05-07-2014, 10:50 AM
A NOVEL ANTIPHISHING FRAMEWORK BASED ON VISUAL CRYPTOGRAPHY
A NOVEL ANTIPHISHING FRAMEWORK.docx (Size: 93.12 KB / Downloads: 45)
ABSTRACT
Online transactions are nowadays become very common and there are various attacks present behind this. In these types of various attacks, phishing is identified as a major security threat and new innovative ideas are arising with this in each second so preventive mechanisms should also be so effective .Thus the security in these cases be very high and should not be easily tractable with implementation easiness.
Phishing is an attempt by an individual or a group to thieve personal confidential information such as passwords, credit card information etc from unsuspecting victims for identity theft, financial gain and other fraudulent activities. In this project we have proposed a new approach named as "A Novel Antiphishing framework based on visual cryptography" to solve the problem of phishing. Here an image based authentication using Visual Cryptography (vc) is used. The use of visual cryptography is explored to preserve the privacy of image captcha by decomposing the original image captcha into two shares that are stored in separate database servers such that the original image captcha can be revealed only when both are simultaneously available; the individual sheet images do not reveal the identity of the original image captcha. Once the original image captcha is revealed to the user it can be used as the password.
INTRODUCTION
Today, most online applications are only as secure as their underlying system. Since the design and technology of middleware has improved steadily, their detection is a difficult problem. As a
result, it is nearly impossible to be sure whether a computer that is connected to the internet can
be considered trustworthy and secure or not. Phishing scams are also becoming a problem for
online banking and e-commerce users. The question is how to handle applications that require a
high level of security.
Phishing is a form of online identity theft that aims to steal sensitive information such as online
banking passwords and credit card information from users. One definition of phishing is given
as “it is a criminal activity using social engineering techniques. Phishers attempt to fraudulently
acquire sensitive information, such as passwords and credit card details, by masquerading as a
trustworthy person or business in an electronic communication”. Another comprehensive definition of phishing states that it is “the act of sending an email to a user falsely claiming to be
an established legitimate enterprise into an attempt to scam the user into surrendering private information that will be used for identity theft”.
So here introduces a new method which can be used as a safe way against phishing which is
named as "A novel approach against Anti-phishing using visual cryptography". As the name
describes, in this approach website cross verifies its own identity and proves that it is a genuine
website (to use bank transaction, E-commerce and online booking system etc.) before the end
users and make the both the sides of the system secure as well as an authenticated one.
The concept of image processing and an improved visual cryptography is used. Image
processing is a technique of processing an input image and to get the output as either improved
form of the same image and/or characteristics of the input image. In Visual Cryptography (VC)
an image is decomposed into shares and in order to reveal the original image appropriate
number of shares should be combined.
AIM OF PROJECT
For phishing detection and prevention, we are proposing a new methodology to detect the
phishing website. Our methodology is based on the Anti-Phishing Image Captcha validation
scheme using visual cryptography. It prevents password and other confidential information from
the phishing websites.
By using the proposed system ”Antiphishing framework using visual cryptography” the user as well as the system can verify whether the website is genuine/secure website or a phishing website and can also verify whether the user is human user or not.
Module description
Login modules
In the Login phase first the user is prompted for the username (user id). Then the user is asked to enter his share which is kept with him. This share is sent to the server where the user’s share and share which is stored in the database of the website, for each user, is stacked together to produce the image captcha. The image captcha is displayed to the user .Here the end user can check whether the displayed image captcha matches with the captcha created at the time of registration. The end user is required to enter the text displayed in the image captcha and this can serve the purpose of password and using this, the user can log in into the website. Using the username and image captcha generated by stacking two shares one can verify whether the website is genuine/secure website or a phishing website and can also verify whether the user is a human user or not.
Registration module
In the registration phase, a key string (password) is asked from the user at the time of registration for the secure website. The key string can be a combination of alphabets and numbers to provide more secure environment. This string is concatenated with randomly generated string in the server and an image captcha is generated. The image captcha is divided into two shares such that one of the shares is kept with the user and the other share is kept in the server. The user’s share and the original image captcha is sent to the user for later verification during login phase. The image captcha is also stored in the actual database of any confidential
Image Generation module
The user is asked to enter his share which is kept with him. This share is sent to the server where the user’s share and share which is stored in the database of the website, for each user, is stacked together to produce the image captcha. The image captcha is displayed to the user .Here the end user can check whether the displayed image captcha matches with the captcha created at the time of registration. Using the username and image captcha generated by stacking two shares one can verify whether the website is genuine/secure website or a phishing website and can also verify whether the user is a human user or not.
NEED OF PROJECT
Currently phishing attacks are so common because it can attack globally and capture and store
the users’ confidential information. This information is used by the attackers which are
indirectly involved in the phishing process. Phishing websites as well as human users can be
easily identified using our proposed "Anti-phishing framework based on Visual Cryptography".
So this proposed method is used to phishing detection and prevention, we are proposing a new methodology to detect the phishing website. It prevents password and other confidential information from the phishing websites.
This antiphishing framework using visual cryptography provides additional security in terms of not letting the intruder log in into the account even when the user knows the username of a particular user. The proposed methodology is also useful to prevent the attacks of phishing websites on financial web portal, banking portal, online shopping market.
Registration phase
In the registration phase, a key string (password) is asked from the user at the time of registration for the secure website. The key string can be a combination of alphabets and numbers to provide more secure environment. This string is concatenated with randomly generated string in the server and an image captcha[19] is generated. The image captcha is divided into two shares such that one of the shares is kept with the user and the other share is kept in the server. The user’s share and the original image captcha is sent to the user for later verification during login phase. The image captcha is also stored in the actual database of any confidential website as confidential data. After the registration, the user can change the key string when it is needed.
Login phase
In the Login phase first the user is prompted for the username (user id).Then the user is asked to enter his share which is kept with him. This share is sent to the server where the user’s share and share which is stored in the database of the website, for each user, is stacked together to produce the image captcha. The image captcha is displayed to the user. Here the end user can check whether the displayed image captcha matches with the captcha created at the time of registration. The end user is required to enter the text displayed in the image captcha and this can serve the purpose of password and using this, the user can log in into the website. Using the username and image captcha generated by stacking two shares one can verify whether the website is genuine/secure website or a phishing website and can also verify whether the user is a human user or not.