Paras Jain implements new algorithms to test and improve credit card security
On April 3, freshman Paras Jain walked out of Great America auditorium with $1,100, a bronze medallion, certificate, and second place award. When he first entered his project in the annual Santa Clara Valley Science and Engineering Fair Association Synopsys Science Fair, little did he know of the recognition he would receive. On March 9, along with 15 other MVHS competitors, Jain participated in the science fair for the fourth time with an inventive project to test credit card identity theft.
Jain’s project, SmartCheck: Innovating Credit Card Security Through Online and Smartphone Based Transaction Handshake Protocols, Fingerprinting and Encryption, is an invention that increases credit card and identity security through, according to his abstract, “a novel encryption algorithm that is practically unbreakable with modern hardware.”
In December, a credit card company named VistaPrint stole his parents’ identity and then repeatedly charged the card weeks after his parents already made the payment. This first-hand experience with identity theft motivated Jain to execute his project.
“When I was looking for ideas [for science fair projects] about a half a year ago I was trying to think of problems in society which I can try and solve,” Jain said. “That was about a month after we had finished up dealing with the company, so I thought of that [identity theft] and tried to figure out someway I could prevent that from happening.”
With six years of experience in computer science from programming Internet websites to writing code, Jain conducted much of the research and experimentation involved in his project by himself.
“He came up with the topic and did 99 percent of it himself, “ his father Pradeep Jain said. “This year in particular, my role was negligible. I was kind of like his chauffeur and taking him from point to point.”
To evaluate the degree of safety in the credit card industry, Jain tested the security of three existing algorithms in the market that were frequently hacked: MD5, SHA1 and CRC16/32.
“I found that they were very insecure,” Jain said. “So I ended up breaking them in a day or less and from the knowledge that I had from that, I further developed a new algorithm that was unbreakable in a two week test that had five trials.“
Jain then tested the three algorithms against two algorithms that he generated himself, called SCA and SCB, that, according to his abstract, proved 1,000 times more difficult to break mathematically than the rest. Specifically, his SCB code could not be broken even with the most modern hardware.
“Even if the hackers have a super computer or something, they still need to break the code and rehash [using old material and transforming it into a new form] it within an hour,” Jain said. “That’s practically impossible and probably not possible for another 50 or so years.”
Using the algorithm, Jain created an implementation for smart phones. Upon walking into a store, the user would be informed by the phone’s GPS of their presence in the store and thus generate the secure code that he developed.
“It’s unbreakable,” Jain said. “And even if the vendor tries to hack the code they can’t access any credit card details behind it.”
According to Jain’s abstract, he ran the tests in the “worst-case scenario” in which the hacker had access to the server, code, and database. Despite this open access, his SCB code remained unbroken for two weeks. The other insecure algorithms were broken within one to two days.
On the day of the science fair, three category judges and over 12 special judges from companies that offer monetary prizes visited Jain’s poster. The overall reception of his project was overwhelmingly positive. Many judges were impressed by the fact that one of the algorithms that Jain had broken was a military code. A few judges took down his phone number and one of them contacted Jain to talk about future cooperation and implementation into the market. On April 9, Jain also presented SmartCheck to venture capitalists at Stanford and created a high level of interest.
Jain was the only MVHS freshman at Synopsys who won a Category and overall Special Award Grand Prize.
“I’m pretty happy about it and I’m kind of surprised,” Jain said. “Throughout the entire awards ceremony I kept crossing my fingers and I was waiting and hoping that I would get the Grand Prize award.”
Overall, Jain enjoyed the science fair experience and feels that all the experiments conducted for his project were worthwhile.
“I would describe it as a lot of work,” Jain said. “Trying to balance the science fair experimentation along with school work and studying for tests and stuff is a lot.”
Jain has submitted his project into the Google Science Fair and is planning to submit it into the nation-wide Siemens Competition. His awards included a second place prize in the Computer/Mathematics category, a $100 check from the Wireless Communication Alliance, a first place Bronze Medallion and a messenger bag from the United States Army, and a Grand Prize of $1000 from Morgan Lewis.
Other winning competitors from MVHS included juniors Akshay Agrawal, Angela Zhang, Anirudh Suvarna, and Hemanth Kini. Visit the Synopsys Science Fair website for more information: http://sites.google.com/site/synopsyschampionship/