Secured Payment Scheme Method to Avoid Frauds
Published on Sep 16, 2019
With the recent advent of cloud computing, the concept of outsourcing computations, initiated by volunteer computing efforts, is being revamped. While the two paradigms differ in several dimensions, they also share challenges, stemming from the lack of trust between outsourcers and workers. In this work, we propose a unifying trust framework, where correct participation is financially rewarded: neither participant is trusted, yet outsourced computations are efficiently verified and validly remunerated.
We propose three solutions for this problem, relying on an offline bank to generate and redeem payments; the bank is oblivious to interactions between outsourcers and workers. We propose several attacks that can be launched against our framework and study the effectiveness of our solutions. We implemented our most secure solution and our experiments show that it is efficient: the bank can perform hundreds of payment transactions per second and the overheads imposed on outsourcers and workers are negligible.
In the existing system, Motivated by the ability of computer owners to donate CPU resources, volunteer computing takes advantage of the parallelizable nature of several large compute problems to distribute jobs to available computers over the internet. In Existing system the problem of existing outsourcing computations in distributed environments has several security challenges.
These challenges stem from the lack of trust between the outsourcer and a worker. Previous work has extensively considered one side of the trust problem - the efficient verification of the completion of the outsourced computation. We believe this to be the first work that simultaneously addresses the other side of trust - ensuring valid remuneration for the work. Outsourcers have computing jobs they cannot complete in a timely fashion, whereas workers are willing to spend CPU cycles to run parts of such jobs. Outsourcers do not trust the workers to correctly perform computations and workers do not trust outsourcers to pay for completed jobs. Motivated by the ability of computer owners is to donate CPU resources and volunteer computing takes advantage of the parallelizable nature of several large compute problems to distribute jobs to available computers over the internet.
DISADVANTAGES OF EXISTING SYSTEM:
· Main problem is that address the lack of trust of outsourcers on workers, the lack of trust of a worker in the outsourcer is not addressed.
· Workers do not have any verification process. So malicious outsourcer enter into the process.
· Sometimes the intruders make misuses the outsourcing process.
We propose a unifying trust framework, where correct participation is financially rewarded: neither participant is trusted, yet outsourced computations are efficiently verified and validly remunerated. We propose solutions that address both issues of trust. In our proposed system we introduce payment outsourced scheme for outsourcing computation that is only based on traditional electronic cash systems.
To avoid the problem in an existing system, we use the following three solutions are, In our first solution, it requires outsourcer to split the key used to obfuscate the payment and hides the sub keys into pre computed, randomly chosen parts of the job. The worker is entitled to a probabilistic verification of the payment received before beginning the computation. However, a malicious outsourcer that generates a single incorrect subkey may pass the verification step but prevent an honest worker from recovering the payment. In our second solution, outsourcer uses threshold sharing to divide the payment into multiple shares and obfuscates a randomly chosen subset of the shares with solutions to parts of the job.
The worker needs to retrieve only a subset of the shares in order to reconstruct the payment. This significantly improves the worker’s chance of retrieving the payment even in the presence of a malicious outsourcer generating incorrect shares. However, this solution provides the worker with an unfair advantage in recovering the payment before completing the job: fewer shares need to be discovered. In our third solution, we use exact secret sharing to compute shares of the payment token—all the shares are needed to reconstruct the payment. Instead of generating a single ringer set, outsourcer generates a ringer set for each payment share and uses a function of the ringer set to “hide” the share. Worker and outsourcer run a verification protocol, where all but one share are revealed and the correctness of the last share is proved in zero knowledge.
ADVANTAGES OF PROPOSED SYSTEM:
· It improves the worker’s chance of retrieving the payment even in the presence of a malicious outsourcer generating incorrect shares.
· This solution provides the worker with an unfair advantage in recovering the payment before completing the job: fewer shares need to be discovered.
· It provides the full trust to the service provider (worker) and Outsourcers (outsourcer).
ALGORITHM AND TECHNIQUES:
Symmetric key algorithm:
Symmetric-key algorithms are a class of algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of cipher text. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. This requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption, in comparison to public-key encryption.
Secret sharing techniques: Secret sharing techniques refers to method for distributing a secret amongst a group of participants, each of whom is allocated a share of the secret. The secret can be reconstructed only when a sufficient number, of possibly different types, of shares are combined together; individual shares are of no use on their own. Secret sharing schemes are ideal for storing information that is highly sensitive and highly important. Examples include: encryption keys, missile launch codes, and numbered bank accounts.
Each of these pieces of information must be kept highly confidential, as their exposure could be disastrous; however, it is also critical that they not be lost. Traditional methods for encryption are ill-suited for simultaneously achieving high levels of confidentiality and reliability. This is because when storing the encryption key, one must choose between keeping a single copy of the key in one location for maximum secrecy, and keeping multiple copies of the key in different locations for greater reliability. Increasing reliability of the key by storing multiple copies lowers confidentiality by creating additional attack vectors; there are more opportunities for a copy to fall into the wrong hands. Secret sharing schemes address this problem, and allow arbitrarily high levels of confidentiality and reliability to be achieved.
· Initiate process
o Business login
o Personal login
· Banking process
· Payment process
· Verification Process
· Manage files process
Initiate process is the first step to enter the payment outsourcing process. Initiate process is the Login process. Before entering the account the Outsourcer need to register their personal details. In this step the registration process contains the two different types of registration for Outsourcer convenient. These processes are Business login and Personal Login. Business login is the process to register the details of user who needs to make the business in the online purpose. In this process the Outsourcers should enter the all personal details and also need to enter the storage capacity as their process need. If the Business process required storage capacity of 5GB, they need to pay 20$, and etc. If the personal login required storage capacity of 2 GB, they no need to pay money. In this register process, after submitting this register key (code) will send to the particular user’s mail id. The register key (code) is used for authentication purpose.
Banking Process contains the process of manage the banking details. Before enter the banking process, the Outsourcer need to submit the details about him. Details of the banking needs Name, Address, Country, State, Area, Pin code, Phone number and Email id. After the submitting the account creation of bank, the key and credit card number will send to his own mail id. This key provides the more authentications to both the Outsourcers and servers. And then the Outsourcer enters into the bank process using name and code which are sent his mail id. Banking process have the following items are, Account details, Deposit, with draw and logout. In account detail process, it has the items of Account number and code (generated in their own mail id). After entering the details, the process used to view the account process. In deposit process, it has the items of Enter amount, Enter code and Account number. After entering the details amount will deposit in their account. In withdraw process; it has the items of Enter amount, Enter code and Account number. After entering the details amount will withdraw by the Outsourcer.
Payment processes have the process of Mail ID, Card Number, Code and Storage cost. Before entering the payment process the process needs the banking process. Because the payment process need the storage cost, so the amount form the Outsourcer is get from the bank through the banking details. After the banking process is completed the Outsourcer enters the payment process. Verification of the payment based on the shape verification and code verification. If wrong shape is draw means the process not entered into the account. After the submitting of correct shape, then only the process enters into the payment account.
Main process of the payment for outsourced computation is Authentication. For Authentication purpose the process should perform the verification step of the Outsourcer. This process has the two types of verification are Code verification and Shape verification. Code verification are the process, that done in after the submitting the bank process and the payment account process. The code or key of the process is send to our own mail id (as we providing in the personal details). After verifying of the code, then only the next process is done. Shape verification is the process of verification done by the shape model. Outsourcer need to draw the shape that is given in the login page. After completing the correct shape, then only the Outsourcer get inside the process.
MANAGE FILES PROCESS:
Managing file process is the process that is maintained in the payment process. In this process, the process maintains the item sets of Home, Account Details, File Folders and Logout process. Home processes have the process of Upload, New folder and delete file options. Upload file has the elements that are secure file and zip file for securing the uploaded data. Secure files used for Encrypt and Decrypt the data files. Zip file used for compressing the data. Account detail process provides the personal details of the Outsourcer and it also provides the date of expiry. File Folder process used for searching the files using file name, file size, folder name and available size. This process also used for download the file data.
CPU type : Intel Pentium 4
Clock speed : 3.0 GHz
Ram size : 512 MB
Hard disk capacity : 40 GB
Monitor type : 15 Inch color monitor
Keyboard type : internet keyboard
Mobile : ANDROID MOBILE
Operating system :Windows XP/7.
Coding Language : Java 1.7
Tool Kit : Android 2.3 ABOVE
IDE : Eclipse