Design and Development of an E-Commerce Security Using RSA Cryptosystem

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O) Issue 2, Volume 6 (June 2015) ISSN: 2349-7009(P) www.ijiris.com

_________________________________________________________________________________________________ © 2014-15, IJIRIS- All Rights Reserved Page -5

Design and Development of an E-Commerce Security Using RSA Cryptosystem

Chinedu J. Nwoye School of Science & Technology,

National Open University of Nigeria, Enugu, Nigeria

Abstract-- E-commerce has presented a new way of doing transactions all over the world using internet. The success of ecommerce depends greatly on how its information technology is used. Over the years the rate at which ecommerce sensitive information is sent over the internet and network has increased drastically. It is for this reason that every company wants to ensure that its ecommerce information is secured. There is need for ecommerce information transmitted via the internet and computer networks to be protected. There is substantial growth in the areas of credit card fraud and identity theft because the internet is a public network with thousands of millions of users. Amongst users are crackers or hackers that carry out the credit card fraud and identity theft in numerous ways facilitated by poor internet security; a concern regarding the exchange of money securely and conveniently over the internet increases. The criticality, danger, and higher priority importance of any e-commerce money transfer makes it a hot area of research interest in modern computer science and informatics. E-commerce industry is slowly addressing security issues on their internal networks but security protection for the consumers is still in its infancy, thus posing a barrier to the development of e-commerce. There is a growing need for technological solutions to globally secure ecommerce transaction information by using appropriate data security technology. The technology solution proposed for solving this security problem is the RSA cryptosystem. This research paper focuses on securing ecommerce information sent through the computer network and internet using RSA cryptography. It elucidates the implementation of RSA algorithm and shows that ecommerce security powered with RSA cryptography is very important in ecommerce transaction. While many attacks exist, the system has proven to be very secure.

Keywords: e-commerce, e-commerce security, cryptography, RSA, RSA algorithm.

I. INTRODUCTION

E-commerce or electronic commerce is trading in product or services conducted via computer networks such as the internet. It is considered to be the sales aspect of e-business consisting of the exchange of data to facilitate the financing, payment and security of business transactions. E-commerce refers to a wide range of online business activities for products and services. High degree of confidence needed in authenticity and privacy of such transactions can be difficult to maintain where they are exchanged over an unsecured public network such as the Internet. E-commerce also pertains to any form of business transaction in which the parties interact electronically rather than by physical exchanges or direct physical contact. A security objective is the contribution to security that a system is intended to achieve. Security has emerged as an increasingly important issue in the development and success of an E-commerce organization. Gaining access to sensitive information and replay are some common threats that hackers impose to E-commerce systems. Trojan horse programs launched against client systems pose the greatest threat to e-commerce because they can bypass or subvert most of the authentication and authorization mechanisms used in an ecommerce transaction. Privacy has become a major concern for consumers with the rise of identity theft and impersonation and any concern for consumers must be treated as a major concern for e-Commerce providers.

E-commerce security has its own particular nuances and is one of the highest visible security components that affect the end user through their daily payment interaction with business. E-commerce shares security concerns with other technologies in the field. Privacy concerns have been found, revealing a lack of trust in a variety of contexts, including commerce, electronic health records, e-recruitment technology and social networking, and this has directly influenced users. Security is one of the principal and continuing concerns that restrict customers and organizations engaged with ecommerce. The e-commerce industry is slowly addressing security issues on their internal networks. There are guidelines for securing systems and networks available for the ecommerce systems personnel to read and implement. Educating the consumer on security issues is still in the infancy stage but will prove to be the most critical element of the e-commerce security architecture.

A. Background Study The success or failure of an e-commerce operation hinges on myriad of factors, including but not limited to the business model, the team, the customers, the investors, the product, and the security of data transmissions and storage. Data security has taken on heightened importance since series of high-profile "cracker" attacks have humbled popular Web sites resulting in the impersonation of Microsoft employees for the purposes of digital certification and the misuse of credit card numbers of customers at business-to-consumer (B2C) e-commerce destinations. Security is on the mind of every e-commerce entrepreneur who solicits, stores, or communicates any sensitive information.



An arms race is underway: technologists are building new security measures while others are working to crack the security systems. One of the most effective means of ensuring data security and integrity is encryption.

Fig 1. Secure E-commerce Transaction

Encryption is a generic term that refers to the act of encoding data, in this context so that those data can be securely transmitted via the Internet. Professor Lawrence Lessig of Stanford Law School put it thus, "Here is something that will sound very extreme but is at most, I think, a slight exaggeration: encryption technologies are the most important technological breakthroughs in the last one thousand years” as in [1]. Rivest described it as “a means of communication in the presence of adversaries” in [2]. Encryption can protect the data at the simplest level by preventing other people from reading the data. In the event that someone intercepts a data transmission and manages to deceive any user identification scheme, the data that they see appear gibberish without a way to decode it. Encryption technologies can help in other ways as well by establishing the identity of users (or abusers); control the unauthorized transmission or forwarding of data; verify the integrity of the data (i.e., that it has not been altered in any way); and ensure that users take responsibility for data that they have transmitted. Encryption can therefore be used either to keep communications secret (defensively) or to identify people involved in communications (offensively).

The basic means of encrypting data involves a symmetric cryptosystem. The same key is used to encrypt and to decrypt data. Think about a regular, garden-variety code, which has only one key: two kids in a tree-house, pretending to be spies, might tell one another that their messages will be encoded according to a scheme where each number, from 1 to 26, refers to a letter of the alphabet (so that 1 = A, 2 = B, 3 = C, etc.). The key refers to the scheme that helps match up the encoded information with the real message. Or perhaps the kids got a little more sophisticated and used a computer to generate a random match-up of the 26 letters with 26 numbers (so that 6 = A, 13 = B, 2 = C, etc.). These codes might work for a while, managing to confuse a nosy younger brother who wants to know what the notes they are passing mean but the codes are fairly easy to crack. Much more complex codes, generated by algorithms, can be broken by powerful computers when only one key exists.

Public Key Encryption (PKE) or asymmetric encryption is much more important than symmetric encryption for the purposes of e-commerce. The big improvement brought by Public Key Encryption was the introduction of the second key - which makes a world of difference in terms of protecting the integrity of data. Public Key Encryption relies on two keys, one of which is public and one of which is private. If you have one key, you cannot infer the other key. Here's how it works: I have a public key, and I give that key out to anyone with whom I wish to communicate. You take my public key and use it to encrypt a message. You send that message in coded form over the network. Anyone else who sees the message cannot read it because they have only the public key. The message only makes sense when it gets to me as I have the only copy of the private key which does the decrypting magic to turn the encrypted message into readable text.



Public Key Encryption ostensibly creates a world in which it does not matter if the physical network is insecure. Even if - as in the case of a distributed network like the Internet, where the data passes through many hands, in the form of routers and switches and hubs - information could be captured the encryption scheme keeps the data in a meaningless form unless the cracker has the private key. RSA is one of the first practicable public-key encryption algorithms and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and differs from the decryption key which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product of two large prime numbers the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described the algorithm in 1977.

B. Motivation Since the invention of the World Wide Web (WWW) in 1989, Internet-based electronic commerce has been transformed from a mere idea into reality. Consumers browse through catalogues, searching for best offers, order goods, and pay for them electronically. Information services can be subscribed online, and many newspapers and scientific journals are even readable via the Internet. Most financial institutions have some sort of online presence, allowing their customers to access and manage their accounts make financial transactions, trade stocks, and so forth. Electronic mails are exchanged within and between enterprises and often already replace fax copies. Soon there is arguably no enterprise left that has no Internet presence, if only for advertisement reasons. In early 1998 more than 2 million web servers were connected to the Internet, and more than 300 million host computers. And even if actual Internet business or ecommerce is still marginal: the expectations are high. For instance, Anderson consulting predicts ecommerce or Internet business to grow from $10 billion in 1998 to $500 billion in 2002 in [3] Thus, doing some electronic commerce business on the Internet is already an easy task as is cheating and snooping. Several reasons contribute to this insecurity: The Internet does not offer much security per-se. Eavesdropping and acting under false identity is simple. Stealing data is undetectable in most cases. Popular PC operating systems offer little or no security against virus or other malicious software, which means that users cannot even trust the information displayed on their own screens. At the same time, user awareness for security risks is threateningly low.The first concern for both business and consumer of entering the e-commerce market is the potential for loss of assets and privacy due to breaches in the commercial transactions and corporate computer systems. However, this is not to say that e-commerce potential is being totally ignored by consumers as in [4], in fact according to internet analyst World Wide Worx, the number of online banking accounts in South Africa grew by 28% to 1.04 million in 2003 and that these figures are expected to increase to 30% in 2004 as in [5]. Electronic banking in America is also on the increase as 17 percent of Americans used online banking services by the end of 2002 and this figure will continue to grow by 14 percent up to the end of 2007. These figures show that despite some security concerns electronic commerce related activities such as e-banking continue to grow as in [6].

However some security concerns may be well founded when some of the statistics relating to electronic commerce security are considered. Fraud is increasing at a rapid rate. According to a survey by Net Effect Systems while 94 percent of online consumers use the Internet to shop, just 10 percent say they prefer to buy things online. 74 percent of consumers cited security and privacy concerns. Therefore, if the security and privacy problems are addressed e-shoppers will be converted into e-buyers, and the e-commerce will be pushed a big step forward as in [3].Below is the table showing the report of fraud by consumers from 2001 to 2003 as in [7]

TABLE 1

INTERNET FRAUDS BASED ON INFORMATION PUBLISHED BY CONSUMER SENTINEL.

Internet Related Frauds reported to Consumer Sentinal from 2001 to 2003

020,00040,00060,00080,000

100,000120,000140,000160,000180,000

2001 2002 2003

Number of reportedfrauds



Three possible worries facing an e-commerce customer are; If I transmit a credit card number over the internet – can people other than the recipient read it? If I agree to pay N400 for goods – can this information be captured and changed? I am buying something from company X, is it really company X? This raises some important Information Security issues: Confidentiality: protecting information from unauthorised disclosure; Integrity: protecting information from unauthorised modification, and ensuring that information is accurate and

complete; Authentication – Ensuring that the person you are making the transaction with is who he says he is.

TABLE 2

DIFFERENT DIMENSIONS OF E-COMMERCE

C. RSA Cryptography

RSA is the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography. It is named for the three MIT mathematicians who developed it — Ronald Rivest, Adi Shamir, and Leonard Adleman. RSA today is used in hundreds of software products and can be used for key exchange, digital signatures, or encryption of small blocks of data. RSA uses a variable size encryption block and a variable size key. The key-pair is derived from a very large number, n, that is the product of two prime numbers chosen according to special rules; these primes may be 100 or more digits in length each, yielding an n with roughly twice as many digits as the prime factors. The public key information includes n and a derivative of one of the factors of n; an attacker cannot determine the prime factors of n (and, therefore, the private key) from this information alone and that is what makes the RSA algorithm so secure. Regardless, one presumed protection of RSA is that users can easily increase the key size to always stay ahead of the computer processing curve as in [8]. RSA is very widely used today for secure Internet communication (browsers, S/MIME, SSL, S/WAN, PGP, and Microsoft Outlook), operating systems (Sun, Microsoft, Apple,Novell) and hardware (cell phones, ATM machines, wireless Ethernet cards, Mondex smart cards, Palm Pilots). Prasithsangaree and his colleague Krishnamurthy have analyzed the Energy Consumption of RC4 (RSA) and AES Algorithms in Wireless LANs in the year 2003.They have evaluated the performance of RC4 and AES encryption algorithms in [9]. The performance metrics were encryption throughput, CPU work load, energy cost and key size variation. Experiments show that the RC4 is fast and energy efficient for encrypting large packets. However, AES was more efficient than RC4 for a smaller packet size. The tradeoffs with security are not completely clear In the Comparative Analysis of AES and RC4 Algorithms for Better Utilization as in [10], the performance metrics were throughput, CPU process time, memory utilization, encryption and decryption time and key size variation. Experiments show that the RC4 is fast and energy efficient for encryption and decryption. Based on the analysis done as part of the research, RC4 is better than AES. we compare the encryption time of AES and RC4 algorithm over different packet size. RC4 takes less time to encrypt files with respect to AES. The large prime number is not easily factorized. Apparently in this research paper the RSA algorithm is developed to secure ecommerce transaction with the large prime numbers.



II. RESEARCH METHODOLOGY

The design of the RSA security software partly evolved from the need for an all embracing information security system and partly from the need for a user friendly package that can fulfill any large ecommerce organization’s information security needs.

Changes of system are necessitated by a number of factors ranging from growth of ecommerce business to change in national law. For instance, there could be • Changes in business policies and regulations • Change in government policies and regulations • New innovations/development of better methods of system operations. For any of these reasons or more, a system can be forced to change. As online business outfit grows, so do the security threats and vulnerabilities grow, there is a continuous search for a better method of securing online transaction information.In this study, information was acquired through two sources namely; Primary source and Secondary source.

Primary source: Information from this source was given priority because It is firsthand information. Primary data are those got from questionnaires, personal Interviews, observations, etc. as in [11]. Questionnaire In this study, 419 questionnaires were distributed to customers of different ages, genders, and educational levels. Out of the 419 distributed questionnaires, 261 questionnaires were returned back. After checking the returned questionnaire, the researchers rejected one questionnaire as it was not filled correctly. Thus 260 questionnaires were used in this study.In the questionnaire, questions on how the IT staff handled the security of transaction information, their mode of securing as well as storing of such transaction information were asked. Interview: This involved a face to face discussion with some bank IT staff and customers. Questions were asked and the responses received determined how security of credit card information used in carrying out ecommerce transactions is handled. To obtain in-depth and relevant information on the research questions, a series of semi-structured interviews were conducted, affording the interviewees the opportunity of supplying their opinions, knowledge, and experiences on a wide range of the security issues.

Secondary Source: Information from this source is second hand information. Secondary data are those gathered from pamphlets, journals, newspapers, books, internet and records available at the organization under study as in [11] In this study, so many journals, book, articles and books were consulted online

A. Data Analysis and Findings In order to conduct online transactions, customers reveal their personal and financial information to e-commerce merchants and banks online. Therefore, the security and privacy features of the transaction information are considered as important factors. Results showed that 72.6% of respondents are reluctant to reveal their sensitive information to the merchants or bank’s web sites because of lack of information security. In addition to this, 63.4% of respondents believe that the endorsement of these e-commerce web sites with a security seal would positively affect their trust to conduct online transactions. In addition to this, 77% of respondents recommend that merchants and banks should use strong cryptography protocols to protect their information during the transaction process and in web servers.

Fig. 2: cryptographic encryption of plain text



B. Research Design A Modular is a system component that provides services to other components but would not normally be considered as a separate system as in [12]. A separable component is one that is interchangeable with others for assembling into units of differing size, complexity or function as in [13]. Therefore RSA cryptosystem is designed along modular techniques. This necessitated the decomposition of the system into clearly defined subsystems such that the initial requirements specifications were met. The software system comprises the following subsystems: splash-screen subsystem, Admin/log-in subsystem, Task bar/Key generation subsystem, Encryption subsystem, Decryption subsystem, Track Transaction subsystem, View record subsystem, Log out/Exit subsystem.

E-commerce security using RSA cryptosystem is designed to achieve a more secured system and it is structured to include the following: i. A relational database support and dependency: This feature promotes the efficient use and storage of data. It equally optimizes data organization by the use of tables in the database. ii. Efficient System Resource Usage: The transaction information databases are normally saved as compressed database before and after their use by the system thus reducing the disk storage space they might take. iii. Customizable data structure: By this RSA, the cryptographic software can be readily adopted to serve within different corporate settings. iv. Backup feature: With this system, the user has the options of backing data up in the database to removable disks. This is a strong maintenance culture that can facilitate data recovery and smooth system running in times of system crash or any other System Error.

C. RSA Cryptosystem In the transmission of the credit card data during ecommerce transactions, we need to hide our confidential data from other users. For this purpose we use encryption algorithms to encrypt our data. Encryption is the process of using algorithmic schemes to transform plain text information into a non-readable form called cipher-text. A key (or algorithm) is required to decrypt the information and return it to its original plain text format. Anytime that live cardholder data is in the clear – that is, in plain text format that is readable by a person or computer – it is extremely vulnerable to theft. Of course, cyber thieves know this and look for ways to capture a copy of that data. For example, it’s possible for a thief to siphon off the card data as it is transmitted in plain text from a card reader to the point of sale (POS) server or the merchant’s central server. (This is what is suspected to have happened in data breaches involving Hannaford Bros., TJX and the Dave & Buster’s restaurant chain.).Encryption of either the data itself or the transmission path the data takes along the network, or both, can vastly reduce the vulnerability of the data, which in turn reduces a merchant’s business risks. There are multiple approaches to encryption in the payment process. A merchant will need to evaluate its own environment to determine which approach or approaches would work best to meet its needs but in this research, RSA cryptosystem is used for the proposed system. In data-level encryption, the payload within the tunnel is encrypted. That is, encryption is applied to sensitive data elements such as the card number, the track data, the card security code (i.e., CVV, CVV2, etc.) and the expiration date. Depending on where in the process the data elements are encrypted, the merchant could be protected from internal fraud as well as external fraud. If the card data that a merchant wants to protect is encrypted at the point of capture – for example, at the customer-facing PIN entry device in a multi-lane retailer or at the data entry web page of an e-commerce site – and if that data stays encrypted until it is received by the processor, the data is protected all along the way. This is what often is called end-to-end encryption. Even if the transaction is intercepted at any point along the way, the encrypted card data is unreadable and it means nothing to anyone other than the processor that holds the decryption key. Where possible and practical, data encryption is preferable to having only session level encryption. Of course, a merchant can combine session encryption with data encryption for a “belt and suspenders” approach to security. Encrypted data moving through an encrypted tunnel would be doubly secured. Asymmetric encryption uses two separate keys, each of which has a specific function. A public key encrypts the data, while a private key decrypts the data.

System RSA Main Switch

Encryption and

Task bar

Decryption and

Log-out /Exit

Admin/ login

Splash screen

Track Transacti

View Record

Fig. 3: Graphical relationship of these subsystems in top down hierarchy (modular design)



The public key can be freely distributed without the key management challenges of symmetric keys since it can only encrypt and never decrypt data.

Fig. 5: Asymmetric Data encryption

In a payment environment, the public key can be distributed to a merchant or to the end POS device, and that device can store the key in hardware or software. Even if that key is extracted by someone who shouldn’t have rights to it, all that the person can do is encrypt data with the key; he can’t decrypt anything. On the other hand, the corresponding private key where the decryption occurs must be handled very securely.

The RSA algorithm is the most commonly used public key encryption algorithm in asymmetric cryptography. Two keys are used: Public Key and Private Key.

So in a public key cryptosystem, the sender encrypts the data using the public key of the receiver and uses an encryption algorithm that is also decided by the receiver and the receiver sends only the encryption algorithm and public key. But by using the public key, data can only be encrypted but not decrypted, and the data is only decrypted by the private key that only the receiver has. So no one can hack our data. In simple terms: Public Key: Shared with the public that wants to send us data. Private Key: Kept secret so that when someone sends us data encrypted by our Public Key, we can decrypt the data using the Private Key. 1) Bases for RSA cryptosystem: The RSA cryptosystem is based on the dramatic difference between the ease of finding large primes and the difficulty of factoring the product of two large prime numbers (the integer factorization problem. The RSA algorithm involves three steps: key generation, encryption and decryption. 2) Key generation: RSA involves a public key and a private key. The public key can be known by everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted in a reasonable amount of time using the private key. The keys for the RSA algorithm are generated the following way:

Fig. 4: Symmetric Data encryption



Choose two distinct prime number p and q. For security purposes, the integers p and q should be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found using a primality test. Compute n = pq. n is used as the modulus for both the public and private keys. Its length, usually expressed in bits, is the key length. Compute φ(n) = φ(p)φ(q) = (p − 1)(q − 1) = n - (p + q -1), where φ is Euler’s totient function. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1; i.e., e and φ(n) are coprime. e is released as the public key exponent. e having a short bit-length and small Hamming weight results in more efficient encryption – most commonly 216 + 1 = 65,537. However, much smaller values of e (such as 3) have been shown to be less secure in some settings.[5] Determine d as d ≡ e−1 (mod φ(n)); i.e., d is the multiplicative inverse of e (modulo φ(n)). This is more clearly stated as: solve for d given d⋅e ≡ 1 (mod φ(n)) This is often computed using the extended Euclidean algorithm. Using the pseudocode in the Modular integers section, inputs a and n correspond to e and φ(n), respectively. d is kept as the private key exponent. The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d, which must be kept secret. p, q, and φ(n) must also be kept secret because they can be used to calculate d as in [14]

After getting the public and private key the main thing is how to encrypt and decrypt using RSA.

3) RSA Encryption: Alice transmits her public key (n, e) to Bob and keeps the private key d secret. Bob then wishes to send message M to Alice. He first turns M into an integer m, such that 0 ≤ m < n by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext c corresponding to

This can be done quickly using the method of exponentiation by squaring. Bob then transmits c to Alice.

Fig. 6: flow chart illustrating the RSA Key generation

START

Read ‘p’ and ‘q’

Are ‘p’ and ‘q’ prime numbers

N=p*q Phi = (p-1)*(q-1)

Print ‘n’, ‘e’ and‘d’

STOP

Are ‘e’ and ‘phi’ coprime? Is (ed-1)/(p-1)(q-1) an

integer?



4) RSA Decryption: Alice can recover m from c by using her private key exponent d via computing

Given m, she can recover the original message M by reversing the padding scheme.

5) A worked example: Here is an example of RSA encryption and decryption. The parameters used here are artificially small, but one can also use OpenSSL to generate and examine a real key-pair.

Choose two distinct prime numbers, such as

and

Compute n = pq giving

Compute the totient of the product as φ(n) = (p − 1)(q − 1) giving

Fig. 8: Flow Chart illustrating the RSA Decryption Algorithm

START

Read ‘ciphertext’, ‘n’ and ‘d’

M=CdMod n

Decode M =PlainText

Print ‘PlainText’

STOP

CipherText=C

Fig.7: A flow chart illustrating the RSA Encryption Algorithm

Encode plaintext=encodedText

M=encodedText C=MeMod n

C=ciphertext

STAR

Read ‘Plaintext’, ‘n’ and ‘e’

Print ‘cipherText’

STOP



Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime number for e leaves us only to check that e is

not a divisor of 3120.

Let

Compute d, the modular multiplicative inverse of e (mod φ(n)) yielding,

Worked example for the modular multiplicative inverse:

The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function is:

The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption function is:

For instance, in order to encrypt m = 65, we calculate;

To decrypt c = 2790, we calculate;

III. SUMMARY OF RESULT

The name of the software developed is RSA Ecommerce Security System (RSA-ESS). The software captures the sending/transfer of encrypted credit card payment information online by a customer in a remote system and the decryption/use of such payment information by the bank staff to withdraw from customer account and credit the merchant account during an ecommerce transaction. It is organized into various subsystems/modules as reflected in the design.

A. Sample Implementation Input Snapshots.

Fig.9: Splash Screen



Fig 10: Admin/Log In Window

Fig.11: Taskbar Window

Fig. 12: Encryption/Send Window



B. Sample Implementation Output Snapshots

Fig. 13: window displaying received encrypted message

Fig 14: window displaying received and decrypted message

Fig.15: Track Transaction Window (on the right hand side)



Fig 16: window showing records of transactions

IV. CONCLUSION In this research, a detailed implementation of 1024-bit RSA encryption/decryption algorithm is presented for use in securing ecommerce payment information. This algorithm is implemented using VB.NET. The whole design was tested using Visual Basic.net virtual environment tool. The system speed achieved was 36.3 MHz which comply with the speed of smart card used in e-commerce. The RSA algorithm has remained a secure scheme for sending encrypted messages for almost 40 years, earning Rivest, Shamir, and Adleman the Association for Computing Machinery’s 2002 Alan Turing Award, among one of the highest honors in computer science. RSA keys are typically 1024 to 2048 bits long, though some experts believe that 1024-bit keys could be broken in the near future. It is generally believed that 4096-bit keys are unlikely to be broken in the foreseeable future, meaning that RSA should remain secure as long as n is chosen to be sufficiently large. It is currently recommended that n be at least 2048 bits long.

ACKNOWLEDGEMENT

I wish to thank Dr. Arinze Steve Nwaeze of Caritas University, Enugu, Nigeria for the constructive criticism, encouragement, scholarly advice and suggestions for improvement which he gave me throughout the period of this work. I share my deepest gratitude with my wife, Jane, for her unconditional support, encouragement, love and extensive help in preparing this paper.

REFERENCES [1]. L. lessig: code and other laws of cyberspace, New York: basic books, 1999 [2]. A. J. Menezes, P.C. Vanoorschot, S.A Vanstone, Handbook of Applied Crytography, CPC Press, 1996 [3]. P. Li, Topics in E-commerce (reports): issues of security and privacy in E-commerce, 2013 [4]. A. Ghosh, E-Commerce Security: weak links, best defences. Canada: Wiley, 1998. [5]. T.Burrows, A million SA e-bank accounts, more coming. Available:

www.itweb.co.za/sections/internet/2004/0403031143.asp?A=EBU&S=e- Business&O=E&CiRestriction [6]. Gartner Group. Online banking goes mainstream in US, 10 March, 2003. [7]. Consumer Sentinel, Three year trend for sentinel complaints, 2004. Available:

www.consumer.gov/sentinel/states03/3year_trens.pdf [8]. G.C. Kessler, An Overview of Cryptography. Available: www. Garykessler.net/library/crypto.html#intro, 1998. [9]. P. Prasithsangaree and P. Krishnamurthy, Analysis of Energy Consumption of RC4 and AES Algorithms in Wireless

LANs. Proceedings of the IEEE GLOBECOM, pp: 1445-1449, 2003. [10]. S.Nidhi and J.P.S.Raina. "Comparative Analysis of AES and RC4 Algorithms for Better Utilization"International

Journal of Computer Trends and Technology, Vol.1 (3), pp: 259-263 July to Aug., 2011. [11]. E.O. Chukwuemeka and O. R. Oji, Applied Social and Behavioral Research, Guideline for thesis writing. Enugu:

John Jacob’s Classic, 1999. [12]. V. Nwaocha, Software Engineering Methodologies. National Open University of Nigeria, Victoria Island, Lagos,

2008. [13]. C.B. Obi, Design and development of personnel information system: Project Paper, Caritas University, Enugu,

Nigeria, 2013. [14]. B. Persis, P. Mandiw and M. Kumar, A modified RSA cryptosystem based on ‘n’ prime numbers: International

Journal of Engineering and Computer Science, vol. 1(2), pp: 63-66, 2012.

Small Business & Entrepreneurship

Design and Development of an E-Commerce Security Using RSA Cryptosystem