50120130405019

179 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
179
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

50120130405019

  1. 1. International Journal of Computer EngineeringOF COMPUTER ENGINEERING & INTERNATIONAL JOURNAL and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 4, Issue 5, September – October (2013), pp. 165-171 © IAEME: www.iaeme.com/ijcet.asp Journal Impact Factor (2013): 6.1302 (Calculated by GISI) www.jifactor.com IJCET ©IAEME DETECTION OF PHISHING E-COMMERCE WEBSITES USING VISUAL CRYPTOGRAPHY ULKA M. BANSODE1, Prof. GAURI R. RAO2, Dr. S. H. PATIL3 1 Department of Computer Engineering, Bharati Vidyapeeth Deemed University, College of Engineering, Pune, Maharashtra, India. 2 Associate Professor, Department of Computer Engineering, Bharati Vidyapeeth Deemed University, College of Engineering, Pune, Maharashtra, India. 3 Head of Department, Department of Computer Engineering, Bharati Vidyapeeth Deemed University, College of Engineering, Pune, Maharashtra, India ABSTRACT The growth of the Internet has allowed users to manage their personal finances and expenditure online. E-commerce and online banking has made life easier. The increase in an online service offered to consumers has naturally led to an increase in the exchange of personal information to access such services. With the popularity of E-commerce websites various online attacks has been increased one of them is phishing attack. Phishing is a fraudulent activity designed to steal your valuable personal data such as passwords, username, credit card numbers, account number etc. by behaving as a trustworthy entity in an electronic communication. Popular social web sites, bank, online commerce site or auction sites are commonly used to lure the unsuspecting public. Phishing emails may contain links that redirects the user to a fake website whose look and feel are almost identical to the legitimate one. In this paper we have presented a new approach for detection of phishing E-commerce websites. Phishing websites are crafted to closely mimic look and feel of legitimate sites. Keywords: Image shares, Phishing, Visual Cryptography. 1. INTRODUCTION Now a day’s Online Transactions are very common and there are various attacks present behind this. One among them is the phishing attack. Phishing has become one of the major issue in recent times. This attack will not hack any server or the website; it just creates duplicate copy of the website and tries to communicate to the user. The major reason for concern in the fact that phishing activity directly hit at us as it aims at securing our personal and sensitive information. This personal 165
  2. 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME information can be used for the purpose of committing financial fraud, has become a criminal activity on the Internet. Criminals targeting user information are able to profit from the increased adoption of online services for many day to day activities including banking, shopping and leisure activities. Many times the sites that closely mimic look and feel of legitimate sites are crafted and promoted on the Internet. As these sites looks like legitimate site, user can login into that site through which intruder/attacker can get the sensitive information likeUsername, Bank account numbers, Password etc. Some of the Examples of Phishing Scams are • Many times the sites that closely mimic look and feel of legitimate sites are crafted and promoted on the Internet. As these sites looks like legitimate sites, user logs in into those sites through which his/her sensitive information like bank details, name or other personal information can be stealed. • Sending the fake e-mail message to the bank user’s, as if the database of the bank has been crashed due to some technical reasons, so they request you for updation of the personal information. • Sending e-mail message to the user’s as if they won the prize and to deposit the amount they are requested to send the personal information and bank account numbers. So to prevent against phishing attack it is very important to make sure that whether the site you are visiting, gets open from right or truthful source or not? Whether it is asking you to send personal information and bank details again and again? Thus making it easier to detect phishing websites and protect against phishing attack we are introducing a new method which can be used as a safe way against phishing which is named as “Detection of Phishing E-commerce websites using Visual Cryptography”. In this approach the identity of the website is verified which proves that whether it is a genuine website or not to use E-commerce, online booking system and bank transactions etc. The concept of Visual Cryptography is used. Visual Cryptography is a secure method that encrypts an image by breaking it into shares. 2. BACKGROUND Various types of attacks present on the Internet. One of the major attack is phishing attack which consists of sending electronic mail or other form of communications to group of people asking for their personal information like usernames and passwords. Attackers create the websites that closely look like authorized websites and promotes those websites on Internet. When user login through those websites they are actually redirected to phisher’s database where attacker can get personal information of user like password, account details, username etc. User Original communication Phishing Attack Actual Website Phishing Website Fig. 1: Phishing Attack 166
  3. 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME 3. RELATED WORK The DNS Based Anti-phishing approach [2] includes blacklist, heuristic detection and page similarity assessment. The commonly used anti-phishing approach by browser is blacklist which is DNS based anti-phishing approach technique. Netscape browser 8.1 and Internet Explorer7 and Google Safe browsing are important browsers which use blacklist to protect users when they are navigating through phishing sites. The estimation of whether the page has some phishing heuristic characteristics is done in the Heuristic based anti-phishing technique. [3] For example spoof guard toolbar include heuristic characteristics like checking against previously seen images, host name and checking URL for common spoofing techniques. Automated Challenge Response Method [4] is an authentication mechanism, which includes generation module from server. This module then interacts with Challenge-Response interface in client and request for response from user which in turn calls the get response application installed in the client machine. Once the challenge response is validated, user credentials are demanded from client and are validated by server to proceed the transaction. Cryptography is the best known technique to protect data. It is an art of protecting information by sending and receiving encrypted messages that can be decrypted by sender or receiver. Naor and Shamir were introduced Visual Cryptography schemes [5] is a secure way to allow the secret sharing of images without any cryptographic computation. A Segment Based Visual Cryptography suggested by Borchert [6] can encrypt only the amount, numbers like bank account number and messages containing symbols. Visual Cryptography for Print and Scan Application [7] suggested by W-Q Yan, D. Jin can be applied for printed text and images only. 4. VISUAL CRYPTOGRAPHY Visual cryptography is a popular solution for image encryption. Visual cryptography is a cryptographic technique which allows visual information (e.g. printed text, pictures) to be encrypted in such a way that the decryption can be performed without complex algorithm and without the aid of computers. It uses the human visual system to identify secrete image generated by stacking the shares together. Following are the Visual Cryptography Schemes: 1. (n, n) visual cryptography: The (n, n) visual cryptography generates n (n ≥2) number of shares and for getting back the secrete information all shares are needed to be stacked together. 2. (2, 2) visual cryptography: The (2, 2) visual cryptographic scheme generates 2 shares and the secret information will be regenerated after stacking these two shares. 3. (k, n) visual cryptography: The (k, n) visual cryptographic scheme generates n (n ≥2) number of shares and for regeneration of secrete information at least any k (2≤ k ≤ n) shares are needed. In this approach we have used (2, 2) VCS, each pixel P in the image is encrypted into two sub pixels called shares. The following figure denotes the shares for a white and black pixel. Here choice of shares for black and white pixel is randomly determined. When these two shares are stacked, the value of the original pixel P can be determined. 167
  4. 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME Fig 2: 2-out-2 Visual Cryptography Scheme 2 5. SYSTEM ARCHITECTURE Fig. 3: System Architecture 6. ALGORITHM Step 1. User will login and select a random image. Step 2. Perform cryptography and convert the image into shares. . Step 3. Encrypt one of the shares and send to trusted server through server under test. Step 4. Compare server under test with list of registered servers. Step 5. If server under test is registered server, then perform decryptography and send decrypted ptography share to client and go to step 7, else go to Step 6. lse Step 6. If server under test is not a registered server, then trusted server will send any garbage share to client. 168
  5. 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME Step 7: At client side, both these shares are stacked together. If stacking of these shares results in an original image as was selected at the time of login then go to Step 8 else go to Step 9. Step 8. Display message ‘Not a phishing website’, go to Step 10 Step 9. Display message ‘Phishing Website’, go to Step 10 Step 10. End. 7. RESULTS This system is tested using 2 registered servers and 1 unregistered server, these servers can be considered as server under test. Step1: While login user will select an image by clicking ‘Load’ button as shown in Fig. 4. Fig. 4 Step2: Click ‘Create Shares’ and shares will be generated as shown in the Fig. 5 Fig. 5 169
  6. 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME Step3: Click ‘Verify Server’ button. If server under test is genuine/true server then stacking of these shares will result in an original image as shown in Fig. 6. Fig. 6 If Server under test is not a genuine/true server then stacking of these shares will result in any unrecognizable image share as shown in Fig. 7. Fig. 7 8. CONCLUSION In this paper we have presented an approach for detecting phishing E-commerce websites. We have used Visual Cryptography as a solution for anti-phishing. With the help of VC, the security of E-commerce website has been increased. The users are more secure, as users are able to update keys at every login. The proposed methodology preserves confidential information of the users and it verifies whether the website is genuine/true or phishing website. If the website is phishing website, then in that situation phishing website can’t display original image selected by user. 170
  7. 7. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME REFERENCES [1] Mintu Philip; Divya James; ”A Novel Anti phishing Framework based on Visual Cryptography” in Proceedings of IEEE International Conference on Power, Signals, Controls and Computation, 2012. [2] Liang Xiaoying.; Sun Bin.; Wen Qiaoyan.; "A DNS based Anti-Phishing Approach," in Proceedings of IEEE Second International Conference on Networks Security, Wireless Communications and Trusted Computing, 2010. [3] Ishtiaq, S.; Nourian, A.; Maheswaran, M.;" CASTLE: A social framework for collaborative antiphishing databases", in Proceedings of IEEE- 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2009. [4] Thiyagarajan, P.; Aghila, G.; Venkatesan, V.P.; "Anti-Phishing Technique using Automated Challenge Response Method", in Proceedings of IEEE- International Conference on Communications and Computational Intelligence, 2010. [5] M. Naor and A. Shamir; “Visual cryptography,” in Proc. EUROCRYPT, 1994, pp. 1–12. [6] B. Borchert, .Segment Based Visual Cryptography. WSI Press, Germany, 2007. [7] D. Jin, M. S. Kanakanahalli and W-Q Yan; .Visual Cryptography for Print and Scan Applications, IEEE Transactions, ISCAS-2004, pp. 572-575. [8] Shiny Malar F.R, Jeya Kumar M.K, “A Novel Algorithm for Color Visual Cryptographic Images using Error Filtering Schemes”, International Journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 2, 2012, pp. 323 - 336, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375. [9] V.Srikanth and Dr.R.Dhanapal, “Ecommerce Online Security and Trust Marks”, International Journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 2, 2012, pp. 238 - 255, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375. [10] B.Saichandana, Dr.K.srinivas and Dr. Reddi Kiran Kumar, “Visual Cryptography Scheme for Color Images”, International Journal of Computer Engineering & Technology (IJCET), Volume 1, Issue 1, 2010, pp. 207 - 212, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375. 171

×