This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Various online attacks have been increased and among them the most popular attack is phishing. Fake websites which appear very similar to the original ones are being hosted to achieve this. An Anti-phishing framework based on Bayesian model is proposed to solve the problem of phishing. The Bayesian model is used to estimate the matching threshold which is required in the classifier for determining the class of the webpage and identifying whether webpage is phishing or original. Using this, an identity of website is verified and proved that it is a genuine website before the end users. The main feature of this work is to provide more security to the user using visual cryptographic technique and RNG (Random Number Generation algorithm).Each time the user login in to the site a dynamic password will be generated and send as an SMS to the user mobile. When the user login next time they have to provide new password. By using this we can avoid the hacking process more effectively.
Phishing attacks are a major concern for preserving Internet user's privacy. By combining social engineering and website forgery techniques, phishing attacks spoof the identity of a company (typically a bank or an auction site); to trick Internet users to reveal confidential information (e.g. login, password, credit card number).The perfect phishing structure, etc. However, if the user examines attentively the URL displayed in the address bar of the web browser, user should notice that the URL is not the usual one.
The Phishing attacks are much more complex to detect because both the visited URL and the website are similar to the legitimate site. Phishing attacks aim to corrupt DNS information to redirect users to a fraudulent website under the
control of the attacker. DNS vulnerabilities can be exploited at the client side by corrupting the user/company computer or the border router , but also in the ISP network or at the server side by intercepting, modifying or spoofing DNS exchanges as well as using content injection code techniques.
As DNS Sec protocol is not fully deployed today over the whole Internet infrastructure to provide end-to-end secured DNS exchanges, thus protect the user from DNS corruptions, especially for the attacks that occur in his own network .
Logging in with username, password and secret pin number is common on the internet and passwords are widely being used by web mail providers. One of the attacks on password is Phishing. Phishing is a kind of attack in which victims are tricked by spoofed emails and fraudulent web sites into giving up personal information.
The existing anti-Phishing technique, PwdHash technique is ineffective against some attack. Phishers stole the database entries and then tries hashes and after an exhaustive search they get the password.
During implementation SHA-1 is more secure but slow in execution as SHA-1 includes more rounds comparatively.
Pharming attacks - a sophisticated version of phishing attacks - aim to steal users' Credentials by Redirecting them to a Fraudulent Website using DNS-based Techniques.
This research attempted to provide solution to password login attacks and implemented MD5 and checked their performances. If the password is hashed with addition of salt by applying a cryptographic hash function, then Phishing attack can be removed. The salt value will prevent attackers from building a list of hash values for common passwords. Here some parameters like URL validation, domain validation through WHOIS are used to identify the Phishing site.
In this paper, password hashing has been described with MD5 hashing algorithms that strengthens web password authentication. It is also shown that the attack on hashed passwords is unsuccessful as getting original password from hashed form is not an easy task due to addition of salt value. If the user is valid get a session key via mobile, through which further access can be done.
To provide anti Pharming technique. Pharming attacks can be prevented using the implementation of verification of Domain Name, IP Address, Who is Server, Inter Domain and Web Content. Every Website should have registered those information would be founded using Who is Server. Pharming attack is looks same as original website and obtains all the Sensitive Information's from the Legitimate User and can get money by providing those inputs in the original (Banking) website. The detecting methods are ensure 95% accuracy in identifying Pharming Attacks.
IV. SYSTEM DESIGN
User input image
visual cryptography (MD 5 algorithm)
Given to user
Kept with server
Fig 4.1 visual cryptographic implementation
1. USER LOGIN
The client application is designed to get the data from the platform. Here the client sends user name and password for getting authentication. The authentication for client access is given, if and only if both the user name and password matches to the details in database. Else access is denied. After authentication, client get session via mobile using which the client can perform transaction.
PHISHING DATA BASE CONSTRUCTION
The phishing data base construction is carried using periodic monitoring of the phishing attacks and IP address along with their Who is, Domain name. This information is updated in the main DNS server for further validation. This data is more useful for further screening of the phishing website. If any web link of this data base is requested by the user without knowing it is phishing web site, immediately user will be intimated that this site is phishing website, so that the user will be not giving any sensitive data to that phishing website
While login user provide their share
Concatenate user share with server share
Compare with the original image kept in summer
If matched with original image
User cannot get session key via mobile
Random key sent to user mobile
User Cannot process further
User enter the key as password
User logs out
Each and every time user login new key will be generated and sent to user mobile
Fig 4.2 system design.
VALIDATION OF WEBSITE BY WHO IS & DOMAIN
The main DNS server is having all the information of Original & Phishing Web sites. Each web site has who is information along with the IP address. WHOIS, is all about the website registration, name to whom the web site is registered, along with the company details. Every Web site has a IP address, which will be used for authentication. Phishing Database is always updated with the Phishing Website's details for verification.
VALIDATION OF WEBSITE BY IP ADDRESS & INTER DOMAIN
The DNS server will also have the complete details regarding the Domain Name & Inter domain in the web address. Each & every web site will have Domain name ( .Com, .Co.in, .Edu,. Tech, .Co.uk, .in, Org & etc). Interdomian is all about any two domain names in the same link, www.123.com/456.com. Phishing Database is always updated with the Phishing Website's details for verification.
The legitimate owner website page will contain the some data i.e., Text or image based it will be developed by the website owner. This page can easily taken and misuse in phishing site website.
At the time, we are checking and verifying about the web content, text and image those are all validation from DNS Server. This Server has validated depend upon Pharming and Phishing website side.
Here, same text and image will show like in Pharming site, but it is in the Phishing site. So, through DNS server validation depends on which site is original or fraudulent website identified and prevent to the original web owner through SMS alert.
PASSWORD HASHING USING MD5 ALGORITHM
To secure passwords from unauthorized users we have used the concept of hashing. User just type simple password e.g. "test" but it will be stored in the form of hash in database using MD5 algorithm. Here salt is used to add special characters with the hashed password, date and time with the help of salting.
This project can help in storing encrypted passwords in the database and improve security, as most of the high security data is kept in a form not usable for unauthentic users.
SESSION KEY GENERATION VIA SMS
This module is used to generate session for the login client. If the user is an authenticated person, he gets his session via mobile using which the client can perform further transaction. Thus a hacker cannot know or access transaction since he cannot know the session. This generation of the password is achieved by Real-time Mobile connected with the Bank server. The mobile number of the user is obtained from the bank database. Once the user gives the user name & password the password hashing & salting process is preceded. This value is send as SMS to the mobile number of the user for further Authentication to avoid any further attacks using IP Spoofing.
The DNS server will first verify whether the requested web site is Genuine or not. If the DNS server identifies that the requested website is of Phishing website, the server will intimate the user that the requested web site is Phishing, so that user will not give any sensitive data to the phishing website. If the website requested is Genuine, any way further verification is also carried using Salting & Hashing using MD5 algorithm, this is sent as SMS to the Legitimates mobile number. Once the Legitimate User gives the input of the Session key which is sent as SMS & if it is authenticated, only then the user is allowed for further transaction process.
The client further initializes the transaction by session login. This module provides banking functionalities to authenticated end user or client. Client can access the required functionalities from this application. Client can access balance enquiry, and also perform money transaction in a secured way from online banking .
Whenever the client accesses any site the site is validated in the WHOIS server. The WHOIS is a database in a authentication server.
Phishing websites tend to have poorly managed WHOIS records. For example, some of the basic records including registrant and the date of registration might be missing or WHOIS lookup might not even succeed. For a given website, we send WHOIS query for its domain and extracts three kinds of features below. Among these, Registrant becomes a Common Name candidate for this website identity.
â€¢ Registrant: who (what) owns this domain?
â€¢ Dates: what are the dates of registration, update, and expiration?
â€¢ Name server: how many name servers exist? Does this domain have its own name servers?
If the site is registered then only the server allows the user to access that site otherwise it will intimate the user by displaying some alert messages.
Testing often accounts for more effort than any other software engineering activity. If it is conducted haphazardly, time is wasted, unnecessary effort is expanded, and even worse, errors sneak through undetected. It would therefore seem reasonable to establish a systematic strategy for testing software.
Type Of TestingThere are two type of testing according their behaviors
Unconventional testing is a process of verification which is doing by SQA (Software Quality Assurance) team. It is a prevention technique which is performing from beginning to ending of the project development. In this process SQA team verifying the project development activities and insuring that the developing project is fulfilling the requirement of the client or not.In this testing the SQA team follows these methods: 1. Peer review 2. Code walk and throw
3. Inspection4. Document Verification
Conventional Testing is a process of finding the bugs and validating the project. Testing team involves in this testing process and validating that developed project is according to client requirement or not. This process is a correction technique where testing team find bugs and reporting to the development team for correction on developed project built.
Testing methodologies :
The procedure level testing is made first. By giving improper inputs, the errors occurred are noted and eliminated. Then the web form level testing is made. For example storage of data to the table in the correct manner.In the company as well as seeker registration form, the zero length username and password are given and checked. Also the duplicate username is given and checked. In the job and question entry, the button will send data to the server only if the client side validations are made.
Testing is done for each module. After testing all the modules, the modules are integrated and testing of the final system is done with the test data, specially designed to show that the system will operate successfully in all its aspects conditions.
Module Testing is a process of testing the system, module by module. It includes the various inputs given, outputs produced and their correctness. By testing in this method we would be very clear of all the bugs that have occurred.
The Interface Testing is performed to verify the interfaces between sub modules while performing integration of sub modules aiding master module recursively.
The final step involves Validation testing, which determines whether the software function as the user expected. The end-user rather than the system developer conduct this test most software developers as a process called "Alpha and Beta Testing" to uncover that only the end user seems able to find. The compilation of the entire project is based on the full satisfaction of the end users. In the project, validation testing is made in various forms.
In this proposal we compare the requested site with the WHOIS server to validate whether the site is a registered one or not. WHOIS stores entire LUI information rather than only a URL of a web site in the white-list to provide a more secure environment, especially it can efficiently defend the harming.
Moreover, authentication server contains the white-list for the user. As our experiment shows, WHOIS identities a successful login process efficiently; unfortunately if the user entered into a phishing site , they cant miss use their detail because of additional authentication like token number. The warnings to the user will be more and more accurate.
VI FUTURE ENHANCEMENT
In future, we will use a more private device (smart phone) to store white-list in a more secure environment. More experiments with larger datasets will also be preformed to make AIWL (Automated Individual White-List) more efficient. The change rate of IP should be a big problem in AIWL, longer time-span need to be used to gather the web sites' IP and analyze.