ASPA-MOSN: An Efficient User Authentication Scheme for Phishing Attack Detection in Mobile Online Social Networks

Abstract

Over the last few years, with the massive growth of smartphone technology and mobile Internet, the use of various online social networks (OSNs) have increased rapidly. This ever-growing use of social networks leverages cyber-attackers to exploit various phishing schemes, spoofed accounts, and other threats to steal users’ credentials. Phishing is an online crime that employs both technical subterfuge and social engineering to steal consumers’ personal identity, financial account credentials, and other sensitive information. In general, a phishing attack is carried out by the exercise of sending fraudulent communications (like a fake email with harmful uniform resource locators), that pretends to come from a reputable source. The problem of designing user authentication protocol for mitigating phishing attacks in OSNs is a challenging research problem. In this article, we propose a secure and lightweight cryptography-based authentication scheme, called authentication scheme for phishing attack (ASPA)-mobile online social network (mOSN), that provides resistance to phishing and other related attacks in OSNs. The security of the proposed scheme is explained using both informal security analysis and formal security analysis through the widely recognized real-or-random model and ProVerif simulation tool. Finally, we compare the security, functionality, computation, and communication costs of the proposed ASPA-mOSN with related schemes. The comparison results show that ASPA-mOSN outperforms other existing competing schemes.