Professional Documents
Culture Documents
On
Submitted By
J. RAJESH (22MC201A22)
CERTIFICATE
This is to certify that the project report entitled “PHISHING ATTACK PREVENTION
USING CRYPTOGRAPHY” is a Bonafide work done and submitted by J. RAJESH
(22MC201A22) in partial fulfillment of the requirements for the award of the degree of Master
of computer Applications from Anurag University, Affiliated to Jawaharlal Nehru
Technological University, Hyderabad during the academic year 2023-2024 and the Bonafide
work has not been submitted elsewhere for the award of any other degree.
External Examiner
2
ACKNOWLEDGEMENT
We would like to express our sincere thanks to Dr. K.S. Reddy, Dean, Academics and
Planning, Head of the Department of Information Technology, Anurag University, Ghatkesar,
whose motivation in the field of software development has made us to overcome all hardships
during the course of study and successful completion of project.
We would like to express our profound sense of gratitude to all for having helped us in
completing this dissertation. We would like to express our deep-felt gratitude and sincere thanks
to our guide Ms.B.LAKSHMI PRASANNA Assistant Professor, Department of Information
Technology, Anurag University, Ghatkesar, for his skillful guidance, timely suggestions and
encouragement in completing this project.
Finally, we would like to express our heartfelt thanks to our parents who were very supportive
both financially and mentally and for their encouragement to achieve our set goals.
J. RAJESH (22MC201A22)
3
DECLARATION
This is to Certify that the project work entitled “PHISHING ATTACK PREVENTION
USING CRYPTOGRAPHY” submitted to Anurag University in partial fulfillment of the
requirement for the award of the Degree of Master of Computer Applications (MCA), is an
original work carried out by J. RAJESH (22MC201A22) under the guidance of
Ms.B.LAKSHMI PRASANNA , Assistant Professor in the Department of Information
Technology. This matter embodied in this project is a genuine work, done by the students and
has not been submitted whether the university or to any other university/Institute for the
fulfillment of the requirement of any course of study.
J. RAJESH (22MC201A22)
4
ABSTRACT
Phishing websites involves a collection of key within its content-parts as well as the browser-
based security indicators provided along with the website. The use of images is try to keep the
privacy of image captcha by dissolve the original image captcha into two shares that are stored in
separate database servers such that the original image captcha can be acknowledged only when
both are available together the individual sheet images do not confess the status of the original
image captcha. Once the original image captcha is announced to the user it can be used as the
password. Several solutions have been suggested to handle phishing.
5
TABLE OF CONTENTS
TITLE
CHAPTERS PAGE NO
Chapter 1 Introduction
1.1 Overview 9
1.2 Objectives 10
Chapter 3 Methodology
6
Chapter 5 Usage 29
Chapter 8 Algorithm 30
Chapter 14 Conclusion 41
Chapter 15 References 42
7
LIST OF FIGURES
Fig.1.3 Demonstration of 36
encryption data
Fig.1.4 Demonstration of 36
decrypted data
1. INTRODUCTION
8
1.1 Overview
Online transactions are nowadays become very common and there are various attacks present
behind this. In these types of various attacks, phishing is determined as a major security threat
and new inventive ideas are rising with this in each second so defending mechanism should also
be so powerful. Thus the security in these cases be very high and should not be easily tractable
with implementation easiness. Today, most applications are only as secure as their basic system.
Since the design and technology of middleware has improved regularly, their detection is a
difficult problem. As a result, it is nearly impossible to be sure whether a computer that is
connected to the internet can be considered believable and secure or not.
Phishing blackmail are also becoming a problem for online banking and ecommerce users. The
query is how to handle applications that needs a high level of surveillance. Phishing is a form of
online identity theft that plans to take responsive information such as online banking passwords
and credit card information from users. Phishing scams have been receiving huge press coverage
because such attacks have been expanded in number and elegance. one definition of phishing is
given as “it is a criminal activity using social engineering techniques.
Phishers attempt to dishonestly acquire precise information, such as passwords and credit card
details, by pretend as a trustworthy person or business in an electronic communication”. The
conduct of identity theft with this acquired sensitive information has also become easier with the
use of technology and identity theft can be described as “a crime in which the impostor obtains
key pieces of information such as Social Security and driver's license numbers and uses them for
his or her own gain”.
Communication channels such as email, WebPages, IRC and instant messaging services are
popular. In all cases the phisher must act like a trusted source for the user to believe. To date, the
most successful phishing attacks have been initiated by email – where the phisher impersonates
the sending authority So here introduces a new method which can be used as a safe way against
phishing which is named as "A novel approach against Anti-phishing using visual
cryptography". As the name suggests ,here the website cross checks its own identity and
confirms that it is a trusted website (to use bank transaction, Ecommerce and online booking
system etc.) before the end users and make the both the sides of the system secure as well as an
authenticated one. The approach of image processing and an improved visual cryptography is
used.
9
1.2 Objectives
Cryptography plays a crucial role in preventing and mitigating phishing attacks by focusing on
specific objectives aimed at securing communication, authenticating entities, and safeguarding
sensitive information. The primary objectives of cryptography in the prevention of phishing
attacks include
The use of cryptographic protocols, such as TLS (Transport Layer Security) for secure
communication over the internet, helps protect data in transit. This is crucial for preventing man-
in-the-middle attacks that could intercept sensitive information.
2. Digital Signatures:
Digital signatures can be used to verify the authenticity of a message or sender. This can help
users confirm the legitimacy of emails or messages they receive, reducing the risk of falling for
phishing attempts.
PKI is a framework that manages digital keys and certificates, providing a way to verify the
identity of entities in a communication. It can be used to establish secure communication
channels and authenticate websites, reducing the risk of phishing.
4. End-to-End Encryption:
10
5. Multi-Factor Authentication (MFA):
While not strictly cryptographic, MFA adds an extra layer of security by requiring users to
provide multiple forms of identification. Cryptographic tokens or codes generated through
algorithms are often part of the MFA process.
It's important to note that even with strong cryptographic measures in place, user education and
awareness are crucial components of a comprehensive security strategy. Phishing attacks often
exploit human vulnerabilities, so a holistic approach that combines technical measures with user
training is essential for effective cybersecurity.
The problem statement for using cryptography to protect against phishing attacks involves
addressing the limitations of current security measures in mitigating the risks associated with
social engineering and deceptive tactics employed by attackers. Phishing attacks exploit human
vulnerabilities to trick individuals into divulging sensitive information, such as login credentials
or financial details. While cryptography is a powerful tool for securing data, it faces challenges
in directly addressing the complex nature of phishing attacks. The problem can be outlined as
follows
11
3.Email Spoofing and Identity Deception:
Phishers often employ techniques like email spoofing to create messages that appear to come
from trusted sources. Cryptographic measures, such as digital signatures, can help verify the
integrity of messages, but they may not be widely adopted or easily understood by all users.
12
Explore and implement state-of-the-art cryptographic protocols and technologies that can
enhance the security of communication channels, email systems, and online interactions. This
may include the use of digital signatures, encryption algorithms, and secure key management.
Software Requirements
The minimum requirements for detection and prevention of phishing attacks are:
Operating System : Windows 2000/XP
Documentation Tool : Ms word 2000
Programming Tools : Java
Hardware Requirements
That being said, encryption and cryptographic techniques can contribute to overall security
measures that help protect against various types of cyber threats, including phishing. Here are
some ways in which cryptography can be applied within the broader context of security
A proposed system for cryptography in the prevention of phishing attacks involves incorporating
cryptographic techniques and best practices to mitigate the risks associated with phishing threats.
The goal is to secure communication channels, authenticate entities, and protect sensitive
information from unauthorized access. Below is an outline of a proposed system for
cryptography in the prevention of phishing attacks
2. LITERATURE SURVEY
As of my last knowledge update in January 2022, I don't have access to a specific literature
survey on the topic of cryptography for the prevention of phishing attacks. However, I can
provide you with a general overview of key themes and areas of research in this domain. Keep in
mind that new research and publications may have emerged since then.
15
Researchers explore cryptographic mechanisms, including the use of digital certificates and
public-key infrastructure, to enhance the verification of identities in online interactions and
reduce the risk of impersonation.
When conducting a literature survey, you can use academic databases such as IEEE Xplore,
PubMed, or Google Scholar to search for recent publications and research papers. Relevant
keywords include "cryptography," "phishing prevention," "email security," "authentication
protocols," and similar terms. Reading through recent conference proceedings, journals, and
academic papers can provide a comprehensive understanding of the current state of research in
the field.
3.METHODOLOGY
16
The methodology of encryption and decryption involves transforming data in a way that ensures
confidentiality and privacy. Encryption is the process of converting plaintext into ciphertext,
making it unreadable without the proper decryption key. Decryption is the reverse process,
converting ciphertext back into plaintext using the decryption key. Here's an overview of the
methodology
Retrieve Ciphertext:
17
Obtain the ciphertext either from storage or during transmission.
Retrieve Plaintext:
Obtain the decrypted plaintext, making the original data readable and usable.
Key Generation:
Use a secure method to generate cryptographic keys. Key generation is a critical aspect of
encryption, and keys should be generated randomly with sufficient entropy.
Key Distribution:
Safely distribute encryption keys to authorized parties. For symmetric encryption, both the
sender and the receiver must possess the same secret key.
Key Storage:
Protect encryption keys from unauthorized access. Proper key management includes secure
storage to prevent key compromise.
18
Key Rotation:
Implement key rotation strategies to periodically change encryption keys. Regularly updating
keys enhances security.
End-to-End Encryption:
Implement end-to-end encryption to secure communication between two parties, ensuring that
only the intended recipients can access the plaintext.
File Encryption:
Encrypt files or entire directories to protect their contents from unauthorized access.
Database Encryption:
Communication Encryption:
Secure communication channels using encryption to prevent eavesdropping and man-in-the-
middle attacks.
19
Remember, the choice of encryption algorithms and key management practices should align with
the specific security requirements and the nature of the data being protected. Always follow
best practices and stay informed about advancements in cryptography to maintain a secure
approach.
Design is the first step in moving from problem domain to the solution domain. Design
is essentially the bridge between requirements specification and the final solution.
The goal of design process is to produce a model or representation of a system, which can
be used later to build that system. The produced model is called the “Design of the System”. It
is a plan for a solution for the system.
Context Diagram:
It contains a single process, but it plays a very important role in studying the
current system. The context diagram defines the system that will be studied in the sense that it
determines the boundaries. Anything that is not inside the process identified in the context
diagram will not be part of the system study. It represents the entire software element as a single
bubble with input and output data indicated by incoming and outgoing arrows respectively.
A DFD is also known as a “bubble chart” has the purpose of clarifying system requirements and
identifying major transformations that will become programs in system design. So it is the
starting point of the design to the lowest level of detail. A DFD consists of a series of bubbles
joined by data flows in the system.
DFD SYMBOLS:
21
4. An open rectangle is a data store, data at rest or a temporary repository of data
Data Flow
Data Store
CONSTRUCTING A DFD:
1. Process should be named and numbered for an easy interface. Each name should be
representative of the process.
2. The direction of flow is from top to bottom and from left to right. Data traditionally flow
from source to the destination although they may flow back to the source. One way to
indicate this is to draw long flow line back to a source. An alternative way is to repeat the
source symbol as a destination. Since it is used more than once in the DFD it is marked
with a short diagonal.
3. When a process is exploded into lower level details, they are numbered.
22
4. The names of data stores and destinations are written in capital letters. Process and
dataflow names have the first letter of each work capitalized.
A DFD typically shows the minimum contents of data store. Each data store
should contain all the data elements that flow in and out.
Questionnaires should contain all the data elements that flow in and out.
Missing interfaces redundancies and like is then accounted for often through interviews.
1. The DFD shows flow of data, not of control loops and decision are controlled
considerations do not appear on a DFD.
2. The DFD does not indicate the time factor involved in any process whether the data
flow take place daily, weekly, monthly or yearly.
3. The sequence of events is not brought out on the DFD.
Types of data flow diagrams
1. Physical DFD:
Structured analysis states that the current system should be first understand
correctly. The physical DFD is the model of the current system and is used to ensure that the
current system has been clearly understood. Physical DFDs shows actual devices, departments,
and people etc., involved in the current system
2. Logical DFD:
Logical DFDs are the model of the proposed system. They clearly should show the
requirements on which the new system should be built. Later during design activity this is taken
as the basis for drawing the system’s structure charts.
23
RULES GOVERNING THE DFD’S:
PROCESS
2. No process can have only inputs. If an object has only inputs than it must be a sink.
DATA STORE
1. Data cannot move directly from one data store to another data store, a process must move
data.
2. Data cannot move directly from an outside source to a data store, a process, which
retrieves, must move data from the source and place the data into data store.
UML stands for Unified Modeling Language are a third generation method for specifying,
visualizing and documenting the artifacts of an object oriented system under development.
Object modeling is the process by which the logical objects in the real world (problem space) are
represented (mapped) by the actual objects in the program (logical or a mini world). This visual
representation of the objects, their relationships and their structures is for the ease of
understanding. This is a step while developing any product after analysis.
The goal from this is to produce a model of the entities involved in the project which later
need to be built. The representations of the entities that are to be used in the product being
developed need to be designed.
24
Software design is a process that gradually changes as various new, better and more
complete methods with a broader understanding of the whole problem in general come into
existence.
USECASE DIAGRAM
Use case diagram consists of use cases and actors and shows the interaction between them. The
key points are:
The main purpose is to show the interaction between the use cases and the actor.
The use cases are the functions that are to be performed in the module.
CLASS DIAGRAM
Class Diagram consists of the classes and the objects and the interaction between them. It
mainly deals with the interaction between classes in the system, their behavior and properties of
the system. Apart from classes this also provides inheritance relationships in the project. Class
diagrams consist of basically two parts: first one is the member variables and class variables and
the second part consists of the total number of methods available in the class.
SEQUENCE DIAGRAM
25
The purpose of sequence diagram is to show the flow of functionality through a use case. In
other words, we call it a mapping process in terms of data transfers from the actor through the
corresponding objects.
The main purpose is to represent the logical flow of data with respect to a process
26
CLASS DIAGRAM:
27
5.USAGE
1.Fractioning of the text into 64-bit blocks
2.Initial permutation of blocks
28
3.Breakdown of the blocks into two parts: left and right, named L and R
4.Permutation and substitution steps repeated 16 times
5.Re-joining of the left and right parts then inverse initial permutation
6.FUTURE IMPROVEMENTS
The cryptography prevention of phishing attacks project lays the groundwork for future
enhancements and refinements.
7. CREATION OF CODE
DES is a symmetric encryption system that uses 64-bit blocks, 8 bits of which are used for parity
checks. The key therefore has a "useful" length of 56 bits, which means that only 56 bits are
actually used in the algorithm. The algorithm involves carrying out combinations, substitutions
and permutations between the text to be encrypted and the key, while making sure the operations
can be performed in both directions. The key is ciphered on64 bits and made of 16 blocks of 4
29
bits, generally denoted k1 to k16. Given that "only" 56 bits are actually used for encrypting,
there can be 256 different keys.
8. ALGORITH
STEP-2: Split it into two 32-bit blocks and store it in two different arrays.
STEP-4: The output obtained is stored as the second 32-bit sequence and the original second 32-
bit sequence forms the first part.
STEP-5: Thus the encrypted 64-bit cipher text is obtained in this way. Repeat the same
process for the remaining plain text characters.
9. FLOW CHART
30
Fig.1.1 flowchart model for Data Encryption Standard (DES).
import javax.swing.*;
class DES {
try
32
}
catch(Exception e)
System.out.println(e);
catch(Exception e)
System.out.println(e);
33
{
kgen.init(56, sr);
return raw;
34
11. TESTING AND RESULT
35
Fig.1.3. demonstration of encryption data.
The Data Encryption Standard (DES) was a symmetric-key algorithm widely used for encryption
of electronic data. However, it has been largely replaced by more secure algorithms due to its
vulnerability to brute-force attacks. Here's an analysis report on DES
1.Background
Description: DES is a block cipher that operates on 64-bit blocks of data with a 56-bit key. It
was adopted as a federal standard in 1977 by the National Institute of Standards and Technology
(NIST) in the United States.
Use Cases: Originally used for a wide range of applications, including financial transactions,
email encryption, and secure communication.
2. Keyfeatures:
Block Size: 64 bits.
Feistel Network: DES uses a Feistel network structure, where the data block is divided into two
halves, and a series of operations are performed on each half.
3. Strengths:
Widely Adopted: DES was widely adopted and served as the de facto encryption standard for
many years.
Feistel Structure: The Feistel network structure provides a balanced approach to encryption and
decryption.
Security Concerns: Research demonstrated vulnerabilities, and DES was gradually replaced by
more secure algorithms.
37
13. FUTURE SCOPE
The field of encryption is dynamic, and ongoing research and development continually strive to
enhance the security and efficiency of cryptographic techniques. Here are some potential future
improvements in encryption:
1. Quantum-Safe Cryptography:
As quantum computers advance, they pose a threat to current public-key cryptography (e.g.,
RSA and ECC). Quantum-safe cryptographic algorithms, such as lattice-based cryptography or
hash-based cryptography, are being explored to resist quantum attacks.
3. Homomorphic Encryption:
Homomorphic encryption allows computations to be performed on encrypted data without
decrypting it. Advancements in making homomorphic encryption more practical for real-world
applications could greatly enhance privacy and security in cloud computing scenarios.
4. Zero-Knowledge Proofs:
Zero-knowledge proofs allow one party (the prover) to prove to another party (the verifier) that
they know a specific piece of information without revealing the information itself. These could
find applications in authentication and identity verification.
38
Fully homomorphic encryption enables both addition and multiplication operations on encrypted
data. Improvements in efficiency and performance could lead to broader adoption in secure data
processing applications.
8. Lightweight Cryptography:
With the rise of IoT devices and resource-constrained environments, there is a growing need for
lightweight cryptographic algorithms that maintain a balance between security and efficiency.
39
Ensuring interoperability between various cryptographic implementations and standardization
efforts are crucial for widespread adoption and seamless integration of secure communication
systems.
40
14. CONCLUSION
Phishing has becoming a serious network security problem, causing finical lose of billions of
dollars to both consumers and e-commerce companies. And perhaps more fundamentally,
phishing has made e-commerce distrusted and less attractive to normal consumers. In this paper,
we have studied the characteristics of the hyperlinks that were embedded in phishing e-mails.
We then designed an anti-phishing algorithm, Link Guard, based on the derived characteristics.
Since Phishing Guard is characteristic based, it can not only detect known attacks, but also is
effective to the unknown ones.
The information security can easily be achieved by cryptography algorithm techniques a large
number of encryption algorithm have been developed for securing confidential data from the
cyberpunks. The aim of current Cryptography is to prevent data from hackers. The strength of
the system is dependent on the length of the key. But to achieve this a large computational time
is required, giving a large delay which can be harmful to us. The use of FPGAs can
help us to improve this limitation because FPGAs can give enhanced speed. This is due to fact
that the hardware implementation of most encryption algorithms can be done on FPGA. The
proposed scheme for DES algorithm has been optimised on the time required to generate the
keys or decode data. The algorithm and coding has been implemented on Model-Sim software
with the help of VHDL language. The synthesis has been done on Xilinx FPGA (Xilinx 9.1e)
and the faster clock frequency has been observed in comparison with classical DES.
41
15. REFERENCES
Androutsopoulos, J. Koutsias, K.V. Chandrinos, and C.D. Spyropoulos. An Experimental
Comparison of Naive Bayesian and Keyword-Based Anti-Spam Filtering with Encrypted
Personal E-mail Message.In Proc. SIGIR 2000, 2000.
42