Phishing prevention using Visual Cryptography
Phishing is an attempt by an individual or a group to thieve personal confidential information such aspasswords, credit card information etc from unsuspecting victims for identity theft, financial gain andother fraudulent activities. In this paper we have proposed a new approach named as “A Novel Antiphishingframework based on visual cryptography” to solve the problem of phishing. Here an imagebased authentication using Visual Cryptography (vc) is used. The use of visual cryptography is exploredto preserve the privacy of image captcha by decomposing the original image captcha into two shares thatare stored in separate database servers such that the original image captcha can be revealed only whenboth are simultaneously available; the individual sheet images do not reveal the identity of the originalimage captcha. Once the original image captcha is revealed to the user it can be used as the password.
PROJECT OUTPUT VIDEO:
Phishing web pages are forged web pages that are created by malicious people to mimic Webpages of real web sites. Most of these kinds of web pages have high visual similarities to scamtheir victims. Some of these kinds of web pages look exactly like the real ones. Victims ofphishing web pages may expose their bank account, password, credit card number, or otherimportant information to the phishing web page owners. It includes techniques such as trickingcustomers through email and spam messages, man in the middle attacks, installation of keyloggers and screen captures.
DISADVANTAGES OF EXISTING SYSTEM:
These popular technologies have several drawbacks:
1.Blacklist-based technique with low false alarm probability, but it cannot detect the websitesthat are not in the blacklist database. Because the life cycle of phishing websites is too shortand the establishment of blacklist has a long lag time, the accuracy of blacklist is not toohigh.
2.Heuristic-based anti-phishing technique, with a high probability of false and failed alarm,and it is easy for the attacker to use technical means to avoid the heuristic characteristicsdetection.
3.Similarity assessment based technique is time-consuming. It needs too long time tocalculate a pair of pages, so using the method to detect phishing websites on theclientterminal is not suitable. And there is low accuracy rate for this method depends on manyfactors, such as the text, images, and similarity measurement technique. However, thistechnique (in particular, image similarity identification technique) is not perfect enough yet.
The concept of image processing and an improved visual cryptography is used. Imageprocessing is a technique of processing an input image and to get the output as either improvedform of the same image and/or characteristics of the input image. In Visual Cryptography (VC)an image is decomposed into shares and in order to reveal the original image appropriatenumber of shares should be combined.
VCS is a cryptographic technique that allows for the encryption of visual information such thatdecryption can be performed using the human visual system. We can achieve this by one of thefollowing access structure schemes.
1.(2, 2)- Threshold VCS scheme- This is a simplest threshold scheme that takes a secretmessage and encrypts it in two different shares that reveal the secret image when they areoverlaid.
- (n, n) -Threshold VCS scheme-This scheme encrypts the secret image to n shares such thatwhen all n of the shares are combined will the secret image be revealed.
3.(k, n) Threshold VCS scheme- This scheme encrypts the secret image to n shares such thatwhen any group of at least k shares are overlaid the secret image will be revealed.
In the case of (2, 2) VCS, each pixel P in the original image is encrypted into two sub pixelscalled shares. Figure.1 denotes the shares of a white pixel and a black pixel. Note that the choiceof shares for a white and black pixel is randomly determined (there are two choices available foreach pixel). Neither share provides any clue about the original pixel since different pixels in thesecret image will be encrypted using independent random choices. When the two shares aresuperimposed, the value of the original pixel P can be determined. If P is a black pixel, we gettwo black sub pixels; if it is a white pixel, we get one black sub pixel and one white sub pixel.
ADVANTAGES OF PROPOSED SYSTEM:
For phishing detection and prevention, we are proposing a new methodology to detect thephishing website. Our methodology is based on the Anti-Phishing Image Captcha validationscheme using visual cryptography. It prevents password and other confidential information fromthe phishing websites.
- Registration phase
- Login phase
In the registration phase, a key string (password) is asked from the user at the time ofregistration for the secure website. The key string can be a combination of alphabets andnumbers to provide more secure environment. This string is concatenated with randomlygenerated string in the server and an image captcha is generated. The image captcha isdivided into two shares such that one of the shares is kept with the user and the other share iskept in the server. The user’s share and the original image captcha is sent to the user for laterverification during login phase. The image captcha is also stored in the actual database of anyconfidential website as confidential data. After the registration, the user can change the keystring when it is needed. Registration process is depicted in Figure
In the Login phase first the user is prompted for the username (user id).Then the user is asked toenter his share which is kept with him. This share is sent to the server where the user’s share andshare which is stored in the database of the website, for each user, is stacked together to producethe image captcha. The image captcha is displayed to the user .Here the end user can checkwhether the displayed image captcha matches with the captcha created at the time ofregistration. The end user is required to enter the text displayed in the image captcha and thiscan serve the purpose of password and using this, the user can log in into the website. Using theusername and image captcha generated by stacking two shares one can verify whether thewebsite is genuine/secure website or a phishing website and can also verify whether the user is ahuman user or not.Figurecan be used to illustrate the login phase.
- System : Pentium IV 2.4 GHz.
- Hard Disk : 40 GB.
- Floppy Drive : 1.44 Mb.
- Monitor : 15 VGA Colour.
- Mouse : Logitech.
- Ram : 512 Mb.
- Operating system : – Windows 10
- Coding Language : NET, C#.Net.
- Data Base : SQL Server 2005