Enhancing e-banking security: using whirlpool hash function for card number encryption

  • Authors

    • Doaa Yaseen Khudhur
    • Saif Saad Hameed
    • Shokhan M. Al-Barzinji
    2018-04-15
    https://doi.org/10.14419/ijet.v7i2.13.12682
  • Whirlpool, E-Banking Security, Card Number.

  • The Internet played - and still - the key that continuously changing our ways of interaction with people. As a result, several electronic services had emerged allowing businesses to grow by effectively allowing wide and easy interaction with customers and other businesses. The security and privacy of information over the internet in general and in electronic services providers have been the focus of widely published studies and researches, such that several software and hardware based solutions or hybrid of both is required. E-banking services grown significantly in the last decade where all financial matters of customers and businesses can be done online, and therefore, e-banking security and privacy is important. In this paper, I propose the use of Whirlpool hash function to enhance the security of e-bank service providers by encrypting customer’s card sensitive information. In addition, based on the review of several articles, I found that Whirlpool outperformed several hashing functions and resists several well-known attacks.

     

     

  • References

    1. [1] Gaikwad S., Yadav A., Patil P., "The Study of E-Security in Internet Banking", International Journal of Advanced Research in Computer and Communication Engineering Vol. 4, Issue 8, August 2015.

      [2] Nwogu E. R., "Improving the Security of the Internet Banking System Using Three-Level Security Implementation", in IRACST - International Journal of Computer Science and Information Technology & Security (IJCSITS), ISSN: 2249-9555 Vol. 4, No.6, and December 2014.

      [3] Choubey J., Choubey B., "Secure User Authentication in Internet Banking: A Qualitative Survey", International Journal of Innovation, Management and Technology, Vol. 4, No. 2, April 2013.

      [4] Yazdanifard R., Fadzilah W., Alawa Y., Behora C., Sade A., "Electronic banking fraud; The need to enhance security and customer trust in online banking", International Journal in Advances in Information Sciences and Service Sciences, 3(10.61), 2011, pp. 505-509.

      [5] Zeph A., Onyemachi O., Michael N., “Electronic banking and bank performance in Nigeriaâ€, West African Journal of Industrial & Academic Research Vol. 6, No. 1, 2013.

      [6] Buhari B., Tambuwal A., "Security Enhanced Online Registration Prepaid Scratch Card Payment Approach", Journal of Engineering And Technology Research, Vol. 2, No. 6, pp. 53-59, 2014.

      [7] Salma A., Devi C., Saranya V., "Smart Card for Banking with Highly Enhanced Security System", International Journal of Electronics and Communication Engineering (SSRG-IJECE), Vol. 1, Issue 2, 2014.

      [8] Mridha M., Kamruddin N., Aloke K., Saha, Akhtaruzzaman A., "A New Approach to Enhance Internet Banking Security", International Journal of Computer Applications, Vol. 160, No. 8, 2017.

      [9] Avik D., Subhasree D., Rajib G., "The Techniques behind the Electronic Signature based upon Cryptographic Algorithms", International Journal of Advanced Research in Computer Science, Vol. 5, No. 3, 2014.

      [10] Stallings W.," Cryptography and Network Security Principles and Practices", Fourth Edition, http://www.inf.ufsc.br/~bosco.sobral/ensino/ine5680/material-cripto-seg/2014-/Stallings/Stallings_Cryptography_and_Network_Security.pdf.

      [11] Kameswara R., Krishna Y., Kumar K., "An Image Authentication Technique Using Watermarking and Hash Function", International Journal of Advanced Research in Computer Science, Vol. 2, No. 2, pp. 86-89, 2011.

      [12] Hanaek P., Kamil M., Jiri S., "E-banking security-comparative study." Security Technology, 42 Annual IEEE International Carnahan Conference, IEEE, 2008.

      [13] CNBC Official website, https://www.cnbc.com/2017/02/01/consumers-lost-more-than-16b-to-fraud-and-identity-theft-last-year.html, retrieved at 4:30 PM, on 2/3/2018.

      [14] Barreto P., Vincent R., "The Whirlpool hashing function." First, open NESSIE Workshop, Leuven, Belgium. Vol. 13. 2000.

      [15] Preneel B., New European Schemes for Signature, Integrity and Encryption (NESSIE): A Status Report, Proceedings of the Fifth International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography. Lecture Notes in Computer Science, New York: Springer-Verlag, 2274, pp. 297–309.

      [16] Zalewski P., "FPGA design and performance analysis of SHA-512, whirlpool and PHASH hashing functions", PhD Thesis, published in 5/1/2008.

      [17] Stallings W... "The Whirlpool secure hash function." Cryptologia 30.1 (2006): 55-67.

      [18] Francois-Xavier S., Piret G., Quisquater J., "Cryptanalysis of block ciphers: A survey", UCL Crypto Group, 2003.

      [19] Miyaguchi, S., K. Ohta, and M. Iwate. 1990. Confirmation that Some Hash Functions are Not Collision Free, Proceedings, Advances in Cryptology—EUROCRYPT 090. New York: Springer-Verlag, pp. 326–343.

      [20] Black, J., Rogaway P., Shrimpton T., “Black-Box Analysis of the Block-Cipher-Based Hash Function Constructions from PGVâ€, Proceedings, Advances in Cryptology—CRYPTO 002, New York: Springer-Verlag, pp. 320–335, 2002.

      [21] Preneel, B., Govaerta R., Vandewalle J., “Hash Functions Based on Block Ciphers: A Synthetic Approachâ€. Proceedings, Advances in Cryptology—CRYPTO 093. New York: Springer-Verlag, 1993, pp. 368–378.

      [22] Marcus S., “The Statistical Evaluation of the NESSIE Submission Whirlpoolâ€, Available: https://www.cosic.esat.kuleuven.be/nessie/reports/phase1/sagwp3-037_1.pdf

      [23] Mendel F., "The rebound attack: Cryptanalysis of reduced Whirlpool and Grøstl", Fast Software Encryption. Springer, Berlin, Heidelberg, 2009.

      [24] Lamberger M., "The rebound attack and subspace distinguishers: Application to Whirlpool", Journal of Cryptology, Vol. 28, No. 2, (2015): 257-296.

      [25] Sasaki, Yu, et al. "Investigating fundamental security requirements on whirlpool: improved preimage and collision attacks." International Conference on the Theory and Application of Cryptology and Information Security. Springer, Berlin, Heidelberg, 2012.

      [26] Sasaki, Yu. "Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool." International Workshop on Fast Software Encryption. Springer, Berlin, Heidelberg, 2011.

      [27] Kitsos, Paris, and Odysseas Koufopavlou. "Efficient architecture and hardware implementation of the Whirlpool hash function." IEEE Transactions on Consumer Electronics 50.1 (2004): 208-213.

      [28] McLoone, Máire, Ciaran McIvor, and Aidan Savage. "High-speed hardware architectures of the Whirlpool hash function." Field-Programmable Technology, 2005. Proceedings. 2005 IEEE International Conference on. IEEE, 2005.

      [29] Satoh, Akashi. "ASIC hardware implementations for 512-bit hash function whirlpool." Circuits and Systems, 2008. ISCAS 2008. IEEE International Symposium on. IEEE, 2008.

      [30] Krawczyk, Kamil, Paweł Tomaszewicz, and Mariusz Rawski. "Whirlpool SoPC Implementation-Hardware/Software Co-Design Example." International Journal of Electronics and Telecommunications 58.1 (2012): 21-26.

      [31] Hilewitz, Yedidya, Yiqun Lisa Yin, and Ruby B. Lee. "Accelerating the whirlpool hash function using parallel table lookup and fast cyclical permutation." International Workshop on Fast Software Encryption. Springer, Berlin, Heidelberg, 2008.

      [32] Fiskiran, A.M.: Instruction Set Architecture for Accelerating Cryptographic Processing in Wireless Computing Devices. PhD Thesis, Princeton University (2005).

      [33] Fiskiran, A.M., Lee, R.B.: On-Chip Lookup Tables for Fast Symmetric-Key Encryption. In: Proceedings of the IEEE 16th International Conference on Application-Specific Systems, Architectures and Processors (ASAP), pp. 356–363. IEEE, Los Alamitos (2005).

      [34] Al-Ani D., Shaban M., Noory R., "Billing system design based on internet environment", Editorial Preface, Vol. 3, No. 9, pp. 224 – 230, 2012.

      [35] [Peterson W., Brown D., "Cyclic codes for error detection", Proceedings of the IRE, Vol. 49, No. 1, pp. 228-235, 1961.All the middle nodes represented as a blue circle surrounding them. When the energy of a specific node down to 18, the AODV evades that specific node. Here in this case there are [3] such nodes 0,2,10. The new route is shown below.

  • Downloads

  • How to Cite

    Yaseen Khudhur, D., Saad Hameed, S., & M. Al-Barzinji, S. (2018). Enhancing e-banking security: using whirlpool hash function for card number encryption. International Journal of Engineering & Technology, 7(2.13), 281-286. https://doi.org/10.14419/ijet.v7i2.13.12682