SlideShare a Scribd company logo

Using OTP prevent Phishing attacks

R
riteshsarode1995
Engineering
1 of 20
Using One Time Password How to Prevent Phishing Attacks Guided by Presented by Prof. B.S.Shetty Ritesh Rajesh Sarode (2012BIT006)
 Introduction  Phishing  Anti-Phishing Techniques  One Time Password  Mechanism  Security Analysis  Conclusion  References
 Phishing is a malicious activity whereby an attacker tries get the confidential information of target. It is a serious problem because phisher can get sensitive information like users’ bank account details, social security numbers, and credit card numbers.
 To achieve his goal, a phisher first sets up a fake website that looks almost the same as the legitimate target website.  The URL of the fake website is then sent to a large number of users at random via e-mails or instant messages.
 Phishing is a form of social engineering carried out by black hats in electronic form. E.g.e-mail, for gathering sensitive information.  Phishing emails may also contain links to websites that are infected with malware.  Phishing is typically carried out by email spoofing and instant messaging.
List-based  It maintains a black list or white list, or both.  Many anti-phishing mechanisms use a black list to prevent users from accessing phishing sites.  The effectiveness of black list filtering depends on the coverage, freshness, and accuracy of the list.
 The URLs are collected by web crawlers, and list maintainers are responsible for verifying that listed URL contain phishing site or not.  Though a well maintained black list can filter most well- known phishing sites, but it cannot filter unanalyzed URLs.  No list can guarantee 100% coverage and up-to-date freshness.
 Domain name- A phishing site may register a similar domain name to that of the target site. Eg-paypal.com and paypa1.com  URL- This allows a phisher to redirect users to a fake site using a URL www.paypal.com@123.123.123.123 and www.paypal.com
 Specific input fields- Phishing site has some input fields for personal information, such as passwords, social security numbers, and credit card numbers.
 Phisher obtain the touchy data using fake site and then he can access our Private credentials.  To prevent password phishing, we use OTP mechanism.  To overcome this we have preset password method i.e. OTP  we need a reliable secondary channel to deliver the password.
 Users can be authenticated with OTP delivered via a secondary communication channel.  The user database at the server side matches a user’s login name with its corresponding identity on another secondary channel.  When user wants to access a web site then server sends an OTP to the user through the secondary channel.  User receives OTP and he can login before OTP expires.
Phishing attack can only succeed if the attacker knows : 1) The user’s account name. 2) The identity of the secondary channel through which the user receives the OTP. 3) The password used to access the secondary channel.
 Mutual Authentication.  Authentication in an untrustworthy environment.  Man-In-The-Middle attack(MITM).
 lot of methods are there to detecting phishing and securing users from attacks, but not detect all phishing sites.  In this paper, we propose a solution that tries to reduce the number of password phishing attacks by authenticating users with OTP instead of fixed passwords.  Thus, any website can take advantage of the proposed solution by installing instant messaging bots at the server side only.
 www.sciencedirect.com/cybersecurity  www.globaldigitalforensics.com  www.seminarsonly.com  www.wikipedia.com
Any Questions??

Recommended

phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twinsNilantha Piyasiri
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gtemi
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 

Recommended

phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twinsNilantha Piyasiri
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gtemi
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Phishing
PhishingPhishing
PhishingSyahida
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Phishing
PhishingPhishing
PhishingKiran Patil
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-UpdatedJayaseelan Vejayon
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
Phishing
PhishingPhishing
Phishingshivli0769
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gchiewmingli
 
HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHINGsanthuana sg
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Review of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackReview of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackjournalBEEI
 
Phishing
PhishingPhishing
PhishingHK Khemnani
 
Phishing
PhishingPhishing
Phishingdefquon
 
Hack using firefox
Hack using firefoxHack using firefox
Hack using firefoxReza Nurfachmi
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...IJCSEA Journal
 
Shiv seminar final
Shiv seminar finalShiv seminar final
Shiv seminar finalShivarajkumar Badiger
 
Amazon & E Bay
Amazon & E BayAmazon & E Bay
Amazon & E BaySabyasachi Dasgupta
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internetijtsrd
 
A novel hybrid approach of SVM combined with NLP and probabilistic neural ne...
A novel hybrid approach of SVM combined with NLP and probabilistic neural ne...A novel hybrid approach of SVM combined with NLP and probabilistic neural ne...
A novel hybrid approach of SVM combined with NLP and probabilistic neural ne...IJECEIAES
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfEvs, Lahore
 
Phishing technique tanish khilani
Phishing technique tanish khilani Phishing technique tanish khilani
Phishing technique tanish khilani Tanish Khilani
 

More Related Content

What's hot

Phishing
PhishingPhishing
PhishingSyahida
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHINGsanthuana sg
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Review of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackReview of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackjournalBEEI
 
Phishing
PhishingPhishing
Phishingdefquon
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...IJCSEA Journal
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internetijtsrd
 
A novel hybrid approach of SVM combined with NLP and probabilistic neural ne...
A novel hybrid approach of SVM combined with NLP and probabilistic neural ne...A novel hybrid approach of SVM combined with NLP and probabilistic neural ne...
A novel hybrid approach of SVM combined with NLP and probabilistic neural ne...IJECEIAES
 

What's hot (20)

Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-Updated
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
 
Phishing
PhishingPhishing
Phishing
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHING
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Review of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackReview of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attack
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Hack using firefox
Hack using firefoxHack using firefox
Hack using firefox
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
 
Shiv seminar final
Shiv seminar finalShiv seminar final
Shiv seminar final
 
Amazon & E Bay
Amazon & E BayAmazon & E Bay
Amazon & E Bay
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internet
 
A novel hybrid approach of SVM combined with NLP and probabilistic neural ne...
A novel hybrid approach of SVM combined with NLP and probabilistic neural ne...A novel hybrid approach of SVM combined with NLP and probabilistic neural ne...
A novel hybrid approach of SVM combined with NLP and probabilistic neural ne...
 

Similar to Using OTP prevent Phishing attacks

Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfEvs, Lahore
 
Phishing technique tanish khilani
Phishing technique tanish khilani Phishing technique tanish khilani
Phishing technique tanish khilani Tanish Khilani
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detectionijtsrd
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Cyber Security (Hacking)
Cyber Security (Hacking)Cyber Security (Hacking)
Cyber Security (Hacking)Dhrumit Patel
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Balvinder Singh
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
basics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attackbasics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attackPILAMPIRAYAsstProfes
 
phishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxphishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxMaheshDhope1
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdfvinayakjadhav94
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptxPradeepKumar728006
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
Cyber security and privacy
Cyber security and privacyCyber security and privacy
Cyber security and privacyJIJO CLEETUS
 

Similar to Using OTP prevent Phishing attacks (20)

Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
 
Phishing technique tanish khilani
Phishing technique tanish khilani Phishing technique tanish khilani
Phishing technique tanish khilani
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Cyber Security (Hacking)
Cyber Security (Hacking)Cyber Security (Hacking)
Cyber Security (Hacking)
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
basics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attackbasics of hacking- threat basics, types of attack
basics of hacking- threat basics, types of attack
 
phishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptxphishing-technology-730-J1A0e1Q.pptx
phishing-technology-730-J1A0e1Q.pptx
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
phishingppt-160209144204.pdf
phishingppt-160209144204.pdfphishingppt-160209144204.pdf
phishingppt-160209144204.pdf
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptx
 
Phis
PhisPhis
Phis
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internet
 
Cyber security and privacy
Cyber security and privacyCyber security and privacy
Cyber security and privacy
 
Phishing
PhishingPhishing
Phishing
 

Recently uploaded

Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - GuideGOPINATHS437943
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptMadan Karki
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Piping Basic stress analysis by engineering
Piping Basic stress analysis by engineeringPiping Basic stress analysis by engineering
Piping Basic stress analysis by engineeringJuanCarlosMorales19600
 
lifi-technology with integration of IOT.pptx
lifi-technology with integration of IOT.pptxlifi-technology with integration of IOT.pptx
lifi-technology with integration of IOT.pptxsomshekarkn64
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitterShivangiSharma879191
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 

Recently uploaded (20)

Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - Guide
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.ppt
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Piping Basic stress analysis by engineering
Piping Basic stress analysis by engineeringPiping Basic stress analysis by engineering
Piping Basic stress analysis by engineering
 
lifi-technology with integration of IOT.pptx
lifi-technology with integration of IOT.pptxlifi-technology with integration of IOT.pptx
lifi-technology with integration of IOT.pptx
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 

Using OTP prevent Phishing attacks

  • 1. Using One Time Password How to Prevent Phishing Attacks Guided by Presented by Prof. B.S.Shetty Ritesh Rajesh Sarode (2012BIT006)
  • 2.  Introduction  Phishing  Anti-Phishing Techniques  One Time Password  Mechanism  Security Analysis  Conclusion  References
  • 3.  Phishing is a malicious activity whereby an attacker tries get the confidential information of target. It is a serious problem because phisher can get sensitive information like users’ bank account details, social security numbers, and credit card numbers.
  • 4.  To achieve his goal, a phisher first sets up a fake website that looks almost the same as the legitimate target website.  The URL of the fake website is then sent to a large number of users at random via e-mails or instant messages.
  • 5.  Phishing is a form of social engineering carried out by black hats in electronic form. E.g.e-mail, for gathering sensitive information.  Phishing emails may also contain links to websites that are infected with malware.  Phishing is typically carried out by email spoofing and instant messaging.
  • 6.
  • 7. List-based  It maintains a black list or white list, or both.  Many anti-phishing mechanisms use a black list to prevent users from accessing phishing sites.  The effectiveness of black list filtering depends on the coverage, freshness, and accuracy of the list.
  • 8.  The URLs are collected by web crawlers, and list maintainers are responsible for verifying that listed URL contain phishing site or not.  Though a well maintained black list can filter most well- known phishing sites, but it cannot filter unanalyzed URLs.  No list can guarantee 100% coverage and up-to-date freshness.
  • 9.  Domain name- A phishing site may register a similar domain name to that of the target site. Eg-paypal.com and paypa1.com  URL- This allows a phisher to redirect users to a fake site using a URL www.paypal.com@123.123.123.123 and www.paypal.com
  • 10.  Specific input fields- Phishing site has some input fields for personal information, such as passwords, social security numbers, and credit card numbers.
  • 11.
  • 12.  Phisher obtain the touchy data using fake site and then he can access our Private credentials.  To prevent password phishing, we use OTP mechanism.  To overcome this we have preset password method i.e. OTP  we need a reliable secondary channel to deliver the password.
  • 13.  Users can be authenticated with OTP delivered via a secondary communication channel.  The user database at the server side matches a user’s login name with its corresponding identity on another secondary channel.  When user wants to access a web site then server sends an OTP to the user through the secondary channel.  User receives OTP and he can login before OTP expires.
  • 14.
  • 15. Phishing attack can only succeed if the attacker knows : 1) The user’s account name. 2) The identity of the secondary channel through which the user receives the OTP. 3) The password used to access the secondary channel.
  • 16.  Mutual Authentication.  Authentication in an untrustworthy environment.  Man-In-The-Middle attack(MITM).
  • 17.  lot of methods are there to detecting phishing and securing users from attacks, but not detect all phishing sites.  In this paper, we propose a solution that tries to reduce the number of password phishing attacks by authenticating users with OTP instead of fixed passwords.  Thus, any website can take advantage of the proposed solution by installing instant messaging bots at the server side only.
  • 19.