Article Preview
Top1. Introduction
The e-governance system enables electronic communication between various government services via the Internet (Alrubaiq, 2021). These services include transactions between the government and citizens, the government and other governments, and the government and businesses, as well as e-learning, e-procurements, and e-voting. With the increasing availability of the Internet and handheld cellular devices, e-governance is rapidly spreading across geopolitical areas. It frequently transmits the user's critical personal data over the Internet. These records are kept on servers. The data may be eavesdropped on, stolen from, or leaked to unauthorised individuals or adversaries. Such security incidents may not only erode stakeholder trust and privacy, but may also result in financial loss, health loss, service interruptions, and denial of service attacks (Alzahrani, 2017).
Increased infrastructure and lower costs of Internet access have resulted in a significant increase in Internet users in India over the last decade. According to a report by the Telecommunication Regulatory Authority of India (TRAI), Internet users increased by approximately 4% between January and March 2021, reaching 825.30 million (Manchanda, 2021). As a result, an increasing proportion of the population is turning to online commercial, medical, educational, administrative, legal, entertainment, and social services provided by both private and public sectors. However, this has increased the occurrences of data breaches, which result in malicious users capturing confidential and sensitive user data (Shekhar, 2021; Dhwani, 2021).
1.1 What is Security?
In this context, security refers to safeguarding data and other resources within the e-governance framework against unauthorised access, use, tampering, or destruction. Security experts recommend encrypting sensitive data to prevent unauthorised parties from reading it. Data should be encrypted while it is being stored and while it is being moved or transferred between devices and applications (Mondal, 2020). To prevent attackers from tampering with security algorithms, they should be implemented in read-only hardware. The encryption key should be securely stored and managed by the organisation that owns the data. It should never be accessed by untrusted hardware, software, or individuals. No one should be able to access unencrypted data except the authorised user (person or software). A multi-level authentication process should be used to verify the authorised user or software in a secure manner (Turner, 2021).
Reliable data encryption is a well-known method of ensuring data security. A strong security algorithm, on the other hand, requires a reasonable amount of hardware resources in terms of CPU power, memory size, and electric power to run efficiently (Mondal, 2022). In India, over 95% of users access the Internet wirelessly via their mobile phones (Manchanda, 2021). A sizable portion of these users access digital services via low-cost mobile phones with limited battery life. They are, however, expected to respond quickly, as e-governance applications are expected to be heavily utilised in the day-to-day lives of ordinary citizens (Alrubaiq, 2021). Typically, OTPs sent for authentication and consenting to transactions have a validity of thirty seconds to ten minutes. As a result, these devices require security software that is both fast and light on the hardware.