Más contenido relacionado
La actualidad más candente (20)
Similar a 50120130405019 (20)
Más de IAEME Publication (20)
50120130405019
- 1. International Journal of Computer EngineeringOF COMPUTER ENGINEERING &
INTERNATIONAL JOURNAL and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
TECHNOLOGY (IJCET)
ISSN 0976 – 6367(Print)
ISSN 0976 – 6375(Online)
Volume 4, Issue 5, September – October (2013), pp. 165-171
© IAEME: www.iaeme.com/ijcet.asp
Journal Impact Factor (2013): 6.1302 (Calculated by GISI)
www.jifactor.com
IJCET
©IAEME
DETECTION OF PHISHING E-COMMERCE WEBSITES USING VISUAL
CRYPTOGRAPHY
ULKA M. BANSODE1, Prof. GAURI R. RAO2, Dr. S. H. PATIL3
1
Department of Computer Engineering, Bharati Vidyapeeth Deemed University, College of
Engineering, Pune, Maharashtra, India.
2
Associate Professor, Department of Computer Engineering, Bharati Vidyapeeth Deemed University,
College of Engineering, Pune, Maharashtra, India.
3
Head of Department, Department of Computer Engineering, Bharati Vidyapeeth Deemed
University, College of Engineering, Pune, Maharashtra, India
ABSTRACT
The growth of the Internet has allowed users to manage their personal finances and
expenditure online. E-commerce and online banking has made life easier. The increase in an online
service offered to consumers has naturally led to an increase in the exchange of personal information
to access such services. With the popularity of E-commerce websites various online attacks has been
increased one of them is phishing attack. Phishing is a fraudulent activity designed to steal your
valuable personal data such as passwords, username, credit card numbers, account number etc. by
behaving as a trustworthy entity in an electronic communication. Popular social web sites, bank,
online commerce site or auction sites are commonly used to lure the unsuspecting public. Phishing
emails may contain links that redirects the user to a fake website whose look and feel are almost
identical to the legitimate one. In this paper we have presented a new approach for detection of
phishing E-commerce websites. Phishing websites are crafted to closely mimic look and feel of
legitimate sites.
Keywords: Image shares, Phishing, Visual Cryptography.
1. INTRODUCTION
Now a day’s Online Transactions are very common and there are various attacks present
behind this. One among them is the phishing attack. Phishing has become one of the major issue in
recent times. This attack will not hack any server or the website; it just creates duplicate copy of the
website and tries to communicate to the user. The major reason for concern in the fact that phishing
activity directly hit at us as it aims at securing our personal and sensitive information. This personal
165
- 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
information can be used for the purpose of committing financial fraud, has become a criminal
activity on the Internet.
Criminals targeting user information are able to profit from the increased adoption of online
services for many day to day activities including banking, shopping and leisure activities. Many
times the sites that closely mimic look and feel of legitimate sites are crafted and promoted on the
Internet. As these sites looks like legitimate site, user can login into that site through which
intruder/attacker can get the sensitive information likeUsername, Bank account numbers,
Password etc.
Some of the Examples of Phishing Scams are
• Many times the sites that closely mimic look and feel of legitimate sites are crafted and
promoted on the Internet. As these sites looks like legitimate sites, user logs in into those sites
through which his/her sensitive information like bank details, name or other personal
information can be stealed.
• Sending the fake e-mail message to the bank user’s, as if the database of the bank has been
crashed due to some technical reasons, so they request you for updation of the personal
information.
• Sending e-mail message to the user’s as if they won the prize and to deposit the amount they
are requested to send the personal information and bank account numbers.
So to prevent against phishing attack it is very important to make sure that whether the site
you are visiting, gets open from right or truthful source or not? Whether it is asking you to send
personal information and bank details again and again?
Thus making it easier to detect phishing websites and protect against phishing attack we are
introducing a new method which can be used as a safe way against phishing which is named as
“Detection of Phishing E-commerce websites using Visual Cryptography”.
In this approach the identity of the website is verified which proves that whether it is a
genuine website or not to use E-commerce, online booking system and bank transactions etc.
The concept of Visual Cryptography is used. Visual Cryptography is a secure method that encrypts
an image by breaking it into shares.
2. BACKGROUND
Various types of attacks present on the Internet. One of the major attack is phishing attack
which consists of sending electronic mail or other form of communications to group of people asking
for their personal information like usernames and passwords.
Attackers create the websites that closely look like authorized websites and promotes those
websites on Internet. When user login through those websites they are actually redirected to
phisher’s database where attacker can get personal information of user like password, account
details, username etc.
User
Original
communication
Phishing Attack
Actual Website
Phishing Website
Fig. 1: Phishing Attack
166
- 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
3. RELATED WORK
The DNS Based Anti-phishing approach [2] includes blacklist, heuristic detection and page
similarity assessment. The commonly used anti-phishing approach by browser is blacklist which is
DNS based anti-phishing approach technique.
Netscape browser 8.1 and Internet Explorer7 and Google Safe browsing are important
browsers which use blacklist to protect users when they are navigating through phishing sites.
The estimation of whether the page has some phishing heuristic characteristics is done in the
Heuristic based anti-phishing technique. [3]
For example spoof guard toolbar include heuristic characteristics like checking against
previously seen images, host name and checking URL for common spoofing techniques.
Automated Challenge Response Method [4] is an authentication mechanism, which includes
generation module from server. This module then interacts with Challenge-Response interface in
client and request for response from user which in turn calls the get response application installed in
the client machine. Once the challenge response is validated, user credentials are demanded from
client and are validated by server to proceed the transaction.
Cryptography is the best known technique to protect data. It is an art of protecting
information by sending and receiving encrypted messages that can be decrypted by sender or
receiver.
Naor and Shamir were introduced Visual Cryptography schemes [5] is a secure way to allow
the secret sharing of images without any cryptographic computation.
A Segment Based Visual Cryptography suggested by Borchert [6] can encrypt only the
amount, numbers like bank account number and messages containing symbols.
Visual Cryptography for Print and Scan Application [7] suggested by W-Q Yan, D. Jin can
be applied for printed text and images only.
4. VISUAL CRYPTOGRAPHY
Visual cryptography is a popular solution for image encryption. Visual cryptography is a
cryptographic technique which allows visual information (e.g. printed text, pictures) to be encrypted
in such a way that the decryption can be performed without complex algorithm and without the aid
of computers. It uses the human visual system to identify secrete image generated by stacking the
shares together.
Following are the Visual Cryptography Schemes:
1. (n, n) visual cryptography:
The (n, n) visual cryptography generates n (n ≥2) number of shares and for getting back the secrete
information all shares are needed to be stacked together.
2. (2, 2) visual cryptography:
The (2, 2) visual cryptographic scheme generates 2 shares and the secret information will be
regenerated after stacking these two shares.
3. (k, n) visual cryptography:
The (k, n) visual cryptographic scheme generates n (n ≥2) number of shares and for regeneration of
secrete information at least any k (2≤ k ≤ n) shares are needed.
In this approach we have used (2, 2) VCS, each pixel P in the image is encrypted into two sub
pixels called shares. The following figure denotes the shares for a white and black pixel. Here choice
of shares for black and white pixel is randomly determined. When these two shares are stacked, the
value of the original pixel P can be determined.
167
- 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976
0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
Fig 2: 2-out-2 Visual Cryptography Scheme
2
5. SYSTEM ARCHITECTURE
Fig. 3: System Architecture
6. ALGORITHM
Step 1. User will login and select a random image.
Step 2. Perform cryptography and convert the image into shares.
.
Step 3. Encrypt one of the shares and send to trusted server through server under test.
Step 4. Compare server under test with list of registered servers.
Step 5. If server under test is registered server, then perform decryptography and send decrypted
ptography
share to client and go to step 7, else go to Step 6.
lse
Step 6. If server under test is not a registered server, then trusted server will send any garbage share
to client.
168
- 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
Step 7: At client side, both these shares are stacked together. If stacking of these shares results in an
original image as was selected at the time of login then go to Step 8 else go to Step 9.
Step 8. Display message ‘Not a phishing website’, go to Step 10
Step 9. Display message ‘Phishing Website’, go to Step 10
Step 10. End.
7. RESULTS
This system is tested using 2 registered servers and 1 unregistered server, these servers can be
considered as server under test.
Step1: While login user will select an image by clicking ‘Load’ button as shown in Fig. 4.
Fig. 4
Step2: Click ‘Create Shares’ and shares will be generated as shown in the Fig. 5
Fig. 5
169
- 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
Step3: Click ‘Verify Server’ button.
If server under test is genuine/true server then stacking of these shares will result in an
original image as shown in Fig. 6.
Fig. 6
If Server under test is not a genuine/true server then stacking of these shares will result in any
unrecognizable image share as shown in Fig. 7.
Fig. 7
8. CONCLUSION
In this paper we have presented an approach for detecting phishing E-commerce websites.
We have used Visual Cryptography as a solution for anti-phishing. With the help of VC, the security
of E-commerce website has been increased. The users are more secure, as users are able to update
keys at every login. The proposed methodology preserves confidential information of the users and it
verifies whether the website is genuine/true or phishing website. If the website is phishing website,
then in that situation phishing website can’t display original image selected by user.
170
- 7. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
REFERENCES
[1] Mintu Philip; Divya James; ”A Novel Anti phishing Framework based on Visual
Cryptography” in Proceedings of IEEE International Conference on Power, Signals, Controls
and Computation, 2012.
[2] Liang Xiaoying.; Sun Bin.; Wen Qiaoyan.; "A DNS based Anti-Phishing Approach," in
Proceedings of IEEE Second International Conference on Networks Security, Wireless
Communications and Trusted Computing, 2010.
[3] Ishtiaq, S.; Nourian, A.; Maheswaran, M.;" CASTLE: A social framework for collaborative
antiphishing databases", in Proceedings of IEEE- 5th International Conference on
Collaborative Computing: Networking, Applications and Worksharing, 2009.
[4] Thiyagarajan, P.; Aghila, G.; Venkatesan, V.P.; "Anti-Phishing Technique using Automated
Challenge Response Method", in Proceedings of IEEE- International Conference on
Communications and Computational Intelligence, 2010.
[5] M. Naor and A. Shamir; “Visual cryptography,” in Proc. EUROCRYPT, 1994, pp. 1–12.
[6] B. Borchert, .Segment Based Visual Cryptography. WSI Press, Germany, 2007.
[7] D. Jin, M. S. Kanakanahalli and W-Q Yan; .Visual Cryptography for Print and Scan
Applications, IEEE Transactions, ISCAS-2004, pp. 572-575.
[8] Shiny Malar F.R, Jeya Kumar M.K, “A Novel Algorithm for Color Visual Cryptographic
Images using Error Filtering Schemes”, International Journal of Computer Engineering &
Technology (IJCET), Volume 3, Issue 2, 2012, pp. 323 - 336, ISSN Print: 0976 – 6367,
ISSN Online: 0976 – 6375.
[9] V.Srikanth and Dr.R.Dhanapal, “Ecommerce Online Security and Trust Marks”, International
Journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 2, 2012,
pp. 238 - 255, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.
[10] B.Saichandana, Dr.K.srinivas and Dr. Reddi Kiran Kumar, “Visual Cryptography Scheme for
Color Images”, International Journal of Computer Engineering & Technology (IJCET),
Volume 1, Issue 1, 2010, pp. 207 - 212, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.
171