Dynamic Rule Encryption for Mobile Payment

The trend of financial transactions by using amobile phone ormobile payment increases. By using themobile payment service, users can save money on mobile phone (handset) and separate from the pulse. For protecting users, mobile payment service providers must complete the mobile payment service with the transaction security. One way to provide transaction security is to utilize a secure mobile payment application.This research provides a safety feature used for an Android-based mobile payment application. This security feature is making encryption rules dynamically named Dynamic Rule Encryption (DRE). DRE has the ability to protect data by means of encrypting data with dynamic rules, and DRE also has a token function for an authentication. DRE token raised with dynamic time-based rules. Here, the time is used as a reference with the order of the day in the year (day of the year). The processes of the DRE’s encryption, decryption, and the DRE’s functionality as the token are discussed in this paper. Here, the Hamming distance metric is employed for having maximum differences between plaintext and ciphertext.


Introduction
The current trend is numbers of mobile phones decreased slowly while smartphones are growing rapidly.In addition, the computing resources in smartphone improving yearly with more applications can be integrated into it.Due to applications, smartphone is an electronic device that is most commonly used.A sort of smartphone apps has been made by the developers in Indonesia, for example: GO-JEK (online taxi motorbike) has successfully run using smartphone [1], mobile-based academic information system [2], shopping using smartphone [3], mobile payment [4,5], and mobile service commerce [6].
Trends in financial transactions using a mobile phone or mobile payment increase.The numbers of operators providing such services also increased.By employing the mobile payment service, customers can save money on mobile phone (handset) and separate from the main content.Thus, the mobile phone serves as an electronic wallet (mobile wallet).
Currently, most of Android smartphones support Near Field Communication (NFC).The NFC has been implemented in shopping [3] and a mobile payment application [4,5].
The mobile payment service provider should complete mobile payment service with a good transaction security.One path to provide transaction security is to utilize secure mobile payment applications.Mobile payment applications should have good security because the application will contain sensitive data, including account, password, PIN, e-money, and transaction data.This research offers a security feature used for mobile payment applications on the Android operating system.This security feature is a dynamic encryption rule named Dynamic Rule Encryption (DRE).DRE has the power to protect information by encrypting data with dynamic rules, and DRE also has a function as a token for authentication.Token raised DRE using dynamic rules or change by time.The reference period used is on the order of the day in the year (day of the year).Many existing rules on DRE are limited to certain time.This causes the device to be connected to the server to update the rules DRE.By connecting to the server, the server can validate the existing data on the mobile payment application, so that if there are invalid data, the data is detected.In addition, the DRE token contains information about the device, time, mobile payment user's account, and other information used for authentication.

Literature Survey
2.1.Encryption.One element that should be owned by the sensitive data is data security.Sensitive data should have dependable data security; both when it is stored on storage media or when transferred to another location via any channel, for example, via the Internet.Data security can be constructed in various ways, one of which is by using encryption of the data to be stored or transferred.
Encryption can also be named a secret password (cipher).But the actual encryption is only one part of a secret password.Secret password consists of encryption and decryption.Encryption is the procedure of encoding the information so that the information cannot be read by normal means.Encryption will change the data on the information that will be hard to read and time consuming if the encryption result data decoded without using any special rules or codes.
Encryption involves secret data called key.The keys are also employed in the decryption process.Without using a key, the information will not be encrypted or decrypted.The information input into encryption called plaintext and encrypted data is called ciphertext.The ciphertext message contains all the information of the plaintext message but not in format that is obtained and read normally.Decryption process is required to restore the plaintext to ciphertext.The block diagram of encryption process is shown in Figure 1.

Encryption Type.
By the type of the key, encryption is divided into two types, namely: (1) Symmetric encryption, and (2) Asymmetric encryption.Symmetric encryption is encrypted using the same key for encryption and decryption, while the asymmetric encryption is encrypted using different keys for encryption and decryption, namely, a public key and a private key.Symmetric encryption includes AES, DES, and Triple DES.Asymmetric encryption includes RSA.
Looking at ways of processing the data, there are two types of encryption, namely: (1) The stream cipher, and (2) Block cipher.
Stream ciphers are used in the symmetric encryption, while the block ciphers are used in symmetric and asymmetric encryption.The difference between stream ciphers and block cipher is block ciphers process data in data blocks, while stream ciphers process data one bit or one byte at a time.

AES (Advanced Encryption Standard
). AES is a type of encryption using symmetric keys and a block cipher [7].AES consists of three types, namely, AES-128, AES-192, and AES-256.Each has a size of 128-bit block cipher with a key size  of 128, 192, and 256 bits.AES has been analyzed extensively and is widely used throughout the world.From the size of the blocks, AES works on a 4 × 4 matrix in which each cell of the matrix consists of a 1 byte (8 bits); then the size of a block is 16 bytes.At AES, there are 4 main stages to process the incoming data, namely, stage SubBytes, ShiftRow, MixColumn, and add round key. Figure 2 illustrates the AES encryption process.

DES (Data Encryption Standard)
. DES is also a type of encryption using symmetric keys and a block cipher [8].DES has a 64-bit block size.DES encrypts 64 bits of plaintext into 64 bits ciphertext using a 56-bit subkey generated from the master key of 64 bits.In the process of encryption and decryption, DES uses Feistel network.The DES encryption process is illustrated in Figure 3.

Token.
The token is software or hardware used for authentication.Tokens are used to prove identity electronically as well as being used as electronic key to access something.Tokens can be used instead of the password security feature or used in conjunction with a password [9].

Forms of Tokens.
Tokens may take software or hardware.At hardware token, there is a chip.The chip has a function that varies from simple to complex.Tokens must have a certification indicating that the token meets various security standards, including meeting government security standards, industry security standards, testing standards, and other cryptographic standards.Here are some forms of token.
(1) Disconnected Token.Disconnected Token has no connection to the access point device or computer.This token has display for displaying data or authentication serial numbers raised.That serial number will be filled in the field token (passcode) program interface, computer, or other device to be accessed.This token is one type of tokens most widely used.
(2) Connected Token.Connected Token is a physical token which must be connected to the device or the computer to be accessed.This token will automatically authenticate when connected to any device or computer.The most common types of physical tokens are smart cards and USB tokens.just as Connected Token, but, contactless tokens are not physically connected.One way contactless tokens connected to any device or computer is by using RFID.
(4) Bluetooth Tokens.Bluetooth token is often combined with a USB token; that Bluetooth token can work either in a state connected or not connected physically to the device or a computer access point.Authentication using this token works when it is less than ten meters from the device or computer.When a Bluetooth mode does not work, then the token must be connected via USB.The advantage of using this token is the ability to sign-off from a certain distance (less than ten meters).
(5) GSM Cellular Phone Token.GSM Cellular Phone token is GSM enabled mobile phone as a token.How to use this token is to install a token program (Java) on your phone.Another way is to use SMS, phone calls, and over Internet protocol (HTTP/HTTPS).There is a token called a mobile device token.Mobile device tokens are almost the same as GSM Cellular Phone tokens.

Dynamic Rule Encryption
Dynamic Rule Encryption (DRE) is a symmetric block cipher with a symmetrical key [10].DRE cipher block size is 512 bits, while key length is 128 bits.On DRE there are 6 steps done in plaintext, namely: (1) Pattern matrix formation [11] (2) Substitution [12] (3) Cyclic shift by rows and columns [13] (4) Transpose [12] (5) The matrix multiplication by constants [12], and (6) Add round key [12] Substitution, cyclic shift, and transpose phases are functioned as confusion and diffusion.Confusion serves to establish the correlation between the ciphertext and the key when it is misplaced or not visible.Confusion is a nonlinear function [12].Diffusion makes a correlation between the plaintext and ciphertext missing or not visible [12].By using diffusion, the code will be difficult to resolve using statistical methods.
In DRE, the sequence of steps may be changing over time.Figure 4 is one example of these stages.At other times, the sequence of steps turns out to be as in Figure 5.
Step changes are explained in Figures 4 and 5 (5) The master key to add a round key stage

Encryption Process.
Here is an explanation of the encryption process.
(1) Matrix Pattern Formation.At this level, the DRE's input will be separated into several parts and these parts will be combined with a pattern.The placement pattern of the matrix input is changing over time.Figures 6 and 7 provide an example of the matrix pattern change.Figure 6 shows one matrix pattern, in which the matrix is consisting of six parts with different colors.When the time changes, the matrix in Figure 6 will be turned into the matrix in Figure 7.As we can see that the matrix pattern is changed on time.
( (3) Cyclic Shift by Rows and Columns.At this stage, byte elements in the matrix will be shifted in rows or/and columns.Locations of rows and columns shifted and the amount of every shift can vary based on time.This shift can also be called a rotation.Here is an example of the cyclic shift for a 4 × 4 matrix.Equation ( 1) is an example of the cyclic in rows with the amount of shift shown in Table 3, while ( 2) is an example of the cyclic in columns with the amount of shift shown in Table 4.

The Example of Row Cyclic Sliding
] [   The Example of Column Cyclic Sliding (6) Add Round Key.At add round key operation, a matrix element is combined with a block of the round key using bitwise xor.Round using 128-bits master key and master key will be expanded to produce a 512-bits subkey.When building a subkey, this process involves auxiliary matrix  that contains the master key and iteration with a modulus of 255.Equation ( 5) is a matrix  generated from the master keys 4C, 69, 66, 65, 27, 73, 20, 62, 65, 61, 75, 74, 69, 66, 75, and 6C,where Figure 8 is an algorithm to expand the master key of 128 bits into the 512-bit subkey.
Secret key K Reverse bits The master key expansion procedure is as follows.
(1) Master key or hidden key, , is transposed to gain  1 .
(2) K 2 is obtained by performing xor operation between  and  1 .
(3) With the column,  2 is divided into two, namely, the right and the left.Both parts are made xor operation to gain  3 .
(4) The right side and the left side of  2 are transposed.Both parts are then transposed.The results of operations are made xor operation to gain  4 .
(6) The byte integer value of  5 is summed to obtain .
(9) Then, the subkey  s2 is obtained from the decrease of auxiliary matrix M as follows.
(10) While, subkey  s1 is obtained from the decrease of auxiliary matrix M as follows.In [14], the algorithm in Figure 8 can generate many changes on the subkey bits when little change occurs on the master key. s1 and  s2 each subkey will generate 256 bits; then the total subkey generated is 512 pieces.Equation ( 6) is an example of some subkey generated from the master key 4C 69 66 65 27 73  After the plaintext experiences the 6 steps above, the plaintext will change into the ciphertext.

Process Description.
Here is an explanation of the process on the description.
(1) Inverse Substitution.This stage is the reverse of substitution.Inverse substitution is done using an inverse substitution table.The rules for determining the inverse substitution couple equally with the existing rules at the stage of encryption substitution.The byte substitution matrix element is done by looking at the inverse substitution look-up table as shown in Table 5.
(2) Inverse Cyclic Shift by Rows and Columns.This stage is the contrary of the cyclic shift by row and column in the encoding process.The magnitude and direction of the shift are the opposite shift in the encryption process.
(3) Inverse Matrix Multiplication by Constants.This stage is the inverse of a matrix multiplication by constants in the encryption process.Inverse multiplication of matrices with constant matrix is done in GF(2 4 ).
(4) Inverse Transpose.Inverse transpose is equal to the inverse transpose.To return to the original state matrix, transpose is performed again.
(5) Inverse Adds Round Key.This stage is the reverse of the process add a round key at the stage of encryption.Matrix elements will do the same xor operation as it exists at this stage but with the encryption subkey inverted schedule order.The process of getting a subkey of the master key is equal to the encryption stage.
Later on, the ciphertext goes through the five stages of decryption changing into plaintext and the resulting data can be used by the mobile payment application.The number of decryption stages is less than encryption stages because at the decryption there is no matrix pattern formation.After decryption is performed, the mobile payment application can retrieve the desired data on the location of the data stored in a matrix pattern.

DRE as a
Token.The purpose DRE made was to secure the data exchanged during payment transactions using mobile applications.In mobile payment applications, in addition to serving as a DRE encryption algorithm that encrypts data, DRE also serves as a token.The token will ensure the transaction is valid from the start until the final stage of the transaction.With the token function, DRE is suitable for use in mobile payment applications that have an offline transaction mode because the offline transactions are highly susceptible to fraud (transactions with a prosthetic device/not registered), the transfer of the counterpart (man in the middle), or other attacks.
On a generated token there is information about the user's device, including IMEI and IMSI.In addition, there are also time information, user accounts, transaction data, and other information if needed.DRE rules used to generate tokens change on time.The rules are stored in a DRE database.In this research, a time frame utilized to bring forth the token is based along the order of the day in the year (day of the year).Security or authentication process performed by DRE on payment transactions using mobile applications is as follows.
(1) When a transaction starts, the two devices that will make transactions generate tokens.
(2) Tokens are then exchanged between the payer and the merchant (beneficiary paid).At the time of the exchange of data, in addition to the token sent, the device information including IMEI and IMSI is also sent unencrypted.
(3) Each device will check the given token by decrypting it using the existing rules on the DRE data base, in mobile payment applications.The merchant's token will be decrypted on the payer's device so that the payer will acquire the IMEI and IMSI of the merchant's device, as well as other data.The payer's token will be decrypted on the merchant's device, so that the payer will acquire the IMEI and IMSI of the payer's device, as well as other data.
(4) IMEI and IMSI following the token decryption will be compared with the IMEI and IMSI sent in an unencrypted format (plaintext).If the IMEI and IMSI of the decrypted result are the same with IMEI and IMSI sent in plaintext format, so, the counterpart device is valid for transactions.
The token will always exchange during transmission of data between the two devices.Thus, fraud by third-party devices can be prevented when the transaction takes place.

Implementation and Testing
4.1.Implementation.Distance (Hamming distance) is numbers of different bits between two words (here is between two code words).The largest distance can be achieved between two code words is half of the total length of a code word.
Here, the distance metric is employed for making maximum differences between a plaintext and a ciphertext.The maximum difference is half of the length of the plaintext because 100% difference in binary means the same as the plaintext (converting all bits).
To produce ciphertext which has a distance approaching half the length of the plaintext, the election rules are required.This is also done so that the encryption and decryption process is working well.The rules are generated by the pattern generator.The pattern generator selects at random pattern by using a random function with various rules given.Here are the rules chosen randomly.(5) The master key to add a round key stage Placement of input (plaintext) was randomly selected from the possibilities.There are no criteria for the selection of rules specifically for this stage.For cyclic shift, selected range scale is of 0-7 with a random shift.Rows or columns shifted are selected randomly from all the possibilities.For matrix multiplication by a constant, the constant is selected from the variety of 1-15.Constants may not be 0 to be decrypted.Constants also must not be worth more than 15 to be multiplied in GF (2 4 ).The rule selection with and without random function will result in differences in distance between the input and output; the way this election may affect the performance of the DRE.Table 6 shows 10 data comparisons between the input and output as a result of the rule selection with and without the random function.The data used is 512 bits.
It is shown in Table 6 that by using a random function, the resulting distance will tend to close half of the length of the input, which will be close to 256 bits.This is because by using a random function, the rule option will be chosen evenly, or in other words, is not prone to certain rules option.With the prevalence of the rule option selected, the resulting combination of rules will have a good variety so that the resulting distance will be close to the best value.
Researches of Hamming distance computation on encryption have been done in [15][16][17].Here, the DRE is employed in resulting maximum Hamming distance.

Distance
Testing.DRE testing in this study is conducted by conducting five hundred times of testing.In each test, the data being input is different.One type of input data is the time stamp.Time stamp taken as input is a time stamp with a difference every thirty seconds.An accumulated time stamp is a time stamp accumulation every thirty seconds, while the nonaccumulated time stamp is a time stamp difference with thirty seconds earlier.Table 7 gives the results of DRE distance testing.
The input of DRE in these experiments is the data (code word) with a size of 512 bits (including salt), then the best distance between input and output code words is 256 bits.By appearing at the above test results, it can be concluded DRE has a proficient protection.In the entire operation or phase, DRE operation can produce an average distance between input and output code words of around 256 bits.
The distance testing between the output and other output code words with a slight difference in its input can also reflect the level of the strength of a cipher.If the distance among the outputs approaching half the length code word, then the results of encryption code word have different configuration of the better code word.In the entire operation, DRE can produce an average distance among the outputs of about 258 bits.
The operation or stage in the encryption process that provides most difference both in code word is the substitution operation.The substitution operation average distance is approximately 262 bits.4.3.Time Testing.Time testing can represent the weight of a cipher algorithm run on a device or operating system.Here are the results of time testing for encryption and decryption.Tests are conducted as much as one thousand times using a Google Nexus S smartphone.A Sony Xperia SK17i smartphone is also used in this test which serves as a comparison.Table 8 is the result of time testing.
Judging from the results, it can be concluded that the DRE is not heavy or burdensome if run on mobile devices including smartphones.This is reinforced by the results of comparative testing using the device Sony Xperia SK17i.By using Sony Xperia SK17i, DRE encryption and decryption only takes about 18 ms.
The test results are also compared with the time of Advanced Encryption Standard (AES) encryption [18].Both tests are using the Google Nexus S for one thousand times.Table 9 gives the results of comparative testing time between DRE and AES.
When compared with the speed of AES, DRE is much slower.By using the Google Nexus S, the time required to perform AES encryption is 0.62 ms, while the time required to decrypt AES is 1.15 ms.The cause DRE is lagging behind the AES in speed is due to the AES function being designed in the native (C/C++) programming language, so it can perform faster in memory access and integer and floating-point calculations.Here, DRE process is designed and implemented using Android programming language [19,20].

Conclusion
Dynamic Rule Encryption (DRE) algorithm is designed as a security element of a mobile payment application.In this paper, DRE serves to secure sensitive data as well as the authentication token when trading.
From the distance tests performed in this study, DRE has a good level of security because the average Hamming distance between the input and the output code words is about half of the length of the data being input.Thus, it will not be easy to trace the plaintext from the ciphertext.From the time of testing result, it is found that DRE is lightly used on mobile

Figure 5 :
Figure 5: Stages of algorithm with different pattern.

Figure illustrates a block
diagram of DRE as a token.

( 1 )
Placement pattern input of the matrix (2) The substituted matrix elements (3) The rows and columns shifted and amounts of shift operation (4) The constant matrix, and

Table 3 :
The example of row cyclic shift.

Table 4 :
The example of column cyclic shift.

Table 5 :
Inverse substitution look-up table.

Table 6 :
Distance comparison between with and without random function.