Research Article

Preventing Phishing Attacks using One Time Password and User Machine Identification

by  Ahmad Alamgir Khan
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 68 - Issue 3
Published: April 2013
Authors: Ahmad Alamgir Khan
10.5120/11557-6839
PDF

Ahmad Alamgir Khan . Preventing Phishing Attacks using One Time Password and User Machine Identification. International Journal of Computer Applications. 68, 3 (April 2013), 7-11. DOI=10.5120/11557-6839

                        @article{ 10.5120/11557-6839,
                        author  = { Ahmad Alamgir Khan },
                        title   = { Preventing Phishing Attacks using One Time Password and User Machine Identification },
                        journal = { International Journal of Computer Applications },
                        year    = { 2013 },
                        volume  = { 68 },
                        number  = { 3 },
                        pages   = { 7-11 },
                        doi     = { 10.5120/11557-6839 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2013
                        %A Ahmad Alamgir Khan
                        %T Preventing Phishing Attacks using One Time Password and User Machine Identification%T 
                        %J International Journal of Computer Applications
                        %V 68
                        %N 3
                        %P 7-11
                        %R 10.5120/11557-6839
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

Phishing is a type of attack in which cyber criminals tricks the victims to steal their personal and financial data. It has become an organized criminal activity. Spoofed emails claiming to be from legitimate source are crafted in a way to lead victims to reveal their personal, financial data by misdirecting them to the counterfeit website. This research paper presents a novel approach to combat the Phishing attacks. An approach is proposed where user will retrieve the one time password by SMS or by alternate email address. After receiving the one time password the web server will create an encrypted token for the user's computer/device for authentication. The encrypted token will be used for identification, any time user wishes to access the website he/she must request the new password. The one time password as name implies will expire after single use. The one time password and encrypted token is a smart way to tackle this problem.

References
  • Why Phish Should Not Be Treated as Spam By Norman M. Sadeh and Ph. D. http://www. drdobbs. com/security/why-phish-should-not-be-treated-as-spam/240001777, published May 18, 2012
  • Anti Phishing Working Group. Origins of the word "phishing". http://www. antiphishing/org/word_phish. html. Accessed: March 10, 2012
  • Computerworld QuickStudy: Phishing By Russell Kay, http://www. computerworld. com/s/article/89096/Phishing Accessed: 27 March 2013
  • Koprowski, Gene J. , "Beware of 'Spoofing' Scams," UPI Technology News, January 2004.
  • RSA's January 2013 Online Fraud Report, http://brianpennington. co. uk/2013/01/30/rsas-january-online-fraud-report-2013-including-an-excellent-summary-of-phishing-in-2012/
  • CSI ONSITE - Phishing techniques, Clone Phishing - http://www. csionsite. com/2012/phishing/ Published: March 12, 2012
  • Clone Phishing - Phishing from Wikipedia, the free encyclopedia, http://en. wikipedia. org/wiki/Phishing Accessed: 20 February 2013 at 14:42
  • Cert Carnegie Mellon University, Spoofed Email, http://www. cert. org/tech_tips/email_spoofing. html Accessed: March 10, 2012
  • Princeton University, Department of Computer Science, http://sip. cs. princeton. edu/WebSpoofing Accessed: 09 March 2013
  • Toni McConnel, Security Sentinel Website Spoofing 101 http://www. iapplianceweb. com/story/oeg20031028s0033. htm Accessed: 09 March 2013
  • Email spoofing From Wikipedia, the free encyclopedia http://en. wikipedia. org/wiki/Email_spoofing Accessed: March 11, 2012
  • Posted by Margaret Rouse, Security: Email spoofing, http://searchsecurity. techtarget. com/definition/email-spoofing Accessed: March 12, 2012
  • System. Security. Cryptography. X509Certificate, X509Certificate2 Class, http://msdn. microsoft. com/en-us/library/system. security. cryptography. x509certificates. x509certificate2. aspx Accessed 06 March 2013
  • CAPTCHA: Telling Humans and Computers Apart Automatically, http://www. captcha. net, Accessed 07 March 2013
  • A White Paper presented by FraudWatch International, the Internet's high profile Fraud Prevention Web Site. http://www. fraudwatchinternational. com, Accessed: March 10, 2012
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

Phishing attacks and prevention Anti phishing SMS One Time Password OTP Authentication X509Certificate2 Encryption Client Identity and APPT

Powered by PhDFocusTM