International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056

Volume: 04 Issue: 03 | Mar -2017 www.irjet.net p-ISSN: 2395-0072

An Anti-phishing Framework Based on Visual Cryptography

Bushra Siddique1, Upendra Malekar2, Mohini Kashyap3
1Student, Dept. of CSE, Ballarpur Institute of Technology, MS, India
2Assistant Professor, Dept. of CSE, Ballarpur Institute of Technology, MS, India
3Student, Dept. of CSE, Ballarpur Institute of Technology, MS, India

---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract - Due to immense use of internet, online attack has learn information such as login or account information by
increased. Among that, phishing attack is the most common masquerading as a reputable entity, IM or other
one. Phishing is an act carried by an individual or a group to communication channels. Another definition of phishing is
access personal information such as credit card details, given as the criminal activity done using social engineering.
passwords etc for financial gain and other fraudulent
The phishing done on the website is same as the fishing done
activities. Thus, a new method is proposed named as "An
in a lake, but in this phishing instead of stealing the fish the
Antipishing framework based on visual cryptography" to solve
phisher steals the personal information of the users to
phishing issues. In this paper, an image based authentication
commit crime. Thus, to overcome all this factors we are
using visual cryptography (VC) is used. The use of visual
giving a technique to prevent phishing using visual
cryptography is to preserve the privacy of an image captcha
cryptography.
by decomposing the original image captcha into two sheets
that are stored in separate database servers. The original In this technique, a concept called image processing is used.
image captcha can be revealed only when both are Here, the image is given as an input and it is been processed
simultaneously available. Once the original image captcha is in image processing thus generating the output as the
revealed to its user, it can be used as the password. Using this, improved or of the same characteristics of the original
websites can cross verify it and proves its identity. image. The concept of image processing is that an image can
be spitted into any number of shares such that to get the
Key Words: Image captcha, shares, visual cryptography, original image, a particular number of shared must be
security, phishing. combined.

2. RELATED WORK
1. INTRODUCTION Phishing web pages are fake web pages that are created by
phishers to imitate Web pages of real web site. This kind of
In todays world, online transactions are very common and
web page has visual similarities to do fraud with their
some leads to various online attacks. In this, the major
victims. Email is the most common way for doing this due to
security threat is the phishing attack and thus innovative
its easiness and simplicity. Phishers can send crafted emails
ideas are coming with this every second. So, for this the
to majority of the legitimate and can fool the users using the
preventive measurement should also be developed in a very
flaws in SMTP.
effective manner. Therefore, the security for this should not
be traceable easily. To overcome all this, researchers have given different
methods such as-
Now-a-days, majority of the applications is as secure as
underlying system. As a result, it is not possible to be 1) Automated challenge Response method [1] is a
confident that the computer that is connected with the method which provides authentication mechanisms.
internet is a secure one or not. Phishing attack is also This method provides two way authentication and
creating problems for e-commerce and online banking users. simplicity. This method also prevents man-in-
So, how to tackle with the application that needs high middle attacks.
2) There are also a DNS-based anti-phishing approach
security.
[2] technique that contains heuristic detection,
blacklists and page similarity assessment. But these
The main goal of the phished is to hack information such as
techniques to have some cons.
credit card information, passwords etc from the users.
Phishing is a form of fraud in which the attacker tries to

2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2186
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056
Volume: 04 Issue: 03 | Mar -2017 www.irjet.net p-ISSN: 2395-0072

a) In Heuristic based anti phishing technique, it is This system protects confidential information of users by
easy for the hacker to avoid the heuristic proving 3 layers of security.
characteristics detection.
b) In Blacklist-based technique, we cannot detect 1) First layer verifies whether the website is phishing
the website that are not available in the website or secure website. If the site is phished one then it
database of the blacklist
will not display the image captcha to the users because the
c) In Similarity assessment based technique, it
requires much time to calculate the pages. Thus, image is generated by the stacking of both the shares,
this is not suitable for detecting the phishing present with the user and the server.
sites.
3) Ren-junn Hwang has proposed a technique which 2) Second layer checks validation of the image captcha in
makes use of watermark method [3] to save digital response to the user. The image captcha is human readable
image copyright ownership using visual and not to machine users. Thus, by using image captcha
cryptography. But here, there is the difficulty of mechanism no machine based user can hack the password or
finding the pixels having the watermark pattern. other information.
4) Divya James [4] and Mintu Philip [4] have given an
anti-phishing framework which uses visual 3) As a third layer of security, it prevents intruders
cryptography [5] for detecting the phishing
attack.
websites. In this, Image captcha validation scheme
is used. There are two phases in this paper. One is
for registration while other is for login.
5. MODULES
3. EXISTING METHODOLOGY
The modules in our project are: -
In the existing methodology, from the below diagram we can
see that whenever an end user enters the data in the websites
then if the site is an actual site then the data is safe otherwise 1) Registration phase
if the site is a phishing site then in this situation the
information can be easily captured by the attackers using 2) Login phase
phishing technique.
A) Registration phase:-
Database
Username,
Actual
password, Credit User enter the key Server enter the key
Website
End card information and
user other confidential
information

Phishing
Stored data gathered by
Website end user

Image captcha is
Fig1: Existing Scenario
generated
4. PROPOSED METHODOLOGY

In our proposed work, we are giving the methodology used

for detecting the phishing websites. Our methodology is
based on anti-phishing image captcha validation scheme
Share 1 kept with user Share 2 kept with server
using visual cryptography. The use of visual cryptography is
to preserve the image captcha privacy. This is done by
decomposing the image captcha into two shares such that
one is with the user and the other with the server. The
original image captcha can be generated only when both the Figure: When user performs registration process for the
shares are simultaneously present. The individual share website
cannot reveal the image captcha. Once we get the image
captcha we can use it as a password.

2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2187
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056
Volume: 04 Issue: 03 | Mar -2017 www.irjet.net p-ISSN: 2395-0072

In this phase, a key string (password) is taken by the user 3) Now the user share can be downloaded.
during the registration. The password can be the
combination of letters and alphabet to give secure
environment. The string is then combined with randomly
generated string by server and thus forming the image
captcha. The image is then split up into two shares i.e. one
kept with user and another with server. It is also stored at
database.

The screenshot for this phase are:-

1) The initial page is the home page where the users

have two options i.e. if they are already registered
then directly they login otherwise they have to first
perform the registration.
Here the registration phase gets completed.

B) Login phase:-
Browser for the
share kept with
Username user and sent to
End
the server
user

Users share is
Display generated
stacked with
Image captcha
servers share

Detects whether its a phishing site or not

according to the Image captcha

2) Now if the user clicks the new user button then the
registration page is getting opened. Enter the string Identifies the
displayed in the phished site
captcha

Fig 3: When user attempts to log in into site

In the login phase, the user is first asked for the username or
the user id. Now the user has to enter the share kept with
him. Now this share is forwarded to the server where the
users share and the share stored at the database is
concatenated to produce captcha image. Now the image
captcha is displayed to the user and here the end user check
whether the given image captcha matches with the captcha
created at the during registration phase. The end user is now
required to enter the text displayed in the image captcha and
this will be considered as a password and using this user can
Here the image captcha is divided into two shares

2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2188
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056
Volume: 04 Issue: 03 | Mar -2017 www.irjet.net p-ISSN: 2395-0072

log in into the secured website. Using the username and 6. IMPLEMENTATION & ANALYSIS
image captcha generated by stacking two shares one can
verify whether the website is secured website or not and can The proposed methodology is implemented using Asp.net
also verify whether the user is a human user or not. and the following figure shows the result obtain by creation
and stacking of shares.
The screenshot for this phase is given as:-
The entire process is shown in the form of cases.
1) Here, first the user enters the username. Then the
user browses for the share kept with him. After this Case1 and Case 2 show the creation and stacking of shares of
we have to click on show image to check whether two image captcha's resulting in original captcha.
the same image captcha is generated or not. If he
finds the generated captcha is similar to one seen at In Case3 share1 of first image captcha is combined with
registration phase then he can easily put the
share2 of second captcha resulting in unrecognizable form of
password and can successfully login.
captcha.

Case.1

Original Share1 Share2 Reconstruct

Captcha ed captcha

Case.2

Original Share1 Share2 Reconstructed

Captcha Captcha

2) If the complete data is correct then the user can see

the screen stating that he is an authorized user.

Case.3

Share1 of case1 Share2 of case2 Reconstructed

Captcha

2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2189
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056
Volume: 04 Issue: 03 | Mar -2017 www.irjet.net p-ISSN: 2395-0072

It is seen that both original and reconstructed image

captcha's are related with high degree of correlation.

7. CONCLUSION

Phishing attacks are very common in day-to-day life

because it is done globally and very easily it can store the
users confidential information. This data can be used by
attackers. . Phishing websites as well as human users can be
easily identified using our proposed An Anti-phishing
framework based on Visual Cryptography". The proposed
methodology protects confidential information of users
using 3 layers of security.The proposed methodology can be
used to prevent the attacks of phishing websites on financial
web portal, banking portal, online shopping market etc.

REFERENCES

[1]. Thiyagarajan, P.; Venkatesan, V.P.; Aghila, G.;

"Anti-Phishing Technique using Automated
Challenge Response Method'", in Proceedings of
IEEE- International Conference on Communications
and Computational Intelligience, 2010.
[2]. Sun Bin.; Wen Qiaoyan.; Liang Xiaoying.; "A DNS
based Anti-Phishing Approach," in Proceedings of
IEEE- Second International Conference on Networks
Security, Wireless Communications and Trusted
Computing, 2010.
[3]. Ren-Junn Hwang,A digital image copyright
protection scheme based on visual cryptography,
Tamkang Journal of science and engineering, Vol.3,
No. 2, pp. 97-106(2000).
[4]. Divya James, Mintu Philip, A novel Anti-phishing
framework based on visual cryptography, IEEE
2012.
[5]. M.Naor and A.Shamir,Visual cryptography, in Proc.
EUROCRYPT, 1994, pp.1-12. IJDPS Vol.3, No.1, 2012.

2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2190