An Anti-phishing User Authentication Scheme without Using a Sensitive Key Table

Author

Lee, Wei-Bin ; Chen, Hsing-Bai ; Chang, Shun-Shyan ; Yang, Chia-Chi

Author_Institution

Dept. of Inf. Eng. & Comput. Sci., Feng Chia Univ., Taichung, Taiwan

fYear

2011

fDate

14-16 Oct. 2011

Firstpage

141

Lastpage

144

Abstract

Phishing is a popular technique that attackers use for the obtainment of sensitive information about users. Last year, over 44 million users became victims of phishing websites. Mutual authentication between user and server is an essential part of anti-phishing mechanisms. Lee et al. proposed a scheme that achieves mutual authentication to protect users from phishing attacks. However, a sensitive key table is necessary if users want to achieve mutual authentication on different servers. This attracts attackers´ attention and increases the cost of maintaining the key. In this paper, a novel anti-phishing authentication scheme without a sensitive key table is presented. No sensitive key table is needed if the user is present at that time. Moreover, the proposed scheme can prevent guessing and replay attacks, which are serious threats to user authentication.

Keywords

Web sites; computer crime; message authentication; unsolicited e-mail; antiphishing user authentication scheme; mutual authentication; phishing Web sites; sensitive key table; Authentication; Biometrics; Bismuth; Cryptography; Immune system; Servers; CAPTCHA; authentication; biometrics; phishing; visual cryptography;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), 2011 Seventh International Conference on

Conference_Location

Dalian

Print_ISBN

978-1-4577-1397-2

Type

conf

DOI

10.1109/IIHMSP.2011.91

Filename

6079554