标题:A Novel Approach to Identify a Fraud Website Using Android Smartphone under the Collaborative Frameworks of QR Codes and GPS and Motion Parameters of the User
期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2014
卷号:8
期号:5
页码:161-184
DOI:10.14257/ijsia.2014.8.5.16
出版社:SERSC
摘要:Use of personalized security mechanisms among financial sectors is gaining rapid momentum day-by-day. Banking and e-shopping portals, which are paramount of cyber-attacks, strongly recommend that both the merchant (i.e., a merchant web portal) and its customers (customers using these portals) be certain about each other's identity. This emphasizes not only that the merchant portal must be able to detect an attacker spoofing the identity of one of its customers, but also that a customer must not leave her secrets with a fraud-cum-look-alike website spoofing address of the merchant's portal.This thesis envisages a novel, scalable approach to detect a fraud, look-alike web page to help a customer unaware of digital certificates, Internet security policies and their glitches, truly recognize her merchant's web-site using her smartphone. The approach uses a reverse challenge-response framework; and uses QR codes which are generated dynamically and depend on the GPS parameters of the customer. The customer uses her smartphone to scan the QR codes with an application provided by the merchant; which detects correctly whether she logged on to the genuine website. The additional benefit of this approach is that it can be modelled to offer a novel, non- telephonic two-step authentication system with minor modifications.
