A HYBRID SYSTEM FOR THE MITIGATION OF HTTP PARAMETER POLLUTION ATTACKS FOR E-PAYMENT GATEWAYS

ABSTRACT

The advancement of Information and Communication Technology particularly the Internet and mobile phones is rapidly replacing the old ways of doing business. A payment gateway accelerates a payment transaction by the transfer of information between a payment portal and the receiving bank. Since all the payment activities are carried out in an unsecured network, there is a high risk of vital information invasion by internet criminals. There has been a remarkable increase in cyber-attacks on online payment platforms to hijack sensitive data. One of such attacks is HTTP Parameter Pollution (HPP) Attack. This form of attack utilizes the data sent in the API request by changing the values of the API request. To prevent the attack, a combined security model is developed to conceal important information from online fraudsters. The security model combines the Deffie Hellman Key Exchange (DHKE) and Triple Data Encryption Standard (3DES) algorithms to encrypt the information transmitted by the e-payment gateway. The encrypted data is decrypted on both the client and the server sides. This combined security model ensures that the information shared is safe from external attack. The proposed security model for e-payment gateways was implemented using C# programming language. Results obtained suggest that the model is viable as data encrypted and hashed could not be decrypted by an attacker compared to other existing models of attack mitigation. The developed hybrid security model therefore provides a more secured e-payment transaction platform that adequately mitigates attacks from internet criminals.

Keywords: Hidden Markov Model, Wireless Application Protocol (WAP), Near Field Communication (NFC), Domain Name System (DNS), Parameter pollution attacks