Analysis of password login phishing based protocols for security improvements

Author

Khayal, S.H. ; Khan, A. ; Bibi, N. ; Ashraf, T.

Author_Institution

Dept. of Comput. Sci. & Software Eng., Fatima Jinnah Women Univ., Rawalpindi, Pakistan

fYear

2009

fDate

19-20 Oct. 2009

Firstpage

368

Lastpage

371

Abstract

Password is a key to secret authentication data and is most widely used for security purposes therefore it is open to attacks such as phishing attack. Phishing is a form of Internet fraud, which phisher applies to steal online consumer´s personal identity data and financial account credentials. In this paper, we analyze a technique of password hashing, to compute secure passwords. Using this mechanism, we can obtain hash value by applying a cryptographic hash function to a string consisting of the submitted password and, usually, another value known as a salt. The salt value consists of current parameters of the system and prevents attackers from building a list of hash values for common passwords. MD5 and SHA1 are frequently used cryptographic hash functions. We implemented these algorithms and found that SHA-1 is more secure but slow in execution as SHA-1 includes more rounds than MD5 in calculating hashes.

Keywords

Internet; cryptography; invasive software; Internet; MD5 hash function; SHA1 hash function; cryptographic hash function; password hashing; phishing attack; salt value; secret authentication data; security improvements; Authentication; Computer hacking; Computer security; Cryptography; Data security; Dictionaries; Internet; Protection; Protocols; Uniform resource locators; Cryptographic Hash Function; Encryption; Password; Phishing attack; Salt value;

fLanguage

English

Publisher

ieee

Conference_Titel

Emerging Technologies, 2009. ICET 2009. International Conference on

Conference_Location

Islamabad

Print_ISBN

978-1-4244-5630-7

Electronic_ISBN

978-1-4244-5631-4

Type

conf

DOI

10.1109/ICET.2009.5353144

Filename

5353144