Professional Documents
Culture Documents
Lame Segokgo
e-mail: lame.segokgo@gmail.com
Abstract
It has to be appreciated that most people are choosing the click and mortar type of shopping
methods as opposed to brick and mortar models. E- Commerce is the purchasing of goods and
services through the internet, Al-Slamy, N.M.A (2008). This model includes exchanging of
valuable information between the buyer and the seller and amongst this information are
financial credentials which are compromised when transactions take place over the internet
hence the need for security mechanisms such as encryption. According to Widjadja, D., (2009),
Encryption is the encoding of data using an algorithm so that it is incomprehensible to any party
in the event that data transmission is intercepted unless the key is known to enable decryption.
There is Symmetric encryption and Asymmetric encryption as types of encryption and then
techniques such as the RSA (Rivest-Shamir-Adlmen) algorithm, Data Encryption Standard
(DES), Secure Socket Layer (SSL) and Pretty Good Privacy (PGP), all of which will be
evaluated in this paper as far e-commerce is concerned. This paper will briefly evaluate the
abovementioned encryption techniques, their roles in e-commerce and as well as the future of
encryption as far as e-commerce is concerned. We will also evaluate the existing literature on
the phenomenon.
1.0 Introduction
It has been observed that most people now
are moving towards purchasing of goods and
services through the internet and that is
termed as electronic commerce or ecommerce, according to Al-Slamy, N.M.A.,
(2008). This thereby means that a lot of user
data to the extent of financial credentials are
being part of the transaction(s). The
different types of e-commerce models
available are, business to business (B2B),
http://members.tripod.com[Accessed on 3010-2012]
3.3 Pretty Good Privacy (PGP)
This is an algorithm founded by Phillip
Zimmerman and standardized in 1996 to
provide a good means of communications in
a non-secure environment. It is now owned
by Network Associates who have now since
converted it into open source allowing
anyone to review the code and suggest
improvements. Its application is mostly
centered in securing e-mail communications
but the US government has since adopted it
to secure day-to-day communications, thus
fulfilling the original intentions of
Zimmerman and PGP of safeguarding
information from governmental intrusions,
Sean, D. (2000). Most e-commerce retailers
however use PGP as a way of signing the
document/communique as a way of
verifying the integrity of the original work.
There are five (5) services offered by PGP
and these are; authentication,
confidentiality, compression, e-mail
compatibility and segmentation. According
to Pool, J.B., (2001), the process of PGP
entails a user creating a pair of keys in
inception of the process. These keys are
created at varying strengths to the
satisfaction of the user, that is a 512, 1024 or
2048bit keys can be used, the higher the
number, the stronger the key.As other
standards a pair of keys is produced, being
the private key and the public key, the
private key should be kept as safe as
possible. There are a few quoted advantages
of using this encryption algorithm; a user
has absolute assurance that the information
they had just sent or received has not been
5.0 Recommendation
This section is where this paper will
recommend its suggestions to the online
security authorities as far as encryption
techniques in e-commerce are concerned.
With all the above realizations that some
encryption techniques can be cracked if the
right resources are channeled towards the
process, this paper recommends that those
loopholes should be perused and they be
solved amicably. This could be done by
investing the right kind of resources or more
that maybe needed to break the code if
possible, and exploring the number of bit
blocks that are used to break that code. After
all this is done, the developers will be in a
good way to determine the exact
requirements needed to improve the
algorithm. Such techniques for example are
the likes of Data Encryption Standard
(DES). Also to ensure that online customers
interests are safeguarded and thought for,
the authorities should hastily move to
standardize the Advanced Encryption
Standard (AES) which has not been
standardized as yet. AES is said to be a
direct improvement/replacement to the DES
as it uses transformations on 128bit blocks
as compared to the 64bit blocks of DES.
Also, this research suggests that online
customers should be advised to move for
latest encryption enabled software
environments like SSL enabled browsers as
their payment information needs to be
confidential between them and their retailers
and only such environments can guarantee
such confidentiality and integrity. There
should also be a regulatory body with the
open source community which will ensure
that the developed products do not
6.0 Conclusion
This research paper concludes that for the
complete security of transactions and
information that transpires between the
buyer and the seller online, there has to be
robust technological advancement thus
ensuring that different techniques of ecommerce are catered for. It has been
acknowledged in the paper that hackers are
also improving their intellect and resources
to counter or manipulate the existing
encryption techniques for e-commerce
systems, so the authorities should act well in
time to save the customers from such
incidents. With all fact finding especially
from the existing literature espoused by this
research, this research would like to
conclude that the best algorithm yet is the
RSA algorithm which more secure and has
less shortfalls as compared to all other
techniques reviewed herein. This conclusion
comes after reviewing the processes of the
RSA algorithm, its pros and cons and its
ability to not allow room for repudiation. An
interesting advantage quoted is that, it
provides security for information without
compromising usability.
However, with integration of other online
security mechanisms like the Intrusion
Detection Systems, the encryption
techniques used for e-commerce would not
come costly as the intrusion detection
systems would keep hackers at bay. This
conclusion is derived from the impeccable
ability of the intrusion detection systems of
being able to keep hackers at bay or alert the
administrator of any malicious intent during
the transaction.
7. References
[1]. Dr. Nada M. A. Al-Slamy (2008).
Ecommerce Security,Vol. 8, No.5,
International Journal of Computer Science
and Network Security, Available at
paper.ijcsns.org/07_book/200805/20080550.
pdf [accessed on 30-10-2012]
[2] Diana Widjadja, (2009). E-commerce,
Encryption Methods for secure e-commerce
websites Available at
www.dianawidjaja.com/files/ecommercesec
urity.pdf [Accessed 30-10-2012]
[3] http://www.coldfuel.co.uk/newsblog/the-importance-of-ssl-for-yourecommerce-website/[accessed on 30-102012]
[4] John K. Higgins, Feds Find E-mail
Encryption Can Backfire, October 26, 2012
http://www.ecommercetimes.com/story/764
87.html [accessed on 30-10-2012]
[5] V Ramajan, (2001). Electronic
Commerce, Secure Messaging, vol 6. Pg.8
17 Available at
www.ias.ac.in/resonance/Jan2001/pdf/Jan20
01p8-17.pdf [Accessed on 30-12-2012]
[6] Margaret Rouse, RSA (Rivest Shamir
Adleman) Algorithm, September, 2005.
http://searchsecurity.techtarget.com/definitio
n/RSA (Accessed 30-10-2012)
[7] Robert Kelleen,
http://members.tripod.com[Accessed on 3010-2012]
[8] Dane Henry, RSA: Asymmetric
Cryptography and Algorithm Analysis for a
Secure Computing Environment, 2009.
Available at
http://www.dwhenry.com/files/RSA.pdf
[Accessed on 30-10-2012]
[9] Bernard John Poole. Pretty Good
Privacy Downloading, Installing, Setting
Up, and Using this Encryption Software -A
Tutorial for Beginners to PGP, 2001.
Available at
http://www.pitt.edu/~poole/PGPTutorial.pdf
[Accessed 30-10-12]
[10] Korper, S. and Ellis, J., the ECommerce Book, 2nd Edition, Academic
Press, 2001.
[11]
http://developer.netscape.com/docs/manuals/
proxy/adminux/encrypt.htm [Accessed on
30-10-2012]