Cover
Vol. 17 No. 1 (2021)

Published: June 30, 2021

Pages: 125-135

Original Article

An Efficient Mechanism to Prevent the Phishing Attacks

Mustafa H. Alzuwaini 1 Ali A. Yassin
1Department of Computer science, Education College for Pure Sciences, University of Basrah, Basrah, 61004, Iraq
History
  • Received: April 25, 2021
  • Revised: May 16, 2021
  • Accepted: May 17, 2021
  • Available Online: May 19, 2021
DOI

https://doi.org/10.37917/ijeee.17.1.15

Abstract

In the era of modern trends such as cloud computing, social media applications, emails, mobile applications, and URLs that lead to increased risks for defrauding authorized users, and then the attackers try to gain illegal access to accounts of users through a malicious attack. The phishing attack is one of the dangerous attacks caused to access of authorized account illegally way. The finances, business, banking, and other sensitive in states are faces by this type of attacks due to the important information they have. In this paper, we propose a secure verification scheme that can overcome the above-mentioned issues. Additionally, the proposed scheme can resist famous cyberattacks such as impersonate attacks, MITM attacks. Moreover, the proposed scheme has security features like strong verification, forward secrecy, user’s identity anomaly. The security analysis and the experimental results proved the strongest of the proposed scheme compared with other related works. Finally, our proposed scheme balanced between the performance and the security merits.

Keywords

References

  1. A. Salman, F. Tahir, and M. Rashid, "Design and implementation model for linearization sensor characteristic by FPAA," Iraq Journal for Electrical and Electronic Engineering, vol. 11, no. 2, pp.165-173, 2015.
  2. E. Rostami, F. Karlsson, and S. Gao, "Requirements for computerized tools to design information security policies," Computers & Security, vol. 99, no.1, pp. 1-17, 2020 .
  3. L. Ma, et al, "Mitigation of malicious attacks on structural balance of signed networks," Physica A: Statistical Mechanics and its Applications, vol. 548, p. 123841, 2020.
  4. G. Caporale, W.-Y Kang, F. Spagnolo, and N. Spagnolo, "Cyber-attacks, spillovers and contagion in the cryptocurrency markets," Journal of International Financial Markets, Institutions and Money, 2021, in press.
  5. P. Makawana, R. Jhaveri, "A bibliometric analysis of recent research on machine learning for cyber security," Intelligent communication and computational technologies, vol. 19, pp.213-226 ,2018.
  6. A. Vishwanath, "Mobile device affordance: Explicating how smartphones influence the outcome of phishing attacks," Computers in Human Behavior, vol. 63, pp. 198- 207, 2016.
  7. D. Goel, and A. Jain, "Mobile phishing attacks and defence mechanisms: State of art and open research challenges," Computers & Security, vol. 73, pp. 519-544, 2018.
  8. S. Curtis, P. Rajivan, D. Jones, and C. Gonzalez, "Phishing attempts among the dark triad: Patterns of attack and vulnerability," Computers in Human Behavior, vol. 87, pp. 174-182, 2018.
  9. J. Rastenis, et al, "E-mail-Based Phishing Attack Taxonomy," Applied Sciences, vol. 10, no. 7, p. 2363, 2020.
  10. C. Cremers, "The Scyther Tool: Verification, falsification, and analysis of security protocols," In International conference on computer aided verification, pp. 414-418. Springer, Berlin, Heidelberg, 2008.
  11. C. Thammarat ,"Efficient and Secure NFC Authentication for Mobile Payment Ensuring Fair Exchange Protocol," Symmetry, vol. 12, no. 10, p. 1649, 2020.
  12. C. Schnorr, "Efficient signature generation by smart cards," Journal of cryptology, vol. 4, no. 3, pp. 161-174, 1991. Alzuwaini & Yassin | 135
  13. Z. Shao, "Fair exchange protocol of Schnorr signatures with semi-trusted adjudicator," Computers & Electrical Engineering, vol. 36, no. 6, pp. 1035-1045, 2010.
  14. J. Katz. and Y. Lindell, "Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series),": Chapman & Hall/CRC, 2007.
  15. S. Christopher D. Manning, and P.Raghavan, "Introduction to information retrieval," vol. 39, Cambridge: Cambridge University Press, 2008
  16. C. Huang, S. Ma, W.-L Yeh, C. -Y Lin, and C. -T Lee, "Mitigate web phishing using site signatures," In TENCON 2010-2010 IEEE Region 10 Conference, pp. 803-808, IEEE, 2010.
  17. S. Bojjagani, D. Brabin, and P. Rao, "PhishPreventer: A Secure Authentication Protocol for Prevention of Phishing Attacks in Mobile Environment with Formal Verification," Procedia Computer Science, vol. 171, pp. 1110-1119, 2020.
  18. D. Johnson, A.Menezes, and S. Vanstone, "The elliptic curve digital signature algorithm (ECDSA)," International journal of information security, vol. 1, no. 1, pp. 36-63, 2001.
  19. S.Roy, et al, "On the design of provably secure lightweight remote user authentication scheme for mobile cloud computing services," IEEE Access, vol. 5, pp. 25808-25825, 2017.
  20. A. Ahmed-N, and M. Samovar, "Strong authentication for mobile cloud computing," In 2016 13th International Conference on New Technologies for Distributed Systems (NOTERE), pp. 1-6, 2016.
  21. H. Lin, "Efficient mobile dynamic ID authentication and key agreement scheme without trusted servers," International Journal of Communication Systems, vol. 30, no. 1, p. e2818, 2017.
  22. B. Ross, et al, "Stronger Password Authentication Using Browser Extensions," In USENIX Security Symposium, pp. 17-32. 2005.
  23. E. Munivel, and A. Kannammal, "New authentication scheme to secure against the phishing attack in the mobile cloud computing," Security and Communication Networks, vol. 2019, pp. 1-19, 2019.
  24. A. Lee, "Authentication scheme for smart learning system in the cloud computing environment," Journal of Computer Virology and Hacking Techniques, vol. 11, no. 3, pp. 149-155, 2015.
  25. O. Okunoye, N. Azeez, and F. Ilurimi, "A Web enabled Anti-phishing solution using enhanced Heuristic based technique," vol. 13, no. 2, pp. 304-321, 2017.
  26. K. Mazur, B. Ksiezopolski, and R. Nielek, "Multilevel modeling of distributed denial of service attacks in wireless sensor networks," Journal of Sensors, vol. 2016, pp. 1-13, 2016.
  27. P. Waggoner, R. Kennedy, and S. Clifford, "Detecting fraud in online surveys by tracing, scoring, and visualizing IP addresses," Journal of Open Source Software, vol. 4, no. 37, pp. 1-5, 2019.
  28. H. Kilinc, and T. Yanik, "A survey of SIP authentication and key agreement schemes," IEEE Communications Surveys & Tutorials, vol. 16, no. 2, pp. 1005-1023, 2013.
  29. S. Binu, M. Misbahuddin, and P. Raj,"A strong single sign-on user authentication scheme using mobile token without verifier table for cloud based services," In Computer and Network Security Essentials, pp. 237- 261, 2018.
  30. S. Dey, S. Sampalli, and Q. Ye, "MDA: message digest- based authentication for mobile cloud computing," Journal of Cloud Computing, vol. 5, no. 1, pp. 1-13, 2016.