 Open Access
 Total Downloads : 479
 Authors : Monali Nitesh Shetty, Tejas Puranik, Swapnali Ghosalkar , Swati Jaybhaye
 Paper ID : IJERTV3IS070872
 Volume & Issue : Volume 03, Issue 07 (July 2014)
 DOI : http://dx.doi.org/10.17577/IJERTV3IS070872
 Published (First Online): 22072014
 ISSN (Online) : 22780181
 Publisher Name : IJERT
 License: This work is licensed under a Creative Commons Attribution 4.0 International License
Analysis of Elliptic Curve Cryptography for Mobile Banking
Monali N. Shetty
Assistant Professor Department of Computer Science
Fr. Conceicao Rodrigues College of Engineering Mumbai, India
Tejas Puranik
B. E. Student
Department of Computer Science
Fr. Conceicao Rodrigues College of Engineering Mumbai, India
Swati Jaybhaye
B.E. Student
Department of Computer Science
Fr. Conceicao Rodrigues College of Engineering Mumbai, India
Swapnali Ghosalkar
B. E. Student
Department of Computer Science
Fr. Conceicao Rodrigues College of Engineering Mumbai, India
Abstract – The tremendous increase in the use of mobile and wireless devices with limitations on power, bandwidth and low security postulates a new generation of Public Key Cryptography (PKC) schemes. We state Elliptic curve cryptography as a PKC scheme which is capable of fulfilling those requirements. Our paper examines the use of Elliptic Curve Cryptography (ECC) in such a constrained environment along with the other two aspects of ECC, namely its security and efficiency. In the paper, the performance of ECC is evaluated by comparing its different methods of implementation to find out the most efficient solution for mobile environment considering the constraints of battery life, processing power, memory, speed, bandwidth etc. The efficient method is then tested for mobile payment application. ECC encryption and decryption is implemented and tested on user module to check whether it is capable of handling all constraints and providing high security. The implementation is divided into two parts first, design of API for ECC (Elliptic Curve Cryptography) which generates shared secret key required for secure communication and performs encryption, decryption and secondly, mobile application which allows user to perform mobile banking with the help of ECC.
Keywords: Elliptic Curve Cryptography, Analysis of ECC, Mobile Banking

INTRODUCTION
Elliptic Curve Cryptography is a public key Cryptography. Every user taking part in public key cryptography will take a pair of keys, a public key and a private key. The private key is known to only the authorised user whereas public keys are distributed to all users participating in communication. In ECC we will use some predefined constants which are known
as Domain Parameters. ECC is based on properties of a particular type of equation created from the mathematical group derived from points where the line intersects the axes. To generate the next point successive addition is performed but it is very difficult to find what number was used, even if you know the original point and the result. The heart of ECC is discrete logarithm problem that can be stated as it should be very hard to find a value k such that Q=KP where P and Q are known. But it should be relatively easy to find Q where k and P are known P, Q are points on the elliptic curve. Equations based on elliptic curves have a characteristic that is very valuable for cryptography purposes: they are relatively easy to perform, and extremely difficult to reverse.ECC has various applications ,some of the major fields are virtual currency Bitcoin, Secure Shell(SSH) protocol , Transport Layer Security (TLS) protocol , Physical smart cards like Austrian eID.The reason behind choosing ECC for mobile payments is it overcomes the constraints like shorter key size, smaller signature length, low calculation , fast operation and high security working.

ELLIPIC CURVE CRYPTOGRAPHY

ECC Algorithm
An Elliptic curve equation is of the form
y^2 = x^3 + ax +b (1)
or
y^2 + xy = x^3 + ax^2 +b (2)
or
y^2 + y = x^3 + ax +b (3)
where x and y are variables, a and b are constants. However, these values are not necessarily real numbers; instead they
may be values from any field.
There are different methods of ECC implementation, the most common is ECC implementation over real numbers, but it has several problemsthey cannot be stored precisely in a computer memory and it is not possible to predict the amount of storage required by them. Hence, we are considering an alternative approach of ECC implementation i.e. over finite field.

ECC implementation over finite field
In the cryptographic schemes, elliptic curves over two finite fields are mostly used.

Prime field Fp , where p is a prime
Elliptic Curve equation:
y2 mod p= x3 + ax + b mod p (4) where 4a3 + 27b2 mod p 0.
Point Addition
If P=(x1, y1), Q=(x2, y2),
R(x3, y3) =P+Q can be computed as
x3 = 2 x1 x2 mod p
y3 = (x1 x3) y1 mod p
=(y2 y1)(x2 x1) (5)
Point doubling If P= Q
x3 = 2 x1 x2 mod p
y3 = (x1 x3) y1 mod p
=( 3*x12+a)/2y1 (6)

Binary field F2m, where m is a positive integer
Elliptic Curve equation:
y2 + xy = x3 + ax2 + b (7)
where b 0
Here the elements of the finite field are integers of length at most m bits.
Point Addition
If P=(x1, y1), Q=(x2, y2),
R(x3, y3) =P+Q can be computed as =(y2+y1)/(x2+x1)
x3= (2) + +x1+x2+a
y3= (x1+ x3)+x3+y1 (8)
Point doubling
P = (xP ,yP ), then R = 2P = (xR ,yR ) xR = (* ) + + a
R
R
yP = x 2 ( + 1) x

E(Fq) should be divisible by a sufficiently large prime, in order to resist against the Pollard attack.

E(Fq) should not to be equal to q, to avoid the SemaevSmartSatohAraki attack.

To resist the MOV reduction attack, n should not divide qk1 for all 1k30


Key Generation using Elliptic Curve Diffie Hellman Scheme (ECDH):

Ephemeral key pair generation for Alice
Select a private key [1, n1] Calculate public key = G

Ephemeral key pair generation for Bob Select a private key [1, n1] Calculate public key G

Excange of and

Shared Key Computation K= , K=
K will be consistent as K= = P=


Encryption
Alice selects P, a point on the curve, as her plaintext, P. She then calculates a pair of points on the text as ciphertexts: C1=K * G, C2= P + K * .We may wonder how an arbitrary plaintext can be a point on the elliptic curve. This is one of the challenging issues in the use of the elliptic curve for simulation. Alice needs to use an algorithm to find a onetoone correspondence between a block of text and the points on the curve.
Representation of a message to a point:
ECC cryptosystem deals with the points lying within the defined elliptic curve to perform operations such as key generation, encryption and decryption. Hence, prior to ECC encryption the plaintext input should be mapped to Elliptic curve points. Our implementation involves mapping of every plaintext character to the random point on the curve. One to one correspondence between block of text and curve points is maintained with the help of ASCII values of the plaintext characters.
Generating cipher text:
For every plaintext character, the corresponding curve point P
is given to ECC encryption module and pair of points C1=K
* G, C2= P + K * is calculated as cipher text. After generating the pair of points for entire plaintext block i.e. one by one for all the mapped plaintext points, the cipher text block of points is considered as C1 followed by C2 part of all the cipher text pairs. C1 is transmitted only once at the beginning as the resulting value ofC1 will be same for all (C1, C2) pairs i.e. C1=K * G.
where = xP + yP / xP (9)
C. Selecting an Appropriate Elliptic Curve
Conditions to be satisfied:
F. Decryption
Multiply the C1 by i.e. (K G) and subtract the value from the second part of the received CT(C2) i.e.
P + K * – (K G) * = P + K * G – (K G) * = P(10)
After subtracting we get the original plain text point and the process is repeated for entire cipher text block. Then, the decrypted points are decoded to plaintext character, one by one to get the corresponding plain text message.


IMPLEMENTATION OF ALGORITHM
The example of ECC algorithm is explained with the snapshots of GUI developed for analysis of ECC.
Fig.1. GUI of ECC
User will have to enter domain parameters such as a, b, n ,
, where , are coordinates of generator point, a and b are constants and n is the range of finite field.
Fig. 2 . Finite points generation
Fig. 3. Private and Public key generation and verification
Fig. 4 . Encryption and Cipher text transmission
Fig. 5 . Decryption

ANALYSIS OF ECC

Analysis of different methods of ECC
Over finite prime field:
It is suitable for s/w applications and for the processors having large multipliers for performing integer arithmetic. They do not need the extended bitfiddling operations required by binary curves.
Over binary field:
Suitable for implementation of embedded systems and for h/w implementation as simply XOR and AND gates are needed to implement the whole system. Less no of logic gates as compared to prime field implementation are required.

Security of ECC
TABLE I. RSA AND ECC COMPARISON
The security of ECC depends upon how to calculate k when point is given in scalar multiplication. The security levels which is given by RSA can be provided by smaller keys of elliptic curve cryptosystem As compared to RSA, which offers 1024 bit security strength, ECC offers the same in 160 bit key length. Efficiency of ECC is depends upon factors such as computational outlay ,key size ,band width ,ECC provides higherstrength per bit which include higher speeds, smaller power consumption, bandwidth reserves, storage efficiencies, and smaller certificates. For providing security mechanism will require fundamental basic security services such as authentication, confidentiality, nonrepudiation and message integrity.

Implementation of ECC cryptosystem for mobile banking
We have integrated our code of ECC with j2me and it meets all the constraints required for mobile banking. For the first time registration user will have to visit banks website where he will have to provide certain confidential information for getting his Mpin. Mpin is the security code which helps to provide authentication and confidentiality. At the same time keys required for encryption and decryption will be generated for the user.
The following snapshots give the overview of ECC equipped mobile banking module.
Fig. 6. MBanking menu
Fig. 7. Mpin submission by user
Fig. 8. CT generation for mpin
Fig. 9. Encrypetd server side response
Fig. 10. Actual (decrypted) response shown to the user
After deployment of the module, screens giving information about ECC parameters and encrypted responses will not be available to the user i.e. fig 8and 9 are not to be displayed to the user screen they are only needed from implementation point of view. Hence, the ECC equipped mobile banking approach is made transparent to the general user.

Analysis over different key sizes
Curve name: secp112r1 Plaintext: hello
Ciphertext: A > &n 9P v u
Ciphertext size: 20
Curve name: secp160r1 Plaintext: hello
Ciphertext: d 7Q jK N"\ &
Ciphertext size: 26
Curve name: secp256r1 Plaintext: hello
Ciphertext: ^ u6ot\: Y X 5pa *
8 
Ciphertext size: 38
Result: As the key size increases the size of ciphertext also increases. So we can say that, as the key size increases the security also increases.

Analysis for unique mapping of plaintext characters
Curve name: secp112r1 Plaintext: hello
Ciphertext: T G X; + { A
Curve name: secp112r1 Plaintext: hello
Ciphertext: t ] – ? { . #L
Curve name: secp160r1 Plaintext: hello
Ciphertext: I}4 _bW _ ws ,
Curve name: secp160r1 Plaintext: hello
Ciphertext: d 7Q jK N"\
&
Curve name: secp256r1 Plaintext: hello
Ciphertext: ^ u6o t\: Y X
5pa * 8 
Curve name: secp256r1 Plaintext: hello
Ciphertext: _cR f_
cR f_ R< O X,w
Result: Each time different ciphertext is generated, even though plaintext and key size remains same. So it is clear that each character is uniquely mapped to different points at fferent times.


CONCLUSION
Our Paper studied the different methods of implementing the ECC. We implemented API for ECC which performed key generation, encryption and decryption. This API is then integrated with j2me to check whether ECC is suitable for mobile banking. As the security of the proposed system is very hard, it is very clear that the proposed Mobile Banking using ECC will dominate banking sector in India. It has been mentioned in many literatures that a considerably smaller key size can be used for ECC compared to RSA. Also mathematical calculations required by elliptic curve cryptosystem are easier, hence, require a low calculation power.
REFERENCES

T K Mohanta, R K Samantaray, R P Panda. Public Key Cryptography for mobile payment. Researcher 2013;5(5):913]. (ISSN: 15539865).

Prof.Avinash Wadhe, Miss Namrata A.Sable Mobile SMS Banking Security Using Elliptic Curve Cryptosystem In Binary Field International Journal of Engineering Research and Applications (IJERA) ISSN: 22489622

Vorugunti Chandra Sekhar1, Mrudula Sarvabhatla. A Secure Account Based Mobile Payment Protocol with Public Key Cryptography published in "ACEEE International Journal Network Security 3, 1
(2012)

G.N.Purohit, Asmita Singh Rawat Efficient Implementation of Arithmetic Operations in ECC over Binary Fields published in International Journal of Computer Applications (0975 8887) Volume 6 No.2, September 2010

Darrel Hankerson1, Julio Lopez Hernandez, and Alfred Menezes Software Implementation of Elliptic Curve Cryptography over Binary Fields published in Springer

Sattar J Aboud Public Key Cryptography for mobile payment Information Technology Advisor,Iraqi Council of Representatives,IraqBaghdad

Ajay Kakkar, M. L. Singh, P.K. Bansal Comparison of Various Encryption Algorithms and Techniques for Secured Data Communication in Multinode Network International Journal of Engineering and Technology Volume 2 No. 1, January, 2012

Study of Indian Banks Websites for Cyber Crime Safety Mechanism (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 2, No.10, 2011