Modified SHA256 for Securing Online Transactions

based on Blockchain Mechanism

Dr. Bobby Gerardo Ruji Medina, Ph.D.
Maria Rona L. Perez
Technological Institute of the Philippines Technological Institute of the Philippines
Technological Institute of the Philippines
Aurora Blvd., Cubao Aurora Blvd., Cubao
Aurora Blvd., Cubao
Quezon City, Philippines Quezon City, Philippines
Quezon City, Philippines
[email protected] [email protected]
[email protected]

Abstract—This research is composed of online transaction

security; the mechanism of blockchain and proposed a modified II. SECURITY REQUIREMENTS OF ONLINE TRANSACTION
SHA256 security protocol through smart contract to secure The optimum significance of an online business processes
online transaction procedure specifically based on Blockchain depends on the complexity of security protocol used [3]. In any
Mechanism. It focus on the discussion of modifying security online transaction, it has been a necessity to disclose personally
protocol specifically designed for practical applications of
informations to successfully proceed, hence these data has been
blockchain with particular reference to privacy and trust. The
researcher recommend a new transaction procedure involving
the major issue on privacy and trust. Therefore, it is essential to
customer and merchant, permitting entities to recognize one let the customer experience the atmosphere of trust in any
another enabling them to proceed with their transactions transaction especially on e-commerce. The sentiment of trust
securely using Blockchain Mechanism begins with conservancy of confidentiality in security together
with authentication that guarantees data integrity as well as
Keywords—MSHA256, blockchain, off-chain, smart contract, non-reputation [4]. This four aspects of security requirements
security protocol, transactions. will be focus in this research since these are the dimensions
offered by e-commerce that mostly creates risk and security
I. INTRODUCTION threats. The security aspects has been defined accordingly:
The Blockchain as what most researcher says is no longer x Confidentiality refers to the property of security
new in todays’ technology however through Bitcoin, this protocol asserting that the data will be keep
technology has been exposed was again and according to an private and will be free from unauthorized
article written by [1], has been mark as the “most disruptive disclosure.
technology”. Blockchain has been commonly known as a
x Authentication ensures that there is a mutual
computational paradigm popularized today with Bitcoin
validation from each other’s entities considering
[2].This technology is consist of distributed ledger which the capabilities to acknowledge the signatures and
contains all transactions ever executed within the network, other needed credentials in a transaction.
enables new trust models as trust over the Internet. It was 2008
when a group of individuals including an anonymous x Data Integrity guarantees that there is no
individual so called Satoshi Nakamoto, published online white alterations or the data has not been tampered.
paper about an idea of designing a new technology, it has been There is no loss or duplicated data and the
coined as “blockchain” and how it is implemented in finance. transaction is not misleading.
This has become the beginning of Bitcoin: a digital
cryptocurrency. Bitcoin at that time was overlooked but with x Non-repudiation is the attribute of an online
its decentralized decorum that empowers the transactions of transactions that provides reliable identification,
currency in a parallel way, verified by a consensus with no composed of original data that cannot be denied
controlling central authority, it slowly grows strenuously. Since sending or receiving by both sender and receiver.
then Blockchain has been researcher’s interest looking for its
usefulness to facilitate disruption of variety of applications’ III. CONTRIBUTION
where trust, privacy, security and record keeping is key and Blockchain as the underlying technology used in Bitcoin,
Bitcoin is not the only one. has been popularly as a “disruptive innovation” being the
motivation to create variety of application that will potentially
redesign interactions in mostly all aspect of Information
Technology. These has made global interest in comprehensive
analysis comparable to traditional mechanism. This paper
aims:
978 – 1 – 5386 – 7776 – 4/18/$31.00 © 2018 IEEE
 1) Combining blockchain and 0ff-chain storage to The off-chain options. In here, given particular constraints
develop a personal data control management in the contract will be executed through an active external
platform focusing on confidentiality and data server but still be recorded on the blockchain system.
integration.
Nevertheless, the complexity, the cost and sometimes
2) Modify SHA256 to create a security protocol for latency of confirmation time from third party suffers scalability
online transaction ensuring authentication and non- problems. Also, confidentiality and data integration within
repudiation but does not required trust for third party. such networks are considered, since transactions are visible to
all nodes [5]. Another problem is that the online transactions
3) A discussion of future improvements using the can be perform using different platforms ranging from high
proposed protocol strengthening usefulness of computing devices such as computer terminals to mobile and
blockchain when it comes in trusted computing. other electronic devices suitable to connect online. Some
devices may have low computational capability or power,
A. Blockchain Mechanisim sometimes poor network connections; they may also be
The blockchain is known as a database technology that engaged in minimal, but very frequent transmissions of data,
works on a network, the internet users need to install the which need to be processed in real-time and at low or it
application(s) locally that contains the “nodes” which holds the possible no fees. With this, fulfilling an online transactions
copy of the database. It operates as trust less automated access- requires lightweight blockchain architectures, with no heavy
control manager. It recognizes data owners, provides controlled computational power nor difficult and high cost hardware for
access to other parties and serves as tamper-proof log of devices. There are developers that engaged in blockchain
events. technology states that the current public blockchains are not
suitable for heavy computations and privacy protection,
The mechanism of blockchain comes from making a hash
because data flow through every node on the blockchain,
value with a fixed length on a given blocks. Each process in the
resulting in being fully exposed. An off-chain solution for data
set that makes up a block is fed through a program that creates
storage is hence more desirable and functional. While such
an encrypted code known as the “hash value”. Hash values are
design still requires a minimal trust in the manager, it is
further combined in a system known as the Merkle Tree. The
essential to ensure scalability, ease of deployment, and privacy
result of all this hashing goes into the block’s header, along
itself.
with a hash of the previous block’s header and a timestamp.
The header then becomes part of a cryptographic puzzle solved
by manipulating a number called nonce. Once a solution is
found the new block is added to the blockchain.
This study aims to modified SHA256 to create security
protocol on a blockchain mechanism and smart contracts.

Fig. 2. Off-chain transaction

An Off-chain transactions allows movement data values

outside blockchain as shown in figure 2. Thus, modifies
blockchain and depends blockchain to determine whether the
transactions goes to an off-chain storage.
Fig. 1. Merkle Tree
In determining whether transaction is an off-chain
blockchain identify model or on-chain transaction model, the
B. Off-blockchain researchers provides a snip of code:
With the continuous development of Blockchain
Technology stimulated the off-chain options. There is no doubt
the on-chain solutions works on its finest but has a big
implication on operational cost. This has been a major
concerns on on-chain mechanism thus designing an algorithms
with low computational intricacy has been more efficient.
 TABLE I. ACRONYM, TERMS AND EVALUATION

Acronyms, Terms and Evaluation

Acronym,
Terms and Description
Evaluation
C Customer

M Merchant
Fig. 3. Code Snippet
BC Blockchain
Like blockchain transactions, all parties must agree to R Request
accept particular method by which transactions occurs. This
being done through determining the hash, validating the block Ts Timestamp
with trusted signatures. Ku Public key

C. Security Protocol Specification Kr Private key

Leading the way for what could be possible for within other N Nonce
realms with Blockchain is to explore its mechanism so that it AT Authentication Token
can be practically useful for any possible application.
Exploration and harnessing to blockchain technology has been TS Timestamp
slow to other sector due to budgetary limitations, One of the H Hash value
main reasons is the security protocol being used in blockchain
requires high en computing devices for optimum transactions. ID Customer Identification
With these, the researcher tends to modify SHA256 lessening
the weight of its computation but maintaining its strong
security. The following are the procedures performed by the
proposed modification of SHA256 security protocol and how
these steps covers security aspects of online transactions:
The block on a blockchain is using SHA256 hash
algorithm. A customized token in a new block (nVer)
composed of a previos block (HPrB), the hash values and
nonce (N). A key resolver will be used for two sign token
carrying the timestamp (TS), where verification and
authentication happens.
A modified SHA256 (MSHA256) will be computed through
the concatenation of the above mention elements:

MSHA2562(nVer||HPrB||TS||N) 

1) Confidentiality. In every step of procedure, each data

is encrypted to ensure that illegal data access or any
information theft while within the transaction.
a) The customer will request authentication token to BC.
Tku(BC) [IDC, RC, KUC, Ts, N00] (2)
b) The authentication token of the customer will be used
by BC to decrypt its request together with the customer’s
private key and will be encrypted by private key of BC.
ATC=TKR(BC) [IDC, RC, H, KUC, Ts, N00] (3)
c) Then, the customer can now forward the AT to the
merchant.
Fig. 4. Sequence Diagram ATC → M (4)
Merchant and the customer should register to Blockchain d) The merchant should request AT issue to BC once
to obtain authentication token involve in the transaction. The customers token has been received.
purpose of this is to provide transaction tokens to both parties Tku(BC) [IDM, RM, KUM, Ts, N01] (5)
that will be used for sending data. When both parties get the 2) Non-Repudiation. BC will forward tokens to customer
transaction token, they can communicate with each other and and Merchant; which is composed of IDs, request, timestamp,
the security protocol will provide protection against threats. with corresponding public keys and a nonce (these has been
generated by both entities during the exchange of tokens). communications that happens in a secure domain. This will be
Blockchain will possess a duplicate of the original request for executed through off-chain using a two-way authentication
the authentication token forwared by the customer and technique and return it to Blockchain system for recording. To
merchant and a duplicate of the transaction tokens distributed protect the customer and the merchant to against any security
treat the BC will be responsible for authentication and integrity
to them. BC will authenticates the customer, so that the
checks. This procedures hardens information security
customer cannot deny the information that was sent. By then, management of online transactions specifically in an e-
Non-Repudiation issue has been resolved with this procedure. commerce industry.
e) Afterwards, the request of the merchant will be
decrypt by BC through its private key and issue an AT to the IV. FUTURE EXTENSIONS
merchant. This token will be encrypted using BC private key.
Blockchain as what most of the researcher says is no longer
ATM=TKR(BC) [IDM, RM, H, KUM, Ts, N01] (6) new in todays’ technology hence through Bitcoin this
f) The merchant will sent the AT to the customer. technology has been exposed was again to researchers and
ATM → C (7) developers eyeing for new applications that can benefit from its
features. From the range of financial applications lies
3) Authentication. Using the its private key, the customer cyptocurrencies that enables automated transfer of assets over
will send its signed ID, nonce and time. These whole package the network seamlessly. However the problem is that the use of
will be encrypted by the merchant using its public key. By blockchain for the purpose of digital currencies like Bitcoin are
generally impractical to use in non-financial application, whilst
then, decrypts the package with its private key to grant access
blockchain itself has made waves by showing valuable
to the Customer ID. This should be sign by the customer’s contribution to financial sectors. It is therefore a key to
private key to prove its autheticity. remember that blockchain is a cryptographically protected and
a) Using the Customer private key it will encrypts its ID, publicly hosted record of events agreed upon variables. The
Ts and N00 and issue an encrypted new nonce N0 spawned by real defining feature is not what it does or how it does instead,
the customer with the merchant’s public key and forward it it holds value based on how user trust it to perform those
back to the M. services impartially. Blockchain has a great capabilities to
Tku(M) [N0, TkR(C), [IDCC, Ts, N00]] (8) extends beyond financial services sector through its basic
premise as a database that is trusted, private, secured and
record keeping is a key. So basically it could be used
b) With the use of private key the Merchant then encrypts potentially whenever there is some exchange between two
its ID, Ts and N01 and issue an encrypted nonnce N1 parties which really needed not to be solely financial.
generated by the merchant with the customer’s public key.
Tku(C) [N1, TkR(M), [IDCM, Ts, N01]] (9)
It is undeniably that any application are possible with
4) Data integrity. Data integrity is ensured by MSHA256. blockchain mechanism. With the proposed security protocol
The customer hash value is genertaed using MSHA256, this underlying in blockchain architecture, these will be embedded
has been encrypted using the private key of the customer. The with agent-based smart contracts that will enables micro-
encrypted hash value is concatenated with the original request payments and automated transfer of assets between computing
and directs towards merchant. The hash value will be devices. Agent-based smart contracts will be used to reduced
or possible removed anomalies to the perr-to-peer networks.
separated form the request, decrypts it using the customer's
Smart contracts has been originally introduced by Nick Szabo
public key while also computing the hash value of the received in 1994 [6], it is consist of scripts stored on a blockchain and
transaction request using the same MSHA256 algorithm. visible to every node of the network, containing self-executing
Transaction request will be established properly if the agreements between two or multiple parties.
computed hash code and decrypted hash code are the same.
This research will be then used to identify the performance
i) Customer will respond with the nonce N1 from the M in terms of payloads and other factors in consideration to
and send it following the previous step encrypted using the validate the speed and security. It will be then compare to other
public key of M. security algorithm used in blockchain technology.
Tku(M) [TkR(C), [N1]] (9)

Having security attributes such as token number, request or

reply, hash value, identification and public key secures the
online transaction as well as the implementation of
authentication tokens from BC that are used by customer and
merchant. The verification of the Customer and merchant will
be perform through the authentication token on the
 V. CONCLUSION
There are four primary security aspects involved in an
online transaction which covers confidentiality, authentication,
data integrity and non-repudiation. Data is constantly being
collected and analyzed for innovation and business purposes
Companies and organization used these data to personalize
services, maximize decision-making, or even predict future
inclination and more. Today data is one of the most valuable
assets in our economy.
The blockchain technology has great potential for driving
the next wave of innovation in the Information Security System
and it can promote the emergence of new business models,
significantly modifying the existing systems and processes [7].
Possible effects of implementation, however, should take
account of specific contexts of use. This study has lead the
researcher, on two different conclusions about overall benefits
and drawbacks of a blockchain mechanism on Information
system for online transactions. First, off-chain is suitably to
respond to the issue of confidentiality and data integrity and
hopefully can be implemented as a powerful tool for E-
commerce. Second, the acceptance of blockchain in the global
market is still truncated, with this, the centralized platforms
still holds the potentials of creating disagreeable effects for
online transactions. Therefore the wide dissemination of the
and use of blockchain infrastructure and smart contacts for
seamless online payments should be carefully manage for
societal technological innovations. These will create great
opportunities and high assurance of data protections against
intrusive users. As the French philosopher and urbanist Paul
Virilio wrote in an essay: "When you invent the ship, you also
invent the shipwreck Every technology carries its own
negativity, which is invented at the same time as technical
progress” [9]. This effective metaphor gives the researcher rich
understanding of the very nature of the security protocol for
online transactions when it is powered by blockchain
mechanism, smart contracts and security protocol.

REFERENCES

[1] Dhillon, G. . O. J. (2013). Optimizing Security in E-commerce through

Implementation of Hybrid Technologies. CSECS’06 Proceedings of the
5th WSEAS International Conference on Circuits, Systems, Electronics,
Control & Signal Processing, 165 – 170.
[2] Slamy, A. A. (2008). E-Commerce security. IJCSNS International
Journal of Computer Science and Network Security, 8(5).
[3] Abdulghader, A. A. M. (2012). Challenges of Security, Protection and
Trust on E-Commerce: A Case of Online Purchasing in Libya.
IJARCCE, 1(3).
[4] Mohammad, Seyyed; Farshchi, R. (2011). Study of Security Issues on
Traditional and New Generation of E-commerce Model. International
Conference on Software and Computer Applications-IPCSIT, 9.
[5] Barskar, R.;Jayant, A. (2010). The Algorithm Analysis of E-Commerce
Security Issues for Online Payment Transaction System in Banking
Technology. IJCSIS, 8(1).
[6] Szabo, N. (n.d.). Smart contracts.
[7] Nakamoto, S. (n.d.). Bitcoin: A Peer-to-Peer Electronic Cash System.
[8] Virilio, P. (1999). Politics of the Very Worst.