International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 8August 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 2630

A New Framework for Thwarting Phishing attacks
based on Visual Cryptography
Kamalakar Sanka
#1
, BetamSuresh
*2

Kamalakar Sanka Pursuing MTECH(CSE), Mother Theresa Educational Society Group of Institutions, Nunna,
Vijayawada. Affiliated to JNTU Kakinada, A.P, India
Betam Suresh, working as Head of the Department (CSE) in Vikas Group of Institutions, Nunna, Vijayawada.
Affiliated to JNTU Kakinada, A.P, India.


Abstract Phishing is the act of attempting to acquire
information such as usernames, passwords, and credit card
details (and sometimes, indirectly, money) by masquerading as a
trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites,
auction sites, online payment processors or IT administrators are
commonly used to lure the unsuspecting public. In this paper we
have proposed a new approach named as "A New Framework
for Thwarting Phishing attacks based on visual cryptography" to
solve the problem of phishing. In this framework we are using
image based authentication using Visual Cryptography (VC).
Visual cryptography is a cryptographic technique which allows
visual information like pictures, text, etc. to be encrypted in such
a way that images are broken up into n shares so that only
someone with all n shares could decrypt the image, while any
n 1 shares revealed no information about the original image. In
our proposed frame work, original image captcha will
demolished into two shares that are stored in separate servers
such that the original image captcha can be made only when both
are made available; the individual part of images do not make
the original image captcha. Once the original image captcha is
there then user can use it as the key to his account.
Keywords Thwarting, Phishing, Visual Cryptography, Image
Captcha.
I. INTRODUCTION

Now a days online transaction are very common, also
online purchases and online account management has become
very common. There are various attacks with which the
hacker can hack the user accounts and credentials like id and
passwords. In these types of attacks, phishing is a major
security where Phishers targets to customers of banks and
online payment services. To avoid these threats new
innovative ideas are coming up with this in each second so
preventive mechanisms should also be so effective .Thus the
security in these cases be very high and should not be easily
tractable with implementation easiness.
Most applications are secure when they are in personal
systems. Design and middle ware technologies are developing
constantly, as result we cannot sure that our systemconnected
to internet is secure. Phishing is becoming a problem for
personal information as well as online banking and
e-commerce users. The solution resides in how to maintain
applications with high level security.
Phishing is defined as The fraudulent practice of sending
e-mails purporting to be fromlegitimate companies in order to
induce individuals to reveal personal data. Phishing is the act
of attempting to acquire information such as usernames,
passwords, and credit card details (and sometimes, indirectly,
money) by masquerading as a trustworthy entity in an
electronic communication. Communications purporting to be
frompopular social web sites, auction sites, online payment
processors or IT administrators are commonly used to lure the
unsuspecting public. Another explains Phishing as an e-mail
fraud method in which the perpetrator sends out legitimate-
looking email in an attempt to gather personal and financial
information fromrecipients. Typically, the messages appear to
come from well known and trustworthy Web sites. Web sites
that are frequently spoofed by phishers include PayPal, eBay,
MSN, Yahoo, BestBuy, and America Online. A phishing
expedition, like the fishing expedition it's named for, is a
speculative venture: the phisher puts the lure hoping to fool at
least a few of the prey that encounter the bait.
Considering all the above threats to electronic users we
propose a method that can be used as a secure way to online
E-Transactions against phishing named as A New
Framework for Thwarting Phishing attacks based on Visual
Cryptography. Visual cryptography is similar to image
processing, in image processing image is coded or modified in
a particular mechanismand send through network, on receiver
side it should de-modified in same mechanism to get original
image. In this proposed model we are using advanced visual
cryptography. Here images are decomposed into two parts one
store in network and other sent to user. When recompose the
original image these two shares are must be combined
together. Visual Cryptography is used for secure
communications; the sender will distribute one or more
random layers 1 in advance to the receiver. If the sender has a
message, he creates a layer 2 for a particular distributed layer
1. The receiver aligns the two layers and the secret
information is revealed, this without the need for an
encryption device, a computer or performing calculations by
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 8August 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 2631

hand. The systemis unbreakable, as long as both layers don't
fall in the wrong hands. When one of both layers is
intercepted it's impossible to retrieve the encrypted
information.
II. RELATED WORK
Phishing web sites are making duplicates of web sites that
are created by hacking people to catch the content or sensitive
information of Web pages of real web sites. Many of this type
of web sites have maximumdesign similarities so that we
cannot vitiate themfromoriginal sites. Some of the hackers
make sites of web pages look exactly like the real ones.
Phishers may target to users bank account, password, credit
card number, or other important information. They try to trick
customers with email and spammessages, man in the middle
attacks, installation of key loggers and screen captures.
A. Phishing
Emails are most common technique for phishing, due to its
simplicity, ease of use and wide reach. Phishers can deliver
specially crafted emails to millions of legitimate email
addresses very quickly and can fool the recipients utilizing
well known flaws in the SMTP. Some of the most common
techniques used by Phishers include official looking and
sounding emails, copying legitimate corporate emails with
minor URL changes, obfuscation of target URL information
etc. Methods like virus/wormattachments to emails, crafting
of personalized or unique email messages are also common.
Phishers are targeting the customers of banks and online
payment services. Emails, supposedly from the Internal
Revenue Service, have been used to glean sensitive data from
U.S. taxpayers. While the first such examples were sent
indiscriminately in the expectation that some would be
received by customers of a given bank or service, recent
research has shown that phishers may in principle be able to
determine which banks potential victims use, and target bogus
emails accordingly. Social networking sites are now a prime
target of phishing, since the personal details in such sites can
be used in identity theft; in late 2006 a computer worm took
over pages on MySpace and altered links to direct surfers to
websites designed to steal login details.
Many people who researched on phishing propose user-
based mechanisms to authenticate the server. Automated
Challenge Response Method is one of authentication
mechanisms, which includes challenge generation module
fromserver which in turn interacts with Challenge-Response
interface in client and request for response from user.
Challenge-Response module will act like a request and
response system. It will call the get response application
which is deployed in the client side. Once the challenge-
response is validated user credentials and it is validated by
server to proceed the transaction. Automated Challenge-
Response Method ensures two way authentication and
simplicity. The proposed method also prevents man-in-the
middle attacks since the response is obtained from the
executable which is called by the browser and third man
interruption is impossible.
Now there are DNS-based anti-phishing approach
technique which mainly includes blacklists, heuristic
detection, the page similarity assessment. But they do have
some shortcomings.

These popular technologies have several drawbacks:
1. Blacklist-based technique with low false alarm
probability, but it cannot detect the websites that are
not in the blacklist database. Because the life cycle of
phishing websites is too short and the establishment
of blacklist has a long lag time, the accuracy of
blacklist is not too high.
2. Heuristic-based anti-phishing technique, with a high
probability of false and failed alarm, and it is easy for
the attacker to use technical means to avoid the
heuristic characteristics detection.
3. Similarity assessment based technique is time-
consuming. It needs too long time to calculate a pair
of pages, so using the method to detect phishing
websites on the client terminal is not suitable. And
there is low accuracy rate for this method depends on
many factors, such as the text, images, and similarity
measurement technique.
However, this technique (in particular, image similarity
identification technique) is not perfect enough yet.

B. Visual Cryptography
Visual cryptography is a cryptographic technique which
allows visual information (pictures, text, etc.) to be encrypted
in such a way that decryption becomes a mechanical operation
that does not require a computer.
The best known technique to protect visual information is
cryptography. It is the technique of sending and receiving
messages in a secret formthat can be a encryption mechanism
and only by same decryption mechanism can reveal the
original visual information. Encryption and decryption are
accomplished by using mathematical algorithms in such a way
that no one but the intended recipient can decrypt and read the
message. Visual cryptography scheme (VCS) as a simple and
secure way to allow the secret sharing of images without any
cryptographic computations. These techniques have been
credited to Moni Naor and Adi Shamir, who developed it in
1994. They demonstrated a visual secret sharing scheme,
where an image was broken up into n shares so that only
someone with all n shares could decrypt the image, while any
n 1 shares revealed no information about the original image.
Each share was printed on a separate transparency, and
decryption was performed by overlaying the shares. When all
n shares were overlaid, the original image would appear.
These schemes also have been widely employed in the
construction of several types of cryptographic protocols and
consequently, they have many applications in different areas
such as access control, opening a bank vault, opening a safety
deposit box, or even launching of missiles.
1) (2, N) Visual Cryptography Sharing Case:
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 8August 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 2632

Sharing a secret with an arbitrary number of people N
such that at least 2 of themare required to decode the secret.
In this scheme we have a secret image which is encoded into
N shares printed on transparencies. The shares appear
randomand contain no decipherable information about the
underlying secret image, however if any 2 of the shares are
stacked on top of one another the secret image becomes
decipherable by the human eye. Every pixel fromthe secret
image is encoded into multiple sub pixels in each share
image using a matrix to determine the colour of the pixels. In
the (2,N) case a white pixel in the secret image is encoded
using a matrix fromthe following set:
{all permutations of the columns of} :
While a black pixel in the secret image is encoded using a
matrix fromthe following set:
{all permutations of the columns of} :
For instance in the (2,2) sharing case (the secret is split into
2 shares and both shares are required to decode the secret) we
use complimentary matrices to share a black pixel and
identical matrices to share a white pixel. Stacking the shares
we have all the sub pixels associated with the black pixel now
black while 50% of the sub pixels associated with the white
pixel remain white.
2) Cheating the (2,N) Visual Secret Sharing Scheme
Horng et al. proposed a method that allows N-1 colluding
parties to cheat an honest party in visual cryptography. They
take advantage of knowing the underlying distribution of the
pixels in the shares to create new shares that combine with
existing shares to form a new secret message of the cheaters
choosing.
We know that 2 shares are enough to decode the secret image
using the human visual system. But examining two shares also
gives some information about the 3rd share. For instance
colluding participants may examine their shares to determine
when they both have black pixels and use that information to
determine that another participant will also have a black pixel
in that location. Knowing where black pixels exist in another
party's share allows them to create a new share that will
combine with the predicted share to form a new secret
message.
In this way a set of colluding parties that have enough shares
to access the secret code can cheat other honest parties.
3) (2, N) Visual Cryptography Sharing Case:
This is a simplest threshold scheme, Image is demolished
into two different shares that re-produce the original secret
image when they are overlapped. In the case of (2, 2) VCS,
each pixel P in the original image is encrypted into two sub
pixels called shares. The shares of a white pixel and a black
pixel.
Each pixel of the images is divided into smaller blocks.
There are always the same number white (transparent) and
black blocks. If a pixel is divided into two parts, there are one
white and one black block. If the pixel is divided into four
equal parts, there are two white and two black blocks. The
example images from above uses pixels that are divided into
four parts.
In the table on the right we can see that a pixel, divided into
four parts, can have six different states. If a pixel on layer 1
has a given state, the pixel on layer 2 may have one of two
states: identical or inverted to the pixel of layer 1. If the pixel
of layer 2 is identical to layer 1, the overlapped pixel will be
half black and half white. Such overlapped pixel is called grey
or empty. If the pixels of layer 1 and 2 are inverted or opposite,
the overlapped version will be completely black. This is an
information pixel.


We can now create the two layers. One transparent image,
layer 1, has pixels which all have a randomstate, one of the
six possible states. Layer 2 is identical to layer 1, except for
the pixels that should be black (contain information) when
overlapped. These pixels have a state that is opposite to the
same pixel in layer 1. If both images are overlapped, the areas
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 8August 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 2633

with identical states will look gray, and the areas with
opposite states will be black.
The systemof pixel can be applied in different ways. In our
example, each pixel is divided into four blocks. However, you
can also use pixels, divided into two rectangle blocks, or even
divided circles. Also, it doesn't matter if the pixel is divided
horizontally or vertically. There are many different pixel
systems, some with better contrast, higher resolution or even
with color pixels.
If the pixel states of layer 1 are truly (crypto secure) random,
both empty and information pixels of layer 2 will also have
completely random states. One cannot know if a pixel in layer
2 is used to create a grey or black pixel, since we need the
state of that pixel in layer 1 (which is random) to know the
overlay result. If all requirements for true randomness are
fulfilled, Visual Cryptography offers absolute secrecy
according to the Information Theory.
III. PROPOSED METHODOLOGY
We are proposing a method to detect and prevent phishing
web sites. In our anti-phishing model we are using improved
visual cryptography. It saves the passwords and other sensitive
information formphishing sites.
We are dividing this technique into two parts.
A. Image Demodulation
This part is generally implemented at the time of
registration or signup process of a site. Here a image which is
chosen by a user is uploaded to our anti-phishing mechanism.
This image is demodulated using (2,2) visual cryptography
sharing scheme. Image is demodulated in such way that when
these two demodulated shares are capable of re-construct the
original image. In two demodulated shares one is stored at the
server and one is sent to the user. The original image is also
stored at the server side for further verification process.
This process is diagrammatically explained in below figure




The entire document should be in Times New Roman or
Times font. Type 3 fonts must not be used. Other font types
may be used if needed for special purposes.
Recommended font sizes are shown in Table 1.
B. Image Re-Construction
In this part we reconstruct the original image from
demodulated shares which are stored at user and server. Based
on the user credentials we get the server side stored
demodulated image. After entering credentials user prompted
for upload his image share which is sent him at the time of
image demodulation process. By overlapping these user
uploaded and server fetched shared images we construct the
original image. If re-constructed image is genuine and
matches with the user uploaded image at beginning then user
is authenticated other wise he is not authenticated.
This process is diagrammatically explained as below



So in our proposed method we can avoid the phishing sites
with image processing and improved visual cryptography.
Hence we can say that out methodology can benefit the user in
password securing, personal information securing, online
transaction securing and many applications.

IV. EXPERIMENTAL EVOLUTIONS
We have performed various test results on our proposed
methodology. We sampled some of test results here. We
evaluated test results with different types of images. They
have shown good results on our methodology. We also
performed test with different test cases like matching different
image shares, with different image formats.


A. Case 1
TABLE I
WITH RIGHT SHARES
Original
Share 1 Share 2
Reconstructed
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 8August 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 2634

Image Image



B. Case 2
TABLE III
WITH RIGHT SHARES
Original
Image
Share 1 Share 2
Reconstructed
Image


C. Case 3

TABLE IIIII
WITH RIGHT SHARES
Original
Image
Share 1 Share 2
Reconstructed
Image



D. Case 4

TABLE IVV
WITH WRONG SHARES
Original
Image
Share 1 Share 2
Reconstructed
Image




It is observed that both the images share 1 and share 2 are
successfully reconstructing the original image and case 4
shows that with wrong shares it does not reveal the original
image.

V. CONCLUSION
Nowadays phishing attacks are become common due to wide
range of design and middle ware technologies. It is hard to
detect the hackers who are targeted to user personal
information like passwords and account information. In most
hacking techniques, phishing is the common technique for
crack the user passwords and sensitive information. It can
attack globally and capture and store the users confidential
information. By using our proposed method Phishing websites
as well as human users can be easily identified. The proposed
methodology preserves confidential information of users using
2 layers of security. 1
st
we demodulate the image into two
shares such that again these two shares are capable of
regenerate the original image. One share send to user while
other will store in the server and original image also stored in
server side for further verification process. Second, image re
construction. In this we will reconstruct the original image
with user share and server share and we compare
reconstructed image and original image for fishing detection.
If in the case of original image and re constructed images are
not matched then site is not authenticated. So, using our
proposed method, no machine based user can crack the
passwords or other confidential information of the users. This
method provides additional security in terms of not letting the
intruder log in into the account even when the user knows the
username of a particular user. The proposed methodology is
also useful to prevent the attacks of phishing websites on
financial web portal, banking portal, online shopping market.
REFERENCES
Thiyagarajan, P.; Venkatesan, V.P.; Aghila, G.; "Anti-
Phishing Technique using Automated Challenge Response
Method'", in Proceedings of IEEE- International Conference
on Communications and Computational Intelligience, 2010.

Sun Bin.; Wen Qiaoyan.; Liang Xiaoying.; "A DNS based
Anti-Phishing Approach," in Proceedings of IEEE- Second
International Conference on Networks Security, Wireless
Communications and Trusted Computing, 2010.

Nourian, A.; Ishtiaq, S.; Maheswaran, M.; "CASTLE: A social
framework for collaborative antiphishing databases", in
Proceedings of IEEE- 5th International Conference on
CollaborativeComputing:Networking, Applications and
Worksharing, 2009.

Sid Stamm, Zulfikar Ramzan, "Drive-By Pharming", v4861
LNCS,p495-506, 2007, Information and Communications
Security - 9th International Conference, ICICS 2007,
Proceedings.

Anthony Y. Fu, Liu Wenyin, "Detecting Phishing Web Pages
with Visual Similarity Assessment Based on Earth Movers
Distance (EMD)",IEEE Transactions on Dependable and
Secure Computing, v 3, n 4, p301-311, October/December
2006

Wenyin Liu, Xiaotie Deng, Guanglin Huang, and Anthony Y.
Fu, "An Antiphishing Strategy Based on Visual Similarity
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 8August 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 2635

Assessment", IEEE Internet Computing, v 10, n 2, p 58-65,
March/April 2006.
JungMin Kang, DoHoon Lee, "Advanced White List
Approach for Preventing Access to Phishing Sites", 2007
International Conference onConvergence Information
Technology, ICCIT 2007, p 491-496,2007.

Nirmal, K.; Ewards, S.E.V.; Geetha, K.; "Maximizing online
security by providing a 3 factor authentication system to
counter-attack 'Phishing'", in Proceedings of IEEE-
International Conference on Emerging Trends in Robotics and
Communication Technologies, 2010.

Tianyang Li.; Fuye Han.; Shuai Ding and Zhen Chen.;
"LARX: Large-scale Anti-phishing by Retrospective Data-
Exploring Based on a Cloud Computing Platform", in
Proceedings of IEEE- 20
th
International Conference on
Computer Communications and Networks, 2011.

Qingxiang Feng.; Kuo-Kun Tseng.; Jeng-Shyang Pan.; Peng
Cheng and Charles Chen.; "New Antiphishing Method with
Two Types of Passwords in OpenID System", in Proceedings
of IEEE Fifth International Conference on Genetic and
Evolutionary Computing,2011.

Maher Aburrous .; M. A. Hossain.; Keshav Dahal.;
"Modelling Intelligent Phishing Detection System for e-
Banking using Fuzzy Data Mining", in Proceedings of IEEE
Conference on CyberWorlds,2009.

Haijun Zhang , Gang Liu, and Tommy W. S. Chow, Textual
and Visual Content-Based Anti-Phishing:A Bayesian
Approach, IEEE Trans. Neural Netw., vol. 22, no. 10, pp.
15321546, Oct. 2011.



AUTHORS




Kamalakar Sanka,
Pursuing M.Tech(CSE)
Mother Theresa Educational
Society Group of Institutions,
Nunna, Vijayawada.
Affiliated to J NTU-Kakinada,
A.P. India

Betam Suresh,
Working as Head of
Department CSE,
Vikas Group of Institutions,
Nunna, Vijayawada.
Affiliated to J NTU-Kakinada,
A.P. ,India