13-08-2013, 04:27 PM
A Novel Anti Phishing framework based on Visual Cryptography
![Adobe Acrobat PDF .pdf](https://seminarproject.net/images/attachtypes/pdf.gif)
Abstract
With the advent of internet, various online attacks has
been increased and among them the most popular attack is
phishing.Phishing is an attempt by an individual or a group to
get personal confidential information such as passwords, credit
card information from unsuspecting victims for identity theft,
financial gain and other fraudulent activities. Fake websites
which appear very similar to the original ones are being hosted
to achieve this. In this paper we have proposed a new approach
named as "A Novel Anti-phishing framework based on visual
cryptography "to solve the problem of phishing. Here an image
based authentication using Visual Cryptography is implemented.
The use of visual cryptography is explored to preserve the
privacy of an image captcha by decomposing the original image
captcha into two shares (known as sheets) that are stored in
separate database servers(one with user and one with server)
such that the original image captcha can be revealed only when
both are simultaneously available; the individual sheet images do
not reveal the identity of the original image captcha. Once the
original image captcha is revealed to the user it can be used as
the password. Using this website cross verifies its identity and
proves that it is a genuine website before the end users.
INTRODUCTION
Online transactions are nowadays become very common
and there are various attacks present behind this. In these types
of various attacks, phishing is identified as a major security
threat and new innovative ideas are arising with this in each
second so preventive mechanisms should also be so effective.
Thus the security in these cases be very high and should not be
easily tractable with implementation easiness.
Today, most applications are only as secure as their
underlying system. Since the design and technology of
middleware has improved steadily, their detection is a difficult
problem. As a result, it is nearly impossible to be sure whether
a computer that is connected to the internet can be considered
trustworthy and secure or not. Phishing scams are also
becoming a problem for online banking and e-commerce users.
The question is how to handle applications that require a high
level of security.
VISUAL CRYPTOGRAPHY
One of the best known techniques to protect data is
cryptography. It is the art of sending and receiving encrypted
messages that can be decrypted only by the sender or the
receiver. Encryption and decryption are accomplished by using
mathematical algorithms in such a way that no one but the
intended recipient can decrypt and read the message. Naor and
Shamir [2] introduced the visual cryptography scheme (VCS)
as a simple and secure way to allow the secret sharing of
images without any cryptographic computations.
A brief survey of the related work in the area of visual
cryptography is presented..Visual cryptography schemes were
independently introduced by Shamir [3] and Blakley [4], their
original motivation was to safeguard cryptographic keys from
loss. These schemes also have been widely employed in the
construction of several types of cryptographic protocols [5]
and consequently, they have many applications in different
areas such as access control, opening a bank vault, opening a
safety deposit box, or even launching of missiles. A segment-
based visual cryptography suggested by Borchert [6] can be
used only to encrypt the messages containing symbols,
especially numbers like bank account number, amount etc. The
VCS proposed by Wei-Qi Yan et al., [7] can be applied only
for printed text or image.
Registration Phase
In the registration phase, a key string(password) is asked
from the user at the time of registration for the secure website.
The key string can be a combination of alphabets and numbers
to provide more secure environment. This string is
concatenated with randomly generated string in the server and
an image captcha[16][17] is generated. The image captcha is
divided into two shares such that one of the share is kept with
the user and the other share is kept in the server. The user's
share and the original image captcha is sent to the user for later
verification during login phase. The image captcha is also
stored in the actual database of any confidential website as
confidential data. After the registration, the user can change the
key string when it is needed. Registration process is depicted in
Fig.3.
RESULTS AND DISCUSSIONS
It is observed that both original and reconstructed image
captcha's are related with high degree of correlation. The
correlation coefficient of original captcha and reconstructed
captcha are shown in TABLE I.Also when two different
shares are stacked their corresponding correlation co-efficient
is obtained as -0.0073.This shows that there will be zero
degree of correlation between original and output images for
two different shares.
CONCLUSION
Currently phishing attacks are so common because it can
attack globally and capture and store the users’ confidential
information. This information is used by the attackers which
are indirectly involved in the phishing process. Phishing
websites as well as human users can be easily identified using
our proposed "Anti-phishing framework based on Visual
Cryptography". The proposed methodology preserves
confidential information of users using 3 layers of security. 1st
layer verifies whether the website is a genuine/secure website
or a phishing website. If the website is a phishing website
(website that is a fake one just similar to secure website but not
the secure website), then in that situation, the phishing website
can’t display the image captcha for that specific user (who
wants to log in into the website) due to the fact that the image
captcha is generated by the stacking of two shares, one with
the user and the other with the actual database of the website.