A User-Friendly Two-Factor Authentication Method against Real-Time Phishing Attacks

Yuanyi Sun, Sencun Zhu, Yan Zhao, Pengfei Sun

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Today, two-factor authentication (2FA) is a widely implemented mechanism to counter phishing attacks. Although much effort has been investigated in 2FA, most 2FA systems are still vulnerable to carefully designed phishing attacks, and some even request special hardware, which limits their wide deployment. Recently, real-time phishing (RTP) has made the situation even worse because an adversary can effortlessly establish a phishing website without any background of the web page design technique. Traditional 2FA can be easily bypassed by such RTP attacks. In this work, we propose a novel 2FA system to counter RTP attacks. The main idea is to request a user to take a photo of the web browser with the domain name in the address bar as the 2nd authentication factor. The web server side extracts the domain name information based on Optical Character Recognition (OCR), and then determines if the user is visiting this website or a fake one, thus defeating the RTP attacks where an adversary must set up a fake website with a different domain. We prototyped our system and evaluated its performance in various environments. The results showed that PhotoAuth is an effective technique with good scalability. We also showed that compared to other 2FA systems, PhotoAuth has several advantages, especially no special hardware or software support is needed on the client side except a phone, making it readily deployable.

Original languageEnglish (US)
Title of host publication2022 IEEE Conference on Communications and Network Security, CNS 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages91-99
Number of pages9
ISBN (Electronic)9781665462556
DOIs
StatePublished - 2022
Event2022 IEEE Conference on Communications and Network Security, CNS 2022 - Austin, United States
Duration: Oct 3 2022Oct 5 2022

Publication series

Name2022 IEEE Conference on Communications and Network Security, CNS 2022

Conference

Conference2022 IEEE Conference on Communications and Network Security, CNS 2022
Country/TerritoryUnited States
CityAustin
Period10/3/2210/5/22

All Science Journal Classification (ASJC) codes

  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Information Systems

Fingerprint

Dive into the research topics of 'A User-Friendly Two-Factor Authentication Method against Real-Time Phishing Attacks'. Together they form a unique fingerprint.

Cite this