STUDY ABOUT THE SECURITY OF E-CHEQUE PAYMENT BASED ON DIGITAL WATERMARKING AND DIGITAL SIGNATURE Liang Qinglong1 Zhang Lincong2 Dai Hua2 Xie Jun2 Li Binfa2 1 School of Economic Information Engineering, Southwest University of Finance and Economy 2School of Computer Science, Sichuan University Abstracts: The security problems of E-cheque payment in E-business are studied in this paper. Based on the analysis of the developing circumstance and the security gap of it, a security guarantee system combining digital watermarking and digital signature is proposed. Both of the entity authentication and watermarking content authentication make it impossible to gain unauthorized access to E-cheque, to edit or forge it. According to the analysis of this system, the security, creditability and authenticity of the E-cheque could be achieved by it. Keywords: E-cheque, digital watermarking, digital signature, semi-fragile watermarking With the fast development of the e-commerce, (1) The seller and buyer decide to use the turnover of e-commerce is booming . Online E-cheque, and confirm each other’s identity via payment, which is the key of the e-business, CA; attracts more and more attention. And E-cheque, (2) The buyer signs digitally on the E-cheque being one of the most important means of using his/her private key. online-payment, becomes a hotspot. It is able to (3) The buyer encrypts E-cheque using the transfer money between bank accounts, just like seller’s public key, so the buyer becomes the what the traditional cheque does. It could achieve unique authorized receiver of the E-cheque. all functions of the traditional cheque via Internet (4) The buyer sends the E-cheque to the seller or wireless equipments. E-cheque is delivered via network. through the network, so it is very fast and reduces (5) The seller decrypts the E-cheque using the clients’ loss to the lowest level. Meanwhile the his/her own private key. bank can provide standardized fund information (6) The seller confirms the buyer’s digital for the clients who were involved in the signature using the buyer’s public key. e-commerce. Public Key Infrastructure is used in (7) The seller confirms the E-cheque via the the current E-cheque; it can achieve basic payment bank system. privacy, reliability and integrity, and resolves the (8) The seller delivers the goods to the buyer problem of forgery in a certain degree, which or provides service. often happens when using traditional cheque. The process is shown in Fig.1 1. E-cheque Payment System Based on Digital Signature Buyer E_cheque Seller 1.1 Current E-cheque System ify Public Key Infrastructure based on digital V eri f y Ver Notification E_cheque signature is prevalent in current E-cheque system. Because of the use of asymmetry cryptosystem, CA the system includes the seller, the buyer of the fy Veri E-cheque, the bank system and a third-party CA Veri fy (Certification Authority). The system user’s Bank of Bank of Buyer E_cheque seller identity certification is digital, and every party should apply for a unique copy. CA is responsible for the dispatchment and management of digital Fig.1 system for e-cheque paying certification. Before the transaction for system based on digital signature users, they should establish a reliable connection 1.2 Process of Digital Signature via CA using each other’s digital certification. (1) The sender prepares the plain digital Thus, digital signature and encrypted conversation message to be transferred. confirm the legal transaction and authentic (2) The sender applies a Hash algorithm to contents. the plain message and gets the message digest of Here is the implementation process of the it. system: (3) The sender encrypts the digest with his private key, gets the digital signature, and attaches it to the message. and digital signature, which could satisfy the (4) The sender generates a DES key randomly, above requirements. and encrypts the message with this key, thus forms 2. E-cheque Payment System Combined the cryptograph. With Digital Watermarking and Digital (5) The sender encrypts the DES key, using Signature the receiver’s public key, and then sends the 2.1 Security of Digital Certification encrypted DES key and the cryptograph to the Just as the former system, CA manages receiver. Users’ certifications. Digital certifications are used (6) The receiver gets the encrypted DES key to identify online trading participators’ identities; and the cryptograph, and then decrypts the DES they are the identity cards for individuals or key with his private key to obtain the DES key. organizations involved in online business. (7) The receiver decrypts the cryptograph Therefore, a security guarantee mechanism is using DES key to obtain the plain message, and needed for the dispatchment and management of then drops the DES key. certifications, and there are many papers related to (8) The receiver decrypts the sender’s digital the subject.   signature using the sender’s public key to obtain 2.2 Digital Watermarking the message digest. The receiver applies the same Digital watermarking is a technique for Hash algorithm as the sender used to the received embedding information into the insensitive carrier message to create a new message digest. data (e.g. image) using certain algorithms, without (9) The receiver compares the message digest affecting the carrier’s content and usage, and from the sender with this new one, to judge human being cannot detect the information. Only whether the message has been modified or not.  specialized detecting tools or software could 1.3 Security Analysis of the System apperceive the hidden digital watermark. Thus, it The payment system based on digital could avoid hostile attacks. At present, most of the signature basically satisfies the following watermarking solutions adopt symmetric system requirements: (1) the sender can’t deny his signing; of cryptology. (2) the receiver can’t deny his receiving; (3) the Because of the requirements of information integrity of the information transferred is ensured. imperceptibility and integrity, Semi-fragile But the digital signature itself would be watermarking is introduced into this system. attached to the E-cheque to be sent, so this Semi-fragile watermarking is a kind of transmission risks detection by unauthorized watermarking technique that can suffer reasonable parties. Though this could be resolved by distortion (e.g. JPEG compressing), and would be encrypting the plain text with traditional damaged by unreasonable distortion.  It brings encryption technique, it is not so reliable, because content authenticity, integrity verification, as well of the rapid improvement of software technique as imperceptibility. Therefore it ensures that even and computer hardware, it is possible to decrypt the watermark is attacked, it wouldn’t be modified the cryptograph. Even the hackers are not able to at all. It could be used to identify if the image has decrypt it, they may resend the information after been tampered, destroyed, thus make sure of the tampering it, and thus make the receiver could not authenticity of image content, and the embedded get the original information. information could be extracted without loss. According to this analysis, a much more Because of these advantages, semi-fragile reliable payment system should satisfy the watermarking can be combined with digital following requirements. signature to build up a more secure E-cheque (1) Identity verification; the security of the payment system. authorized users’ application for digital 2.2.1 A Possible Algorithm certification. For semi-fragile watermarking, the (2) Content certification; the integrity of the watermark should be validate when below certain information and the authentication. critical value, and invalidated when above the (3) Protection of sensitive information during value. Semi-fragile watermarking can be achieved the transfer process. through carefully adjustment of the robust As a resolution, we propose an E-cheque watermarking after it becomes anamorphic to a payment system based on digital watermarking certain degree.  An example is described here: Design the watermarking according to the each other’s identity. quantification characteristic, let x ◊ q stand for ①Both sides decide to trade, and pay in quantifying x to quantification step length q’s E-cheque. integer multiple: ②Both sides establish conversation with CA, x ◊ q=q[x/q+.5] and send requests to ask for identity verification. If a stands for integer scalar, q1 & q2 are ③Both sides use their own private key to quantification length and q1<=q2, thus: encrypt digital certification, which form a digital ((a◊q1) ◊q2) ◊q1)=a◊q1 envelop, then send it to CA.CA decrypts their it means that quantify a to q1’s even multiple, envelope with their public keys, in order to then quantify it with q2, as long as q1<=q2, the identify their identity. The trading procedure will result could be quantified with q1 to counteract the continue if nothing is wrong. impact of quantification of q2.  (2) A requests BkA for an E-cheque 2.2.2 Watermark embedding procedure ① A establishes conversation with BkA, On the payer side, when the user wants to requests a E-cheque. Then A signs digitally on make an payment by online E-cheque, he should E-cheque and encrypted with BkA Key. After that obtain a E-cheque through local computers or A takes the encrypted cheque and digital envelope POPs, including the same information as normal as watermark, using the bank’s Key’ as password cheque and user’s digital signature, certificate, etc. to embed into the image, and then sends the image This system adopts asymmetrical keys as to BkA. watermark embedding and extracting key,   ②After BkA receives the image, it extracts the payer uses the payee’s key to embed E-cheque the watermark using its Key and special software. into the carrier image, to ensure the secrecy, safety, When the validation of watermark’s integrity is invisibility and integrity of communication. done, it decrypts the digital envelope to identify The embedding procedure is shown in Fig.2: A’s identity. If A is authorized, then BkA decrypts the cheque with its Key. If the signature were right, E-cheque A’s payment ability would be checked. If all right, Embedding Watermarked image BkA generates an E-cheque on A’s demand. algorithm Relevant key ③BkA signs on the E-cheque, and encrypts it with A Key’, then uses it as watermark, BkA Key as password to embed into the image, and Fig.2 Watermark embedding procedure then sends the image to A. 2.2.3Extaction and verification of digital (3) Delivering E-cheque from A to B through CA watermarking ① A extracts watermark with BkA Key’, When extracting, the payee uses his own key after validating the integrity of watermark, and and watermarked image as inputs of extraction then decrypts E-cheque with A Key. If the content algorithm to extract related characteristic value, is all right, A signs on the E-cheque and encrypts it and compares it with the threshold. If the with B Key’, then together with digital envelope percentage is bigger than the threshold, it had not as watermark, CA Key’ as password, to embed been modified, and then extracts the E-cheque to them into the carrier image, and then sends it to be processed. CA. ②CA extracts watermark with CA Key, after Watermarked image Embedding validating, identify A’s identity according to the algorithm E-cheque digital envelope. Relevant Key ③CA uses E-cheque as watermark, B Key’ as password to embed the E-cheque into the Fig.3 Watermark extracting procedure carrier image, then sends it to B. 2.3 Improved Payment System ④B extracts watermark with B Key, after the To describe the scene, let A stand for payer, validating, decrypts it with B Key, after the B for payee, BkA for the bank of payer, BkB for signature being checked, sends confirm the bank of payee; Key for private key, Key’ for information to CA. public key. CA’s participation monitors both sides’ (1) Authenticating process among A,B,CA, to identify trading processes, thus makes the whole procedure undeniable, and ensures the security of system. BkA. If everything is ok, BkB ask BkA for (4) B interacts with BkB, to verifies the E-cheque transfer or batch transfer after a certain time. ① establishes conversation with BkB, B ④ BkB sends message of the completed requests for authentication of E-cheque. Then B payment to B; B sends this information to CA, and signs on the cheque, and encrypts it with BkB provides goods or service according to contract; Key’, together with digital envelope as watermark CA puts this transaction on record. So, that’s the information and BkB Key’ as password to embed whole process of trading. the watermark into the carrier, and then sends it to In conclusion, this E-cheque payment system BkB. covers two function modules: the pivotal ②BkB extracts watermark with BkB Key, information is imperceptible and data integrity after the validating, BkB identifies B by digital authentication is achieved. The whole system has envelope. the advantages of security, scientific operation and ③ BkB decrypts the cheque, validates the efficiency. A description for part of its procedure is cheque and inquires A’s payment capability from shown in Fig.4 Watermarked Private Watermark Internet key of BkA image Private key embedding Watermark Encrypted of BkA Original image + Public key of BkA N verification Y check E_cheque Check A’accout N Public verification Digital envelop Digital key of A envelop encryption Certification Y encryption N verification Watermark Creating Private Information Private Public embedding E_cheque Certification key of B of cheque key of A Original key of A Digital of A image after digital signed signed Internet + Y encryption Public key of A A BkA Fig.4 Part of Secure system for E-cheque paying based on semi-fragile watermarking and digital signature 2.4 Analysis of Security error code and loss compression would lead to This system introduces digital watermarking quality loss. These changes are invisible, so it into the payment system, which was based on would cause wrong judgments in systems only digital signature. The integrity and the based on digital signature. But for this System, imperceptibility of semi-fragile watermark make wrong judgments could be avoided by semi-fragile the payment process of E-cheque to be more watermarking. Studies about adopting digital secure. Although it would take a little time to watermarking in payment system are still at embed and extract the watermark, the security of primary stage, so there are still a lot of works to do. the new system has been greatly improved. The security gap and some unknown attacks of the 3. Conclusion system need to be discovered , analyzed and E-cheque has some obvious advantages over studied. other means; it is highlighted by the present Bibliography e-business research. Since it is proper for large Choist, Whinston AB. The future of E-Commerce: amount of bankroll flows, its security problems integrate and customize. IEEE computer seem to be critical. In this paper, we make use of 1999,32(1):133～138 semi-fragile watermarking to design an E-cheque Schneider M, Chang SF. A robust content based payment system based on digital watermarking digital signature for image authentication. In: and digital signature, and thus ensure that the Proceedings of the IEEE International E-cheque won’t be easily detected when Conference on Image Processing, Vol 3. transferred via network, or even be attacked, it Lausanne: IEEE Computer Society Press, 1996. would be impossible to be decrypted; and because 227~230. of its vulnerability, it is also impossible to be Housley R . , Polk W ., Solo D. RFC 2459, tampered. And what’s more, channel transmission IFTF ,January 1999.
Pages to are hidden for
"xi"Please download to view full document