0 penilaian0% menganggap dokumen ini bermanfaat (0 suara)
18 tayangan6 halaman
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. In this paper we have proposed a new approach named as "A New Framework for Thwarting Phishing attacks based on visual cryptography" to solve the problem of phishing. In this framework we are using image based authentication using Visual Cryptography (VC). Visual cryptography is a cryptographic technique which allows visual information like pictures, text, etc. to be encrypted in such a way that images are broken up into
n
shares so that only someone with all
n
shares could decrypt the image, while any
n
− 1
shares revealed no information about the original image. In our proposed frame work, original image captcha will demolished into two shares that are stored in separate servers such that the original image captcha can be made only when both are made available; the individual part of images do not make the original image captcha. Once the original image captcha is there then user can use it as the key to his account.
Judul Asli
A New Framework for Thwarting Phishing attacks based on Visual Cryptography
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. In this paper we have proposed a new approach named as "A New Framework for Thwarting Phishing attacks based on visual cryptography" to solve the problem of phishing. In this framework we are using image based authentication using Visual Cryptography (VC). Visual cryptography is a cryptographic technique which allows visual information like pictures, text, etc. to be encrypted in such a way that images are broken up into
n
shares so that only someone with all
n
shares could decrypt the image, while any
n
− 1
shares revealed no information about the original image. In our proposed frame work, original image captcha will demolished into two shares that are stored in separate servers such that the original image captcha can be made only when both are made available; the individual part of images do not make the original image captcha. Once the original image captcha is there then user can use it as the key to his account.
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. In this paper we have proposed a new approach named as "A New Framework for Thwarting Phishing attacks based on visual cryptography" to solve the problem of phishing. In this framework we are using image based authentication using Visual Cryptography (VC). Visual cryptography is a cryptographic technique which allows visual information like pictures, text, etc. to be encrypted in such a way that images are broken up into
n
shares so that only someone with all
n
shares could decrypt the image, while any
n
− 1
shares revealed no information about the original image. In our proposed frame work, original image captcha will demolished into two shares that are stored in separate servers such that the original image captcha can be made only when both are made available; the individual part of images do not make the original image captcha. Once the original image captcha is there then user can use it as the key to his account.
A New Framework for Thwarting Phishing attacks based on Visual Cryptography Kamalakar Sanka #1 , BetamSuresh *2
Kamalakar Sanka Pursuing MTECH(CSE), Mother Theresa Educational Society Group of Institutions, Nunna, Vijayawada. Affiliated to JNTU Kakinada, A.P, India Betam Suresh, working as Head of the Department (CSE) in Vikas Group of Institutions, Nunna, Vijayawada. Affiliated to JNTU Kakinada, A.P, India.
Abstract Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. In this paper we have proposed a new approach named as "A New Framework for Thwarting Phishing attacks based on visual cryptography" to solve the problem of phishing. In this framework we are using image based authentication using Visual Cryptography (VC). Visual cryptography is a cryptographic technique which allows visual information like pictures, text, etc. to be encrypted in such a way that images are broken up into n shares so that only someone with all n shares could decrypt the image, while any n 1 shares revealed no information about the original image. In our proposed frame work, original image captcha will demolished into two shares that are stored in separate servers such that the original image captcha can be made only when both are made available; the individual part of images do not make the original image captcha. Once the original image captcha is there then user can use it as the key to his account. Keywords Thwarting, Phishing, Visual Cryptography, Image Captcha. I. INTRODUCTION
Now a days online transaction are very common, also online purchases and online account management has become very common. There are various attacks with which the hacker can hack the user accounts and credentials like id and passwords. In these types of attacks, phishing is a major security where Phishers targets to customers of banks and online payment services. To avoid these threats new innovative ideas are coming up with this in each second so preventive mechanisms should also be so effective .Thus the security in these cases be very high and should not be easily tractable with implementation easiness. Most applications are secure when they are in personal systems. Design and middle ware technologies are developing constantly, as result we cannot sure that our systemconnected to internet is secure. Phishing is becoming a problem for personal information as well as online banking and e-commerce users. The solution resides in how to maintain applications with high level security. Phishing is defined as The fraudulent practice of sending e-mails purporting to be fromlegitimate companies in order to induce individuals to reveal personal data. Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be frompopular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Another explains Phishing as an e-mail fraud method in which the perpetrator sends out legitimate- looking email in an attempt to gather personal and financial information fromrecipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait. Considering all the above threats to electronic users we propose a method that can be used as a secure way to online E-Transactions against phishing named as A New Framework for Thwarting Phishing attacks based on Visual Cryptography. Visual cryptography is similar to image processing, in image processing image is coded or modified in a particular mechanismand send through network, on receiver side it should de-modified in same mechanism to get original image. In this proposed model we are using advanced visual cryptography. Here images are decomposed into two parts one store in network and other sent to user. When recompose the original image these two shares are must be combined together. Visual Cryptography is used for secure communications; the sender will distribute one or more random layers 1 in advance to the receiver. If the sender has a message, he creates a layer 2 for a particular distributed layer 1. The receiver aligns the two layers and the secret information is revealed, this without the need for an encryption device, a computer or performing calculations by International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 8August 2013
hand. The systemis unbreakable, as long as both layers don't fall in the wrong hands. When one of both layers is intercepted it's impossible to retrieve the encrypted information. II. RELATED WORK Phishing web sites are making duplicates of web sites that are created by hacking people to catch the content or sensitive information of Web pages of real web sites. Many of this type of web sites have maximumdesign similarities so that we cannot vitiate themfromoriginal sites. Some of the hackers make sites of web pages look exactly like the real ones. Phishers may target to users bank account, password, credit card number, or other important information. They try to trick customers with email and spammessages, man in the middle attacks, installation of key loggers and screen captures. A. Phishing Emails are most common technique for phishing, due to its simplicity, ease of use and wide reach. Phishers can deliver specially crafted emails to millions of legitimate email addresses very quickly and can fool the recipients utilizing well known flaws in the SMTP. Some of the most common techniques used by Phishers include official looking and sounding emails, copying legitimate corporate emails with minor URL changes, obfuscation of target URL information etc. Methods like virus/wormattachments to emails, crafting of personalized or unique email messages are also common. Phishers are targeting the customers of banks and online payment services. Emails, supposedly from the Internal Revenue Service, have been used to glean sensitive data from U.S. taxpayers. While the first such examples were sent indiscriminately in the expectation that some would be received by customers of a given bank or service, recent research has shown that phishers may in principle be able to determine which banks potential victims use, and target bogus emails accordingly. Social networking sites are now a prime target of phishing, since the personal details in such sites can be used in identity theft; in late 2006 a computer worm took over pages on MySpace and altered links to direct surfers to websites designed to steal login details. Many people who researched on phishing propose user- based mechanisms to authenticate the server. Automated Challenge Response Method is one of authentication mechanisms, which includes challenge generation module fromserver which in turn interacts with Challenge-Response interface in client and request for response from user. Challenge-Response module will act like a request and response system. It will call the get response application which is deployed in the client side. Once the challenge- response is validated user credentials and it is validated by server to proceed the transaction. Automated Challenge- Response Method ensures two way authentication and simplicity. The proposed method also prevents man-in-the middle attacks since the response is obtained from the executable which is called by the browser and third man interruption is impossible. Now there are DNS-based anti-phishing approach technique which mainly includes blacklists, heuristic detection, the page similarity assessment. But they do have some shortcomings.
These popular technologies have several drawbacks: 1. Blacklist-based technique with low false alarm probability, but it cannot detect the websites that are not in the blacklist database. Because the life cycle of phishing websites is too short and the establishment of blacklist has a long lag time, the accuracy of blacklist is not too high. 2. Heuristic-based anti-phishing technique, with a high probability of false and failed alarm, and it is easy for the attacker to use technical means to avoid the heuristic characteristics detection. 3. Similarity assessment based technique is time- consuming. It needs too long time to calculate a pair of pages, so using the method to detect phishing websites on the client terminal is not suitable. And there is low accuracy rate for this method depends on many factors, such as the text, images, and similarity measurement technique. However, this technique (in particular, image similarity identification technique) is not perfect enough yet.
B. Visual Cryptography Visual cryptography is a cryptographic technique which allows visual information (pictures, text, etc.) to be encrypted in such a way that decryption becomes a mechanical operation that does not require a computer. The best known technique to protect visual information is cryptography. It is the technique of sending and receiving messages in a secret formthat can be a encryption mechanism and only by same decryption mechanism can reveal the original visual information. Encryption and decryption are accomplished by using mathematical algorithms in such a way that no one but the intended recipient can decrypt and read the message. Visual cryptography scheme (VCS) as a simple and secure way to allow the secret sharing of images without any cryptographic computations. These techniques have been credited to Moni Naor and Adi Shamir, who developed it in 1994. They demonstrated a visual secret sharing scheme, where an image was broken up into n shares so that only someone with all n shares could decrypt the image, while any n 1 shares revealed no information about the original image. Each share was printed on a separate transparency, and decryption was performed by overlaying the shares. When all n shares were overlaid, the original image would appear. These schemes also have been widely employed in the construction of several types of cryptographic protocols and consequently, they have many applications in different areas such as access control, opening a bank vault, opening a safety deposit box, or even launching of missiles. 1) (2, N) Visual Cryptography Sharing Case: International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 8August 2013
Sharing a secret with an arbitrary number of people N such that at least 2 of themare required to decode the secret. In this scheme we have a secret image which is encoded into N shares printed on transparencies. The shares appear randomand contain no decipherable information about the underlying secret image, however if any 2 of the shares are stacked on top of one another the secret image becomes decipherable by the human eye. Every pixel fromthe secret image is encoded into multiple sub pixels in each share image using a matrix to determine the colour of the pixels. In the (2,N) case a white pixel in the secret image is encoded using a matrix fromthe following set: {all permutations of the columns of} : While a black pixel in the secret image is encoded using a matrix fromthe following set: {all permutations of the columns of} : For instance in the (2,2) sharing case (the secret is split into 2 shares and both shares are required to decode the secret) we use complimentary matrices to share a black pixel and identical matrices to share a white pixel. Stacking the shares we have all the sub pixels associated with the black pixel now black while 50% of the sub pixels associated with the white pixel remain white. 2) Cheating the (2,N) Visual Secret Sharing Scheme Horng et al. proposed a method that allows N-1 colluding parties to cheat an honest party in visual cryptography. They take advantage of knowing the underlying distribution of the pixels in the shares to create new shares that combine with existing shares to form a new secret message of the cheaters choosing. We know that 2 shares are enough to decode the secret image using the human visual system. But examining two shares also gives some information about the 3rd share. For instance colluding participants may examine their shares to determine when they both have black pixels and use that information to determine that another participant will also have a black pixel in that location. Knowing where black pixels exist in another party's share allows them to create a new share that will combine with the predicted share to form a new secret message. In this way a set of colluding parties that have enough shares to access the secret code can cheat other honest parties. 3) (2, N) Visual Cryptography Sharing Case: This is a simplest threshold scheme, Image is demolished into two different shares that re-produce the original secret image when they are overlapped. In the case of (2, 2) VCS, each pixel P in the original image is encrypted into two sub pixels called shares. The shares of a white pixel and a black pixel. Each pixel of the images is divided into smaller blocks. There are always the same number white (transparent) and black blocks. If a pixel is divided into two parts, there are one white and one black block. If the pixel is divided into four equal parts, there are two white and two black blocks. The example images from above uses pixels that are divided into four parts. In the table on the right we can see that a pixel, divided into four parts, can have six different states. If a pixel on layer 1 has a given state, the pixel on layer 2 may have one of two states: identical or inverted to the pixel of layer 1. If the pixel of layer 2 is identical to layer 1, the overlapped pixel will be half black and half white. Such overlapped pixel is called grey or empty. If the pixels of layer 1 and 2 are inverted or opposite, the overlapped version will be completely black. This is an information pixel.
We can now create the two layers. One transparent image, layer 1, has pixels which all have a randomstate, one of the six possible states. Layer 2 is identical to layer 1, except for the pixels that should be black (contain information) when overlapped. These pixels have a state that is opposite to the same pixel in layer 1. If both images are overlapped, the areas International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 8August 2013
with identical states will look gray, and the areas with opposite states will be black. The systemof pixel can be applied in different ways. In our example, each pixel is divided into four blocks. However, you can also use pixels, divided into two rectangle blocks, or even divided circles. Also, it doesn't matter if the pixel is divided horizontally or vertically. There are many different pixel systems, some with better contrast, higher resolution or even with color pixels. If the pixel states of layer 1 are truly (crypto secure) random, both empty and information pixels of layer 2 will also have completely random states. One cannot know if a pixel in layer 2 is used to create a grey or black pixel, since we need the state of that pixel in layer 1 (which is random) to know the overlay result. If all requirements for true randomness are fulfilled, Visual Cryptography offers absolute secrecy according to the Information Theory. III. PROPOSED METHODOLOGY We are proposing a method to detect and prevent phishing web sites. In our anti-phishing model we are using improved visual cryptography. It saves the passwords and other sensitive information formphishing sites. We are dividing this technique into two parts. A. Image Demodulation This part is generally implemented at the time of registration or signup process of a site. Here a image which is chosen by a user is uploaded to our anti-phishing mechanism. This image is demodulated using (2,2) visual cryptography sharing scheme. Image is demodulated in such way that when these two demodulated shares are capable of re-construct the original image. In two demodulated shares one is stored at the server and one is sent to the user. The original image is also stored at the server side for further verification process. This process is diagrammatically explained in below figure
The entire document should be in Times New Roman or Times font. Type 3 fonts must not be used. Other font types may be used if needed for special purposes. Recommended font sizes are shown in Table 1. B. Image Re-Construction In this part we reconstruct the original image from demodulated shares which are stored at user and server. Based on the user credentials we get the server side stored demodulated image. After entering credentials user prompted for upload his image share which is sent him at the time of image demodulation process. By overlapping these user uploaded and server fetched shared images we construct the original image. If re-constructed image is genuine and matches with the user uploaded image at beginning then user is authenticated other wise he is not authenticated. This process is diagrammatically explained as below
So in our proposed method we can avoid the phishing sites with image processing and improved visual cryptography. Hence we can say that out methodology can benefit the user in password securing, personal information securing, online transaction securing and many applications.
IV. EXPERIMENTAL EVOLUTIONS We have performed various test results on our proposed methodology. We sampled some of test results here. We evaluated test results with different types of images. They have shown good results on our methodology. We also performed test with different test cases like matching different image shares, with different image formats.
A. Case 1 TABLE I WITH RIGHT SHARES Original Share 1 Share 2 Reconstructed International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 8August 2013
B. Case 2 TABLE III WITH RIGHT SHARES Original Image Share 1 Share 2 Reconstructed Image
C. Case 3
TABLE IIIII WITH RIGHT SHARES Original Image Share 1 Share 2 Reconstructed Image
D. Case 4
TABLE IVV WITH WRONG SHARES Original Image Share 1 Share 2 Reconstructed Image
It is observed that both the images share 1 and share 2 are successfully reconstructing the original image and case 4 shows that with wrong shares it does not reveal the original image.
V. CONCLUSION Nowadays phishing attacks are become common due to wide range of design and middle ware technologies. It is hard to detect the hackers who are targeted to user personal information like passwords and account information. In most hacking techniques, phishing is the common technique for crack the user passwords and sensitive information. It can attack globally and capture and store the users confidential information. By using our proposed method Phishing websites as well as human users can be easily identified. The proposed methodology preserves confidential information of users using 2 layers of security. 1 st we demodulate the image into two shares such that again these two shares are capable of regenerate the original image. One share send to user while other will store in the server and original image also stored in server side for further verification process. Second, image re construction. In this we will reconstruct the original image with user share and server share and we compare reconstructed image and original image for fishing detection. If in the case of original image and re constructed images are not matched then site is not authenticated. So, using our proposed method, no machine based user can crack the passwords or other confidential information of the users. This method provides additional security in terms of not letting the intruder log in into the account even when the user knows the username of a particular user. The proposed methodology is also useful to prevent the attacks of phishing websites on financial web portal, banking portal, online shopping market. REFERENCES Thiyagarajan, P.; Venkatesan, V.P.; Aghila, G.; "Anti- Phishing Technique using Automated Challenge Response Method'", in Proceedings of IEEE- International Conference on Communications and Computational Intelligience, 2010.
Sun Bin.; Wen Qiaoyan.; Liang Xiaoying.; "A DNS based Anti-Phishing Approach," in Proceedings of IEEE- Second International Conference on Networks Security, Wireless Communications and Trusted Computing, 2010.
Nourian, A.; Ishtiaq, S.; Maheswaran, M.; "CASTLE: A social framework for collaborative antiphishing databases", in Proceedings of IEEE- 5th International Conference on CollaborativeComputing:Networking, Applications and Worksharing, 2009.
Sid Stamm, Zulfikar Ramzan, "Drive-By Pharming", v4861 LNCS,p495-506, 2007, Information and Communications Security - 9th International Conference, ICICS 2007, Proceedings.
Anthony Y. Fu, Liu Wenyin, "Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Movers Distance (EMD)",IEEE Transactions on Dependable and Secure Computing, v 3, n 4, p301-311, October/December 2006
Wenyin Liu, Xiaotie Deng, Guanglin Huang, and Anthony Y. Fu, "An Antiphishing Strategy Based on Visual Similarity International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 8August 2013
Assessment", IEEE Internet Computing, v 10, n 2, p 58-65, March/April 2006. JungMin Kang, DoHoon Lee, "Advanced White List Approach for Preventing Access to Phishing Sites", 2007 International Conference onConvergence Information Technology, ICCIT 2007, p 491-496,2007.
Nirmal, K.; Ewards, S.E.V.; Geetha, K.; "Maximizing online security by providing a 3 factor authentication system to counter-attack 'Phishing'", in Proceedings of IEEE- International Conference on Emerging Trends in Robotics and Communication Technologies, 2010.
Tianyang Li.; Fuye Han.; Shuai Ding and Zhen Chen.; "LARX: Large-scale Anti-phishing by Retrospective Data- Exploring Based on a Cloud Computing Platform", in Proceedings of IEEE- 20 th International Conference on Computer Communications and Networks, 2011.
Qingxiang Feng.; Kuo-Kun Tseng.; Jeng-Shyang Pan.; Peng Cheng and Charles Chen.; "New Antiphishing Method with Two Types of Passwords in OpenID System", in Proceedings of IEEE Fifth International Conference on Genetic and Evolutionary Computing,2011.
Maher Aburrous .; M. A. Hossain.; Keshav Dahal.; "Modelling Intelligent Phishing Detection System for e- Banking using Fuzzy Data Mining", in Proceedings of IEEE Conference on CyberWorlds,2009.
Haijun Zhang , Gang Liu, and Tommy W. S. Chow, Textual and Visual Content-Based Anti-Phishing:A Bayesian Approach, IEEE Trans. Neural Netw., vol. 22, no. 10, pp. 15321546, Oct. 2011.
AUTHORS
Kamalakar Sanka, Pursuing M.Tech(CSE) Mother Theresa Educational Society Group of Institutions, Nunna, Vijayawada. Affiliated to J NTU-Kakinada, A.P. India
Betam Suresh, Working as Head of Department CSE, Vikas Group of Institutions, Nunna, Vijayawada. Affiliated to J NTU-Kakinada, A.P. ,India