Open Access  Subscription or Fee Access

E-commerce and m-commerce transactions are growing at an explosive rate. The success of these depends on how transactions are carried out in the most secured manner. As the popularity of the Web increases, the Web will continue to evolve from a means of providing an easy way of accessing (and publishing) information on the Internet to a virtual marketplace where everything can be bought or sold, just like in the physical world. In order to ensure privacy, there needs to be security. The market already provides several security tools, such as the Secure Socket Layer (SSL) protocol developed by Netscape. Another example is Pretty Good Privacy. Such security tools can help protect privacy by preventing access to the information for non-authorized parties. But privacy requires more than that. There also need to be ways of controlling the access to and the distribution of information. This paper presents how message level security is achieved in web services interactions and evaluated a number of commonly used cryptographic algorithms to determine which are most suitable for the task. The implementation of a hybrid algorithm is performed by combining both the symmetric key algorithm of AES and the asymmetric key algorithm of Elliptic Curve Cryptography (ECC). This hybrid algorithm that has been implemented also considers takes care of the integrity of data using MD5 algorithm.

Advanced Encryption Standard (AES), Elliptic Curve Cryptography (ECC), Internet Security, MD5 algorithm Secure Socket Layer (SSL).

C. Adams and S. Lloyd, ―Understanding PKI: Concepts, Standards, and Deployment Considerations‖, second edition, Addison-Wesley, 2003.

D. Boneh and G. Durfee, “Cryptanalysis of RSA with Private Key d Less than N0.292‖, IEEE Transactions on Information Theory, 46(4):1339-1349, July 2000.

D. Boneh and H. Shacham, ―Fast Variants of RSA‖, CryptoBytes, 2002, Vol. 5, No. 1, Springer, 2002.

H.M. Sun and M.E. Wu, ―An Approach towards Rebalanced RSA-CRT with Short Public Exponent‖, Cryptology ePrint Archive, 053/2005. http://eprint.iacr.org/

Barclays Bank, “Business Internet Banking – Security and Confidentiality”, Item Ref: 9901713COM. May 2006.

C. Lamprecht1 A. van Moorsel P. Tomlinson N. Thomas, ”Investigating the efficiency of Cryptographic algorithms in online Transactions‖, I. J. of Simulation vol.7, no. 2, ISSN 1473-804x online, 1473-63 8031 print.

E.Barker, W.Barker, W.Burr, W.Polk and M.Smid, "Recommendation for Key Management - Part 1: General (Revised)", NIST Special Publication pp.800-57, March 2007.

R .Ganesan, M.Gobi and Dr. K Vivekanandan, ”Elliptic and Hyperelliptic Curve Cryptography Over Finite Field Fp―, i-Manager‘s Journal on Software Engineering, vol. 3, issue No.2, pp.52-50, ISSN-0973-5151. October-December, 2008,

R.Ganesan, Dr. K Vivekanandan, “Performance Analysis of Hyper-Elliptic Curve Cryptosystems over Finite Field Fp for Genus 2 and 4‖, International Journal of Computer Science and Network Security (IJCSNS) vol.8, no.12, pp 415 – 418, Dec .2008

A.Hiltgen, T.Kramp, T .Weigold , “Secure Internet Banking Authentication‖, IEEE Security and Privacy, vol. 4, no.2, 2006.

B. Schneier, ―Applied Cryptography: Protocols, Algorithms and Source Code in C‖, Wiley, 1996.

D .Osama, Phu Dung Le, B Srinivasan, “Security Analysis for Internet Banking Models”, Eigth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNDP 2007, vol.3 , pp 1141-1146, July 30 2007 – Aug 1 2007.

J .Seitz, E.Stickel, “Internet Banking – An Overview”, Journal of Internet Commerce and Banking, vol.3, no.1, 1998. http://www.arraydev.com/commerce/JIBC/9801-8.htm

A.Antipa, D.R. Brown, R. Gallant, R. Lambert, R.Struik and S.A. Vanstone, “Accelerated Verification of ECDSA Signatures” , in Proceedings of Selected Areas in Cryptography −SAC2005,

D.R. Hankerson, A.J. Menezes, S.A. Vanstone, “Guide to Elliptic Curve Cryptography, New York: Springer, 2003.

IEEE 1363: Standard Specifications for Public-Key Cryptography

Liao Ziqi, M .heung, “Internet based e-banking and consumer attitudes : An empirical study”, Information and management, vol. 39, issue 4, pp.283-295, Jan 2002.

Liao Ziqi, Cheung M, “Challenges of internet e-banking”, Communication of ACM, vo.46, no.12, pp.248-250, Dec 2003.

NIST SP800-56a, “Recommendation for Pair-wise Key Establishment Schemes Using Discrete Logarithm Cryptography”, March 8, 2007.

“SEC4 –Elliptic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV)”, Standards for Efficient Cryptography Group, Draft v0.9, Nov.14, 2007.

B. Preneel, S. Tavares, Eds., Lecture Notes in Computer Science, vol. 3897, pp. 307-318, New York: Springer, 2006.