CFP last date
20 December 2024
Reseach Article

Preventing Phishing Attacks using One Time Password and User Machine Identification

by Ahmad Alamgir Khan
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 68 - Number 3
Year of Publication: 2013
Authors: Ahmad Alamgir Khan
10.5120/11557-6839

Ahmad Alamgir Khan . Preventing Phishing Attacks using One Time Password and User Machine Identification. International Journal of Computer Applications. 68, 3 ( April 2013), 7-11. DOI=10.5120/11557-6839

@article{ 10.5120/11557-6839,
author = { Ahmad Alamgir Khan },
title = { Preventing Phishing Attacks using One Time Password and User Machine Identification },
journal = { International Journal of Computer Applications },
issue_date = { April 2013 },
volume = { 68 },
number = { 3 },
month = { April },
year = { 2013 },
issn = { 0975-8887 },
pages = { 7-11 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume68/number3/11557-6839/ },
doi = { 10.5120/11557-6839 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:26:48.103320+05:30
%A Ahmad Alamgir Khan
%T Preventing Phishing Attacks using One Time Password and User Machine Identification
%J International Journal of Computer Applications
%@ 0975-8887
%V 68
%N 3
%P 7-11
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Phishing is a type of attack in which cyber criminals tricks the victims to steal their personal and financial data. It has become an organized criminal activity. Spoofed emails claiming to be from legitimate source are crafted in a way to lead victims to reveal their personal, financial data by misdirecting them to the counterfeit website. This research paper presents a novel approach to combat the Phishing attacks. An approach is proposed where user will retrieve the one time password by SMS or by alternate email address. After receiving the one time password the web server will create an encrypted token for the user's computer/device for authentication. The encrypted token will be used for identification, any time user wishes to access the website he/she must request the new password. The one time password as name implies will expire after single use. The one time password and encrypted token is a smart way to tackle this problem.

References
  1. Why Phish Should Not Be Treated as Spam By Norman M. Sadeh and Ph. D. http://www. drdobbs. com/security/why-phish-should-not-be-treated-as-spam/240001777, published May 18, 2012
  2. Anti Phishing Working Group. Origins of the word "phishing". http://www. antiphishing/org/word_phish. html. Accessed: March 10, 2012
  3. Computerworld QuickStudy: Phishing By Russell Kay, http://www. computerworld. com/s/article/89096/Phishing Accessed: 27 March 2013
  4. Koprowski, Gene J. , "Beware of 'Spoofing' Scams," UPI Technology News, January 2004.
  5. RSA's January 2013 Online Fraud Report, http://brianpennington. co. uk/2013/01/30/rsas-january-online-fraud-report-2013-including-an-excellent-summary-of-phishing-in-2012/
  6. CSI ONSITE - Phishing techniques, Clone Phishing - http://www. csionsite. com/2012/phishing/ Published: March 12, 2012
  7. Clone Phishing - Phishing from Wikipedia, the free encyclopedia, http://en. wikipedia. org/wiki/Phishing Accessed: 20 February 2013 at 14:42
  8. Cert Carnegie Mellon University, Spoofed Email, http://www. cert. org/tech_tips/email_spoofing. html Accessed: March 10, 2012
  9. Princeton University, Department of Computer Science, http://sip. cs. princeton. edu/WebSpoofing Accessed: 09 March 2013
  10. Toni McConnel, Security Sentinel Website Spoofing 101 http://www. iapplianceweb. com/story/oeg20031028s0033. htm Accessed: 09 March 2013
  11. Email spoofing From Wikipedia, the free encyclopedia http://en. wikipedia. org/wiki/Email_spoofing Accessed: March 11, 2012
  12. Posted by Margaret Rouse, Security: Email spoofing, http://searchsecurity. techtarget. com/definition/email-spoofing Accessed: March 12, 2012
  13. System. Security. Cryptography. X509Certificate, X509Certificate2 Class, http://msdn. microsoft. com/en-us/library/system. security. cryptography. x509certificates. x509certificate2. aspx Accessed 06 March 2013
  14. CAPTCHA: Telling Humans and Computers Apart Automatically, http://www. captcha. net, Accessed 07 March 2013
  15. A White Paper presented by FraudWatch International, the Internet's high profile Fraud Prevention Web Site. http://www. fraudwatchinternational. com, Accessed: March 10, 2012
Index Terms

Computer Science
Information Sciences

Keywords

Phishing attacks and prevention Anti phishing SMS One Time Password OTP Authentication X509Certificate2 Encryption Client Identity and APPT