Enhancing Anti-phishing by a Robust Multi-Level Authentication Technique (EARMAT)
Journal: The International Arab Journal of Information Technology (Vol.15, No. 6)Publication Date: 2018-11-01
Authors : Adwan Yasin; Abdelmunem Abuhasan;
Page : 990-999
Keywords : Phishing; two-factor authentication; web security; google cloud messaging; mobile authentication;
Abstract
Phishing is a kind of social engineering attack in which experienced persons or entities fool novice users to share
their sensitive information such as usernames, passwords, credit card numbers, etc. through spoofed emails, spams, and Trojan hosts. The proposed scheme based on designing a secure two factor authentication web application that prevents phishing attacks instead of relying on the phishing detection methods and user experience. The proposed method guarantees that authenticating users to services, such as online banking or e-commerce websites, is done in a very secure manner. The proposed system involves using a mobile phone as a software token that plays the role of a second factor in the user authentication process, the web application generates a session based onetime password and delivers it securely to the mobile application after notifying him through Google Cloud Messaging (GCM) service, then the user mobile software will complete the authentication process – after user confirmation- by encrypting the received onetime password with its own private key and sends it back to the server in a secure and transparent to the user mechanism. Once the server decrypts the received onetime password and mutually authenticates the client, it automatically authenticates the user's web session. We implemented a prototype system of our authentication protocol that consists of an Android application, a Java-based web server and a GCM connectivity for both of them. Our evaluation results indicate the viability of the authentication protocol to secure the web applications authentication against various types of threats.
Other Latest Articles
- Image Quality Assessment Employing RMS Contrast and Histogram Similarity
- Evaluating Social Context in Arabic Opinion Mining
- An Effective Sample Preparation Method for Diabetes Prediction
- Security Mechanism against Sybil Attacks for High-Throughput Multicast Routing in Wireless Mesh Networks
- SynchroState: A SPEM-based Solution for Synchronizing Activities and Products through State Transitions
Last modified: 2019-04-30 21:16:01