Avoiding Cross Site Request Forgery (CSRF) Attack Using TwoFish Security Approach

摘要

Security is the most important factor for online users to secure their confidential data. Users are nervous about the security risks of the internet. Identifying Vulnerability has been major challenge to each user in order to rectify it. This paper addresses such type of vulnerability named as Cross Site Request Forgery attack. Basically, an attacker will use CSRF attack to trick a victim into accessing a phishing website or clicking a url link that contains malicious program which performs unwanted action that causes loss of user data. This type of attack is very effectual and dangerous to prevent it. An earlier methodology such as visual cryptography is used to avoid these CSRF attacks. Unfortunately this approach is timeconsuming, as they require manual effort to integrate defense techniques which makes low accuracy rate and it not fulfill the need of the users. CSRF attacks are possible because websites are authenticated by the web browser, not the user. A novel approach “Avoiding CSRF attack using TwoFish security” is proposed to avoid these attacks by which the user can validate the website in an understandable manner. This TwoFish security is an enhanced way to validate the web page and performs authentication in two phases; Firstly MD5 encryption is performed in order to calculate the hash values for url and secondly image based authentication is provided to validate the image of respective url. By using this strategy, the user can easily recognize whether a website is a genuine website or vulnerable website. We are providing experimental results that demonstrate the use of our prototype that provides service oriented authenticated websites to respective clients.