MULTI-FACTOR AUTHENTICATION SCHEME FOR ANTI-PHISHING USING MOBILE APP AND WEBCAM

Abstract

Phishing attacks are one of the most serious threats faced by the users on the internet the attackers try to steal sensitive information such as login details, credit card details, etc. by deceiving the users to enter sensitive information on the phishing websites and thus leading to huge financial losses. These attacks involve using social engineering techniques to deceive the users. Many schemes have been proposed to detect phishing attacks but the amount of such attacks has not declined. New attacks like Active Man-In-The-Middle (MITM) phishing attacks have emerged which include Real Time Man-In-The-Middle (RT MITM) and Controlled Relay Man-In-The-Middle (CR MITM) phishing attacks. These attacks allow the attackers to obtain the users’ account details and relay them in real-time. Similarly, the attacker can lure the user to enter details on a spoofed app and thus gain access to the user’s account. The existing popular authentication schemes fail to address these attacks. Therefore, there is a need to prevent phishing attacks such as active MITM phishing attacks, app spoofing and malicious browser extension based attacks by creating an anti-phishing user authentication scheme. In this thesis, we propose a novel user authentication scheme which enables the user to log into his/her account without memorizing any password or any other authentication token. The proposed authentication scheme requires the user has to scan a dynamically generated QR-code using the smartphone app and then verify the image captured by the webcam and sent on the smartphone via push notification. Thus, the complete authentication procedure requires minimal user involvement and implements automatically. We have implemented and evaluated the proposed scheme in terms of usability, deployability and security parameters and the results depict that the proposed authentication scheme performs well and can be used as a secure user authentication scheme