Hash-Based Password Authentication Protocol Against Phishing and Pharming Attacks
- Authors
- Kim, Iksu; Cho, Yongyun
- Issue Date
- Jan-2015
- Publisher
- INST INFORMATION SCIENCE
- Keywords
- authentication protocol; phishing attack; pharming attack; web security; hash function
- Citation
- JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, v.31, no.1, pp.343 - 355
- Journal Title
- JOURNAL OF INFORMATION SCIENCE AND ENGINEERING
- Volume
- 31
- Number
- 1
- Start Page
- 343
- End Page
- 355
- URI
- http://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/8834
- ISSN
- 1016-2364
- Abstract
- Until now, although many researchers proposed a variety of authentication protocol to verify the identity of the clients, most of these protocols are inefficient and ineffective. Gouda et al. proposed an anti-phishing single password protocol, but it is vulnerable to pharming attacks. In this paper, we show that the protocol is insecure, and propose a hash-based password authentication protocol against phishing and pharming attacks. In the proposed protocol, the authentication tickets passed between clients and servers are secure because they are hash values which can be verified only by clients and servers. The authentication ticket is used only once, which ensures that the proposed protocol is secure against a variety of attacks such as replay, man-in-the-middle, phishing, and pharming. Because the proposed authentication protocol does not require encryption keys during the authentication phase, it is suitable for wireless and mobile communication systems.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - College of Information Technology > School of Computer Science and Engineering > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/8834)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.