Determining the Cryptography Algorithm and Model for Mobile Payment Systems

Yıl 2020, Cilt: 4 Sayı: 1, 21 - 33, 10.08.2020

Öznur Şengel , Muhammed Ali Aydın Ahmet Sertbaş

Öz

Mobile payment systems are becoming one of the most popular technologies nowadays. A mobile payment system is an application that provides a payment channel easily and quickly without credit card information. All payments can be either over GSM bill or from your phone application account. Each mobile application has different requirements. The main requirements of mobile payment systems are functionality, security and speed. The cryptography model and algorithm are very important to make all transactions securely on mobile payment applications. The speed factor is also very important during payment on mobile payment applications. If security does not provide a minimum time consumption on application, this system becomes not preferable. Therefore, we analyzed the time consumption of the cryptographic algorithms to specify the best model and algorithm for mobile payment applications. In this study, we tried to find most suitable cryptographic model and algorithm for mobile payment systems. We compared Rivest-Shamir-Adleman, which is a well-known asymmetric key algorithm, with well-known symmetric algorithms such as Data Encryption Standard, Triple Data Encryption Standard, and Advanced Encryption Standard in terms of time consumption of the algorithm over encryption and decryption processes. As a result of this study, Advanced Encryption Standard was found to be approximately three times fast than among all algorithms.

Anahtar Kelimeler

Mobile payment system, cryptography algorithm, cryptography model

Mobil Ödeme Sistemleri için Şifreleme Algoritmasının ve Modelinin Belirlenmesi

Öz

Mobil ödeme sistemi son zamanlarda en yeni ve en popüler teknoloji olmaktadır. Mobil ödeme sistemi kredi kartı bilgileri olmaksızın hızlı ve güvenli ödeme kanalı sağlayan bir uygulamadır. Tüm ödemeler ya tanımlı olan operatör hattının faturasından ya da telefondaki uygulama hesabından yapılabilmektedir. Her uygulamanın farklı gereksinimleri vardır. Mobil ödeme sistemlerinin ana gereksinimleri fonksiyonellik, güvenlik ve hızdır. Mobile ödeme sistemlerinde ödeme esnasında en önemlisi hız etkenidir. Eğer güvenlik uygulamada en az zaman tüketimini sağlamıyorsa bu sistem tercih edilmemektedir. Bu yüzden mobil ödeme uygulamalarına en uygun modeli ve algoritmayı belirlemek için bu çalışmada şifreleme algoritmalarının zaman tüketimini kontrol ettik. Bu çalışmada mobil ödeme sistemleri için en uygun şifreleme modeli ve algoritmayı bulmaya çalışmaktayız. En çok bilinen asimetrik anahtarlı şifreleme olan Rivest-SahmirAdleman ile en çok bilinen simetrik algoritmaları olan Veri Şifreleme Standardı, Üçlü Veri Şifreleme Standardı, Geliştirilmiş Şifreleme Standardını şifreleme ve deşifreleme işlemleri esnasında tükettikleri zamanlara göre karşılaştırdık. Çalışmanın sonucu olarak Geliştirilmiş Şifreleme Standardı diğer algoritmalardan yaklaşık olarak üç kat daha hızlı olduğu gözlenmiştir.

Anahtar Kelimeler

Mobil ödeme sistemi, şifreleme algoritması, şifreleme modeli

Kaynakça

• Barker, E., & Mouha, N. (2017). Recommendation for the Triple Data Encryption Algorithm (TDEA) block cipher. doi:10.6028/nist.sp.800-67r2
• Beunardeau, M., Connolly, A., Geraud, R., & Naccache, D. (2016). White-Box Cryptography: Security in an Insecure Environment. IEEE Security & Privacy, 14(5), 88-92. doi:10.1109/msp.2016.100
• Billet, O., Gilbert, H., & Ech-Chatbi, C. (2004). Cryptanalysis of a White Box AES Implementation. Selected Areas in Cryptography Lecture Notes in Computer Science, 3357, 227-240. doi:10.1007/978-3-540-30564-4_16
• Chow, S., Eisen, P., Johnson, H., & Oorschot, P. C. (2003). A White-Box DES Implementation for DRM Applications. Lecture Notes in Computer Science Digital Rights Management, 2696, 1-15. doi:10.1007/978-3-540-44993-5_1
• Chow, S., Eisen, P., Johnson, H., & Oorschot, P. C. (2003). White-Box Cryptography and an AES Implementation. Selected Areas in Cryptography Lecture Notes in Computer Science, 2595, 250-270. doi:10.1007/3-540-36492-7_17
• Delerablée, C., Lepoint, T., Paillier, P., & Rivain, M. (2014). White-Box Security Notions for Symmetric Encryption Schemes. Selected Areas in Cryptography -- SAC 2013 Lecture Notes in Computer Science, 8282, 247-264. doi:10.1007/978-3-662-43414-7_13
• Federal Information Processing Standards Publication: Advanced encryption standard (AES). (2001). doi:10.6028/nist.fips.197
• Federal Information Processing Standards Publication: Data encryption standard (DES). (1993). doi:10.6028/nist.fips.46-2
• Jonsson, J., & Kaliski, B. (2003). Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. doi:10.17487/rfc3447
• Lepoint, T., Rivain, M., Mulder, Y. D., Roelse, P., & Preneel, B. (2014). Two Attacks on a White-Box AES Implementation. Selected Areas in Cryptography -- SAC 2013 Lecture Notes in Computer Science, 8282, 265-285. doi:10.1007/978-3-662-43414-7_14
• Mahajan, P., & Sachdeva, A. (2013). A study of encryption algorithms AES, DES and RSA for security. Global Journal of Computer Science and Technology, 13(15).
• Mathur, M., & Kesarwani, A. (2013). Comparison between Des, 3des, Rc2, Rc6, Blowfish And Aes. In Proceedings of National Conference on New Horizons in IT-NCNHIT, 3, 143-148
• Michiels, W., Gorissen, P., & Hollmann, H. D. (2009). Cryptanalysis of a Generic Class of White-Box Implementations. Selected Areas in Cryptography Lecture Notes in Computer Science, 5381, 414-428. doi:10.1007/978-3-642-04159-4_27
• Padmavathi, B., & Kumari, S. R. (2013). A survey on performance analysis of DES, AES and RSA algorithm along with LSB substitution. International Journal of Science and Research (IJSR), India, 2(4).
• Saxena, A., Wyseur, B., & Preneel, B. (2009). Towards Security Notions for White-Box Cryptography. Lecture Notes in Computer Science Information Security, 49-58. doi:10.1007/978-3-642-04474-8_4
• Singhal, S., & Singhal, N. (2016). A Comparative Analysis of AES and RSA Algorithms. International Journal of Scientific & Engineering Research, 7(5), 149-151.
• Şengel, Ö., Aydin, M. A., & Sertbaş, A. (2018). A Survey on White Box Cryptography Model for Mobile Payment Systems. Lecture Notes in Electrical Engineering International Telecommunications Conference, 504, 215-225. doi:10.1007/978-981-13-0408-8_18
• Wyseur, B., Michiels, W., Gorissen, P., & Preneel, B. (2007). Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings. Selected Areas in Cryptography Lecture Notes in Computer Science, 264-277. doi:10.1007/978-3-540-77360-3_17