A Two Factor Based Anti-Phishing Method in Open ID
نویسندگان
چکیده
With the exponential growth in web based applications, a typical user has to create a lot of usernames and passwords in order to use these services, while using these services user have to keep track of her credentials which in turns results in high probability of identity theft. A secure and reliable identity management system is required in this scenario. OpenID is a good solution to interact with these services through one identity. However, it is quite vulnerable to different kind of attacks including phishing. To tackle such kinds of attacks, we purpose and evaluate a two factor based anti-phishing method using password and personal identification number which is considered very difficult to break. Proposed protocol works by taking two credentials from the user instead of one i.e. user password and her PIN code for verification at server side. This two factor based protocol is difficult to break even in case a phisher succeeds to get control of the user page.The prototype system is built and tested against the phishing attacks and is found to be strong enough for protection against identity theft.
منابع مشابه
New Identity Management Scheme and its Formal Analysis
As the Internet technology has developed rapidly, the number of identities (IDs) managed by each individual person has increased and various ID management technologies have been developed to assist users. However, most of these technologies are vulnerable to the existing hacking methods such as phishing attacks and key-logging. If the administrator’s password is exposed, an attacker can access ...
متن کاملIntelligent Approach toward Anti-Phishing using Two Factor Authentication
Phishing is an attempt to commit fraud via social engineering. The impact is the breach of information security through the compromise of confidential data. Customers can access their banking accounts from anywhere in the world using their login ID and password. However, the use of password does not provide adequate protection against Internet fraud such as phishing. Phishing exploits this vuln...
متن کاملMitigating Phishing with ID-based Online/Offline Authentication
Enforcing strong authentication is an option to mitigate phishing. However, existing authentication methods, like traditional digital signatures, require unrealistic full deployment of public key infrastructure(PKI) and destroy email users’ privacy in that the identity of an email sender is automatically revealed to the public. There have been some works in the literature, where the technology ...
متن کاملDetecting Fake Websites Using Swarm Intelligence Mechanism in Human Learning
The internet and its various services have made users to easily communicate with each other. Internet benefits including online business and e-commerce. E-commerce has boosted online sales and online auction types. Despite their many uses and benefits, the internet and their services have various challenges, such as information theft, which challenges the use of these services. Information thef...
متن کاملA Proposal of the AdaBoost-Based Detection of Phishing Sites
In this paper, we propose an approach which improves the accuracy of detecting phishing sites by employing the AdaBoost algorithm. Although there are heuristics to detect phishing sites, existing anti-phishing tools still do not achieve high accuracy in detection. We hypothesize that the inaccuracy is caused by anti-phishing tools that can not use these heuristics appropriately. Our attempt is ...
متن کامل