International Journal of Trust Management in Computing and Communications
These articles have been peer-reviewed and accepted for publication but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.
Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.
Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.
International Journal of Trust Management in Computing and Communications (1 paper in press)
A Novel Authentication Protocol for Prevention of Phishing and Pharming Attacks in Mobile Banking by Sriramulu Bojjagani, V.N. Sastry Abstract: The current mobile authentication protocols place an extra burden on mobile device users to detect and avoid phishing and pharming attacks. In this paper, we propose a novel mobile banking authentication protocol that employs an Authentication Server (AS), which sends a nonce to the mobile user device to be signed, so that he can avoid phishing and pharming attacks. Phishing attacks are fraudulent e-mail messages appearing to originate from legitimate enterprises to access private information and commit identity theft. Pharming is a form of attack on the network infrastructure where the user is redirected to the fraudulent website even when the user enters the right web Uniform Resource Locator (URL) or Internet protocol (IP) address. In this protocol, the message signed on the mobile device includes the information of the bank. Hence, upon receiving the signed information, the authentication server can quickly identify the attack and notify the bank. Our proposed protocol is experimentally validated by a formal method of model checking tool namely ``Automated Validation of Internet Security Protocols and Applications (AVISPA)''. Keywords: Phishing; Pharming; Mobile banking; URL; IP; AVISPA;.