Personal Secret Information Based Authentication towards Preventing Phishing Attacks

  • Gaurav Varshney
  • Ramesh Chandra Joshi
  • Anjali Sardana
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 176)

Abstract

Phishing is a well-known technique used by internet fraudsters for acquiring sensitive and personal information from users by impersonating a real identity. A Phishing attack involves various deceptions & advanced cybercrime techniques, some of them includes email spoofing, exploiting browser side vulnerabilities, fraudulent emails and Phished websites creation techniques using scripting languages and technologies. Phishing causes identity, goodwill and money loss to companies and individuals. One of the major problems we identified is the reduced usage and reliability on the email Infrastructure as a communication medium between customers and companies. Previous schemes for phishing prevention such as those which use browser extension, Quick Response code, Extended Authentication server & device and smart card based techniques are complex and difficult to make use in real world scenario. We present an architecture that can be used by companies for preventing phishing attacks by sharing a piece of secret information with every customer and using it as an authentication mechanism to prove their originality when a customer login to their websites using links provided in their emails. The unavailability of secret information which is securely shared between customer and the company will prevent a phisher in creating deception and hence will prevent phishing attacks which occur due to malicious links in phished emails. This will increase the reliability of email service as an authentic communication medium. The efficacy of this technique does not rely on results of any spam or phishing prevention scheme provided at email service provider side.

Keywords

Phishing phisher authentication 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Singh., A.P., et al.: Detection and Prevention of Phishing Attack Using Dynamic Watermarking. Information Technology and Mobile Communication Communications in Computer and Information Science, Part 1 147, 132–137 (2011), doi:10.1007/978-3-642-20573-6_212011CrossRefGoogle Scholar
  2. 2.
    Liou, J., et al.: A Sophisticated RFID Application on Multi-Factor Authentication. In: 2011 Eighth International Conference Information Technology: New Generations (ITNG), Las Vegas, pp. 180–185 (2011), doi:10.1109/ITNG.2011.38Google Scholar
  3. 3.
    Parno, B., Kuo, C., Perrig, A.: Phoolproof Phishing Prevention. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 1–19. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Florencio, D., Herley, C.: Password Rescue: A New Approach to Phishing Prevention. In: Proceedings of the 1st USENIX Workshop on Hot Topics in Security, HOTSEC (2006)Google Scholar
  5. 5.
    Adida., B., et al.: Fighting Phishing Attacks: A Lightweight Trust Architecture for Detecting Spoofed Emails. In: DIMACS Workshop on Theft in E-Commerce (2005)Google Scholar
  6. 6.
    Fraser, N.: The usability of picture password (unpublished)Google Scholar
  7. 7.
    Dhamija, R., Tygar, J.D.: The Battle Against Phishing: Dynamic Security Skins. In: Proceedings of the 2005 symposium on Usable privacy and security, SOUPS (2005)Google Scholar
  8. 8.
    Ross, B., et al.: Stronger Password Authentication Using Browser Extensions. In: Security 2005 Technical Program (2005)Google Scholar
  9. 9.
    Hiltgen, A., et al.: Secure Internet banking authentication. IEEE Security & Privacy 4(2), 21–29 (2006), doi:10.1109/MSP.2006.50CrossRefGoogle Scholar
  10. 10.
    Kyeongwon, C., et al.: A mobile based anti-phishing authentication scheme using QR code. In: 2011 International Conference on Mobile IT Convergence (ICMIC), September 26-28, pp. 109–113 (2011)Google Scholar
  11. 11.
    APWG.: Origins of the Word "Phishing", http://www.antiphishing.org/word_phish.html

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Gaurav Varshney
    • 1
  • Ramesh Chandra Joshi
    • 1
  • Anjali Sardana
    • 1
  1. 1.Electronics and Computer Engineering DepartmentIndian Institute of TechnologyRoorkeeIndia

Personalised recommendations