Review of Algorithms for Securing Data Transmission in Mobile Banking

With the dawn of mobile banking applications, bank customers can now register for M-banking and download applications that aid them to access services from the bank server remotely from their mobile devices. The conversation between the bank’s server and the client application requires a secure connection. However, M-banking is often conducted via unsecure wireless networks on which adversaries can use available techniques to hack into sys-tem to steal sensitive financial information including money. This paper’s objective is to review the state-of-the-art algorithms that secure data on transit in M-banking. Thus, we document the strengths and weaknesses of these mechanisms and report on structure of their operation. The study reviewed various encryption algorithms such as Rivest-Shamir-Adleman Algorithm, Elliptic Curve Cryptography, Digital Signature Algorithm, Blowfish algo-rithm, Advanced Encryption Standard, Data Encryption Standard and Trip-ple Data Encryption Standard. In addition, the study reviewed steganography and hybrid algorithms. From this study, we show that Advanced Encryption Standard is the most preferred standard for M-banking because there are no specific attacks against it so far. However, since technology is changing fast, Advanced Encryption Standard might not provide security in M-banking for long. Therefore, this study shows and recommends utilization of a combination of Advanced Encryption Standard algorithm and Least Significant Bit steganography to produce a robust hybrid algorithm that is tamperproof from flaws existing in current cryptosystems.


Introduction
Applications used for mobile banking (M-banking) provide users the flexibility to communicate with financial institutions over the internet at any time using a mobile device (Sakala & Phiri, 2019).Banks have deployed platforms such as M-banking applications (so called apps) that allow their customers to access their bank accounts remotely.Customers can consequently access financial services like monitoring account balances, sending money, and selling stocks using M-banking (Nawaz, Motiwalla, & Deokar, 2018).Bookings, loan payments, and airtime top-ups are other additional services that M-banking provides.M-banking benefits both banking institutions that offer such services and bank customers because it allows secure 24/7 remote access to services without the need to physically visit a bank branch (Sethi & Acharya, 2018).M-banking also lowers operating costs and boosts competitiveness (Purohit & Arora, 2021).
Mobile devices and wireless networks are used to transmit sensitive financial data, such as transactions and account information (personal identification numbers, usernames, and passwords), to access banking services remotely.However, a number of threats pose a risk to undermine the security of M-banking (McDonald, 2020).Eavesdropping, malware, phishing, denial of service, and unauthorized access are some of the most frequent attacks on mobile banking systems (Falade & Ogundele, 2022).Majority of these Attacks take place on insecure networks (Lula, Dospinescu, Homocianu, & Sireteanu, 2021).In order to protect customer's accounts from unauthorized access, there are several techniques that can be utilized such as encryption algorithms and steganography (Joshi, Gill, & Yadav, 2018).
This paper reviewed different types of encryption algorithms, steganography and hybrid algorithms that can be utilized to secure user data on transit in M-banking.From the review, AES algorithm is the most recommended and secure algorithm that can be utilized for M-banking because it is quick in encryption and decryption and has not yet been compromised.However, since technology advances rapidly, AES might not continue enjoying its security tenet.Due to this reason, this paper finds that a combination of AES encryption with steganography algorithm such as Least Significant Bit (LSB) provides an extra layer of security.This is because AES algorithm contributes security attributes such as encryption and decryption using a key while LSB steganography contributes security attribute of embedding a message in an image.Thus the hybrid algorithm formed is tamperproof such that even if an adversary discovers the presence of a message in the image using available software, it will be difficult to know the encryption key used in order to decrypt the message.
This study enlightens banks offering M-banking on the need to develop secure systems with enhanced security that is tamperproof for user data on transit.This will mitigate cybercriminals from accessing customers' bank accounts to steal confidential information and money.Knowledge from this paper is crucial for decision making when it comes to developing of M-banking applications that are utilized by customers to access banking services remotely.

Methods and Materials
This review examines existing methods and techniques of encryption algorithms, steganography, and hybrid algorithms researched between 2012 and 2023.This section includes subsections on data sources, search processes, data selection, and data extraction.
The primary sources for this review have been selected from different scientific databases such as Institute of Electrical and Electronics Engineers Xplore Digital Library (IEEE Xplore), Science Direct (https://www.sciencedirect.com/),Springer Link (https://link.springer.com/),Google Scholar (https://scholar.google.com/),Association for Computing Machinery Ditigal Library (https://dl.acm.org/), and peer reviewed international journals.
The search process was carried to identify potential research papers from scientific databases using pre-selected search keywords or strings including algorithms for securing data transmission in M-banking, steganography, and hybrid algorithms.Additionally, the following Boolean operators have been used in the search process: ((Cryprography in mobile banking) OR (Analysis of cryptogra-phy in mobile banking)), (((Symmetric key cryptography in mobile banking) OR (Symmetric key algorithms in mobile banking)), and (cryptography AND (image steganography)) OR (encryption AND (image steganography)) AND (spatial domain).
Data selection was done through filtering results obtained based on keywords in English language.The criteria employed scanned whether obtained results discusses about cryptographic algorithms, if the research articles mentioned concepts about steganography, and finally if the articles discuss about hybrid algorithms.In order to apply inclusion and exclusion criteria, we put down exclusion criteria such as duplicate papers, full-text availability, and papers that are not related to algorithms securing data transmission in M-banking.Approximately 200 publications were discovered after this work was completed, and those that were pertinent were chosen based on the search criteria.In the end, 50 related studies were found and used in this review.

Algorithms for Securing Data Transmission in Mobile Banking
Data security is important in modern communication systems.There are several techniques that can be employed to strengthen data security such as utilization of encryption of data on transit and in storage, steganography, and hybrid algorithms.The following section discusses the different types of algorithms that are used for securing data transmission in M-banking.

Cryptographic Algorithms
Cryptographic algorithms employ a technique of converting plaintext into unreadable format to thwart efforts of adversaries to intercept text being sent.At the receiver side, unreadable format of text is transformed into plaintext using encryption algorithm and a key.The two categories of encryption modes are symmetric in which encryption and decryption utilizes the same key, and asymmetrical whereby two different keys are used for the process of encryption and decryption.The three functions of cryptographic algorithms are: encoding whereby original plaintext is rendered unreadable, key which is used in performing the process of encryption and decryption, and finally decryption, whereby unreadable text is transformed into readable text (Sari, Rachmawanto, & Sari, 2017).The various categories of cryptographic algorithms are covered in detail in the following section.

Rivest-Shamir-Adleman Algorithm
This is asymmetric cryptosystem wherein two different keys are utilized to encrypt and decrypt data (Bhanot & Hans, 2015).Rivest-Shamir-Adleman (RSA) is widely used in networks to secure data.The integer factorization issue and the RSA problem, such as determining the Nth root, are the two main unsolved RSA puzzles in which the result of two prime numbers is N.According to number theory, while factorization is challenging, calculating the product of two prime integers is straightforward.The principle of huge numbers is crucial to RSA security.Factorization is difficult due to the key size range of the RSA algorithm, which is between 2048 and 4096.The variables d and N, where d stands for the decryption key, are the foundation for the decryption of the RSA method.RSA has a time complexity of O (n 2 ).This cryptosystem incorporates: key generation, encryption, and decryption.Table 1 (Saini & Vandana, 2022) illustrates RSA key generation procedure, while Table 2 illustrates RSA encryption and decryption process.
A one-way function produced by a modular exponential function in the multiplication groups (p, x) and (q, x), where p, q is a prime number and n = (p × q) is utilized in encrypting and decrypting procedures of the cryptographic system where p and q is a prime number and ∅(n) = (p − 1) × (q − 1).n n d d ∅ (Meng & Zeng, 2015).The fundamental prerequisite for using the encryption method is the construction of a key (which is public) such that for encryption to be successful, plain text should be larger than 0 and less than the modulus (n) value of public key.It is essential to reshape plaintext into American Standard Code for Information Interchange (ASCII) code as part of the encryption process if it comprises letters or symbols.This allows for the growth of the RSA encryption process (Anada, Yasuda, Kawamoto, Weng, & Sakurai, 2019).
The plaintext must first be transformed into decimal integers in RSA encryption before performing the multiplication using the algorithm above.When converting plaintext to decimal numbers, one must consider the ASCII code value.The quantity of the key-size used, and the amount of text to be encrypted determines how long the encryption process takes for RSA algorithm (Thiyagarajan & Meenakshi, 2019).The RSA algorithm's decryption procedure resembles encryption in several ways.The application of values e and d differs.
Using a private key, this decryption method also uses a modular and exponential algorithm and a decimal number is the formula's result (Bunder, Nitaj, Susilo, & Tonien, 2017).
The ASCII code values are used to convert plaintext to decimal numbers during the encryption process and vice versa.The decimal value of the plaintext value must be translated to a character utilizing the ASCII value code (Seo, 2020).

Encryption Process
Decryption Process   (Sharma & Bohra, 2017).It is challenging for hackers to crack the algorithm because of its superior security public-key cryptosystem (Gaur, Mehra, & Kumar, 2018).However, RSA is slower than other cryptosystems because it requires key deposits, is vulnerable to brute force assaults and timing attacks (Mitra, Jana, Bhattacharya, Pal, & Poray, 2017).RSA algorithm should not be used in numerous systems, including M-banking, as a result of these flaws (Jahan, Asif, & Rozario, 2015).

Elliptic Curve Cryptography
Miller and Koblitz created asymmetric key cryptosystem known as elliptic curve cryptography (ECC) (Liu, Huang, Hu, Khan, & JeongSeo, & Zhou, 2017;Hsiao, 2017).Due to its tiny key size and high network speed, ECC is a desirable alternative for devices with limited resources and has grown in popularity as a security option in recent years.AES and ECC are two encryption algorithms that are used by a number of technologies and protocols.ECC is used in Bluetooth Low Version and the limited application protocol (Granjal, Monteiro, & Silva, 2015).The equation for elliptic curve is used to create keys.ECC gets its security from the size of Elliptic Curve (EC) and a Discrete Logarithmic (DL) framework that is more challenging to solve than factoring (Bhaskar & Mohan, 2019).Even though ECC executes slower than AES, it can nevertheless offer security services such as non-repudiation, authentication, and confidentiality.Security of ECDL problem lies on its hardness and is deemed as the foundation stone for security of the algorithm.If the attacker is successful in obtaining both n and n × m, he must now determine the value of m which is a challenging task (Chande, Lee, & Li, 2018).
The most common attacks on ECC include random walks-based attacks, random walks with special conditions, and attacks based on multiplicative groups.Additional assaults on ECC based protocols are: side channel attacks, power analysis attacks, electromagnetic analysis attacks, error message analysis, fault analysis, and timing attacks.This form of assaults on ECC can be mitigated through software and hardware-based techniques.For software-based solutions, randomness or dummy operations on algorithms, for instance, can be used.Metal layers are utilized in hardware-based fixes.Key for every message can also be used in timing assaults (Chande, Lee, & Li, 2018).Additionally, ECC is slower than most symmetric algorithms and therefore not suitable to be utilized in M-banking.

Digital Signature Algorithm
This method is made possible by a hashing algorithm, in which even a small modification to data affects outcome in another hash or digest.A changed piece of data generates a new hash, alerting the receiver that the data they just got was altered or corrupted in transit and wasn't delivered by the intended sender (Thapar & Sarangal, 2018).Security during data transmissions is further enforced by digital signatures.Digital signatures are utilized to accomplish authentication, integrity, and non-repudiation.Three steps that make up the Digital Signature Algorithm (DSA) process are key creation, signature creation, and signature verification (Simplilearn, 2022).
The DSA method is advantageous since key generation is more rapid and more robust in terms of security and stability than using RSA method, it uses less storage space during its whole cycle, and is patent-free, allowing for its unrestricted use worldwide (Simplilearn, 2022).The discrete logarithm issue must first be solved for the digital signature algorithm to be broken, making it a secure digital signature scheme (Stinson, 2006).Key-only attacks, known-message attacks, chosen-message attacks, and forgeries are the most frequent DSA assaults.The attacker's only tool in key-only attacks is the public verification key.In known-message arrack, the attacker is provided with a valid signature for a number of messages that they are aware of but have not specifically chosen.The attacker initially ascertains the signatures on any random messages selected by the attacker in a chosen-message attack (Kumar, Reddy, Rinaldi et al., 2021).Two different kinds of forgery attacks are potential forgeries and selective forgeries.Existential forgery occurs when a third party produces a message/signature pair (m) that was not produced by the authorized signer.During selective forging, the adversary creates a message/signature pair (m), where m has been pre-decided by the adversary (Kumar, Reddy, Rinaldi et al., 2021).Due to slow speed and flaws in signature verification, DSA is not suitable for M-banking.

BlowFish Algorithm
Bruce Schneier made the discovery of the Blowfish algorithm in 1993 (Anwar, Hasan, Hasan, Loren, & Hossain, 2019).Data encryption and decryption using the Blowfish algorithm utilize the identical secret keys in this symmetric block cipher.Block ciphers separate messages into blocks of a certain size for encryption and decoding.As a result, communications with lengths that are not multiples of 8 bytes must be padded.The block size of Blowfish is 64 bits (Valmik & Kshirsagar, 2014).Key size of Blowfish algorithm ranges from 32 to 48 bits.
There are also variations with 14 rounds or fewer (Kumar, Thakur, & Kalia, 2011).It takes up to 5 Kilobytes of memory and is regarded as the quickest block cipher that has been developed over the years to allow everyone to utilize encryption without worrying about copyright and patent issues.
The key-expansion and data encryption are divided into two separate parts.A condition with a maximum length of 448 bits is expanded into a variety of smaller keys combined 4168 bytes.The most prevalent method of data encryption uses a 16-round configuration.Every round relies on key arrangement, and the substitution is done using same information.All of these operations are carried out by applying XORs and adds to 32-bit words.Along with the aforementioned actions, a data lookup using four indexed arrays is also performed (Nie & Zhang, 2009).
Because the keys do not change regularly, Blowfish algorithm is appropriate for application areas including database security and internet commerce.In cases where massive data caches are taken into account on a 32-bit microprocessor, the Blowfish algorithm performs better than the majority of other algorithms.Blowfish is a somewhat a rapid block cipher due to the round's simplicity and low number of rounds (CommonLounge, 2018).The main schedule in Blowfish is a little tiresome.Compared to AES's 128 bits, Blowfish's 64-bit short block size is more vulnerable to assaults.However, because two people have the same key, Blowfish method is unable to provide confirmation and non-denial.

Advanced Encryption Standard
Electronic data can be secured using Advanced Encryption Standard (AES) cryptographic method, authorized by Federal Processing Standards Publications (FIPS).AES has the capacity to both encrypt and decode digital data.Data blocks of 128 bits can be encrypted and decrypted using keys with bit lengths of 128, 192, and 256 (FIPS 197, 2023).Internally, the state structure of AES has two dimensions of (4 by 4) matrix arrangement bytes on which advanced AES block ciphers design is run.
Each individual byte in the state array, designated as s, contains indicators: row of token r which ranges 0 4 r ≤ < and column token c which ranges 0 4 c ≤ < .Similarly, a state-specific byte is represented using the following: ,  (1) A sequence of transformations is then applied to the state array, after which its final value is copied to the output array of bytes (2) The general function for executing AES-128, AES-192, or AES-256 is denoted by CIPHER (); its inverse is denoted by INVCIPHER ().The core of the algorithms for CIPHER () and INVCIPHER () is a sequence of fixed transformations of the state called a round.Each round requires an additional input called the round key; the round key is a block that is usually represented as a sequence of four words (such as 16 bytes).
An expansion routine, denoted by KEYEXPANSION (), takes the block cipher key as input and generates the round keys as output.In particular, the input to KEYEXPANSION () is represented as an array of words, denoted by key, and the output is an expanded array of words, denoted by w, called the key schedule.
The block ciphers AES-128, AES-192, and AES-256 differ in three respects: 1) the length of the key; 2) the number of rounds, which determines the size of the required key schedule; and 3) the specification of the recursion within KEYEXPANSION ().For each algorithm, the number of rounds is denoted by Nr, and the number of words of the key is denoted by Nk.(The number of words in the state is denoted by Nb for Rijndael in general; in this Standard, Nb = 4.) The specifc values of Nk, Nb, and Nr are given in Table 3.No other configurations of Rijndael conform to this Standard.The three inputs to CIPHER() are: 1) the data input in, which is a block represented as a linear array of 16 bytes; 2) the number of rounds Nr for the instance; and 3) the round keys.Thus, AES-128 (in, key) = Cipher (in, 10, KEYEXPANSION (key)) AES-128 (in, key) = Cipher (in, 12, KEYEXPANSION (key)) (3) AES-128 (in, key) = Cipher (in, 14, KEYEXPANSION (key)) The inverse permutations are defined by replacing CIPHER () with INVCIPHER () in Equation ( 3).
The rounds in the specification of CIPHER () are composed of the following four byte-oriented transformations on the state: SUBBYTES () which applies a substitu-tion table (S-box) to each byte, SHIFTROWS () shifts rows of the state array by different offsets, MIXCOLUMNS () mixes the data within each column of the state array and ADDROUNDKEY () combines a round key with the state.The pseudocode in Table 4 illustrates algorithm formulation for Cipher () (FIPS 197, 2023).
The first step in line 2 is to copy the input into the state array.After an initial round key addition in line 3, the state array is transformed by Nr applications of the round function in lines 4 to 12; the final round in lines 10 -12 differs in that the MIXCOLUMNS () transformation is omitted.The final state is then returned as the output in line 13.
To generate 4 × (Nr + 1) words from a key, the KEYEXPANSION () routine is used.For instance, four words are produced for each of the Nr +1 ADDROUNDKEY () applications found in the Cipher specification ().The routine's output is a list of words in order designated w [i], where i falls in the vicinity of ( ) Then fixed phrases are invoked through KEYEXPANSION (), which is indicated by Rcon[j] for 1 10 j ≤ ≤ .The round constants are ten words.
Each of ten round keys for AES-128 is generated by calling a unique round constant.The first six and eight of these constants are referred to by the key expansion algorithm for AES-192 and AES-256, respectively.Table 5 demonstrates pseudocode for KEYEXPANSION () function as in (FIPS 197, 2023).
AES is used in banking systems and government organizations for secure data transmission (Khelifi, 2013).This is due to the fact that it might take longer than the universe's age to crack a 128-bit AES key.However, according to (Amrita, Gupta, & Mishra, 2018), AES is open to numerous side channel attacks.These types of attacks utilize the descriptive data gleaned from the protocols and cryptographic primitives' implementation.Timing, power usage and electromagnetic radiation aspects can be used to obtain this characteristic information.Computational errors, variations in frequency or temperature, and hardware or software flaws can all produce additional types of information.Side channel attacks exploit the features of the hardware and software components as well as the cryptographic primitive's implementation structure (Jani, 2015).
Other cryptanalysis attacks against AES include algebraic attacks, cube attacks, eXtended Linearization (XL), eXtended Sparse Linearization (XSL), and collision attacks (Anwar, Hasan, Hasan, Loren, & Hossain, 2019), among others, are advancing steadily but there haven't been any major developments announced yet.The AES won't have the same lifespan as the conventional algorithm suite certified for classified applications given these developments.But there are practical countermeasures that, when used correctly, can eradicate these weaknesses at the equipment level (Amrita, Gupta, & Mishra, 2018).AES and steganography are two examples of combinations of two algorithms that can be used to bolster security further and circumvent cryptanalysis's weaknesses against AES.

Data Encryption Standard
Data Encryption Standard (DES) is an industry-standard technique for securing computer and telecommunications data.According to (Al-Hazaimeh, Alhindawi, Hayajneh, & Almomani, 2013) DES is a block cipher of the Feistel type in which the left and right sides of a block of bits are processed individually across a number of rounds.It's interesting that a Feistel encryption can be inverted under the condition that the function (f) used to operate on the half-blocks of data bits is invertible.The Data Encryption Algorithm's function f is a cipher since it performs both substitutions and permutations.
The DES algorithm encrypts messages in blocks of 64 bits, which is equivalent to 16 hexadecimal digits.The keys that DES employs to encrypt data are 16 hexadecimal digits long, or 64 bits.The DES algorithm uses a 56-bit key, but discards every eighth bit as noise.In any event, 64-bits (such as 16 Hexadecimal digits) is the round number based on which DES is structured.DES algorithm is based on the fundamental parts: Sub-keys generation and encryption process (Zhou & Li, 2014).The process of encryption using DES cryptographic method consists of the eight-step process (Paar & Pelzl, 2010;Stallings, 2014): 1) Convert plaintext and the key that will be processed into binary bits.Plaintext and the key that has been converted and then broken down into data blocks form with each of the block has a 64 bits (eight bytes) length.If the message is in the form of alphabet or symbols, it must first be converted into decimal and hexadecimal form following the ASCII character table, and then converted into binary bit.
2) Randomize the bits in plaintext data block based on Initial Permutation (IP) table, so that the bit sequence randomized compared to bits sequence of early plaintext block.The bits sequence after the second step followed the results from the IP table, with the first bit derived from the 58 th sequence bit of early plaintext blocks, and then the second bit derived from the 50 th sequence bits until the 64 th sequence bit derived from the seventh sequence bits.
3) The scrambling of key bits based are on permuted Choice 1 (PC-1) table.Results from the PC-1 has a 56 bit length because the last bits of each byte of the key (8,16,24,32,40,48,56 and 64 bits) that acts as the parity bit are not used again in the next step process.Once completed the results of PC-1 then divided into C0 and D0, with C0 is 28 leftmost bits and D0 is 28 rightmost bits from PC-1 results bits sequence.
4) Shift bits to the left (left shift) at Ci and Di as much as one or two times, with the value of i based on encryption process round that consists of 16 rounds.The result of the shift bits from every round of the Ci and Di are then combined into CiDi with a length of 56 bits.After that the CiDi key bits are randomized based on PC-2 (permuted Choice 2) table until produce the Ki variable.
5) Running the data expansion process of Ri-1 with a length of 32 bits (start-ing from the R0 of second process step results) becomes Ri with a length of 48 bits, where i is the round during the process.This process will be carried out as much as 16 times with the value of turnover 1 ≤ i ≤ 16 using the Expansion Table.The results of the expansion process is referred to as E (Ri-1), starting from E (R0) to E (R15).Afterwards, E (Ri-1) will be XOR processed with Ki that has been obtained from the fourth step process for each bit corresponds to running process round to produce Ai variable with a length of 48 bits and in a vector form.6) Once obtained, Ai then is broken down into eight blocks with each block consisting of six bits.Each block is then distributed into eight pieces of S -Box (Substitution Box), with the first block distributed to the S -Box 1, the second block distributed to the S -Box 2 and so on.The result of the substitution process using S -Box will be collected and produce Bi variable.
7) Once Bi variable is obtained, the next step is to do permutation process on each bit of Bi variable using P -Box table.The results obtained from the permutation using P -Box referred to as P (Bi), with i adapted to the round during the process, starting from P (B1) through P (B16).Thereafter, P (Bi) will be XOR processed with the Li-1obtained from the second process step in accordance with the processes running round to produce a Ri variable with a length of 32 bits and in a vector form.Ri results will then be merged with Li, which came from the Ri-1, into LiRi which is the result of the encryption process of plaintext for each round process with a length of 64 bits.
8) The eighth process step is carried out when the seventh process step has obtained the L16 and R16 from the 16 th process round.The next step is the process of reversing positions on L16 and R16, and then combined to obtain the R16L16 form.These results are then permutated using IP-1 (Inverse Initial Permutation) table.Results obtained from the eight process step are referred to as cipher, which is a data block that has been encrypted and is ready to be sent to the recipient along with the other ciphers.A combination of several ciphers is called ciphertext.
The first and second step of the process is done only once at the beginning of the DES encryption process, while the eight step of the process is done only once at the end of the DES encryption process.The third to the seventh process step are carried out 16 times according to the number of rounds of Feistel process used by DES cryptographic method.Even though DES has high encryption ratio, it is open to attacks because of its shorter keys.In addition, it is susceptible to brute force attacks and as such is not suitable to be utilized in M-banking.

Triple-Data Encryption Standard
Triple-Data Encryption Standard (3DES) is the development of DES cryptographic method.The difference between the two methods is 3DES uses triple times the DES process step used in encryption and decryption process by using three key combinations (Rao, 2015).In addition, the effective length of the key used for encryption and decryption process using 3DES cryptographic method is 168 bits (consisting of three sub-key that each have a length of 56 bits), in contrast to DES cryptographic method that uses a key with and effective length of 56 bits (Mathur & Kesarwani, 2013).There are three options to use a combination of sub-key that has become standard in the encryption and decryption process using 3DES cryptographic method (Kumar & Rajaanadan, 2016): 1) Three sub-keys have different combinations (3K3DES).
3) Three sub-keys have the same combinations.
From the three options, the use of sub-key, the first option is the best because the three sub-key has a different combination, with an effective key length of 168 bits, so that the data is encrypted using the first option is more difficult to resolve than the use of the second and third options (Kahate, 2003).The second option has an effective key length of 112 bits, because the first sub-key has same combination as the third sub-key, but this option is still better than using the DES encryption process twice.The third option is the weakest compared to the previous option because the first sub-key and the second sub-key negated each other in the process so that the key used in this option has an effective length of 56 bits, the same as the length of the key used by DES cryptographic method.3DES has moderate encryption ration and its speed is relatively fast.However, 3DES suffers from brute force attacks, chosen plaintext, and known plaintext attacks.Even though it can be used in applications such as smart cards and e-payments, it is not suitable to be utilized in M-banking applications.

Steganography
Steganography is the process of incorporating a secret message into a cover medium while entirely obfuscating the fact that it exists (Hashim, Rahim, Johi, Taha, Al-Wan, & Sjarif, 2018;Douglas, Bailey, Leeney, & Curran, 2018;Mishra, Yadav, Trivedi, & Shrimali, 2018).According to Morkel (2012), the secret communication can take the shape of plaintext, an image, cipher text, or anything else that can be represented as a bit.Sometimes a stego-key (secret key) that must be known in order to detect and extract the secret message is used as a parameter in the embedding process.A communication is referred to as a stego-object once it has been cloaked in a cover message.The sender must modify the secret message first, and then work with some of the cover object's components to create the stego-object before embedding the information in the cover media (Cao, Wang, Zhao, Zhu, & Xu, 2018).The stego-object is then sent to the appropriate receiver through a communication method.To extract the concealed message, the operation is carried out backwards after it has been received.
Prior to transmitting the stego-object, both parties (sender and receiver) must have access to the secret key if the process calls for it (Al-Husainy & Uliyan, 2018).
Steganography is generally used in the communication of secret and when to-tal freedom is desired.Communication security is very important in both censured and monitored surroundings.Private communications which cannot be secured through cryptography can be secured with steganography (AL-Shaaby, 2017).However, Conklin (Conklin et al., 2015) suggested the use of steganography with other security mechanisms for the provision of layered security as an intruder who succeeds at one layer is still required to bypass the other levels to be completely successful.Communications in the military and intelligence fields require no obstruction; even with content encryption, the detection of a signal can result in an attack on the sender on a modern battlefield (Khanam & Verma, 2018).Such signals can be hidden through steganography.Information that is not intended to be shared with anyone can also be stored using steganography.
Other sensitive information such as banking information can also be concealed in a cover object and stored on a private computer (Devadiga, Kothari, Jain, & Sankhe, 2017;Hashim, Rahim, Shafry, & Alwan, 2018).
Different steganographic algorithms have been deployed to ensure data security.It should be noted that not all steganography systems operate with secret keys; however, the security of steganographic systems can be enhanced by applying the Kerckhoff principle.The principle implies that even if an intruder knows the design and implementation of the steganographic system, he must have the secret key to launch a successful attack on the system.Therefore, it may be wise to incorporate the secret keys (public or private) when implementing steganographic systems (Morkel, 2012).
Steganography provides sensitive information security through the embedding of the information in cover media; thus, there is confidentiality.Such hidden information can only be revealed using a steganographic key (AL-Shaaby, 2017).However, the technique and manner used to conceal the information could also serve as identity proofs.The technique for embedding the information, can become a shared secret if wrongly done, can be a mode of identification and authentication (Morkel, 2012).The embedded information cannot be subjected to integrity check because the information may have been altered intentionally or unintentionally, and the changes made to the extracted information may not be observed (Domain, 2018).
Computer scientists and security analysts have recently recognized the security threats posed by the illicit use of steganographic techniques in the global information space (Siper, Farley, & Lombardo, 2005).Terrorists can utilize steganography to communicate secretly without the knowledge of the law enforcement agencies.Owing to this, studies have been on going to find the problems of the existing steganographic systems which can be exploited for hidden information detection, extraction, and/or destruction.There are two major techniques in steganalysis; visual analysis and statistical analysis.
The aim of visual analysis is to reveal the presence of hidden information through a naked eye or computer-aided inspection.Statistical analysis tries to reveal small alterations in the carrier objects (it tries to unravel the statistical features associated with steganographic processes) (Hussain, Wahab, Idris, Ho et al., 2018).Furthermore, secret information can be removed by email firewall when filtering images and this is another threat to image steganography.However, most of the proposed image steganographic techniques do not rely on e-mail as a communication channel, rather, on websites which can also distribute stego images (Siper, Farley, & Lombardo, 2005).

Hybrid Algorithms
Hybrid algorithms involve a combination of two or more algorithms to add a level of security for a system.This may involve a combination of two or more steganographic techniques, a combination of two or more cryptographic techniques or a combination of various algorithm techniques.Dhamija and Dhaka (2015) proposed an encryption system that combines embedding methods based on cryptography and steganography schemes.Regarding the cryptographic component, utilization of cryptography and steganography is an attractive mechanism that compliments the security features of the two algorithms.They advised using the frequently used LSB steganography.However, since a single key is used for both encryption and decryption and might be compromised, there is still a problem with key management and control.
Image steganography technique proposed by Pillai, Mounika, Rao, and Sriram (2016) employed DES algorithm to encrypt text communications.The approach uses a block size of 64 bits and a 16 round.Later, the given image was clustered into several segments using the pixel clustering of the k-means algorithms in order to incorporate sensitive data in each segment.Several clustering techniques were employed in the segmentation of the images.A collection of pixel-shaped data was segmented, and as a result, each pixel was broken down to red, green, blue color components.LSB method is then divided into K numbers of tiny segments to be embedded within each cluster after the construction of these clusters.Despite all of these factors, the use of this application is unsafe due to the use of DES and 56-bit key used for encryption.The approach was put out for increasing the stego image's performance capability (Joseph & Sivakumar, 2015).This method promoted the use of AES with the Adaptive Pixel Value Differencing technique for steganography.
A performance analysis survey was carried out using LSB substitution technique in (Padmavathi & Kumari, 2013) on a number of algorithms, including RSA, DES, and AES.The study focuses on the three encryption approaches according to their effectiveness in any application.It also showed that AES is stronger than RSA and DES since it uses less buffer space and decodes and encodes data much more quickly.
A system that incorporates RSA technology and LSB audio steganography to embed encrypted data into audio file in which the message's recipient first separates the encrypted text from the audio before using the RSA decryption algorithm to unlock it was proposed.As a result, the technique enhances the com-bined properties of the employed steganography and cryptography while providing a greater level of data protection (Gambhir & Mishra, 2015).The system is typically susceptible to factorization and brute force assaults when classic RSA methods are used, making it simple for an attacker to break through.
A study that conceals images using Blowfish cryptographic algorithm was proposed in (Sharma, Mithlesharya, & Goyal, 2013).When assessing the different symmetric algorithms, the adoption of Blowfish algorithm was taken into consideration due to its strength, speed, and great efficiency.On the other hand, a hybrid algorithm that combines ECC with LSB steganography in (Saranya & Thirumal, 2014) provided security services such as availability, mutual authentication, non-repudiation, and data integrity.In comparison to General Packet Radio Service (GPRS), the suggested system's cost per transaction was lower.A study in (Islam, Kobita, Rumi, Karim, & Tabassum, 2021) proposed a method that combines RSA and DSA algorithms in their work.The method generates two keys: the signer's personal key and their public key, enabling the use of public key for decryption in the event that their personal key is used for encryption.
To verify authentication, the recipient's mobile phone sends the sender a One Time Password (OTP), which the system then verifies.
A hybrid algorithm proposed by Abdelfattah, Awad, and Nasr (2019) utilized Elliptic Curve Signcryption and certificateless cryptography for M-banking.This system allows sending of documents and multimedia through M-banking applications.Results of the scheme demonstrate that the algorithm performs better than other earlier methods.A summary of AES algorithm provided by Abdullah (2017) was compared to other algorithms like DES, 3DES, and Blowfish.The author lists several of the AES algorithm's salient features and offers findings of past research on it that evaluated how effectively it worked to encrypt data under various circumstances.According to the study, AES is capable of providing security than competing algorithms like DES and 3DES.The best algorithms for M-banking are chosen based on many factors, including security, battery usage, time usage, attack resistance, storage consumption, and compatibility with hardware and software.The most crucial factor is speed, followed by the system's resilience to attackers as illustrated in Table 6 by (Padmavathi & Kumari, 2013;Mahajan & Sachdeva, 2013;Singhal & Singhal, 2016;Mathur & Kesarwani, 2013;Sengel, Aydin, & Sertbas, 2020).
Table 6 demonstrates how the different encryption algorithms in this study perform.In terms of speed, all algorithms are fast except DSA and RSA.Security attacks indicate that AES is susceptible to chosen plaintext and known plaintext attacks, DES is susceptible to brute force attacks, 3DES is susceptible to brute force, chosen plaintext, and known plaintext attacks, Blowfish is susceptible to dictionary attacks, DSA has no signature verification, RSA is susceptible to timing attacks, and ECC is susceptible to public parameters.
In terms of application areas, AES is recommended for wireless communication and banks, DES for image processing, 3DES for smart cards and e-payments,

Results and Discussion
Table 6 demonstrates that RSA, ECC, and DSA are robust and can be used for secure data transmission.However, they take long encryption and decryption time and therefore open to several kinds of attacks.For instance, RSA is vulnerable to timing and brute force attacks, ECC is vulnerable to side channel, power, electromagnetic, error message, fault, and timing attacks.On the other hand, DSA lacks secrecy and is vulnerable to forgeries, known-message attacks, chosen-message attacks, and key-only attacks.These factors make RSA, ECC, and DSA encryption algorithms unsuitable for critical applications such as M-banking.
Conversely, Blowfish algorithm is the quickest block cipher which can be used in database security and internet commerce.Findings from this review indicate that when compared to other encryption algorithms, Blowfish is efficient in terms of time and power consumption (Verma, Guha, & Mishra, 2016).However, its weakness is that it cannot provide non-repudiation.In regard to AES encryption algorithm, it is a fast and secure algorithm that has not been broken so far.AES is used in banking systems, government systems, and high security systems to secure mobile or internet banking (Khelifi, Aburrous, Talib, & Shastry, 2013).Although AES has not been broken so far, future attacks including side channel attacks, timing attacks, algebraic attacks, cube analysis attacks and collision attacks.
Results from steganography methods have been reviewed.The different types of steganography include text, image, audio, video, and network steganography.
Among these types of steganography, audio and video steganography have limited techniques that can be applied to hide messages in the cover media.There exist several techniques that can be applied to hide messages in images such as spatial domain, transform domain, compressed domain, LSB technique, pixel value differencing, spread spectrum, and randomized embedding technique.
While these techniques can be used to hide information in cover media, LSB technique is the most commonly used.However, LSB has limited undetectability and therefore does not stop adversaries from launching attacks.Even though steganography offers security by concealing messages in a cover media, it is susceptible to steganalysis attacks.
The transition to hybrid algorithms represents a new modern paradigm as a result of assaults on the algorithms reviewed.Thus, a combination of cryptography and steganography provides an additional layer of security.For example, a combination of RSA with AES improves security.However, the cryptosystem cannot be used for M-banking since RSA is slow in encryption and decryption time.In addition, RSA is susceptible to various attacks.On the other hand, a combination of RSA and LSB steganography improves data security.And again, RSA is slow in encryption and decryption time.This puts the hybrid algorithm at risk because if an adversary discovered the presence of hidden message in the LSB steganography algorithm, the long decryption-encryption time of RSA will give the adversary time to hack the system.
A combination of encryption algorithm such as AES with steganography techniques such as LSB provide additional layer of security just like other hybrid algorithms.Additionally, AES is fast in encryption and decryption time and has not been broken as of date.However, since AES is not immune to future attacks, then a combination of security features from AES and LSB steganography makes it more superior in terms speed and applicability.This study therefore finds a combination of AES with LSB steganography techniques commendable for use in M-banking.

Conclusion and Recommendation
In this study, a number of cryptographic algorithms have been thoroughly reviewed to identify the optimal strategy for a certain sector of application.Performance of cryptographic algorithms is measured using the following variables: encryption ratio, speed, key-length, tunability, and security against attack.We concluded that AES is appropriate for wireless communication and banks, DES is applied in image processing, 3DES can be used in smart cards, and e-payments, Blowfish is suitable in applications such as database security and e-commerce.On the other hand, DSA is appropriate for web applications and e-mail verification, RSA is suitable for internet banking, and ECC is recommended for key exchange over web and mobile applications.This paper concluded that cryptographic and steganographic algorithms are known to be independently ineffective in providing protection to information across networks when used separately; thus, a more effective and secure technique can be accomplished by combining cryptography and steganography techniques.The combination of these strategies would ensure data security is strengthened in order to meet the safety and robustness requirements for transmission of data across insecure networks.Hybrid algorithms, which involve fusion of different steganographic and cryptographic algorithms into one approach can be used to fortify data security since the strengths of the combined methods will be used to overcome their weaknesses when used separately.Combining steganography and cryptography can increase security of secret data because data will be encrypted before being embedded into a cover media.
AES algorithm with LSB steganography techniques can be appropriate for utilization in M-banking.This is due to the fact that AES is a quick encryption and decryption technique that is secure and has not yet been compromised.However, given how quickly technology advances, AES might not always be the safest and secure technique.In order to create a tamper-proof hybrid algorithm for securing data transmission in M-banking, security features from LSB steganography and AES can be combined.This paper therefore recommends utilization of hybrid algorithms such as AES algorithm and LSB steganography techniques for data transmission in M-banking.This is because such a hybrid algorithm incorporates security features from AES algorithm such as encryption of messages and security features from LSB steganography such hiding messages in cover media before transmission.The security tenet of this hybrid algorithm lies on its hardness to break because even if an adversary discovered existence of hidden message, it will be dif- r, c].The move in the stipulations of AES is to replicate input arrangement of bytes represented as in to the four-by-four square variable values s illustrated in Equation 1.

Table 6 .
Analysis of encryption algorithms.Blowfish for database security and e-commerce software, DSA for web application and e-mail verification, RSA for internet banking, and ECC for key exchange over web and mobile.From statistics in Table6, AES outperforms the other algorithms in terms of security and speed and is recommended for M-banking.