ASPA-MOSN: An Efficient User Authentication Scheme for Phishing Attack Detection in Mobile Online Social Networks

Bhattacharya, Munmun; Roy, Sandip; Chattopadhyay, Samiran; Das, Ashok Kumar; Jamal, Sajjad Shaukat

doi:10.1109/jsyst.2022.3168234

Cited by 11 publications

(6 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to this model, an adversary is empowered to eavesdrop, delete, and modify messages transmitted through a public channel, allowing for the execution of various security attacks. These include performing impersonation, replay, and man-in-the-middle (MITM) attacks; acquiring a user's smart device to extract stored data through power analysis attacks [26][27][28]; legally creating avatars for impersonation attempts; and potentially functioning as an insider within the platform server. Additionally, we incorporate the more rigorous "Canetti-Krawczyk (CK) model" [29], which surpasses the assumptions of the DY model.…”

Section: Adversary Modelmentioning

confidence: 99%

Blockchain-Enabled Secure and Interoperable Authentication Scheme for Metaverse Environments

Patwe,

Mane

2024

Future Internet

View full text Add to dashboard Cite

The metaverse, which amalgamates physical and virtual realms for diverse social activities, has been the focus of extensive application development by organizations, research institutes, and companies. However, these applications are often isolated, employing distinct authentication methods across platforms. Achieving interoperable authentication is crucial for when avatars traverse different metaverses to mitigate security concerns like impersonation, mutual authentication, replay, and server spoofing. To address these issues, we propose a blockchain-enabled secure and interoperable authentication scheme. This mechanism uniquely identifies users in the physical world as well as avatars, facilitating seamless navigation across verses. Our proposal is substantiated through informal security analyses, employing automated verification of internet security protocols and applications (AVISPA), the real-or-random (ROR) model, and Burrows–Abadi–Needham (BAN) logic and showcasing effectiveness against a broad spectrum of security threats. Comparative assessments against similar schemes demonstrate our solution’s superiority in terms of communication costs, computation costs, and security features. Consequently, our blockchain-enabled, interoperable, and secure authentication scheme stands as a robust solution for ensuring security in metaverse environments.

show abstract

Section: Adversary Modelmentioning

confidence: 99%

Blockchain-Enabled Secure and Interoperable Authentication Scheme for Metaverse Environments

Patwe,

Mane

2024

Future Internet

View full text Add to dashboard Cite

show abstract

“…The adversary can have the following capabilities based on the Dolev-Yao (DY) threat model. The Dolev-Yao threat model [22] is widely employed in the analysis of protocol security [23][24][25]. The capabilities of an adversary are defined as follows:…”

Section: Adversary Modelmentioning

confidence: 99%

Secure and Privacy-Preserving Authentication Scheme Using Decentralized Identifier in Metaverse Environment

Kim,

Oh,

Son

et al. 2023

Electronics

View full text Add to dashboard Cite

The metaverse provides a virtual world with many social activities that parallel the real world. As the metaverse attracts more attention, the importance of security and privacy preservation is increasing significantly. In the metaverse, users have the capability to create various avatars, which can be exploited to deceive or threaten others, leading to internal security issues. Additionally, users attempting to access the metaverse are susceptible to various external security threats since they communicate with service providers through public channels. To address these challenges, we propose an authentication scheme using blockchain, a decentralized identifier, and a verifiable credential to enable metaverse users to perform secure identity verification and authentication without disclosing sensitive information to service providers. Furthermore, the proposed approach mitigates privacy concerns associated with the management of personal information by enabling users to prove the necessary identity information independently without relying on service providers. We demonstrate that the proposed scheme is resistant to malicious security attacks and provides privacy preservation by performing security analyses, such as AVISPA simulation, BAN logic, and the real-or-random (ROR) model. We also show that the performance of our proposed scheme is better suited for the metaverse environment by providing greater security and efficiency when compared to competing schemes.

show abstract

“…To identify attacks, smishing data was correlated with other datasets (i.e., web browsing history). Last but not least, the authors in [39] proposed an authentication scheme for phishing attacks through mobile online social networks. The aim was mainly to defend against phishing attacks.…”

Section: Related Workmentioning

confidence: 99%

Characterizing Mobile Money Phishing Using Reinforcement Learning

Njoya,

Ngongag,

Tchakounté

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Mobile money helps people accumulate, send and receive money using their mobile phones without having a bank account (i.e., in some African countries). Such technology is heavily and efficiently used in many areas where bank services are unavailable and/or in crisis (i.e., during the Covid-19 pandemic) when transportation and services are limited. However, malicious users such as scammers have leveraged social engineering techniques to abuse mobile money services through scams, and frauds, among others. Existing countermeasures, which are specific to mobile money security, mostly ignore the dynamic aspect of interactions between the malicious party and the victim. Considering the above insufficiency, this paper proposes a new approach to characterize mobile money phishing attacks based on reinforcement learning (RL) through Q−learning and Markov decision processes (MDP) and on deep reinforcement learning (DRL) through DRL algorithms, namely, Deep sarsa, Advantage Actor-Critic (A2C), Deep Deterministic Policy Gradient (DDPG), and Deep Q-learning (DQN). In fact, the proposed approach models the optimal sequences of attacker actions to achieve their goals through reinforcement learning and deep reinforcement methods. We experiment on real attack scenarios that have been encountered at Orange and MTN telecoms. Furthermore, we compared reinforcement learning and deep reinforcement learning algorithms to each other and thereby demonstrated the difference between them. This analysis showed a better performance in learning with RL. We also deduced that Q− learning takes less execution time than CDM and therefore its learning quality is better for characterizing mobile money phishing attacks. Finally, we found that some deep reinforcement algorithms, such as Deep Sarsa and A2C, can improve the characterization of scammervictim interactions during mobile payments.

show abstract

ASPA-MOSN: An Efficient User Authentication Scheme for Phishing Attack Detection in Mobile Online Social Networks

Cited by 11 publications

References 34 publications

Blockchain-Enabled Secure and Interoperable Authentication Scheme for Metaverse Environments

Blockchain-Enabled Secure and Interoperable Authentication Scheme for Metaverse Environments

Secure and Privacy-Preserving Authentication Scheme Using Decentralized Identifier in Metaverse Environment

Characterizing Mobile Money Phishing Using Reinforcement Learning

Contact Info

Product

Resources

About