An Encryption Based Security Model for Preventing Phishing Attacks

Abstract

Abstract

Currently, Phishing is a type of attack in which cyber criminals tricks the victims to steal their personal and financial data. It has become an organized criminal activity. Spoofed emails claiming to be from legitimate source are crafted in a way to lead victims to reveal their personal, financial data by misdirecting them to the counterfeit website. We compared previous password protection solutions, some of the presented solutions use specialized equipment or additional servers to protect passwords. Other solutions are prone to spoofing and phishing attacks as well as introduce usability issues. Also these solutions do not address the challenge of protecting passwords against the adversary who can, for instance, exploit server-side software vulnerabilities. Our goal is enhancing the best solution to prevent phishing by combining two methods. First, alerting the users from phishing websites when detected based on URL with image-based feature extraction method. Second, by developing an encryption model that will improve web security and prevent phishing attacks, to ensure passwords is safe even if an adversary get the password using phishing website or intercept the passwords as they were being sent to the server.