Password-Based Mutual Authentication Protocol Against Phishing Attacks


KIPS Transactions on Computer and Communication Systems, Vol. 7, No. 2, pp. 41-48, Feb. 2018
10.3745/KTCCS.2018.7.2.41,   PDF Download:
Keywords: Phishing, Authentication Protocol, MITM Attack, Replay Attack
Abstract

Until now, various studies on anti-phishing have been conducted. The most typical anti-phishing method is a method of collecting URL information of a phishing site in advance and then detecting phishing by comparing the URL of the visited site with the previously stored information. However, this blacklist-based anti-phishing method can not detect new phishing sites. For this reason, various anti-phishing authentication protocols have been proposed. but these protocols require a public key and a private key. In this paper, we propose a password-based mutual authentication protocol that is safe for phishing attacks. In the proposed protocol, the mutual authentication between the client and the server is performed through the authentication message including the password information. The proposed protocol is safe to eavesdropping attack because the authentication message uses the hash value of the password, not the original password, And it is safe to replay attack because different messages are used every time of authentication. In addition, since mutual authentication is performed, it is safe for man-in-the-middle attack. Finally, the proposed protocol does not require a key issuance process for authentication.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
I. Kim and J. Choi, "Password-Based Mutual Authentication Protocol Against Phishing Attacks," KIPS Transactions on Computer and Communication Systems, vol. 7, no. 2, pp. 41-48, 2018. DOI: 10.3745/KTCCS.2018.7.2.41.

[ACM Style]
Iksu Kim and Jongmyung Choi. 2018. Password-Based Mutual Authentication Protocol Against Phishing Attacks. KIPS Transactions on Computer and Communication Systems, 7, 2, (2018), 41-48. DOI: 10.3745/KTCCS.2018.7.2.41.