Shetty, Shravya Shetty and 2014 RSA and El-Gamal Algorithm Transmit files securely
Krithika
3 Arora and pooja 2015 RSA and El Gamal Algorithm Used over public networks for data transfer using various
keys used for decryption and encryption
4 Kallam 2015 Diffie Hellman Key Exchange Builds a mutual secret key between two gatherings and
employed for secret interaction for transforming data over
public channel
5 Nwoye 2015 RSA algorithm Secures electronic commerce data sent through internet and
computer using RSA cryptography
6 Jain and Kapoor 2015 RSA Algorithm Develops a security process comprising of integrity,
confidentiality and authentication on single platform
7 Jaju and Chowhan 2015 RSA algorithm Faster decryption and encryption processes
8 Fernando et al. 2016 Public Key Encryption algorithm Increase the performance of electronic commerce security
9 Ahmad and Alam 2016 Elliptical curve cryptography Most secure and less time engrossing and also controls entire
decryption and encryption with the support of private and
public key of receiver and sender.
10 Rane 2016 Digital Signatures Used for distribution of software along with transactions of
electronic commerce and it is much secure to detect forgery
11 Shaikh et al. 2017 RSA and Elliptic curve Helps to develop the online business rapidly.
cryptography
12 Halim et al. 2017 RSA and AES Help users to secure their valuable data documentation from
illegitimate third party user
13 Liu et al. 2018 RSA algorithm Secure the communication content
14 Matte et al. 2018 MD5 and AES Communication security is exchange information in a time
period

3.1.2. Decryption
The transformations of cipher can be decrypted and then used
in opposite order to generate a direct decrypted cipher for Fernet
cipher algorithm. The separate transformations used in decrypted ci-
pher are InvSubBytes(), InvShiftRows(), InvAddRoundKey() and In-
vMixColumns() state process are explained. The decryption algorithm
with the pseudo code is presented in Fig. 4.

3.1.2.1. Transformation of invrowsshift(). The transformation of In-

vRowsShift() initiates as follows:

𝑧′𝑅,(𝐶+𝑠ℎ𝑖𝑓 𝑡(𝑅,𝑛𝐵))𝑚𝑜𝑑𝑛𝐵 = 𝑧𝑅,𝐶 for 0 ≤ 𝐶 < 𝑛𝐵 and for 0 < 𝑅 < 4

3.1.2.2. Transformation of InvSubBytes(). The transformation of In-

vSubBytes() is the transformation of inverse substitution of byte in
which the inverse box of S is used at every state byte. This is acquired
using the affine transformation inversely() followed by acquiring the
GF multiplicative inverse (28). In the transformation the inverse S box
of InvSubBytes is presented in the below Fig. 5.

3.1.2.3. Transformation of InvMixColumns(). The transformation of In-

vMixColumns() is the transformation of MixColumns() inverse. InvMix-
Columns() performs on column by column state handling every column
as a four term polynomial. These columns are regarded as polynomials
over GF (28) and 𝑝4 + 1 modulo with 𝑓 −1 (𝑝) fixed polynomial is
presented by the equation:
Fig. 3. Cipher pseudo code.
𝑓 −1 (𝑝) = {0𝑏} 𝑝3 + {0𝑑} 𝑝2 + {09} 𝑝 + {0𝑒}

The above equation can be written as a multiplication of matrix.

3.1.1.4. Transformation of MixColumns(). The transformation of Mix- Consider
Columns() performs on column by column state handling every column
𝑧′ (𝑝) = 𝑓 −1 (𝑝) ⊗ 𝑧(𝑝) ∶
as a 4 term polynomial. As polynomials the columns are regarded over
GF (28) and multiplied with 𝑝4 + 1 modulo with 𝑓 (𝑝) fixed polynomial 3.1.2.4. Transformation of InvAddRoundKey(). The AddRoundKey() is
its own inverse since it includes only the application of XOR operation.
presented by the equation:

3.2. RSA algorithm

𝑓 (𝑝) = {03} 𝑝3 + {01} 𝑝2 + {01} 𝑝 + {02}
The first familiar algorithm referred for encryption as well as signing
The above equation can be written as a multiplication of matrix. Let us
is the RSA and it is regarded as one of the biggest growths in PKC
assume that (public key cryptography). RSA is employed in 100 s of products of
software and can be employed for digital signatures, key exchanges or
𝑧′ (𝑝) = 𝑓 (𝑝) ⊗ 𝑧(𝑝) ∶ little blocks of data encryption. RSA employs a key of variable size key

129
P. Dijesh, S. Babu and Y. Vijayalakshmi Computer Communications 153 (2020) 125–134

Fig. 4. Pseudo code for Decrypted cipher.

Fig. 5. Inverse box of S used in InvSubBytes Transformation().

and a variable size block of encryption. The set of keys is derived from 3.2.2. Decryption
huge number n i.e. the two prime numbers product selected according
to special norms and these prime numbers may be 100 or greater than
100 in length generating n with twice as several digits as major factors. M = C ^ D mod N = (M ^ e)^ D mod N = M ^ ED mod N
The steps used for the RSA Algorithm are:
The code is executed using Python Language. Python is a greater level
Step 1: The 2 prime numbers namely a and b are chosen programming language which assists to construct big scale applications
Step 2: The N is calculated N = a, b namely electronic commerce. Python will permit developers to denote
Step 3: Phi = (a−1) (b−1) their notions rapidly. Within small number of codes, the developers can
Step 4: Chose E randomly bring their notions easily so that the developers will have the right to
Step 5: Evaluate the D value such that ED = 1 (mod phi) imagine much. With the assistance of extensive library, the user can
Step 6: Public Key = (N, E) Private Key = (N, D) evolve a huge website in little number of days and it performs on
different systems. Python is highly effective with enhanced readability
3.2.1. Encryption
and as an outcome several developers tend to choose this language.
For certain cipher text C and plaintext M
Python is the perfect match for construction an electronic commerce
C = M ^ e mod N site.

130
P. Dijesh, S. Babu and Y. Vijayalakshmi Computer Communications 153 (2020) 125–134

Fig. 6. Input text.

Fig. 7. Encryption.

4. Discussion and results the frauds taking place in online nowadays. So, the main purpose of this
study is to design an electronic commerce security using asymmetric
In electronic commerce the transaction security is very important. key algorithm. Encryption technique is the major technique to make
Hesitation in security of transaction over internet is an essential prob- online transaction secure. Similarly, fraud will occur even though the
lem which must be taken care seriously. Users are happy with the encryption technique in electronic commerce is better enough to secure
web development where they can search internet and predict data the transactions of electronic commerce. This study uses multi-layer
which they require easily. However, when it comes to determine to encryption algorithm namely RSA encryption algorithm and Fernet
purchase a service or product over internet several users worry about cipher encryption algorithm. Fernet cipher encryption is much stronger
the security in transaction. Similarly, organizations also concern about than RSA algorithm when there is no requirement for communication

131
P. Dijesh, S. Babu and Y. Vijayalakshmi Computer Communications 153 (2020) 125–134

Fig. 8. Encryption and decryption — Sample 1.

Fig. 9. Encryption and decryption — Sample 2.

but RSA is also a strong tool to pass the data over wire. Thus, when encryption facilities. Fernet is ideal for data encryption that fits in
these two powerful algorithms are used together provides a good result memory easily.
to secure electronic commerce. The RSA encryption algorithm enhances The output results obtained from the proposed approach is given below:
secret information transmission over an open channel without a similar Step 1: The encryption algorithm is applied in the input text (see
secret key shared between them. This algorithm is used for one-way Figs. 6–9)
function encryption that can be implemented in a short span of time Step 2: Decryption is also undertaken in the input text (see Figs. 10 and
while their inverse function execution occurs at infinite time. RSA 11)
algorithm can be used as a block cipher because of its huge computation
Step 3: The final output of the encryption and decryption message is
overhead and it is also used for authentication of server and for
obtained (see Fig. 12)
switching a session key secretly. A generated session key with the use of
encryption based on RSA which can be employed for content encryp-
tion using SKC (symmetric key cryptography). Fernet assures that an 5. Conclusion
encrypted message using it cannot be read or manipulated without the
key. Fernet is a symmetric authenticated cryptography implementation. Satisfying needs of security is one of the most essential targets
Fernet has support for implementing key rotation through multi Fernet. for the designers of electronic commerce system security. The main
The Fernet cipher encryption algorithm offers both decryption and aim of this study is to expand the security of electronic commerce

132
P. Dijesh, S. Babu and Y. Vijayalakshmi Computer Communications 153 (2020) 125–134

Fig. 10. Encryption and decryption — Sample 3.

Fig. 11. Encryption and decryption — Sample 4.

through different asymmetric key encryption algorithms. Integrity, pri- Different applications can be constructed using asymmetric and sym-
vacy, non-repudiation and confidentiality are major dimensions of metric algorithm for developing their security. The greater the security
security to secure transactions of electronic commerce against security of system the lesser will be the opportunities of breaking into it. The
threats. Security has developed as an essential problem in the success security system future relies on algorithms which makes the intrusion
and growth of an electronic commerce firm. The proposed model in this impossible.
study focuses on certain factors namely its cost, consumption of time
and security factors. It produces several cycles and takes huge amount Declaration of competing interest
of time for data processing where the information in verification but
this study used algorithms of RSA which is time consuming and much
The authors declare that they have no known competing finan-
secure. It will handle the complete decryption and encryption process
cial interests or personal relationships that could have appeared to
with the help of private and public key of receiver and sender. This
influence the work reported in this paper.
study mainly proposes RSA encryption and Fernet cipher algorithm to
enhance the security of electronic commerce. In future for secured and Ethical approval This article does not contain any studies with human
resourceful transmission of data cryptography is an essential solution. participants or animals performed by any of the authors.

133
P. Dijesh, S. Babu and Y. Vijayalakshmi Computer Communications 153 (2020) 125–134

Fig. 12. Encryption and Decryption — Sample 5.

References [16] I. Setiadi, A.I. Kistijantoro, A. Miyaji, Elliptic curve cryptography: Algorithms
and implementation analysis over coordinate systems, in: Advanced Informatics:
[1] A. Chaudhary, K. Ahmad, M.A. Rizvi, E-commerce security through asymmetric Concepts, Theory and Applications, ICAICTA, 2015 2nd International Conference
key algorithm, in: Communication Systems and Network Technologies, CSNT, on, IEEE, 2015, pp. 1–6.
2014 Fourth International Conference on, IEEE, 2014, pp. 776–781. [17] P. Kuppuswamy, S.Q. Al-Khalidi, Securing E-commerce business using hybrid
[2] Ritu, Crytography based E-commerce security, Int. J. Adv. Res. Comput. Sci. combination based on new symmetric key and RSA algorithm, MIS Rev. Int. J.
Softw. Eng. 6 (7) (2016) 359–362. 20 (1) (2014) 59–71.
[3] M.P. Gupta, A. Dubey, E-commerce-study of privacy, trust and security from [18] A. Shetty, K. Shravya Shetty, K. Krithika, A review on asymmetric cryptography
consumer’s perspective, Transactions 37 (2016) 38. – RSA and El-Gamal algorithm, Int. J. Innov. Res. Comput. Commun. Eng. 2 (5)
[4] N.A. Rathi, S.R. Gupta, Analysis of security mechanism in E-commerce (2015) 98–105.
transaction, Int. J. Adv. Res. Comput. Eng. Technol. 5 (1) (2016) 131–134. [19] S. Arora, Pooja, Enhancing cryptographic security using novel approach based
[5] S.P. Patro, N. Padhy, R. Panigrahi, Security issues over E-commerce and their on enhanced-RSA and elamal: Analysis and comparison, Int. J. Comput. Appl.
solutions, Int. J. Adv. Res. Comput. Commun. Eng. 5 (12) (2016) 81–85. Technol. 112 (13) (2015) 35–38.
[6] P. Churi, E-commerce security with secure electronic transaction protocol: A [20] S. Kallam, Diffie-Hellman: Key exchange and public key cryptosystems, 2015,
survey and implementation, 2017, Available at https://www.researchgate.net/ Available at http://cs.indstate.edu/~skallam/doc.pdf. (Accessed on 17th January
publication/320758708_E-COMMERCE_SECURITY_WITH_SECURE_ELECTRONIC_ 2019).
TRANSACTION_PROTOCOL_A_SURVEY_AND_IMPLEMENTATION. (Accessed on [21] C.J. Nwoye, Design and development of an E-commerce security using RSA
17th January 2019). cryptosystem, Int.J. Innov. Res. Inf. Secur. 6 (2) (2015) 6–17.
[7] M. Illayaraja, K. Shankar, G. Devika, A modified symmetric key cryptography [22] A. Jain, V. Kapoor, Secure communication using RSA algorithm for network
method for secure data transmission, Int. J. Pure Appl. Math. 116 (10) (2017) environment, Int. J. Comput. Appl. 118 (7) (2015).
301–306. [23] A.S. Jaju, S.S. Chowhan, Analytical study of modified RSA algorithms for digital
[8] S. Suguna, V. Dhanakoti, R. Manjupriya, A study on symmetric and asymmetric signature, Int. J. Recent Innov. Trends Comput. Commun. 3 (3) (2015) 944–949.
key encryption algorithms, Int. Res. J. Eng. Technol. 3 (4) (2016) 27–31. [24] A.D.N.M. Fernando, H.M.P.M.B. Herath, M.L.R.K. Senarathne, D.P. Brandiwatta,
[9] N. Garg, P. Yadav, Comparison of asymmetric algorithms in cryptography, Int. T. Kiroshan, M.P. Madushika, P.A.D.A. Senarathne, M.D. Dharmmearatchi, Bio-
J. Comput. Sci. Mob. Comput. 3 (4) (2014) 1190–1196. metric encryption: E-commerce security using cryptography techniques, Int. J.
[10] K. Kaur, A. Pathak, P. Kaur, K. Kaur, E-commerce privacy and security system, Sci. Res. Publ. 6 (10) (2016).
Int. J. Eng. Res. Appl. 5 (5) (2015) 63–73. [25] K. Ahmad, M.S. Alam, E-commerce security through elliptic curve cryptography,
[11] S. Verma, D. Garg, An improved RSA variant, Int. J. Adv. Technol. 5 (2) (2014) Procedia Comput. Sci. 78 (2016) 867–873.
161–169. [26] Y.S. Rane, Study on services provided by digital signatures in E-commerce, Int.
[12] C. Kumar, P.D.R. Vincent, Enhanced Diffie-Hellman algorithm for reliable key Res. J. Eng. Technol. 3 (5) (2016) 3039–3041.
exchange, in: IOP Conference Series: Materials Science and Engineering, vol. [27] J.R. Shaikh, R. Kumar, M. Nenova, G. IIiev, H. Singh, Enhancing E-commerce
263, (4) IOP Publishing, 2017, p. 042015. security using elliptic curve cryptography, Int. J. Curr. Adv. Res. 6 (8) (2017)
[13] A. Kak, Certificates, digital signatures, and the Diffie-Hellman key exchange 5338–5342.
algorithm, 2018, Available at https://engineering.purdue.edu/kak/compsec/ [28] M.A.A. Halim, C.C. Wen, I. Rahmi, N.A. Abdullah, N.H.A. Rahman, Email
NewLectures/Lecture13.pdf. (Accessed on 18th January 2019). authentication using symmetric and asymmetric key algorithm encryption, in:
[14] Y. Shi, J. Lin, G. Xiong, X. Wang, H. Fan, Key-insulated undetachable digital AIP Conference Proceedings, vol. 1891, (No. 1) AIP Publishing, 2017, p. 020047.
signature scheme and solution for secure mobile agents in electronic commerce, [29] X. Liu, W.B. Lee, Q.A. Bui, C.C. Lin, H.L. Wu, Biometrics-based RSA cryptosystem
Mob. Inf. Syst. (2016). for securing real-time communication, 2018, Available at https://www.mdpi.
[15] V. Kamalakannan, S. Tamilselvan, Security enhancement of text message based com/2071-1050/10/10/3588/pdf. (Accessed on 17th January 2019).
on matrix approach using elliptical curve cryptosystem, Procedia Mater. Sci. 10 [30] S. Matte, A. Dubey, N. Shirsat, A. Kale, Hybrid model for securing E-commerce
(2015) 489–496. transaction, Int. J. Sci. Eng. Res. 9 (4) (2018) 25–26.

134