Abstract
Phishing is a well-known technique used by internet fraudsters for acquiring sensitive and personal information from users by impersonating a real identity. A Phishing attack involves various deceptions & advanced cybercrime techniques, some of them includes email spoofing, exploiting browser side vulnerabilities, fraudulent emails and Phished websites creation techniques using scripting languages and technologies. Phishing causes identity, goodwill and money loss to companies and individuals. One of the major problems we identified is the reduced usage and reliability on the email Infrastructure as a communication medium between customers and companies. Previous schemes for phishing prevention such as those which use browser extension, Quick Response code, Extended Authentication server & device and smart card based techniques are complex and difficult to make use in real world scenario. We present an architecture that can be used by companies for preventing phishing attacks by sharing a piece of secret information with every customer and using it as an authentication mechanism to prove their originality when a customer login to their websites using links provided in their emails. The unavailability of secret information which is securely shared between customer and the company will prevent a phisher in creating deception and hence will prevent phishing attacks which occur due to malicious links in phished emails. This will increase the reliability of email service as an authentic communication medium. The efficacy of this technique does not rely on results of any spam or phishing prevention scheme provided at email service provider side.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Singh., A.P., et al.: Detection and Prevention of Phishing Attack Using Dynamic Watermarking. Information Technology and Mobile Communication Communications in Computer and Information Science, Part 1 147, 132–137 (2011), doi:10.1007/978-3-642-20573-6_212011
Liou, J., et al.: A Sophisticated RFID Application on Multi-Factor Authentication. In: 2011 Eighth International Conference Information Technology: New Generations (ITNG), Las Vegas, pp. 180–185 (2011), doi:10.1109/ITNG.2011.38
Parno, B., Kuo, C., Perrig, A.: Phoolproof Phishing Prevention. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 1–19. Springer, Heidelberg (2006)
Florencio, D., Herley, C.: Password Rescue: A New Approach to Phishing Prevention. In: Proceedings of the 1st USENIX Workshop on Hot Topics in Security, HOTSEC (2006)
Adida., B., et al.: Fighting Phishing Attacks: A Lightweight Trust Architecture for Detecting Spoofed Emails. In: DIMACS Workshop on Theft in E-Commerce (2005)
Fraser, N.: The usability of picture password (unpublished)
Dhamija, R., Tygar, J.D.: The Battle Against Phishing: Dynamic Security Skins. In: Proceedings of the 2005 symposium on Usable privacy and security, SOUPS (2005)
Ross, B., et al.: Stronger Password Authentication Using Browser Extensions. In: Security 2005 Technical Program (2005)
Hiltgen, A., et al.: Secure Internet banking authentication. IEEE Security & Privacy 4(2), 21–29 (2006), doi:10.1109/MSP.2006.50
Kyeongwon, C., et al.: A mobile based anti-phishing authentication scheme using QR code. In: 2011 International Conference on Mobile IT Convergence (ICMIC), September 26-28, pp. 109–113 (2011)
APWG.: Origins of the Word "Phishing", http://www.antiphishing.org/word_phish.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Varshney, G., Joshi, R.C., Sardana, A. (2012). Personal Secret Information Based Authentication towards Preventing Phishing Attacks. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol 176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31513-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-31513-8_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31512-1
Online ISBN: 978-3-642-31513-8
eBook Packages: EngineeringEngineering (R0)